webpki/
trust_anchor.rs

1use crate::cert::{lenient_certificate_serial_number, Cert, EndEntityOrCa};
2use crate::{der, Error};
3
4/// A trust anchor (a.k.a. root CA).
5///
6/// Traditionally, certificate verification libraries have represented trust
7/// anchors as full X.509 root certificates. However, those certificates
8/// contain a lot more data than is needed for verifying certificates. The
9/// `TrustAnchor` representation allows an application to store just the
10/// essential elements of trust anchors. The `TrustAnchor::try_from_cert_der`
11/// function allows converting X.509 certificates to to the minimized
12/// `TrustAnchor` representation, either at runtime or in a build script.
13#[derive(Debug)]
14pub struct TrustAnchor<'a> {
15    /// The value of the `subject` field of the trust anchor.
16    pub subject: &'a [u8],
17
18    /// The value of the `subjectPublicKeyInfo` field of the trust anchor.
19    pub spki: &'a [u8],
20
21    /// The value of a DER-encoded NameConstraints, containing name
22    /// constraints to apply to the trust anchor, if any.
23    pub name_constraints: Option<&'a [u8]>,
24}
25
26/// Trust anchors which may be used for authenticating servers.
27#[deprecated(
28    since = "0.101.2",
29    note = "The per-usage trust anchor representations and verification functions are deprecated in \
30        favor of the general-purpose `TrustAnchor` type and `EndEntity::verify_for_usage` function. \
31        The new `verify_for_usage` function expresses trust anchor and end entity purpose with the \
32        key usage argument."
33)]
34#[derive(Debug)]
35pub struct TlsServerTrustAnchors<'a>(pub &'a [TrustAnchor<'a>]);
36
37/// Trust anchors which may be used for authenticating clients.
38#[deprecated(
39    since = "0.101.2",
40    note = "The per-usage trust anchor representations and verification functions are deprecated in \
41        favor of the general-purpose `TrustAnchor` type and `EndEntity::verify_for_usage` function. \
42        The new `verify_for_usage` function expresses trust anchor and end entity purpose with the \
43        key usage argument."
44)]
45#[derive(Debug)]
46pub struct TlsClientTrustAnchors<'a>(pub &'a [TrustAnchor<'a>]);
47
48impl<'a> TrustAnchor<'a> {
49    /// Interprets the given DER-encoded certificate as a `TrustAnchor`. The
50    /// certificate is not validated. In particular, there is no check that the
51    /// certificate is self-signed or even that the certificate has the cA basic
52    /// constraint.
53    pub fn try_from_cert_der(cert_der: &'a [u8]) -> Result<Self, Error> {
54        let cert_der = untrusted::Input::from(cert_der);
55
56        // XXX: `EndEntityOrCA::EndEntity` is used instead of `EndEntityOrCA::CA`
57        // because we don't have a reference to a child cert, which is needed for
58        // `EndEntityOrCA::CA`. For this purpose, it doesn't matter.
59        //
60        // v1 certificates will result in `Error::BadDer` because `parse_cert` will
61        // expect a version field that isn't there. In that case, try to parse the
62        // certificate using a special parser for v1 certificates. Notably, that
63        // parser doesn't allow extensions, so there's no need to worry about
64        // embedded name constraints in a v1 certificate.
65        match Cert::from_der(cert_der, EndEntityOrCa::EndEntity) {
66            Ok(cert) => Ok(Self::from(cert)),
67            Err(Error::UnsupportedCertVersion) => {
68                Self::from_v1_der(cert_der).or(Err(Error::BadDer))
69            }
70            Err(err) => Err(err),
71        }
72    }
73
74    /// Parses a v1 certificate directly into a TrustAnchor.
75    fn from_v1_der(cert_der: untrusted::Input<'a>) -> Result<Self, Error> {
76        // X.509 Certificate: https://tools.ietf.org/html/rfc5280#section-4.1.
77        cert_der.read_all(Error::BadDer, |cert_der| {
78            der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |cert_der| {
79                let anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |tbs| {
80                    // The version number field does not appear in v1 certificates.
81                    lenient_certificate_serial_number(tbs)?;
82
83                    skip(tbs, der::Tag::Sequence)?; // signature.
84                    skip(tbs, der::Tag::Sequence)?; // issuer.
85                    skip(tbs, der::Tag::Sequence)?; // validity.
86                    let subject = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)?;
87                    let spki = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)?;
88
89                    Ok(TrustAnchor {
90                        subject: subject.as_slice_less_safe(),
91                        spki: spki.as_slice_less_safe(),
92                        name_constraints: None,
93                    })
94                });
95
96                // read and discard signatureAlgorithm + signature
97                skip(cert_der, der::Tag::Sequence)?;
98                skip(cert_der, der::Tag::BitString)?;
99
100                anchor
101            })
102        })
103    }
104}
105
106impl<'a> From<Cert<'a>> for TrustAnchor<'a> {
107    fn from(cert: Cert<'a>) -> Self {
108        Self {
109            subject: cert.subject.as_slice_less_safe(),
110            spki: cert.spki.value().as_slice_less_safe(),
111            name_constraints: cert.name_constraints.map(|nc| nc.as_slice_less_safe()),
112        }
113    }
114}
115
116fn skip(input: &mut untrusted::Reader, tag: der::Tag) -> Result<(), Error> {
117    der::expect_tag_and_get_value(input, tag).map(|_| ())
118}