From 5c093adbda2449fd2c56440f087d0c829c96df1d Mon Sep 17 00:00:00 2001 From: Martin Madsen Date: Sat, 19 Mar 2022 22:20:59 +0100 Subject: [PATCH 1/5] Drop OpenSSL in favor of RustCrypto crates --- Cargo.lock | 948 ++++++++++++++++++++++-------- Cargo.toml | 26 +- src/bindings.rs | 1 - src/metadata/entity_descriptor.rs | 8 +- src/schema/authn_request.rs | 123 ++-- src/schema/response.rs | 41 +- src/service_provider/mod.rs | 73 ++- src/signature.rs | 12 +- src/xmlsec/error.rs | 7 +- 9 files changed, 900 insertions(+), 339 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 89bb834..f04fb75 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3,20 +3,68 @@ version = 3 [[package]] -name = "adler" -version = "1.0.2" +name = "adler32" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +checksum = "5d2e7343e7fc9de883d1b0341e0b13970f764c14101234857d2ddafa1cb1cac2" [[package]] name = "aho-corasick" -version = "0.7.18" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +checksum = "d5e63fd144e18ba274ae7095c0197a870a7b9468abc801dd62f190d80817d2ec" dependencies = [ "memchr", ] +[[package]] +name = "ansi_term" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" +dependencies = [ + "winapi", +] + +[[package]] +name = "asn1-rs" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30ff05a702273012438132f449575dbc804e27b2f3cbe3069aa237d26c98fa33" +dependencies = [ + "asn1-rs-derive", + "asn1-rs-impl", + "displaydoc", + "nom 7.1.0", + "num-traits", + "rusticata-macros", + "thiserror", + "time 0.3.7", +] + +[[package]] +name = "asn1-rs-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db8b7511298d5b7784b40b092d9e9dcd3a627a5707e4b5e507931ab0d44eeebf" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "asn1-rs-impl" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "atty" version = "0.2.14" @@ -28,6 +76,15 @@ dependencies = [ "winapi", ] +[[package]] +name = "autocfg" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dde43e75fd43e8a1bf86103336bc699aa8d17ad1be60c76c0bdfd4828e19b78" +dependencies = [ + "autocfg 1.1.0", +] + [[package]] name = "autocfg" version = "1.1.0" @@ -40,11 +97,17 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" +[[package]] +name = "base64ct" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6b4d9b1225d28d360ec6a231d65af1fd99a2a095154c8040689617290569c5c" + [[package]] name = "bindgen" -version = "0.60.1" +version = "0.59.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6" +checksum = "453c49e5950bb0eb63bb3df640e31618846c89d5b7faa54040d76e98e0134375" dependencies = [ "bitflags", "cexpr", @@ -65,25 +128,61 @@ dependencies = [ [[package]] name = "bitflags" -version = "1.3.2" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" + +[[package]] +name = "bitvec" +version = "0.19.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8942c8d352ae1838c9dda0b0ca2ab657696ef2232a20147cf1b30ae1a9cb4321" +dependencies = [ + "funty", + "radium", + "tap", + "wyz", +] + +[[package]] +name = "block-buffer" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "generic-array", +] [[package]] -name = "cc" -version = "1.0.73" +name = "byteorder" +version = "1.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "c2-chacha" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "214238caa1bf3a496ec3392968969cab8549f96ff30652c9e56885329315f6bb" +dependencies = [ + "ppv-lite86", +] [[package]] name = "cexpr" -version = "0.6.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +checksum = "db507a7679252d2276ed0dd8113c6875ec56d3089f9225b2b42c30cc1f8e5c89" dependencies = [ - "nom", + "nom 6.1.2", ] +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + [[package]] name = "cfg-if" version = "1.0.0" @@ -92,23 +191,21 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.19" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" +checksum = "31850b4a4d6bae316f7a09e691c944c28299298837edc0a03f755618c23cbc01" dependencies = [ - "libc", "num-integer", "num-traits", "serde", - "time", - "winapi", + "time 0.1.42", ] [[package]] name = "clang-sys" -version = "1.3.3" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a050e2153c5be08febd6734e29298e844fdb0fa21aeddd63b4eb7baa106c69b" +checksum = "853eda514c284c2287f4bf20ae614f8781f40a81d32ecda6e91449304dfe077c" dependencies = [ "glob", "libc", @@ -117,42 +214,59 @@ dependencies = [ [[package]] name = "clap" -version = "3.1.18" +version = "2.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2dbdf4bdacb33466e854ce889eee8dfd5729abf7ccd7664d0a2d60cd384440b" +checksum = "5067f5bb2d80ef5d68b4c87db81601f0b75bca627bc2ef76b141d7b846a3c6d9" dependencies = [ + "ansi_term", "atty", "bitflags", - "clap_lex", - "indexmap", - "strsim", - "termcolor", + "strsim 0.8.0", "textwrap", + "unicode-width", + "vec_map", ] [[package]] -name = "clap_lex" -version = "0.2.0" +name = "const-oid" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a37c35f1112dad5e6e0b1adaff798507497a18fceeb30cceb3bae7d1427b9213" +checksum = "9d6f2aa4d0537bcc1c74df8755072bd31c1ef1a3a1b85a68e8404a8c353b7b8b" + +[[package]] +name = "cpufeatures" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469" dependencies = [ - "os_str_bytes", + "libc", ] [[package]] name = "crc32fast" -version = "1.3.2" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +checksum = "ba125de2af0df55319f41944744ad91c71113bf74a4646efff39afe1f6842db1" dependencies = [ - "cfg-if", + "cfg-if 0.1.10", +] + +[[package]] +name = "crypto-bigint" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f83bd3bb4314701c568e340cd8cf78c975aa0ca79e03d3f6d1677d5b0c9c0c03" +dependencies = [ + "generic-array", + "rand_core 0.6.3", + "subtle", ] [[package]] name = "darling" -version = "0.14.1" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4529658bdda7fd6769b8614be250cdcfc3aeb0ee72fe66f9e41e5e5eb73eac02" +checksum = "5f2c43f534ea4b0b049015d00269734195e6d3f0f6635cb692251aca6f9f8b3c" dependencies = [ "darling_core", "darling_macro", @@ -160,23 +274,23 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.14.1" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "649c91bc01e8b1eac09fb91e8dbc7d517684ca6be8ebc75bb9cafc894f9fdb6f" +checksum = "8e91455b86830a1c21799d94524df0845183fa55bafd9aa137b01c7d1065fa36" dependencies = [ "fnv", "ident_case", "proc-macro2", "quote", - "strsim", + "strsim 0.10.0", "syn", ] [[package]] name = "darling_macro" -version = "0.14.1" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddfc69c5bfcbd2fc09a0f38451d2daf0e372e367986a83906d1b0dbc88134fb5" +checksum = "29b5acf0dea37a7f66f7b25d2c5e93fd46f8f6968b1a5d7a3e02e97768afc95a" dependencies = [ "darling_core", "quote", @@ -189,20 +303,44 @@ version = "2.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" +[[package]] +name = "der" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4" +dependencies = [ + "const-oid", + "crypto-bigint", +] + +[[package]] +name = "der-parser" +version = "7.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe398ac75057914d7d07307bf67dc7f3f574a26783b4fc7805a20ffa9f506e82" +dependencies = [ + "asn1-rs", + "displaydoc", + "nom 7.1.0", + "num-bigint", + "num-traits", + "rusticata-macros", +] + [[package]] name = "derive_builder" -version = "0.11.2" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d07adf7be193b71cc36b193d0f5fe60b918a3a9db4dad0449f57bcfd519704a3" +checksum = "d13202debe11181040ae9063d739fa32cfcaaebe2275fe387703460ae2365b30" dependencies = [ "derive_builder_macro", ] [[package]] name = "derive_builder_core" -version = "0.11.2" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f91d4cfa921f1c05904dc3c57b4a32c38aed3340cce209f3a6fd1478babafc4" +checksum = "66e616858f6187ed828df7c64a6d71720d83767a7f19740b2d1b6fe6327b36e5" dependencies = [ "darling", "proc-macro2", @@ -212,31 +350,45 @@ dependencies = [ [[package]] name = "derive_builder_macro" -version = "0.11.2" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f0314b72bed045f3a68671b3c86328386762c93f82d98c65c3cb5e5f573dd68" +checksum = "58a94ace95092c5acb1e97a7e846b310cfbd499652f72297da7493f618a98d73" dependencies = [ "derive_builder_core", "syn", ] [[package]] -name = "doc-comment" -version = "0.3.3" +name = "digest" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] [[package]] -name = "either" -version = "1.6.1" +name = "displaydoc" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" +checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "doc-comment" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "923dea538cea0aa3025e8685b20d6ee21ef99c4f77e954a30febbaac5ec73a97" [[package]] name = "env_logger" -version = "0.9.0" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3" +checksum = "a19187fea3ac7e84da7dacf48de0c45d63c6a76f9490dae389aead16c243fce3" dependencies = [ "atty", "humantime", @@ -247,54 +399,58 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.24" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f82b0f4c27ad9f8bfd1f3208d882da2b09c301bc1c828fd3a00d0216d2fbbff6" +checksum = "6bd6d6f4752952feb71363cffc9ebac9411b75b87c6ab6058c40c8900cf43c0f" dependencies = [ + "cfg-if 0.1.10", "crc32fast", + "libc", "miniz_oxide", ] [[package]] name = "fnv" -version = "1.0.7" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +checksum = "2fad85553e09a6f881f739c29f0b00b0f01357c743266d478b68951ce23285f3" [[package]] -name = "foreign-types" -version = "0.3.2" +name = "funty" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] +checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" [[package]] -name = "foreign-types-shared" -version = "0.1.1" +name = "generic-array" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" +checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803" +dependencies = [ + "typenum", + "version_check", +] [[package]] -name = "form_urlencoded" -version = "1.0.1" +name = "getrandom" +version = "0.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191" +checksum = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb" dependencies = [ - "matches", - "percent-encoding", + "cfg-if 0.1.10", + "libc", + "wasi 0.9.0+wasi-snapshot-preview1", ] [[package]] name = "getrandom" -version = "0.2.6" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad" +checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", - "wasi", + "wasi 0.10.2+wasi-snapshot-preview1", ] [[package]] @@ -303,23 +459,11 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" -[[package]] -name = "hashbrown" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" - -[[package]] -name = "heck" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9" - [[package]] name = "hermit-abi" -version = "0.1.19" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" +checksum = "1010591b26bbfe835e9faeabeb11866061cc7dcebffd56ad7d0942d0e61aefd8" dependencies = [ "libc", ] @@ -338,9 +482,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idna" -version = "0.2.3" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8" +checksum = "02e2673c30ee86b5b96a9cb52ad15718aa1f966f5ab9ad54a8b95d5ca33120a9" dependencies = [ "matches", "unicode-bidi", @@ -348,20 +492,19 @@ dependencies = [ ] [[package]] -name = "indexmap" -version = "1.8.2" +name = "itoa" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6012d540c5baa3589337a98ce73408de9b5a25ec9fc2c6fd6be8f0d39e0ca5a" -dependencies = [ - "autocfg", - "hashbrown", -] +checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" [[package]] name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin", +] [[package]] name = "lazycell" @@ -371,25 +514,31 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.126" +version = "0.2.119" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349d5a591cd28b49e1d1037471617a32ddcda5731b99419008085f72d5a53836" +checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4" [[package]] name = "libloading" -version = "0.7.3" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd" +checksum = "6f84d96438c15fcd6c3f244c8fce01d1e2b9c6b5623e9c711dc9286d8fc92d6a" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "winapi", ] +[[package]] +name = "libm" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33a33a362ce288760ec6a508b94caaec573ae7d3bbbd91b87aa0bad4456839db" + [[package]] name = "libxml" -version = "0.3.1" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "687f5a78939052c5d02865c0fe3ea2ce2acdca875f7f81db82f7aef256dd97ac" +checksum = "02c07ecb409949e5c5c0818e189e6bc766bcb8b08b3401772ca8c61a58c682b8" dependencies = [ "libc", "pkg-config", @@ -398,24 +547,24 @@ dependencies = [ [[package]] name = "log" -version = "0.4.17" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" +checksum = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7" dependencies = [ - "cfg-if", + "cfg-if 0.1.10", ] [[package]] name = "matches" -version = "0.1.9" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" +checksum = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08" [[package]] name = "memchr" -version = "2.5.