saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Migrate more x509/extensions.rs APIs to new pyo3 APIs (and other migrations) (#10749)

Browse source 
* Migrate `encode_der_data` to new pyo3 APIs

* Convert more `x509/extensions.rs` APIs to the new pyo3 APIs

* Remove redundant function calls
This commit is contained in:
Facundo Tuesca 2024-04-05 23:41:55 +02:00 committed by GitHub
parent 5b50868544
commit 2e345f26d4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 39 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/rust/src/asn1.rs
View file

@ -97,7 +97,7 @@ pub(crate) fn encode_der_data<'p>(
py: pyo3::Python<'p>,
pem_tag: String,
data: Vec<u8>,
encoding: &'p pyo3::PyAny,
encoding: &pyo3::Bound<'p, pyo3::PyAny>,
) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
if encoding.is(&types::ENCODING_DER.get_bound(py)?) {
Ok(pyo3::types::PyBytes::new_bound(py, &data))

2
src/rust/src/backend/dh.rs
View file

@ -369,7 +369,7 @@ impl DHParameters {
} else {
"X9.42 DH PARAMETERS"
};
encode_der_data(py, tag.to_string(), data, encoding.into_gil_ref())
encode_der_data(py, tag.to_string(), data, &encoding)
}
}

14
src/rust/src/pkcs7.rs
View file

@ -77,12 +77,7 @@ fn serialize_certificates<'p>(
};
let content_info_bytes = asn1::write_single(&content_info)?;
encode_der_data(
py,
"PKCS7".to_string(),
content_info_bytes,
encoding.clone().into_gil_ref(),
)
encode_der_data(py, "PKCS7".to_string(), content_info_bytes, encoding)
}
#[pyo3::prelude::pyfunction]
@ -273,12 +268,7 @@ fn sign_and_serialize<'p>(
.extract()?)
} else {
// Handles the DER, PEM, and error cases
encode_der_data(
py,
"PKCS7".to_string(),
ci_bytes,
encoding.clone().into_gil_ref(),
)
encode_der_data(py, "PKCS7".to_string(), ci_bytes, encoding)
}
}

14
src/rust/src/x509/certificate.rs
View file

@ -103,14 +103,7 @@ impl Certificate {
) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
let result = asn1::write_single(self.raw.borrow_dependent())?;
Ok(encode_der_data(
py,
"CERTIFICATE".to_string(),
result,
encoding.clone().into_gil_ref(),
)?
.as_borrowed()
.to_owned())
encode_der_data(py, "CERTIFICATE".to_string(), result, encoding)
}
#[getter]
@ -963,10 +956,7 @@ fn create_x509_certificate(
subject_unique_id: None,
raw_extensions: x509::common::encode_extensions(
py,
builder
.getattr(pyo3::intern!(py, "_extensions"))?
.clone()
.into_gil_ref(),
&builder.getattr(pyo3::intern!(py, "_extensions"))?,
extensions::encode_extension,
)?,
};

12
src/rust/src/x509/common.rs
View file

@ -9,7 +9,7 @@ use cryptography_x509::extensions::{
use cryptography_x509::name::{GeneralName, Name, NameReadable, OtherName, UnvalidatedIA5String};
use pyo3::prelude::{PyAnyMethods, PyListMethods, PyModuleMethods};
use pyo3::types::IntoPyDict;
use pyo3::{IntoPy, PyNativeType, ToPyObject};
use pyo3::{IntoPy, ToPyObject};
use crate::asn1::{oid_to_py_oid, py_oid_to_oid};
use crate::error::{CryptographyError, CryptographyResult};
@ -418,11 +418,11 @@ pub(crate) fn encode_extensions<
F: Fn(
pyo3::Python<'_>,
&asn1::ObjectIdentifier,
&pyo3::PyAny,
&pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Option<Vec<u8>>>,
>(
py: pyo3::Python<'p>,
py_exts: &'p pyo3::PyAny,
py_exts: &pyo3::Bound<'p, pyo3::PyAny>,
encode_ext: F,
) -> pyo3::PyResult<Option<RawExtensions<'p>>> {
let mut exts = vec![];
@ -435,7 +435,7 @@ pub(crate) fn encode_extensions<
let oid = py_oid_to_oid(py_oid)?;
let ext_val = py_ext.getattr(pyo3::intern!(py, "value"))?;
if ext_val.is_instance(types::UNRECOGNIZED_EXTENSION.get(py)?)? {
if ext_val.is_instance(&types::UNRECOGNIZED_EXTENSION.get_bound(py)?)? {
exts.push(Extension {
extn_id: oid,
critical: py_ext.getattr(pyo3::intern!(py, "critical"))?.extract()?,
@ -445,7 +445,7 @@ pub(crate) fn encode_extensions<
});
continue;
}
match encode_ext(py, &oid, ext_val)? {
match encode_ext(py, &oid, &ext_val)? {
Some(data) => {
// TODO: extra copy
let py_data = pyo3::types::PyBytes::new_bound(py, &data);
@ -477,7 +477,7 @@ fn encode_extension_value<'p>(
) -> pyo3::PyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
let oid = py_oid_to_oid(py_ext.getattr(pyo3::intern!(py, "oid"))?)?;
if let Some(data) = x509::extensions::encode_extension(py, &oid, py_ext.into_gil_ref())? {
if let Some(data) = x509::extensions::encode_extension(py, &oid, &py_ext)? {
// TODO: extra copy
let py_data = pyo3::types::PyBytes::new_bound(py, &data);
return Ok(py_data);

