pcvolkmer/cert-tools
1
0
Fork 0
mirror of https://github.com/pcvolkmer/cert-tools.git synced 2025-04-19 17:06:49 +00:00
Code Issues Activity

feat: add support for PKCS#7 packages (#4)

Browse Source
This commit is contained in:
Paul-Christian Volkmer 2025-01-26 16:11:10 +01:00 committed by GitHub
parent 1edfc58599
commit cf6d0fe423
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/lib.rs
View File

@ -21,6 +21,7 @@ use itertools::Itertools;
use openssl::asn1::Asn1Time; use openssl::asn1::Asn1Time;
use openssl::hash::MessageDigest; use openssl::hash::MessageDigest;
use openssl::nid::Nid; use openssl::nid::Nid;
use openssl::pkcs7::Pkcs7;
use openssl::pkey::{PKey, PKeyRef, Public}; use openssl::pkey::{PKey, PKeyRef, Public};
use openssl::x509::X509; use openssl::x509::X509;
use std::cmp::Ordering; use std::cmp::Ordering;
@ -265,9 +266,32 @@ pub struct Chain {
impl Chain { impl Chain {
pub fn read(path: &Path) -> Result<Self, String> { pub fn read(path: &Path) -> Result<Self, String> {
let file = fs::read(path).map_err(|err| err.to_string())?; let file = fs::read(path).map_err(|err| err.to_string())?;
let certs = X509::stack_from_pem(&file).map_err(|err| err.to_string())?;
let certs = certs.iter().map(Certificate::from_x509).collect::<Vec<_>>(); let certs = if file.starts_with("-----BEGIN CERTIFICATE-----".as_bytes()) {
let certs = X509::stack_from_pem(&file).map_err(|err| err.to_string())?;
certs.iter().map(Certificate::from_x509).collect::<Vec<_>>()
} else if file.starts_with("-----BEGIN PKCS7-----".as_bytes()) {
let pkcs7 = Pkcs7::from_pem(&file).map_err(|err| err.to_string())?;
if let Some(signed) = pkcs7.signed() {
signed
.certificates()
.iter()
.flat_map(|stack_ref| {
stack_ref.iter().map(|x509_ref| {
let pem = x509_ref.to_pem().unwrap_or_else(|_| "".as_bytes().to_vec());
match X509::from_pem(pem.as_slice()) {
Ok(cert) => Certificate::from_x509(&cert),
Err(_) => Err(String::from("Invalid PEM")),
}
})
})
.collect::<Vec<_>>()
} else {
vec![]
}
} else {
return Err("Not a parsable file".to_string());
};
if certs.iter().filter(|item| item.is_err()).count() > 0 { if certs.iter().filter(|item| item.is_err()).count() > 0 {
return Err("Certificate chain contains invalid certificate".to_string()); return Err("Certificate chain contains invalid certificate".to_string());