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" +checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" [[package]] name = "minimal-lexical" @@ -425,98 +574,119 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.5.3" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f5c75688da582b8ffc1f1799e9db273f32133c49e048f614d22ec3256773ccc" +checksum = "aa679ff6578b1cddee93d7e82e263b94a575e0bfced07284eb0c037c1d2416a5" dependencies = [ - "adler", + "adler32", ] [[package]] name = "nom" -version = "7.1.1" +version = "6.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36" +checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2" +dependencies = [ + "bitvec", + "funty", + "memchr", + "version_check", +] + +[[package]] +name = "nom" +version = "7.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109" dependencies = [ "memchr", "minimal-lexical", + "version_check", ] [[package]] -name = "num-integer" -version = "0.1.45" +name = "num-bigint" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" dependencies = [ - "autocfg", + "autocfg 1.1.0", + "num-integer", "num-traits", ] [[package]] -name = "num-traits" -version = "0.2.15" +name = "num-bigint-dig" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" +checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" dependencies = [ - "autocfg", + "autocfg 0.1.8", + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.4", + "smallvec", + "zeroize", ] [[package]] -name = "once_cell" -version = "1.12.0" +name = "num-integer" +version = "0.1.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7709cef83f0c1f58f666e746a08b21e0085f7440fa6a29cc194d68aac97a4225" +checksum = "3f6ea62e9d81a77cd3ee9a2a5b9b609447857f3d358704331e4ef39eb247fcba" +dependencies = [ + "autocfg 1.1.0", + "num-traits", +] [[package]] -name = "openssl" -version = "0.10.40" +name = "num-iter" +version = "0.1.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb81a6430ac911acb25fe5ac8f1d2af1b4ea8a4fdfda0f1ee4292af2e2d8eb0e" +checksum = "b2021c8337a54d21aca0d59a92577a029af9431cb59b909b03252b9c164fad59" dependencies = [ - "bitflags", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", + "autocfg 1.1.0", + "num-integer", + "num-traits", ] [[package]] -name = "openssl-macros" -version = "0.1.0" +name = "num-traits" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" +checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" dependencies = [ - "proc-macro2", - "quote", - "syn", + "autocfg 1.1.0", + "libm", ] [[package]] -name = "openssl-probe" -version = "0.1.5" +name = "num_threads" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +checksum = "97ba99ba6393e2c3734791401b66902d981cb03bf190af674ca69949b6d5fb15" +dependencies = [ + "libc", +] [[package]] -name = "openssl-sys" -version = "0.9.74" +name = "oid-registry" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "835363342df5fba8354c5b453325b110ffd54044e588c539cf2f20a8014e4cb1" +checksum = "38e20717fa0541f39bd146692035c37bedfa532b3e5071b35761082407546b2a" dependencies = [ - "autocfg", - "cc", - "libc", - "pkg-config", - "vcpkg", + "asn1-rs", ] [[package]] -name = "os_str_bytes" -version = "6.1.0" +name = "opaque-debug" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21326818e99cfe6ce1e524c2a805c189a99b5ae555a35d19f9a284b427d86afa" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "peeking_take_while" @@ -524,38 +694,71 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" +[[package]] +name = "pem-rfc7468" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "84e93a3b1cc0510b03020f33f21e62acdde3dcaef432edc95bea377fbd4c2cd4" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" +[[package]] +name = "pkcs1" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "116bee8279d783c0cf370efa1a94632f2108e5ef0bb32df31f051647810a4e2c" +dependencies = [ + "der", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "pkcs8" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447" +dependencies = [ + "der", + "pem-rfc7468", + "pkcs1", + "spki", + "zeroize", +] + [[package]] name = "pkg-config" -version = "0.3.25" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +checksum = "05da548ad6865900e60eaba7f589cc0783590a92e940c26953ff81ddbab2d677" [[package]] name = "ppv-lite86" -version = "0.2.16" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" +checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" [[package]] name = "proc-macro2" -version = "1.0.39" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c54b25569025b7fc9651de43004ae593a75ad88543b17178aa5e1b9c4f15f56f" +checksum = "5c7ed8b8c7b886ea3ed7dde405212185f423ab44682667c8c6dd14aa1d9f6612" dependencies = [ - "unicode-ident", + "unicode-xid", ] [[package]] name = "quick-xml" -version = "0.23.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9279fbdacaad3baf559d8cabe0acc3d06e30ea14931af31af79578ac0946decc" +checksum = "8533f14c8382aaad0d592c812ac3b826162128b65662331e1127b45c3d18536b" dependencies = [ "memchr", "serde", @@ -563,22 +766,52 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.18" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1feb54ed693b93a84e14094943b84b7c4eae204c512b7ccb95ab0c66d278ad1" +checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" dependencies = [ "proc-macro2", ] +[[package]] +name = "radium" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" + [[package]] name = "rand" -version = "0.8.5" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" dependencies = [ + "getrandom 0.1.14", "libc", - "rand_chacha", - "rand_core", + "rand_chacha 0.2.1", + "rand_core 0.5.1", + "rand_hc 0.2.0", +] + +[[package]] +name = "rand" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.3", + "rand_hc 0.3.1", +] + +[[package]] +name = "rand_chacha" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03a2a90da8c7523f554344f921aa97283eadf6ac484a6d2a7d0212fa7f8d6853" +dependencies = [ + "c2-chacha", + "rand_core 0.5.1", ] [[package]] @@ -588,7 +821,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.3", +] + +[[package]] +name = "rand_core" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" +dependencies = [ + "getrandom 0.1.14", ] [[package]] @@ -597,25 +839,70 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom", + "getrandom 0.2.3", +] + +[[package]] +name = "rand_hc" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +dependencies = [ + "rand_core 0.5.1", +] + +[[package]] +name = "rand_hc" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" +dependencies = [ + "rand_core 0.6.3", ] +[[package]] +name = "redox_syscall" +version = "0.1.56" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2439c63f3f6139d1b57529d16bc3b8bb855230c8efcc5d3a896c8bea7c3b1e84" + [[package]] name = "regex" -version = "1.5.6" +version = "1.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1" +checksum = "322cf97724bea3ee221b78fe25ac9c46114ebb51747ad5babd51a2fc6a8235a8" dependencies = [ "aho-corasick", "memchr", "regex-syntax", + "thread_local", ] [[package]] name = "regex-syntax" -version = "0.6.26" +version = "0.6.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7246cd0a0a6ec2239a5405b2b16e3f404fa0dcc6d28f5f5b877bf80e33e0f294" + +[[package]] +name = "rsa" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64" +checksum = "e05c2603e2823634ab331437001b411b9ed11660fbc4066f3908c84a9439260d" +dependencies = [ + "byteorder", + "digest", + "lazy_static", + "num-bigint-dig", + "num-integer", + "num-iter", + "num-traits", + "pkcs1", + "pkcs8", + "rand 0.8.4", + "subtle", + "zeroize", +] [[package]] name = "rustc-hash" @@ -623,9 +910,18 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +[[package]] +name = "rusticata-macros" +version = "4.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" +dependencies = [ + "nom 7.1.0", +] + [[package]] name = "samael" -version = "0.0.9" +version = "0.0.8" dependencies = [ "base64", "bindgen", @@ -636,49 +932,68 @@ dependencies = [ "lazy_static", "libc", "libxml", - "openssl", - "openssl-probe", - "openssl-sys", "pkg-config", "quick-xml", - "rand", + "rand 0.8.4", + "rsa", "serde", + "sha2", "snafu", "url", "uuid", + "x509-parser", ] [[package]] name = "serde" -version = "1.0.137" +version = "1.0.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61ea8d54c77f8315140a05f4c7237403bf38b72704d031543aa1d16abbf517d1" +checksum = "414115f25f818d7dfccec8ee535d76949ae78584fc4f79a6f45a904bf8ab4449" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.137" +version = "1.0.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f26faba0c3959972377d3b2d306ee9f71faee9714294e41bb777f83f88578be" +checksum = "128f9e303a5a29922045a830221b8f78ec74a5f544944f3d5984f8ec3895ef64" dependencies = [ "proc-macro2", "quote", "syn", ] +[[package]] +name = "sha2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +dependencies = [ + "block-buffer", + "cfg-if 1.0.0", + "cpufeatures", + "digest", + "opaque-debug", +] + [[package]] name = "shlex" -version = "1.1.0" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42a568c8f2cd051a4d283bd6eb0343ac214c1b0f1ac19f93e1175b2dee38c73d" + +[[package]] +name = "smallvec" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" +checksum = "5c2fb2ec9bcd216a5b0d0ccf31ab17b5ed1d627960edff65bbe95d3ce221cefc" [[package]] name = "snafu" -version = "0.7.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5177903bf45656592d9eb5c0e22f408fc023aae51dbe2088889b71633ba451f2" +checksum = "546db9181bce2aa22ed883c33d65603b76335b4c2533a98289f54265043de7a1" dependencies = [ "doc-comment", "snafu-derive", @@ -686,101 +1001,195 @@ dependencies = [ [[package]] name = "snafu-derive" -version = "0.7.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "410b26ed97440d90ced3e2488c868d56a86e2064f5d7d6f417909b286afe25e5" +checksum = "bdc75da2e0323f297402fd9c8fdba709bb04e4c627cbe31d19a2c91fc8d9f0e2" dependencies = [ - "heck", "proc-macro2", "quote", "syn", ] +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "spki" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c01a0c15da1b0b0e1494112e7af814a678fec9bd157881b49beac661e9b6f32" +dependencies = [ + "der", +] + +[[package]] +name = "strsim" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" + [[package]] name = "strsim" version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "syn" -version = "1.0.96" +version = "1.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0748dd251e24453cb8717f0354206b91557e4ec8703673a4b30208f2abaf1ebf" +checksum = "b7f58f7e8eaa0009c5fec437aabf511bd9933e4b2d7407bd05273c01a8906ea7" dependencies = [ "proc-macro2", "quote", - "unicode-ident", + "unicode-xid", ] +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "unicode-xid", +] + +[[package]] +name = "tap" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" + [[package]] name = "termcolor" -version = "1.1.3" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" +checksum = "bb6bfa289a4d7c5766392812c0a1f4c1ba45afa1ad47803c11e1f407d846d75f" dependencies = [ "winapi-util", ] [[package]] name = "textwrap" -version = "0.15.