12
src/rust/src/x509/crl.rs
View file

@ -239,7 +239,7 @@ impl CertificateRevocationList {
) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
let result = asn1::write_single(&self.owned.borrow_dependent())?;
encode_der_data(py, "X509 CRL".to_string(), result, encoding.into_gil_ref())
encode_der_data(py, "X509 CRL".to_string(), result, &encoding)
}
#[getter]
@ -672,10 +672,7 @@ fn create_x509_crl(
)?,
raw_crl_entry_extensions: x509::common::encode_extensions(
py,
py_revoked_cert
.getattr(pyo3::intern!(py, "extensions"))?
.clone()
.into_gil_ref(),
&py_revoked_cert.getattr(pyo3::intern!(py, "extensions"))?,
extensions::encode_extension,
)?,
});
@ -702,10 +699,7 @@ fn create_x509_crl(
},
raw_crl_extensions: x509::common::encode_extensions(
py,
builder
.getattr(pyo3::intern!(py, "_extensions"))?
.clone()
.into_gil_ref(),
&builder.getattr(pyo3::intern!(py, "_extensions"))?,
extensions::encode_extension,
)?,
};

11
src/rust/src/x509/csr.rs
View file

@ -123,12 +123,7 @@ impl CertificateSigningRequest {
) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
let result = asn1::write_single(self.raw.borrow_dependent())?;
encode_der_data(
py,
"CERTIFICATE REQUEST".to_string(),
result,
encoding.clone().into_gil_ref(),
)
encode_der_data(py, "CERTIFICATE REQUEST".to_string(), result, encoding)
}
fn get_attribute_for_oid<'p>(
@ -317,9 +312,7 @@ fn create_x509_csr(
let ext_bytes;
if let Some(exts) = x509::common::encode_extensions(
py,
builder
.getattr(pyo3::intern!(py, "_extensions"))?
.into_gil_ref(),
&builder.getattr(pyo3::intern!(py, "_extensions"))?,
x509::extensions::encode_extension,
)? {
ext_bytes = asn1::write_single(&exts)?;