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb" +checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" +dependencies = [ + "unicode-width", +] + +[[package]] +name = "thiserror" +version = "1.0.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "854babe52e4df1653706b98fcfc05843010039b406875930a70e4d9644e5c417" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14" +dependencies = [ + "lazy_static", +] [[package]] name = "time" -version = "0.1.43" +version = "0.1.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" +checksum = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f" dependencies = [ "libc", + "redox_syscall", "winapi", ] [[package]] -name = "tinyvec" -version = "1.6.0" +name = "time" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "004cbc98f30fa233c61a38bc77e96a9106e65c88f2d3bef182ae952027e5753d" dependencies = [ - "tinyvec_macros", + "itoa", + "libc", + "num_threads", + "time-macros", ] [[package]] -name = "tinyvec_macros" -version = "0.1.0" +name = "time-macros" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" +checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6" [[package]] -name = "unicode-bidi" -version = "0.3.8" +name = "typenum" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" [[package]] -name = "unicode-ident" -version = "1.0.0" +name = "unicode-bidi" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d22af068fba1eb5edcb4aea19d382b2a3deb4c8f9d475c589b6ada9e0fd493ee" +checksum = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5" +dependencies = [ + "matches", +] [[package]] name = "unicode-normalization" -version = "0.1.19" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54590932941a9e9266f0832deed84ebe1bf2e4c9e4a3554d393d18f5e854bf9" +checksum = "5479532badd04e128284890390c1e876ef7a993d0570b3597ae43dfa1d59afa4" dependencies = [ - "tinyvec", + "smallvec", ] +[[package]] +name = "unicode-width" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "caaa9d531767d1ff2150b9332433f32a24622147e5ebb1f26409d5da67afd479" + +[[package]] +name = "unicode-xid" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c" + [[package]] name = "url" -version = "2.2.2" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c" +checksum = "829d4a8476c35c9bf0bbce5a3b23f4106f79728039b726d292bb93bc106787cb" dependencies = [ - "form_urlencoded", "idna", "matches", "percent-encoding", @@ -788,18 +1197,36 @@ dependencies = [ [[package]] name = "uuid" -version = "1.1.2" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f" +checksum = "9fde2f6a4bea1d6e007c4ad38c6839fa71cbb63b6dbf5b595aa38dc9b1093c11" dependencies = [ - "getrandom", + "rand 0.7.3", ] [[package]] name = "vcpkg" -version = "0.2.15" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fc439f2794e98976c88a2a2dafce96b930fe8010b0a256b3c2199a773933168" + +[[package]] +name = "vec_map" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a" + +[[package]] +name = "version_check" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" +checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe" + +[[package]] +name = "wasi" +version = "0.9.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" [[package]] name = "wasi" @@ -809,20 +1236,18 @@ checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" [[package]] name = "which" -version = "4.2.5" +version = "3.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae" +checksum = "5475d47078209a02e60614f7ba5e645ef3ed60f771920ac1906d7c1cc65024c8" dependencies = [ - "either", - "lazy_static", "libc", ] [[package]] name = "winapi" -version = "0.3.9" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +checksum = "8093091eeb260906a183e6ae1abdba2ef5ef2257a21801128899c3fc699229c6" dependencies = [ "winapi-i686-pc-windows-gnu", "winapi-x86_64-pc-windows-gnu", @@ -836,9 +1261,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.5" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +checksum = "4ccfbf554c6ad11084fb7517daca16cfdcaccbdadba4fc336f032a8b12c2ad80" dependencies = [ "winapi", ] @@ -848,3 +1273,48 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "wyz" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214" + +[[package]] +name = "x509-parser" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5f14bdbacc48cea8d2a3112fa141949ffb707d724b51a8a1e6a6091f6c26e38" +dependencies = [ + "asn1-rs", + "base64", + "data-encoding", + "der-parser", + "lazy_static", + "nom 7.1.0", + "oid-registry", + "rusticata-macros", + "thiserror", + "time 0.3.7", +] + +[[package]] +name = "zeroize" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d68d9dcec5f9b43a30d38c49f91dfedfaac384cb8f085faca366c26207dd1619" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f8f187641dad4f680d25c4bfc4225b418165984179f26ca76ec4fb6441d3a17" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] diff --git a/Cargo.toml b/Cargo.toml index 7d21818..a4614dc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,20 +23,20 @@ pkg-config = "^0.3.17" bindgen = "^0.60.1" [dependencies] -openssl = "0.10" -openssl-sys = "0.9" -openssl-probe = "0.1.2" -url = "2.1.1" -quick-xml = { version = "0.23.0", features = [ "serialize" ] } -serde = { version = "1.0", features = ["derive"] } -chrono = { version = "0.4", features = ["serde"] } base64 = "0.13" -flate2 = "1.0" -snafu = "0.7" -rand = "0.8.4" +chrono = { version = "0.4", features = ["serde"] } +data-encoding = "2.2.0" derive_builder = "0.11.2" +flate2 = "1.0" +lazy_static = {version = "^1.4.0", optional = true} +libc = {version = "^0.2.66", optional = true} libxml = { version = "0.3.0", optional = true} +quick-xml = { version = "0.23.0", features = [ "serialize" ] } +rand = "0.8.4" +rsa = "0.5.0" +serde = { version = "1.0", features = ["derive"] } +sha2 = "0.9" +snafu = "0.7" +url = "2.1.1" uuid = { version = ">=0.8.0, <2.0.0", features = [ "v4" ] } -data-encoding = "2.2.0" -libc = {version = "^0.2.66", optional = true} -lazy_static = {version = "^1.4.0", optional = true} +x509-parser = "0.13.0" diff --git a/src/bindings.rs b/src/bindings.rs index 7a59f64..c00fcea 100644 --- a/src/bindings.rs +++ b/src/bindings.rs @@ -5,7 +5,6 @@ #![allow(non_snake_case)] #![allow(non_camel_case_types)] #![allow(non_upper_case_globals)] - #![allow(improper_ctypes)] include!(concat!(env!("OUT_DIR"), "/bindings.rs")); diff --git a/src/metadata/entity_descriptor.rs b/src/metadata/entity_descriptor.rs index 69273f1..74e0c9c 100644 --- a/src/metadata/entity_descriptor.rs +++ b/src/metadata/entity_descriptor.rs @@ -130,7 +130,9 @@ mod test { let output_xml = entity_descriptor .to_xml() .expect("Failed to convert EntityDescriptor to xml"); - let reparsed_entity_descriptor: EntityDescriptor =output_xml.parse().expect("Failed to parse EntityDescriptor"); + let reparsed_entity_descriptor: EntityDescriptor = output_xml + .parse() + .expect("Failed to parse EntityDescriptor"); assert_eq!(reparsed_entity_descriptor, entity_descriptor); } @@ -147,7 +149,9 @@ mod test { let output_xml = entity_descriptor .to_xml() .expect("Failed to convert EntityDescriptor to xml"); - let reparsed_entity_descriptor: EntityDescriptor =output_xml.parse().expect("Failed to parse EntityDescriptor"); + let reparsed_entity_descriptor: EntityDescriptor = output_xml + .parse() + .expect("Failed to parse EntityDescriptor"); assert_eq!(reparsed_entity_descriptor, entity_descriptor); } diff --git a/src/schema/authn_request.rs b/src/schema/authn_request.rs index 91ab615..a7aa9d2 100644 --- a/src/schema/authn_request.rs +++ b/src/schema/authn_request.rs @@ -199,13 +199,12 @@ impl AuthnRequest { } #[cfg(feature = "xmlsec")] - pub fn to_signed_xml(&self, + pub fn to_signed_xml( + &self, private_key_der: &[u8], ) -> Result> { crypto::sign_xml(self.to_xml()?, private_key_der) - .map_err(|crypto_error| - Box::new(crypto_error) as Box - ) + .map_err(|crypto_error| Box::new(crypto_error) as Box) } } @@ -213,6 +212,12 @@ impl AuthnRequest { mod test { use super::*; use crate::crypto::UrlVerifier; + use std::collections::HashMap; + + use rsa::{pkcs8::FromPublicKey, Hash, PaddingScheme, PublicKey, RsaPublicKey}; + use sha2::{Digest, Sha256}; + + use super::*; #[test] #[cfg(feature = "xmlsec")] @@ -232,23 +237,67 @@ mod test { "/test_vectors/authn_request_sign_template.xml" )); - let signed_authn_request = - authn_request_sign_template - .parse::()? - .add_key_info(public_cert) - .to_signed_xml(private_key)?; + let signed_authn_request = authn_request_sign_template + .parse::()? + .add_key_info(public_cert) + .to_signed_xml(private_key)?; - assert!( - crate::crypto::verify_signed_xml( - &signed_authn_request, - &public_cert[..], - Some("ID"), - ).is_ok() - ); + assert!(crate::crypto::verify_signed_xml( + &signed_authn_request, + &public_cert[..], + Some("ID"), + ) + .is_ok()); Ok(()) } + pub fn verify_signed_redirect_url( + signed_authn_redirect_url: &url::Url, + public_key_pem: &[u8], + ) -> Result> { + // Should look like: + // + // http://idp.example.com/SSOService.php?SAMLRequest=...&SigAlg=...&Signature=... + // + // Remove Signature, then verify percent encoded query string using + // openssl bindings. + + let query_params = signed_authn_redirect_url + .query_pairs() + .into_owned() + .collect::>(); + let signature: &String = &query_params["Signature"]; + + let mut verify_url = url::Url::parse( + format!( + "{}://{}", + signed_authn_redirect_url.scheme(), + signed_authn_redirect_url.host_str().unwrap(), + ) + .as_str(), + )?; + + for key in vec!["SAMLRequest", "RelayState", "SigAlg"] { + if query_params.contains_key(key) { + verify_url + .query_pairs_mut() + .append_pair(key, &query_params[key]); + } + } + + let signed_string: String = verify_url.query().unwrap().to_string(); + let public = RsaPublicKey::from_public_key_pem(std::str::from_utf8(public_key_pem)?)?; + + let hashed = Sha256::digest(signed_string.as_bytes()); + let signature_bytes = base64::decode(signature)?; + let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); + + public.verify(padding, &hashed[..], signature_bytes.as_slice())?; + + Ok(true) + } + #[test] pub fn test_redirect_signature() -> Result<(), Box> { let private_key = include_bytes!(concat!( @@ -266,16 +315,13 @@ mod test { "/test_vectors/authn_request_sign_template.xml" )); - let signed_authn_redirect_url = - authn_request_sign_template - .parse::()? - .signed_redirect("", private_key)? - .unwrap(); + let signed_authn_redirect_url = authn_request_sign_template + .parse::()? + .signed_redirect("", private_key)? + .unwrap(); let url_verifier = UrlVerifier::from_rsa_pem(public_key)?; - assert!( - url_verifier.verify_signed_request_url(&signed_authn_redirect_url)? - ); + assert!(url_verifier.verify_signed_request_url(&signed_authn_redirect_url)?); Ok(()) } @@ -297,22 +343,20 @@ mod test { "/test_vectors/authn_request_sign_template.xml" )); - let signed_authn_redirect_url = - authn_request_sign_template - .parse::()? - .signed_redirect("some_relay_state_here", private_key)? - .unwrap(); + let signed_authn_redirect_url = authn_request_sign_template + .parse::()? + .signed_redirect("some_relay_state_here", private_key)? + .unwrap(); let url_verifier = UrlVerifier::from_rsa_der(public_key)?; - assert!( - url_verifier.verify_signed_request_url(&signed_authn_redirect_url)? - ); + assert!(url_verifier.verify_signed_request_url(&signed_authn_redirect_url)?); Ok(()) } #[test] - pub fn test_redirect_signature_with_relaystate_using_x509_cert() -> Result<(), Box> { + pub fn test_redirect_signature_with_relaystate_using_x509_cert( + ) -> Result<(), Box> { let private_key = include_bytes!(concat!( env!("CARGO_MANIFEST_DIR"), "/test_vectors/private.der" @@ -328,16 +372,13 @@ mod test { "/test_vectors/authn_request_sign_template.xml" )); - let signed_authn_redirect_url = - authn_request_sign_template - .parse::()? - .signed_redirect("some_relay_state_here", private_key)? - .unwrap(); + let signed_authn_redirect_url = authn_request_sign_template + .parse::()? + .signed_redirect("some_relay_state_here", private_key)? + .unwrap(); let url_verifier = UrlVerifier::from_x509_cert_pem(public_cert)?; - assert!( - url_verifier.verify_signed_request_url(&signed_authn_redirect_url)? - ); + assert!(url_verifier.verify_signed_request_url(&signed_authn_redirect_url)?); Ok(()) } diff --git a/src/schema/response.rs b/src/schema/response.rs index fd01bcf..9066696 100644 --- a/src/schema/response.rs +++ b/src/schema/response.rs @@ -118,36 +118,53 @@ mod test { env!("CARGO_MANIFEST_DIR"), "/test_vectors/response.xml", )); - let expected_response: Response = response_xml.parse().expect("failed to parse response.xml"); - let serialized_response = expected_response.to_xml().expect("failed to convert response to xml"); - let actual_response: Response = serialized_response.parse().expect("failed to re-parse response"); + let expected_response: Response = + response_xml.parse().expect("failed to parse response.xml"); + let serialized_response = expected_response + .to_xml() + .expect("failed to convert response to xml"); + let actual_response: Response = serialized_response + .parse() + .expect("failed to re-parse response"); assert_eq!(expected_response, actual_response); } #[test] fn test_deserialize_serialize_response_with_signed_assertion() { - let response_xml = include_str!(concat!( + let response_xml = include_str!(concat!( env!("CARGO_MANIFEST_DIR"), "/test_vectors/response_signed_assertion.xml", )); - let expected_response: Response = response_xml.parse().expect("failed to parse response_signed_assertion.xml"); - let serialized_response = expected_response.to_xml().expect("failed to convert response to xml"); - let actual_response: Response = serialized_response.parse().expect("failed to re-parse response"); + let expected_response: Response = response_xml + .parse() + .expect("failed to parse response_signed_assertion.xml"); + let serialized_response = expected_response + .to_xml() + .expect("failed to convert response to xml"); + let actual_response: Response = serialized_response + .parse() + .expect("failed to re-parse response"); assert_eq!(expected_response, actual_response); } #[test] fn test_deserialize_serialize_signed_response() { - let response_xml = include_str!(concat!( + let response_xml = include_str!(concat!( env!("CARGO_MANIFEST_DIR"), "/test_vectors/response_signed.xml", )); - let expected_response: Response = response_xml.parse().expect("failed to parse response_signed.xml"); - let serialized_response = expected_response.to_xml().expect("failed to convert response to xml"); - let actual_response: Response = serialized_response.parse().expect("failed to re-parse response"); + let expected_response: Response = response_xml + .parse() + .expect("failed to parse response_signed.xml"); + let serialized_response = expected_response + .to_xml() + .expect("failed to convert response to xml"); + let actual_response: Response = serialized_response + .parse() + .expect("failed to re-parse response"); assert_eq!(expected_response, actual_response); } -} \ No newline at end of file +} diff --git a/src/service_provider/mod.rs b/src/service_provider/mod.rs index 62c1353..d6c4613 100644 --- a/src/service_provider/mod.rs +++ b/src/service_provider/mod.rs @@ -9,12 +9,14 @@ use crate::{ use chrono::prelude::*; use chrono::Duration; use flate2::{write::DeflateEncoder, Compression}; -use openssl::pkey::Private; -use openssl::{rsa, x509}; +use rsa::pkcs1::FromRsaPrivateKey; +use rsa::{Hash, PaddingScheme, RsaPrivateKey}; +use sha2::{Digest, Sha256}; use snafu::Snafu; use std::fmt::Debug; use std::io::Write; use url::Url; +use x509_parser::parse_x509_certificate; #[cfg(test)] mod tests; @@ -114,9 +116,9 @@ pub enum Error { #[builder(default, setter(into))] pub struct ServiceProvider { pub entity_id: Option, - pub key: Option>, - pub certificate: Option, - pub intermediates: Option>, + pub key: Option, + pub certificate: Option, + pub intermediates: Option>, pub metadata_url: Option, pub acs_url: Option, pub slo_url: Option, @@ -170,10 +172,10 @@ impl ServiceProvider { let mut key_descriptors = vec![]; if let Some(cert) = &self.certificate { - let mut cert_bytes: Vec = cert.to_der()?; + let mut cert_bytes: Vec = cert.as_bytes().into(); if let Some(intermediates) = &self.intermediates { for intermediate in intermediates { - cert_bytes.append(&mut intermediate.to_der()?); + cert_bytes.append(&mut intermediate.as_bytes().to_vec()); } } key_descriptors.push(KeyDescriptor { @@ -284,7 +286,7 @@ impl ServiceProvider { None } - pub fn idp_signing_certs(&self) -> Result>, Error> { + pub fn idp_signing_certs(&self) -> Result>, Error> { let mut result = vec![]; if let Some(idp_sso_descriptors) = &self.idp_metadata.idp_sso_descriptors { for idp_sso_descriptor in idp_sso_descriptors { @@ -295,7 +297,26 @@ impl ServiceProvider { .filter(|key_use| *key_use == "signing") .is_some() { - result.append(&mut parse_certificates(key_descriptor)?); + if let Some(cert) = key_descriptor + .key_info + .x509_data + .as_ref() + .and_then(|data| data.certificate.as_ref()) + { + if let Ok(decoded) = base64::decode(cert.as_bytes()) { + if let Ok((_, parsed)) = parse_x509_certificate(&decoded) { + result.push(parsed.raw_serial_as_string()) + } else { + return Err(Error::FailedToParseCert { + cert: cert.to_string(), + }); + } + } else { + return Err(Error::FailedToParseCert { + cert: cert.to_string(), + }); + } + } } } } @@ -306,7 +327,26 @@ impl ServiceProvider { if key_descriptor.key_use == None || key_descriptor.key_use == Some("".to_string()) { - result.append(&mut parse_certificates(key_descriptor)?); + if let Some(cert) = key_descriptor + .key_info + .x509_data + .as_ref() + .and_then(|data| data.certificate.as_ref()) + { + if let Ok(decoded) = base64::decode(cert.as_bytes()) { + if let Ok((_, parsed)) = parse_x509_certificate(&decoded) { + result.push(parsed.raw_serial_as_string()) + } else { + return Err(Error::FailedToParseCert { + cert: cert.to_string(), + }); + } + } else { + return Err(Error::FailedToParseCert { + cert: cert.to_string(), + }); + } + } } } } @@ -602,17 +642,14 @@ impl AuthnRequest { .to_string(); // Use openssl's bindings to sign - let pkey = openssl::rsa::Rsa::private_key_from_der(private_key_der)?; - let pkey = openssl::pkey::PKey::from_rsa(pkey)?; - - let mut signer = - openssl::sign::Signer::new(openssl::hash::MessageDigest::sha256(), pkey.as_ref())?; - - signer.update(string_to_sign.as_bytes())?; + let pkey = RsaPrivateKey::from_pkcs1_der(&private_key_der)?; + let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); + let hashed = Sha256::digest(string_to_sign.as_bytes()); + let signature = pkey.sign(padding, &hashed[..])?; unsigned_url .query_pairs_mut() - .append_pair("Signature", &base64::encode(signer.sign_to_vec()?)); + .append_pair("Signature", &base64::encode(signature)); // Past this point, it's a signed url :) Ok(Some(unsigned_url)) diff --git a/src/signature.rs b/src/signature.rs index 3cf4d5e..dfb4d8c 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -64,9 +64,7 @@ impl Signature { key_info: Some(vec![KeyInfo { id: None, x509_data: Some(X509Data { - certificates: vec![ - crate::crypto::mime_encode_x509_cert(x509_cert_der) - ], + certificates: vec![crate::crypto::mime_encode_x509_cert(x509_cert_der)], }), }]), } @@ -124,9 +122,7 @@ impl SignatureValue { } writer.write_event(Event::Start(root))?; if let Some(ref base64_content) = self.base64_content { - writer.write_event(Event::Text(BytesText::from_plain_str( - base64_content, - )))?; + writer.write_event(Event::Text(BytesText::from_plain_str(base64_content)))?; } writer.write_event(Event::End(BytesEnd::borrowed( SIGNATURE_VALUE_NAME.as_bytes(), @@ -332,9 +328,7 @@ impl DigestValue { let root = BytesStart::borrowed(DIGEST_VALUE_NAME.as_bytes(), DIGEST_VALUE_NAME.len()); writer.write_event(Event::Start(root))?; if let Some(ref base64_content) = self.base64_content { - writer.write_event(Event::Text(BytesText::from_plain_str( - base64_content, - )))?; + writer.write_event(Event::Text(BytesText::from_plain_str(base64_content)))?; } writer.write_event(Event::End(BytesEnd::borrowed(DIGEST_VALUE_NAME.as_bytes())))?; Ok(String::from_utf8(write_buf)?) diff --git a/src/xmlsec/error.rs b/src/xmlsec/error.rs index e7ca362..5f0c549 100644 --- a/src/xmlsec/error.rs +++ b/src/xmlsec/error.rs @@ -60,10 +60,9 @@ impl std::fmt::Display for XmlSecError { Self::NodeNotFound => write!(fmt, "Failed to find node"), Self::NotASignatureNode => write!(fmt, "Node is not a signature node"), - Self::SigningError => write!( - fmt, - "An error has ocurred while attemting to sign document" - ), + Self::SigningError => { + write!(fmt, "An error has ocurred while attemting to sign document") + } Self::VerifyError => write!(fmt, "Verification failed"), } } From ffeab854bd81eecd4858d9baa2492d97fa644895 Mon Sep 17 00:00:00 2001 From: Martin Madsen Date: Sat, 20 Aug 2022 20:45:18 +0200 Subject: [PATCH 2/5] Add openssl and rustcrypto feature flags --- Cargo.toml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a4614dc..454f4b1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,7 +16,10 @@ build = "bindings.rs" doctest = false [features] +default = ["openssl"] xmlsec = ["libc", "lazy_static", "libxml"] +openssl = ["openssl", "openssl-sys", "openssl-probe"] +rustcrypto = ["rsa", "x509-parser"] [build-dependencies] pkg-config = "^0.3.17" @@ -33,10 +36,17 @@ libc = {version = "^0.2.66", optional = true} libxml = { version = "0.3.0", optional = true} quick-xml = { version = "0.23.0", features = [ "serialize" ] } rand = "0.8.4" -rsa = "0.5.0" serde = { version = "1.0", features = ["derive"] } sha2 = "0.9" snafu = "0.7" url = "2.1.1" uuid = { version = ">=0.8.0, <2.0.0", features = [ "v4" ] } -x509-parser = "0.13.0" + +# openssl +openssl = { version = "0.10", optional = true } +openssl-sys = { version = "0.9", optional = true } +openssl-probe = { version = "0.1.2", optional = true } + +# rustcrypto +rsa = { version = "0.5.0", optional = true } +x509-parser = { version = "0.13.0", optional = true } From ddb505ade17ec9da5a3e45d91690349ef13d6ab1 Mon Sep 17 00:00:00 2001 From: Martin Madsen Date: Sun, 21 Aug 2022 22:35:32 +0200 Subject: [PATCH 3/5] Initial work for co-existing openssl and RustCrypto support --- Cargo.lock | 1034 +++++++++++++++--------------- Cargo.toml | 14 +- src/{crypto.rs => crypto/mod.rs} | 55 +- src/crypto/rsa/mod.rs | 9 + src/crypto/rsa/openssl.rs | 71 ++ src/crypto/rsa/rustcrypto.rs | 85 +++ src/crypto/x509/mod.rs | 9 + src/crypto/x509/openssl.rs | 59 ++ src/crypto/x509/rustcrypto.rs | 60 ++ src/idp/error.rs | 10 + src/idp/mod.rs | 51 +- src/rsa.rs | 1 + src/service_provider/mod.rs | 110 +--- 13 files changed, 881 insertions(+), 687 deletions(-) rename src/{crypto.rs => crypto/mod.rs} (95%) create mode 100644 src/crypto/rsa/mod.rs create mode 100644 src/crypto/rsa/openssl.rs create mode 100644 src/crypto/rsa/rustcrypto.rs create mode 100644 src/crypto/x509/mod.rs create mode 100644 src/crypto/x509/openssl.rs create mode 100644 src/crypto/x509/rustcrypto.rs create mode 100644 src/rsa.rs diff --git a/Cargo.lock b/Cargo.lock index f04fb75..982530c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3,66 +3,27 @@ version = 3 [[package]] -name = "adler32" -version = "1.0.4" +name = "adler" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d2e7343e7fc9de883d1b0341e0b13970f764c14101234857d2ddafa1cb1cac2" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aho-corasick" -version = "0.7.9" +version = "0.7.