35
src/rust/src/x509/extensions.rs
View file

@ -13,7 +13,7 @@ use pyo3::PyNativeType;
fn encode_general_subtrees<'a>(
py: pyo3::Python<'a>,
subtrees: &'a pyo3::PyAny,
subtrees: &pyo3::Bound<'a, pyo3::PyAny>,
) -> Result<Option<extensions::SequenceOfSubtrees<'a>>, CryptographyError> {
if subtrees.is_none() {
Ok(None)
@ -35,7 +35,7 @@ fn encode_general_subtrees<'a>(
pub(crate) fn encode_authority_key_identifier<'a>(
py: pyo3::Python<'a>,
py_aki: &'a pyo3::PyAny,
py_aki: &pyo3::Bound<'a, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
#[derive(pyo3::prelude::FromPyObject)]
struct PyAuthorityKeyIdentifier<'a> {
@ -68,7 +68,7 @@ pub(crate) fn encode_authority_key_identifier<'a>(
pub(crate) fn encode_distribution_points<'p>(
py: pyo3::Python<'p>,
py_dps: &'p pyo3::PyAny,
py_dps: &pyo3::Bound<'p, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
#[derive(pyo3::prelude::FromPyObject)]
struct PyDistributionPoint<'a> {
@ -123,7 +123,7 @@ pub(crate) fn encode_distribution_points<'p>(
Ok(asn1::write_single(&asn1::SequenceOfWriter::new(dps))?)
}
fn encode_basic_constraints(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
fn encode_basic_constraints(ext: &pyo3::Bound<'_, pyo3::PyAny>) -> CryptographyResult<Vec<u8>> {
#[derive(pyo3::prelude::FromPyObject)]
struct PyBasicConstraints {
ca: bool,
@ -137,7 +137,10 @@ fn encode_basic_constraints(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
Ok(asn1::write_single(&bc)?)
}
fn encode_key_usage(py: pyo3::Python<'_>, ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
fn encode_key_usage(
py: pyo3::Python<'_>,
ext: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
let mut bs = [0, 0];
certificate::set_bit(
&mut bs,
@ -212,7 +215,7 @@ fn encode_key_usage(py: pyo3::Python<'_>, ext: &pyo3::PyAny) -> CryptographyResu
fn encode_certificate_policies(
py: pyo3::Python<'_>,
ext: &pyo3::PyAny,
ext: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
let mut policy_informations = vec![];
for py_policy_info in ext.iter()? {
@ -303,7 +306,7 @@ fn encode_certificate_policies(
fn encode_issuing_distribution_point(
py: pyo3::Python<'_>,
ext: &pyo3::PyAny,
ext: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
let only_some_reasons = if ext
.getattr(pyo3::intern!(py, "only_some_reasons"))?
@ -328,8 +331,7 @@ fn encode_issuing_distribution_point(
{
let mut name_entries = vec![];
for py_name_entry in ext.getattr(pyo3::intern!(py, "relative_name"))?.iter()? {
let bound_name_entry = &py_name_entry?.as_borrowed();
name_entries.push(x509::common::encode_name_entry(ext.py(), bound_name_entry)?);
name_entries.push(x509::common::encode_name_entry(ext.py(), &py_name_entry?)?);
}
Some(extensions::DistributionPointName::NameRelativeToCRLIssuer(
common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(name_entries)),
@ -355,7 +357,7 @@ fn encode_issuing_distribution_point(
Ok(asn1::write_single(&idp)?)
}
fn encode_oid_sequence(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
fn encode_oid_sequence(ext: &pyo3::Bound<'_, pyo3::PyAny>) -> CryptographyResult<Vec<u8>> {
let mut oids = vec![];
for el in ext.iter()? {
let oid = py_oid_to_oid(el?.as_borrowed().to_owned())?;
@ -364,7 +366,10 @@ fn encode_oid_sequence(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
Ok(asn1::write_single(&asn1::SequenceOfWriter::new(oids))?)
}
fn encode_tls_features(py: pyo3::Python<'_>, ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
fn encode_tls_features(
py: pyo3::Python<'_>,
ext: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
// Ideally we'd skip building up a vec and just write directly into the
// writer. This isn't possible at the moment because the callback to write
// an asn1::Sequence can't return an error, and we need to handle errors
@ -377,7 +382,7 @@ fn encode_tls_features(py: pyo3::Python<'_>, ext: &pyo3::PyAny) -> CryptographyR
Ok(asn1::write_single(&asn1::SequenceOfWriter::new(els))?)
}
fn encode_scts(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
fn encode_scts(ext: &pyo3::Bound<'_, pyo3::PyAny>) -> CryptographyResult<Vec<u8>> {
let mut length = 0;
for sct in ext.iter()? {
let sct = sct?.as_borrowed().downcast::<sct::Sct>()?.clone();
@ -397,7 +402,7 @@ fn encode_scts(ext: &pyo3::PyAny) -> CryptographyResult<Vec<u8>> {
pub(crate) fn encode_extension(
py: pyo3::Python<'_>,
oid: &asn1::ObjectIdentifier,
ext: &pyo3::PyAny,
ext: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Option<Vec<u8>>> {
match oid {
&oid::BASIC_CONSTRAINTS_OID => {
@ -441,8 +446,8 @@ pub(crate) fn encode_extension(
let permitted = ext.getattr(pyo3::intern!(py, "permitted_subtrees"))?;
let excluded = ext.getattr(pyo3::intern!(py, "excluded_subtrees"))?;
let nc = extensions::NameConstraints {
permitted_subtrees: encode_general_subtrees(ext.py(), permitted)?,
excluded_subtrees: encode_general_subtrees(ext.py(), excluded)?,
permitted_subtrees: encode_general_subtrees(ext.py(), &permitted)?,
excluded_subtrees: encode_general_subtrees(ext.py(), &excluded)?,
};
Ok(Some(asn1::write_single(&nc)?))
}

5
src/rust/src/x509/ocsp_req.rs
View file

@ -210,10 +210,7 @@ fn create_ocsp_request(
let extensions = x509::common::encode_extensions(
py,
builder
.getattr(pyo3::intern!(py, "_extensions"))?
.clone()
.into_gil_ref(),
&builder.getattr(pyo3::intern!(py, "_extensions"))?,
extensions::encode_extension,
)?;
let reqs = [ocsp_req::Request {

5
src/rust/src/x509/ocsp_resp.rs
View file

@ -696,10 +696,7 @@ fn create_ocsp_response(
)),
raw_response_extensions: x509::common::encode_extensions(
py,
builder
.getattr(pyo3::intern!(py, "_extensions"))?
.clone()
.into_gil_ref(),
&builder.getattr(pyo3::intern!(py, "_extensions"))?,
extensions::encode_extension,
)?,
};