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5e63fd144e18ba274ae7095c0197a870a7b9468abc801dd62f190d80817d2ec" +checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" dependencies = [ "memchr", ] [[package]] -name = "ansi_term" -version = "0.11.0" +name = "android_system_properties" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" +checksum = "d7ed72e1635e121ca3e79420540282af22da58be50de153d36f81ddc6b83aa9e" dependencies = [ - "winapi", -] - -[[package]] -name = "asn1-rs" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30ff05a702273012438132f449575dbc804e27b2f3cbe3069aa237d26c98fa33" -dependencies = [ - "asn1-rs-derive", - "asn1-rs-impl", - "displaydoc", - "nom 7.1.0", - "num-traits", - "rusticata-macros", - "thiserror", - "time 0.3.7", -] - -[[package]] -name = "asn1-rs-derive" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db8b7511298d5b7784b40b092d9e9dcd3a627a5707e4b5e507931ab0d44eeebf" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "synstructure", -] - -[[package]] -name = "asn1-rs-impl" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" -dependencies = [ - "proc-macro2", - "quote", - "syn", + "libc", ] [[package]] @@ -76,15 +37,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "autocfg" -version = "0.1.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dde43e75fd43e8a1bf86103336bc699aa8d17ad1be60c76c0bdfd4828e19b78" -dependencies = [ - "autocfg 1.1.0", -] - [[package]] name = "autocfg" version = "1.1.0" @@ -99,15 +51,15 @@ checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" [[package]] name = "base64ct" -version = "1.1.1" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6b4d9b1225d28d360ec6a231d65af1fd99a2a095154c8040689617290569c5c" +checksum = "3bdca834647821e0b13d9539a8634eb62d3501b6b6c2cec1722786ee6671b851" [[package]] name = "bindgen" -version = "0.59.1" +version = "0.60.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "453c49e5950bb0eb63bb3df640e31618846c89d5b7faa54040d76e98e0134375" +checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6" dependencies = [ "bitflags", "cexpr", @@ -128,21 +80,9 @@ dependencies = [ [[package]] name = "bitflags" -version = "1.2.1" +version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" - -[[package]] -name = "bitvec" -version = "0.19.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8942c8d352ae1838c9dda0b0ca2ab657696ef2232a20147cf1b30ae1a9cb4321" -dependencies = [ - "funty", - "radium", - "tap", - "wyz", -] +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "block-buffer" @@ -153,6 +93,12 @@ dependencies = [ "generic-array", ] +[[package]] +name = "bumpalo" +version = "3.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1ad822118d20d2c234f427000d5acc36eabe1e29a348c89b63dd60b13f28e5d" + [[package]] name = "byteorder" version = "1.4.3" @@ -160,29 +106,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] -name = "c2-chacha" -version = "0.2.3" +name = "cc" +version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "214238caa1bf3a496ec3392968969cab8549f96ff30652c9e56885329315f6bb" -dependencies = [ - "ppv-lite86", -] +checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" [[package]] name = "cexpr" -version = "0.5.0" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db507a7679252d2276ed0dd8113c6875ec56d3089f9225b2b42c30cc1f8e5c89" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" dependencies = [ - "nom 6.1.2", + "nom", ] -[[package]] -name = "cfg-if" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" - [[package]] name = "cfg-if" version = "1.0.0" @@ -191,21 +128,25 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.10" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31850b4a4d6bae316f7a09e691c944c28299298837edc0a03f755618c23cbc01" +checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1" dependencies = [ + "iana-time-zone", + "js-sys", "num-integer", "num-traits", "serde", - "time 0.1.42", + "time", + "wasm-bindgen", + "winapi", ] [[package]] name = "clang-sys" -version = "1.2.0" +version = "1.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "853eda514c284c2287f4bf20ae614f8781f40a81d32ecda6e91449304dfe077c" +checksum = "5a050e2153c5be08febd6734e29298e844fdb0fa21aeddd63b4eb7baa106c69b" dependencies = [ "glob", "libc", @@ -214,59 +155,89 @@ dependencies = [ [[package]] name = "clap" -version = "2.33.0" +version = "3.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5067f5bb2d80ef5d68b4c87db81601f0b75bca627bc2ef76b141d7b846a3c6d9" +checksum = "29e724a68d9319343bb3328c9cc2dfde263f4b3142ee1059a9980580171c954b" dependencies = [ - "ansi_term", "atty", "bitflags", - "strsim 0.8.0", + "clap_lex", + "indexmap", + "strsim", + "termcolor", "textwrap", - "unicode-width", - "vec_map", +] + +[[package]] +name = "clap_lex" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" +dependencies = [ + "os_str_bytes", ] [[package]] name = "const-oid" -version = "0.6.2" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d6f2aa4d0537bcc1c74df8755072bd31c1ef1a3a1b85a68e8404a8c353b7b8b" +checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" + +[[package]] +name = "const-oid" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "722e23542a15cea1f65d4a1419c4cfd7a26706c70871a13a04238ca3f40f1661" + +[[package]] +name = "core-foundation-sys" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" [[package]] name = "cpufeatures" -version = "0.2.1" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469" +checksum = "1079fb8528d9f9c888b1e8aa651e6e079ade467323d58f75faf1d30b1808f540" dependencies = [ "libc", ] [[package]] name = "crc32fast" -version = "1.2.0" +version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba125de2af0df55319f41944744ad91c71113bf74a4646efff39afe1f6842db1" +checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" dependencies = [ - "cfg-if 0.1.10", + "cfg-if", ] [[package]] name = "crypto-bigint" -version = "0.2.11" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f83bd3bb4314701c568e340cd8cf78c975aa0ca79e03d3f6d1677d5b0c9c0c03" +checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" dependencies = [ "generic-array", - "rand_core 0.6.3", "subtle", ] +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + [[package]] name = "darling" -version = "0.12.4" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f2c43f534ea4b0b049015d00269734195e6d3f0f6635cb692251aca6f9f8b3c" +checksum = "4529658bdda7fd6769b8614be250cdcfc3aeb0ee72fe66f9e41e5e5eb73eac02" dependencies = [ "darling_core", "darling_macro", @@ -274,23 +245,23 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.12.4" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e91455b86830a1c21799d94524df0845183fa55bafd9aa137b01c7d1065fa36" +checksum = "649c91bc01e8b1eac09fb91e8dbc7d517684ca6be8ebc75bb9cafc894f9fdb6f" dependencies = [ "fnv", "ident_case", "proc-macro2", "quote", - "strsim 0.10.0", + "strsim", "syn", ] [[package]] name = "darling_macro" -version = "0.12.4" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29b5acf0dea37a7f66f7b25d2c5e93fd46f8f6968b1a5d7a3e02e97768afc95a" +checksum = "ddfc69c5bfcbd2fc09a0f38451d2daf0e372e367986a83906d1b0dbc88134fb5" dependencies = [ "darling_core", "quote", @@ -305,42 +276,54 @@ checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" [[package]] name = "der" -version = "0.4.5" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4" +checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" dependencies = [ - "const-oid", + "const-oid 0.7.1", "crypto-bigint", + "pem-rfc7468 0.3.1", ] [[package]] -name = "der-parser" -version = "7.0.0" +name = "der" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe398ac75057914d7d07307bf67dc7f3f574a26783b4fc7805a20ffa9f506e82" +checksum = "13dd2ae565c0a381dde7fade45fce95984c568bdcb4700a4fdbe3175e0380b2f" dependencies = [ - "asn1-rs", - "displaydoc", - "nom 7.1.0", - "num-bigint", - "num-traits", - "rusticata-macros", + "const-oid 0.9.0", + "der_derive", + "flagset", + "pem-rfc7468 0.6.0", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "180e0925824edd2cc2de26da32852c7cd30844011dbf4956c12c88ad2f42d910" +dependencies = [ + "proc-macro-error", + "proc-macro2", + "quote", + "syn", ] [[package]] name = "derive_builder" -version = "0.10.2" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d13202debe11181040ae9063d739fa32cfcaaebe2275fe387703460ae2365b30" +checksum = "d07adf7be193b71cc36b193d0f5fe60b918a3a9db4dad0449f57bcfd519704a3" dependencies = [ "derive_builder_macro", ] [[package]] name = "derive_builder_core" -version = "0.10.2" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66e616858f6187ed828df7c64a6d71720d83767a7f19740b2d1b6fe6327b36e5" +checksum = "1f91d4cfa921f1c05904dc3c57b4a32c38aed3340cce209f3a6fd1478babafc4" dependencies = [ "darling", "proc-macro2", @@ -350,9 +333,9 @@ dependencies = [ [[package]] name = "derive_builder_macro" -version = "0.10.2" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58a94ace95092c5acb1e97a7e846b310cfbd499652f72297da7493f618a98d73" +checksum = "8f0314b72bed045f3a68671b3c86328386762c93f82d98c65c3cb5e5f573dd68" dependencies = [ "derive_builder_core", "syn", @@ -368,27 +351,31 @@ dependencies = [ ] [[package]] -name = "displaydoc" -version = "0.2.3" +name = "digest" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886" +checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" dependencies = [ - "proc-macro2", - "quote", - "syn", + "crypto-common", ] [[package]] name = "doc-comment" -version = "0.3.1" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" + +[[package]] +name = "either" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "923dea538cea0aa3025e8685b20d6ee21ef99c4f77e954a30febbaac5ec73a97" +checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" [[package]] name = "env_logger" -version = "0.8.4" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19187fea3ac7e84da7dacf48de0c45d63c6a76f9490dae389aead16c243fce3" +checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3" dependencies = [ "atty", "humantime", @@ -397,60 +384,72 @@ dependencies = [ "termcolor", ] +[[package]] +name = "flagset" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cda653ca797810c02f7ca4b804b40b8b95ae046eb989d356bce17919a8c25499" + [[package]] name = "flate2" -version = "1.0.13" +version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bd6d6f4752952feb71363cffc9ebac9411b75b87c6ab6058c40c8900cf43c0f" +checksum = "f82b0f4c27ad9f8bfd1f3208d882da2b09c301bc1c828fd3a00d0216d2fbbff6" dependencies = [ - "cfg-if 0.1.10", "crc32fast", - "libc", "miniz_oxide", ] [[package]] name = "fnv" -version = "1.0.6" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fad85553e09a6f881f739c29f0b00b0f01357c743266d478b68951ce23285f3" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] -name = "funty" -version = "1.1.0" +name = "foreign-types" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] [[package]] -name = "generic-array" -version = "0.14.5" +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "form_urlencoded" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803" +checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191" dependencies = [ - "typenum", - "version_check", + "matches", + "percent-encoding", ] [[package]] -name = "getrandom" -version = "0.1.14" +name = "generic-array" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7abc8dd8451921606d809ba32e95b6111925cd2906060d2dcc29c070220503eb" +checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ - "cfg-if 0.1.10", - "libc", - "wasi 0.9.0+wasi-snapshot-preview1", + "typenum", + "version_check", ] [[package]] name = "getrandom" -version = "0.2.3" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" +checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "libc", - "wasi 0.10.2+wasi-snapshot-preview1", + "wasi 0.11.0+wasi-snapshot-preview1", ] [[package]] @@ -459,11 +458,23 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + +[[package]] +name = "heck" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9" + [[package]] name = "hermit-abi" -version = "0.1.8" +version = "0.1.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1010591b26bbfe835e9faeabeb11866061cc7dcebffd56ad7d0942d0e61aefd8" +checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" dependencies = [ "libc", ] @@ -474,6 +485,19 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "iana-time-zone" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad2bfd338099682614d3ee3fe0cd72e0b6a41ca6a87f6a74a3bd593c91650501" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "js-sys", + "wasm-bindgen", + "winapi", +] + [[package]] name = "ident_case" version = "1.0.1" @@ -482,9 +506,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idna" -version = "0.2.0" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02e2673c30ee86b5b96a9cb52ad15718aa1f966f5ab9ad54a8b95d5ca33120a9" +checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8" dependencies = [ "matches", "unicode-bidi", @@ -492,10 +516,23 @@ dependencies = [ ] [[package]] -name = "itoa" -version = "1.0.1" +name = "indexmap" +version = "1.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e" +dependencies = [ + "autocfg", + "hashbrown", +] + +[[package]] +name = "js-sys" +version = "0.3.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" +checksum = "258451ab10b34f8af53416d1fdab72c22e805f0c92a1136d59470ec0b11138b2" +dependencies = [ + "wasm-bindgen", +] [[package]] name = "lazy_static" @@ -514,31 +551,31 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.119" +version = "0.2.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4" +checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5" [[package]] name = "libloading" -version = "0.7.0" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f84d96438c15fcd6c3f244c8fce01d1e2b9c6b5623e9c711dc9286d8fc92d6a" +checksum = "efbc0f03f9a775e9f6aed295c6a1ba2253c5757a9e03d55c6caa46a681abcddd" dependencies = [ - "cfg-if 1.0.0", + "cfg-if", "winapi", ] [[package]] name = "libm" -version = "0.2.2" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33a33a362ce288760ec6a508b94caaec573ae7d3bbbd91b87aa0bad4456839db" +checksum = "292a948cd991e376cf75541fe5b97a1081d713c618b4f1b9500f8844e49eb565" [[package]] name = "libxml" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02c07ecb409949e5c5c0818e189e6bc766bcb8b08b3401772ca8c61a58c682b8" +checksum = "687f5a78939052c5d02865c0fe3ea2ce2acdca875f7f81db82f7aef256dd97ac" dependencies = [ "libc", "pkg-config", @@ -547,24 +584,24 @@ dependencies = [ [[package]] name = "log" -version = "0.4.8" +version = "0.4.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7" +checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" dependencies = [ - "cfg-if 0.1.10", + "cfg-if", ] [[package]] name = "matches" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08" +checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" [[package]] name = "memchr" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" +checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "minimal-lexical" @@ -574,119 +611,133 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.3.6" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa679ff6578b1cddee93d7e82e263b94a575e0bfced07284eb0c037c1d2416a5" +checksum = "6f5c75688da582b8ffc1f1799e9db273f32133c49e048f614d22ec3256773ccc" dependencies = [ - "adler32", + "adler", ] [[package]] name = "nom" -version = "6.1.2" +version = "7.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2" -dependencies = [ - "bitvec", - "funty", - "memchr", - "version_check", -] - -[[package]] -name = "nom" -version = "7.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109" +checksum = "a8903e5a29a317527874d0402f867152a3d21c908bb0b933e416c65e301d4c36" dependencies = [ "memchr", "minimal-lexical", - "version_check", -] - -[[package]] -name = "num-bigint" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" -dependencies = [ - "autocfg 1.1.0", - "num-integer", - "num-traits", ] [[package]] name = "num-bigint-dig" -version = "0.7.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" +checksum = "566d173b2f9406afbc5510a90925d5a2cd80cae4605631f1212303df265de011" dependencies = [ - "autocfg 0.1.8", "byteorder", "lazy_static", "libm", "num-integer", "num-iter", "num-traits", - "rand 0.8.4", + "rand", "smallvec", "zeroize", ] [[package]] name = "num-integer" -version = "0.1.42" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f6ea62e9d81a77cd3ee9a2a5b9b609447857f3d358704331e4ef39eb247fcba" +checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" dependencies = [ - "autocfg 1.1.0", + "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.42" +version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2021c8337a54d21aca0d59a92577a029af9431cb59b909b03252b9c164fad59" +checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" dependencies = [ - "autocfg 1.1.0", + "autocfg", "num-integer", "num-traits", ] [[package]] name = "num-traits" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" +checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" dependencies = [ - "autocfg 1.1.0", + "autocfg", "libm", ] [[package]] -name = "num_threads" -version = "0.1.3" +name = "once_cell" +version = "1.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "074864da206b4973b84eb91683020dbefd6a8c3f0f38e054d93954e891935e4e" + +[[package]] +name = "opaque-debug" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97ba99ba6393e2c3734791401b66902d981cb03bf190af674ca69949b6d5fb15" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + +[[package]] +name = "openssl" +version = "0.10.41" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "618febf65336490dfcf20b73f885f5651a0c89c64c2d4a8c3662585a70bf5bd0" dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", "libc", + "once_cell", + "openssl-macros", + "openssl-sys", ] [[package]] -name = "oid-registry" -version = "0.4.0" +name = "openssl-macros" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38e20717fa0541f39bd146692035c37bedfa532b3e5071b35761082407546b2a" +checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" dependencies = [ - "asn1-rs", + "proc-macro2", + "quote", + "syn", ] [[package]] -name = "opaque-debug" -version = "0.3.0" +name = "openssl-probe" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + +[[package]] +name = "openssl-sys" +version = "0.9.75" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5f9bd0c2710541a3cda73d6f9ac4f1b240de4ae261065d309dbe73d9dceb42f" +dependencies = [ + "autocfg", + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "os_str_bytes" +version = "6.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ff7415e9ae3fff1225851df9e0d9e4e5479f947619774677a63572e55e80eff" [[package]] name = "peeking_take_while" @@ -696,9 +747,18 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" [[package]] name = "pem-rfc7468" -version = "0.2.4" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84e93a3b1cc0510b03020f33f21e62acdde3dcaef432edc95bea377fbd4c2cd4" +checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pem-rfc7468" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" dependencies = [ "base64ct", ] @@ -711,107 +771,99 @@ checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" [[package]] name = "pkcs1" -version = "0.2.4" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "116bee8279d783c0cf370efa1a94632f2108e5ef0bb32df31f051647810a4e2c" +checksum = "a78f66c04ccc83dd4486fd46c33896f4e17b24a7a3a6400dedc48ed0ddd72320" dependencies = [ - "der", - "pem-rfc7468", + "der 0.5.1", + "pkcs8", "zeroize", ] [[package]] name = "pkcs8" -version = "0.7.6" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447" +checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" dependencies = [ - "der", - "pem-rfc7468", - "pkcs1", - "spki", + "der 0.5.1", + "spki 0.5.4", "zeroize", ] [[package]] name = "pkg-config" -version = "0.3.17" +version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05da548ad6865900e60eaba7f589cc0783590a92e940c26953ff81ddbab2d677" +checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" [[package]] name = "ppv-lite86" -version = "0.2.10" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" +checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" [[package]] -name = "proc-macro2" -version = "1.0.28" +name = "proc-macro-error" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c7ed8b8c7b886ea3ed7dde405212185f423ab44682667c8c6dd14aa1d9f6612" +checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" dependencies = [ - "unicode-xid", + "proc-macro-error-attr", + "proc-macro2", + "quote", + "syn", + "version_check", ] [[package]] -name = "quick-xml" -version = "0.22.0" +name = "proc-macro-error-attr" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8533f14c8382aaad0d592c812ac3b826162128b65662331e1127b45c3d18536b" +checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" dependencies = [ - "memchr", - "serde", + "proc-macro2", + "quote", + "version_check", ] [[package]] -name = "quote" -version = "1.0.9" +name = "proc-macro2" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" +checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab" dependencies = [ - "proc-macro2", + "unicode-ident", ] [[package]] -name = "radium" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" - -[[package]] -name = "rand" -version = "0.7.3" +name = "quick-xml" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +checksum = "8533f14c8382aaad0d592c812ac3b826162128b65662331e1127b45c3d18536b" dependencies = [ - "getrandom 0.1.14", - "libc", - "rand_chacha 0.2.1", - "rand_core 0.5.1", - "rand_hc 0.2.0", + "memchr", + "serde", ] [[package]] -name = "rand" -version = "0.8.4" +name = "quote" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" +checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" dependencies = [ - "libc", - "rand_chacha 0.3.1", - "rand_core 0.6.3", - "rand_hc 0.3.1", + "proc-macro2", ] [[package]] -name = "rand_chacha" -version = "0.2.1" +name = "rand" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03a2a90da8c7523f554344f921aa97283eadf6ac484a6d2a7d0212fa7f8d6853" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ - "c2-chacha", - "rand_core 0.5.1", + "libc", + "rand_chacha", + "rand_core", ] [[package]] @@ -821,16 +873,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core 0.6.3", -] - -[[package]] -name = "rand_core" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" -dependencies = [ - "getrandom 0.1.14", + "rand_core", ] [[package]] @@ -839,67 +882,42 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.3", -] - -[[package]] -name = "rand_hc" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" -dependencies = [ - "rand_core 0.5.1", + "getrandom", ] -[[package]] -name = "rand_hc" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" -dependencies = [ - "rand_core 0.6.3", -] - -[[package]] -name = "redox_syscall" -version = "0.1.56" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2439c63f3f6139d1b57529d16bc3b8bb855230c8efcc5d3a896c8bea7c3b1e84" - [[package]] name = "regex" -version = "1.3.4" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "322cf97724bea3ee221b78fe25ac9c46114ebb51747ad5babd51a2fc6a8235a8" +checksum = "4c4eb3267174b8c6c2f654116623910a0fef09c4753f8dd83db29c48a0df988b" dependencies = [ "aho-corasick", "memchr", "regex-syntax", - "thread_local", ] [[package]] name = "regex-syntax" -version = "0.6.15" +version = "0.6.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7246cd0a0a6ec2239a5405b2b16e3f404fa0dcc6d28f5f5b877bf80e33e0f294" +checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244" [[package]] name = "rsa" -version = "0.5.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e05c2603e2823634ab331437001b411b9ed11660fbc4066f3908c84a9439260d" +checksum = "4cf22754c49613d2b3b119f0e5d46e34a2c628a937e3024b8762de4e7d8c710b" dependencies = [ "byteorder", - "digest", - "lazy_static", + "digest 0.10.3", "num-bigint-dig", "num-integer", "num-iter", "num-traits", "pkcs1", "pkcs8", - "rand 0.8.4", + "rand_core", + "smallvec", "subtle", "zeroize", ] @@ -910,18 +928,9 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" -[[package]] -name = "rusticata-macros" -version = "4.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" -dependencies = [ - "nom 7.1.0", -] - [[package]] name = "samael" -version = "0.0.8" +version = "0.0.9" dependencies = [ "base64", "bindgen", @@ -932,32 +941,35 @@ dependencies = [ "lazy_static", "libc", "libxml", + "openssl", + "openssl-probe", + "openssl-sys", "pkg-config", "quick-xml", - "rand 0.8.4", + "rand", "rsa", "serde", "sha2", "snafu", "url", "uuid", - "x509-parser", + "x509-cert", ] [[package]] name = "serde" -version = "1.0.104" +version = "1.0.144" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414115f25f818d7dfccec8ee535d76949ae78584fc4f79a6f45a904bf8ab4449" +checksum = "0f747710de3dcd43b88c9168773254e809d8ddbdf9653b84e2554ab219f17860" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.104" +version = "1.0.144" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "128f9e303a5a29922045a830221b8f78ec74a5f544944f3d5984f8ec3895ef64" +checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00" dependencies = [ "proc-macro2", "quote", @@ -971,29 +983,29 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" dependencies = [ "block-buffer", - "cfg-if 1.0.0", + "cfg-if", "cpufeatures", - "digest", + "digest 0.9.0", "opaque-debug", ] [[package]] name = "shlex" -version = "1.0.0" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42a568c8f2cd051a4d283bd6eb0343ac214c1b0f1ac19f93e1175b2dee38c73d" +checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" [[package]] name = "smallvec" -version = "1.2.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c2fb2ec9bcd216a5b0d0ccf31ab17b5ed1d627960edff65bbe95d3ce221cefc" +checksum = "2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1" [[package]] name = "snafu" -version = "0.6.2" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "546db9181bce2aa22ed883c33d65603b76335b4c2533a98289f54265043de7a1" +checksum = "5177903bf45656592d9eb5c0e22f408fc023aae51dbe2088889b71633ba451f2" dependencies = [ "doc-comment", "snafu-derive", @@ -1001,10 +1013,11 @@ dependencies = [ [[package]] name = "snafu-derive" -version = "0.6.2" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdc75da2e0323f297402fd9c8fdba709bb04e4c627cbe31d19a2c91fc8d9f0e2" +checksum = "410b26ed97440d90ced3e2488c868d56a86e2064f5d7d6f417909b286afe25e5" dependencies = [ + "heck", "proc-macro2", "quote", "syn", @@ -1018,18 +1031,23 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.4.1" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c01a0c15da1b0b0e1494112e7af814a678fec9bd157881b49beac661e9b6f32" +checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" dependencies = [ - "der", + "base64ct", + "der 0.5.1", ] [[package]] -name = "strsim" -version = "0.8.0" +name = "spki" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" +checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" +dependencies = [ + "base64ct", + "der 0.6.0", +] [[package]] name = "strsim" @@ -1045,108 +1063,55 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "syn" -version = "1.0.75" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7f58f7e8eaa0009c5fec437aabf511bd9933e4b2d7407bd05273c01a8906ea7" -dependencies = [ - "proc-macro2", - "quote", - "unicode-xid", -] - -[[package]] -name = "synstructure" -version = "0.12.6" +version = "1.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13" dependencies = [ "proc-macro2", "quote", - "syn", - "unicode-xid", + "unicode-ident", ] -[[package]] -name = "tap" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" - [[package]] name = "termcolor" -version = "1.1.0" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb6bfa289a4d7c5766392812c0a1f4c1ba45afa1ad47803c11e1f407d846d75f" +checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" dependencies = [ "winapi-util", ] [[package]] name = "textwrap" -version = "0.11.0" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" -dependencies = [ - "unicode-width", -] - -[[package]] -name = "thiserror" -version = "1.0.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "854babe52e4df1653706b98fcfc05843010039b406875930a70e4d9644e5c417" -dependencies = [ - "thiserror-impl", -] - -[[package]] -name = "thiserror-impl" -version = "1.0.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "thread_local" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14" -dependencies = [ - "lazy_static", -] +checksum = "b1141d4d61095b28419e22cb0bbf02755f5e54e0526f97f1e3d1d160e60885fb" [[package]] name = "time" -version = "0.1.42" +version = "0.1.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f" +checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255" dependencies = [ "libc", - "redox_syscall", + "wasi 0.10.0+wasi-snapshot-preview1", "winapi", ] [[package]] -name = "time" -version = "0.3.7" +name = "tinyvec" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "004cbc98f30fa233c61a38bc77e96a9106e65c88f2d3bef182ae952027e5753d" +checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" dependencies = [ - "itoa", - "libc", - "num_threads", - "time-macros", + "tinyvec_macros", ] [[package]] -name = "time-macros" -version = "0.2.3" +name = "tinyvec_macros" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6" +checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "typenum" @@ -1156,40 +1121,32 @@ checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" [[package]] name = "unicode-bidi" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5" -dependencies = [ - "matches", -] - -[[package]] -name = "unicode-normalization" -version = "0.1.12" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5479532badd04e128284890390c1e876ef7a993d0570b3597ae43dfa1d59afa4" -dependencies = [ - "smallvec", -] +checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" [[package]] -name = "unicode-width" -version = "0.1.7" +name = "unicode-ident" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "caaa9d531767d1ff2150b9332433f32a24622147e5ebb1f26409d5da67afd479" +checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf" [[package]] -name = "unicode-xid" -version = "0.2.0" +name = "unicode-normalization" +version = "0.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c" +checksum = "854cbdc4f7bc6ae19c820d44abdc3277ac3e1b2b93db20a636825d9322fb60e6" +dependencies = [ + "tinyvec", +] [[package]] name = "url" -version = "2.1.1" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "829d4a8476c35c9bf0bbce5a3b23f4106f79728039b726d292bb93bc106787cb" +checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c" dependencies = [ + "form_urlencoded", "idna", "matches", "percent-encoding", @@ -1197,57 +1154,107 @@ dependencies = [ [[package]] name = "uuid" -version = "0.8.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fde2f6a4bea1d6e007c4ad38c6839fa71cbb63b6dbf5b595aa38dc9b1093c11" +checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f" dependencies = [ - "rand 0.7.3", + "getrandom", ] [[package]] name = "vcpkg" -version = "0.2.8" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fc439f2794e98976c88a2a2dafce96b930fe8010b0a256b3c2199a773933168" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] -name = "vec_map" -version = "0.8.1" +name = "version_check" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] -name = "version_check" -version = "0.9.3" +name = "wasi" +version = "0.10.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe" +checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f" [[package]] name = "wasi" -version = "0.9.0+wasi-snapshot-preview1" +version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] -name = "wasi" -version = "0.10.2+wasi-snapshot-preview1" +name = "wasm-bindgen" +version = "0.2.82" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc7652e3f6c4706c8d9cd54832c4a4ccb9b5336e2c3bd154d5cccfbf1c1f5f7d" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" +checksum = "662cd44805586bd52971b9586b1df85cdbbd9112e4ef4d8f41559c334dc6ac3f" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.82" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b260f13d3012071dfb1512849c033b1925038373aea48ced3012c09df952c602" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.82" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5be8e654bdd9b79216c2929ab90721aa82faf65c48cdf08bdc4e7f51357b80da" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.82" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6598dd0bd3c7d51095ff6531a5b23e02acdc81804e30d8f07afb77b7215a140a" [[package]] name = "which" -version = "3.1.0" +version = "4.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5475d47078209a02e60614f7ba5e645ef3ed60f771920ac1906d7c1cc65024c8" +checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae" dependencies = [ + "either", + "lazy_static", "libc", ] [[package]] name = "winapi" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8093091eeb260906a183e6ae1abdba2ef5ef2257a21801128899c3fc699229c6" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" dependencies = [ "winapi-i686-pc-windows-gnu", "winapi-x86_64-pc-windows-gnu", @@ -1261,9 +1268,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.3" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ccfbf554c6ad11084fb7517daca16cfdcaccbdadba4fc336f032a8b12c2ad80" +checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" dependencies = [ "winapi", ] @@ -1275,46 +1282,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] -name = "wyz" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214" - -[[package]] -name = "x509-parser" -version = "0.13.0" +name = "x509-cert" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5f14bdbacc48cea8d2a3112fa141949ffb707d724b51a8a1e6a6091f6c26e38" +checksum = "6bd27a832a85efcf56cad058e4e3256d1781b927e113a9e37d96916d639e4af7" dependencies = [ - "asn1-rs", - "base64", - "data-encoding", - "der-parser", - "lazy_static", - "nom 7.1.0", - "oid-registry", - "rusticata-macros", - "thiserror", - "time 0.3.7", + "const-oid 0.9.0", + "der 0.6.0", + "flagset", + "spki 0.6.0", ] [[package]] name = "zeroize" -version = "1.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d68d9dcec5f9b43a30d38c49f91dfedfaac384cb8f085faca366c26207dd1619" -dependencies = [ - "zeroize_derive", -] - -[[package]] -name = "zeroize_derive" -version = "1.3.2" +version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f8f187641dad4f680d25c4bfc4225b418165984179f26ca76ec4fb6441d3a17" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "synstructure", -] +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" diff --git a/Cargo.toml b/Cargo.toml index 454f4b1..a1e5e25 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,9 +17,9 @@ doctest = false [features] default = ["openssl"] +openssl = ["dep:openssl", "openssl-sys", "openssl-probe"] +rustcrypto = ["rsa", "sha2", "x509-cert"] xmlsec = ["libc", "lazy_static", "libxml"] -openssl = ["openssl", "openssl-sys", "openssl-probe"] -rustcrypto = ["rsa", "x509-parser"] [build-dependencies] pkg-config = "^0.3.17" @@ -34,19 +34,19 @@ flate2 = "1.0" lazy_static = {version = "^1.4.0", optional = true} libc = {version = "^0.2.66", optional = true} libxml = { version = "0.3.0", optional = true} -quick-xml = { version = "0.23.0", features = [ "serialize" ] } +quick-xml = { version = "0.22.0", features = [ "serialize" ] } rand = "0.8.4" serde = { version = "1.0", features = ["derive"] } -sha2 = "0.9" snafu = "0.7" url = "2.1.1" uuid = { version = ">=0.8.0, <2.0.0", features = [ "v4" ] } # openssl openssl = { version = "0.10", optional = true } -openssl-sys = { version = "0.9", optional = true } openssl-probe = { version = "0.1.2", optional = true } +openssl-sys = { version = "0.9", optional = true } # rustcrypto -rsa = { version = "0.5.0", optional = true } -x509-parser = { version = "0.13.0", optional = true } +rsa = { version = "0.6.1", optional = true } +sha2 = { version = "0.9", optional = true } +x509-cert = { version = "^0.1.0", features = [ "pem", "std" ], optional = true } \ No newline at end of file diff --git a/src/crypto.rs b/src/crypto/mod.rs similarity index 95% rename from src/crypto.rs rename to src/crypto/mod.rs index e9f9a82..d2a6708 100644 --- a/src/crypto.rs +++ b/src/crypto/mod.rs @@ -5,6 +5,15 @@ use std::str::FromStr; use snafu::Snafu; +#[cfg(not(any(feature = "rustcrypto", feature = "openssl")))] +compile_error!("No crypto backend is enabled! Please enable either rustcrypto or openssl."); + +#[cfg(all(feature = "rustcrypto", feature = "openssl"))] +compile_error!("Only one crypto backend may be enabled!"); + +pub mod rsa; +pub mod x509; + #[cfg(feature = "xmlsec")] use crate::xmlsec::{self, XmlSecKey, XmlSecKeyFormat, XmlSecSignatureContext}; #[cfg(feature = "xmlsec")] @@ -54,7 +63,7 @@ pub enum Error { error: Box, }, - #[cfg(feature = "xmlsec")] + #[cfg(all(feature = "xmlsec", feature = "openssl"))] #[snafu(display("OpenSSL error stack: {}", error))] OpenSSLError { error: openssl::error::ErrorStack, @@ -81,7 +90,7 @@ impl From for Error { } } -#[cfg(feature = "xmlsec")] +#[cfg(all(feature = "xmlsec", feature = "openssl"))] impl From for Error { fn from(error: openssl::error::ErrorStack) -> Self { Error::OpenSSLError { error } @@ -422,7 +431,7 @@ fn remove_unverified_elements(node: &mut libxml::tree::Node) { #[cfg(feature = "xmlsec")] pub(crate) fn reduce_xml_to_signed( xml_str: &str, - certs: &[openssl::x509::X509], + certs: &[x509::Certificate], ) -> Result { let mut xml = XmlParser::default().parse_string(xml_str)?; let mut root_elem = xml.get_root_element().ok_or(Error::XmlMissingRootElement)?; @@ -436,8 +445,8 @@ pub(crate) fn reduce_xml_to_signed( for sig_node in signature_nodes.drain(..) { let mut sig_ctx = XmlSecSignatureContext::new()?; let mut verified = false; - for openssl_key in certs { - let key_data = openssl_key.to_der()?; + for cert in certs { + let key_data = cert.public_key(); let key = XmlSecKey::from_memory(&key_data, XmlSecKeyFormat::CertDer)?; sig_ctx.insert_key(key); verified = sig_ctx.verify_node(&sig_node)?; @@ -529,33 +538,27 @@ pub enum UrlVerifierError { } pub struct UrlVerifier { - keypair: openssl::pkey::PKey, + keypair: rsa::PublicKey, } impl UrlVerifier { pub fn from_rsa_pem(public_key_pem: &[u8]) -> Result> { - let public = openssl::rsa::Rsa::public_key_from_pem(public_key_pem)?; - let keypair = openssl::pkey::PKey::from_rsa(public)?; + let keypair = rsa::PublicKey::from_pem(public_key_pem)?; Ok(Self { keypair }) } pub fn from_rsa_der(public_key_der: &[u8]) -> Result> { - let public = openssl::rsa::Rsa::public_key_from_der(public_key_der)?; - let keypair = openssl::pkey::PKey::from_rsa(public)?; + let keypair = rsa::PublicKey::from_der(public_key_der)?; Ok(Self { keypair }) } - pub fn from_x509_cert_pem(public_cert_pem: &str) -> Result> { - let x509 = openssl::x509::X509::from_pem(public_cert_pem.as_bytes())?; - let keypair = x509.public_key()?; - Ok(Self { keypair }) + pub fn from_x509(public_cert: &x509::Certificate) -> Result> { + Self::from_rsa_der(public_cert.public_key()) } - pub fn from_x509( - public_cert: &openssl::x509::X509, - ) -> Result> { - let keypair = public_cert.public_key()?; - Ok(Self { keypair }) + pub fn from_x509_cert_pem(public_cert_pem: &str) -> Result> { + let x509 = x509::Certificate::from_der(public_cert_pem.as_bytes())?; + Self::from_x509(&x509) } // Signed url should look like: @@ -674,20 +677,10 @@ impl UrlVerifier { fn verify_signature( &self, data: &[u8], - sig_alg: SigAlg, + _sig_alg: SigAlg, signature: &[u8], ) -> Result> { - let mut verifier = openssl::sign::Verifier::new( - match sig_alg { - SigAlg::RsaSha256 => openssl::hash::MessageDigest::sha256(), - _ => panic!("sig_alg is bad!"), - }, - &self.keypair, - )?; - - verifier.update(data)?; - - Ok(verifier.verify(signature)?) + Ok(self.keypair.verify_sha256(signature, data)?) } } diff --git a/src/crypto/rsa/mod.rs b/src/crypto/rsa/mod.rs new file mode 100644 index 0000000..edce2d8 --- /dev/null +++ b/src/crypto/rsa/mod.rs @@ -0,0 +1,9 @@ +#[cfg(feature = "openssl")] +mod openssl; +#[cfg(feature = "openssl")] +pub use self::openssl::*; + +#[cfg(feature = "rustcrypto")] +mod rustcrypto; +#[cfg(feature = "rustcrypto")] +pub use rustcrypto::*; diff --git a/src/crypto/rsa/openssl.rs b/src/crypto/rsa/openssl.rs new file mode 100644 index 0000000..9af5bca --- /dev/null +++ b/src/crypto/rsa/openssl.rs @@ -0,0 +1,71 @@ +use openssl::hash::MessageDigest; +use openssl::pkey::{PKey, Private, Public}; +use openssl::rsa::Rsa; +use openssl::sign::Signer; +use openssl::sign::Verifier; + +type RsaPrivate = Rsa; +type RsaPublic = Rsa; + +#[derive(Clone)] +pub struct PrivateKey(pub RsaPrivate); + +impl PrivateKey { + pub fn new(bit_size: usize) -> Result> { + Ok(Self(RsaPrivate::generate(bit_size as u32)?)) + } + + pub fn from_pem(pem: &str) -> Result> { + Ok(Rsa::private_key_from_pem(pem)?) + } + + pub fn from_der(der: &[u8]) -> Result> { + Ok(Rsa::private_key_from_der(der)?) + } + + pub fn to_der(&self) -> Result, Box> { + Ok(self.0.to_pkcs8_der()?.as_ref().to_vec()) + } + + pub fn sign_sha256( + &self, + content_to_sign: String, + ) -> Result, Box> { + let pkey = PKey::from_rsa(self.0)?; + + let mut signer = Signer::new(MessageDigest::sha256(), pkey.as_ref())?; + + signer.update(content_to_sign.as_bytes())?; + + Ok(signer.sign_to_vec()?) + } +} + +#[derive(Clone)] +pub struct PublicKey(pub RsaPublic); + +impl PublicKey { + pub fn from_pem(pem: &[u8]) -> Result> { + Ok(Rsa::public_key_from_pem(pem)?) + } + + pub fn from_der(der: &[u8]) -> Result> { + Ok(Rsa::public_key_from_der(der)?) + } + + pub fn to_der(&self) -> Result, Box> { + Ok(self.0.to_public_key_der()?.as_ref().to_vec()) + } + + pub fn verify_sha256( + &self, + signature: &[u8], + data: &[u8], + ) -> Result> { + let mut verifier = Verifier::new(MessageDigest::sha256(), self.0)?; + + verifier.update(data)?; + + Ok(verifier.verify(signature)?) + } +} diff --git a/src/crypto/rsa/rustcrypto.rs b/src/crypto/rsa/rustcrypto.rs new file mode 100644 index 0000000..8eee4ed --- /dev/null +++ b/src/crypto/rsa/rustcrypto.rs @@ -0,0 +1,85 @@ +// use rsa::pkcs1::{TryFrom, RsaPrivateKey as FromRsaPrivateKey, RsaPublicKey as FromRsaPublicKey}; +// use rsa::pkcs8::PublicKey; +use rsa::{ + pkcs1::{DecodeRsaPrivateKey, DecodeRsaPublicKey}, + pkcs8::{DecodePrivateKey, DecodePublicKey, EncodePrivateKey, EncodePublicKey}, +}; + +use rsa::{Hash, PaddingScheme, PublicKey as FromPublicKey}; +use sha2::{Digest, Sha256}; + +pub use rsa::RsaPrivateKey; +pub use rsa::RsaPublicKey; + +#[derive(Clone)] +pub struct PrivateKey(pub RsaPrivateKey); + +impl PrivateKey { + pub fn new(bit_size: usize) -> Result> { + let mut rng = rand::thread_rng(); + + Ok(Self(RsaPrivateKey::new(&mut rng, bit_size)?)) + } + + pub fn from_pem(pem: &str) -> Result> { + Ok(PrivateKey( + RsaPrivateKey::from_pkcs8_pem(pem).or_else(|_| RsaPrivateKey::from_pkcs1_pem(pem))?, + )) + } + + pub fn from_der(der: &[u8]) -> Result> { + Ok(PrivateKey( + RsaPrivateKey::from_pkcs8_der(der).or_else(|_| RsaPrivateKey::from_pkcs1_der(der))?, + )) + } + + pub fn to_der(&self) -> Result, Box> { + Ok(self.0.to_pkcs8_der()?.as_ref().to_vec()) + } + + pub fn sign_sha256( + &self, + content_to_sign: String, + ) -> Result, Box> { + let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); + let hashed = Sha256::digest(content_to_sign.as_bytes()); + let signature = self.0.sign(padding, &hashed[..])?; + + Ok(signature) + } +} + +#[derive(Clone)] +pub struct PublicKey(pub RsaPublicKey); + +impl PublicKey { + pub fn from_pem(pem: &[u8]) -> Result> { + Ok(Self( + RsaPublicKey::from_public_key_pem(std::str::from_utf8(pem)?) + .or_else(|_| RsaPublicKey::from_pkcs1_der(pem))?, + )) + } + + pub fn from_der(der: &[u8]) -> Result> { + Ok(Self( + RsaPublicKey::from_public_key_der(der) + .or_else(|_| RsaPublicKey::from_pkcs1_der(der))?, + )) + } + + pub fn to_der(&self) -> Result, Box> { + Ok(self.0.to_public_key_der()?.as_ref().to_vec()) + } + + pub fn verify_sha256( + &self, + signature: &[u8], + data: &[u8], + ) -> Result> { + let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); + + self.0.verify(padding, data, signature)?; + + Ok(true) + } +} diff --git a/src/crypto/x509/mod.rs b/src/crypto/x509/mod.rs new file mode 100644 index 0000000..edce2d8 --- /dev/null +++ b/src/crypto/x509/mod.rs @@ -0,0 +1,9 @@ +#[cfg(feature = "openssl")] +mod openssl; +#[cfg(feature = "openssl")] +pub use self::openssl::*; + +#[cfg(feature = "rustcrypto")] +mod rustcrypto; +#[cfg(feature = "rustcrypto")] +pub use rustcrypto::*; diff --git a/src/crypto/x509/openssl.rs b/src/crypto/x509/openssl.rs new file mode 100644 index 0000000..e8c90da --- /dev/null +++ b/src/crypto/x509/openssl.rs @@ -0,0 +1,59 @@ +use openssl::asn1::Asn1Time; +use openssl::bn::{BigNum, MsbOption}; +use openssl::hash::MessageDigest; +use openssl::nid::Nid; +use openssl::x509::{X509Name as Name, X509}; + +use crate::crypto::rsa; +use crate::idp::CertificateParams; + +#[derive(Clone)] +pub struct Certificate<'a>(pub X509); + +impl<'a> Certificate { + pub fn new( + &self, + private_key: &rsa::PrivateKey, + params: &CertificateParams, + ) -> Result> { + let mut name = Name::builder()?; + name.append_entry_by_nid(Nid::COMMONNAME, params.common_name)?; + let name = name.build(); + + let mut iss = Name::builder()?; + iss.append_entry_by_nid(Nid::COMMONNAME, params.issuer_name)?; + let iss = iss.build(); + + let mut builder = X509::builder()?; + + let serial_number = { + let mut serial = BigNum::new()?; + serial.rand(159, MsbOption::MAYBE_ZERO, false)?; + serial.to_asn1_integer()? + }; + + builder.set_serial_number(&serial_number)?; + builder.set_version(2)?; + builder.set_subject_name(&name)?; + builder.set_issuer_name(&iss)?; + builder.set_pubkey(&self.private_key.0)?; + + let starts = Asn1Time::days_from_now(0)?; // now + builder.set_not_before(&starts)?; + + let expires = Asn1Time::days_from_now(params.days_until_expiration)?; + builder.set_not_after(&expires)?; + + builder.sign(&self.private_key.0, MessageDigest::sha256())?; + + Ok(Self(builder.build()?)) + } + + pub fn to_vec(&self) -> Result, Box> { + self.0.to_der() + } + + pub fn public_key(&self) -> &[u8] { + self.0.public_key() + } +} diff --git a/src/crypto/x509/rustcrypto.rs b/src/crypto/x509/rustcrypto.rs new file mode 100644 index 0000000..247bbcf --- /dev/null +++ b/src/crypto/x509/rustcrypto.rs @@ -0,0 +1,60 @@ +use crate::crypto::rsa; +use x509_cert::der::{Decode, Encode}; +pub use x509_cert::{ + der::{ + asn1::{BitStringRef, UIntRef}, + Sequence, + }, + name::{Name, RdnSequence}, + TbsCertificate, Version, +}; + +use crate::idp::CertificateParams; + +#[derive(Clone)] +pub struct Certificate<'a>(pub x509_cert::Certificate<'a>); + +impl<'a> Certificate<'a> { + pub fn new( + private_key: &rsa::RsaPrivateKey, + params: &CertificateParams, + ) -> Result, Box> { + todo!("Certificate creation is not yet supported for the rustcrypto backend"); + // let sn: [u8; 0] = []; + // Certificate { + // tbs_certificate: TbsCertificate { + // version: Version::V2, + // serial_number: UIntRef::new(&sn)?, + // signature: AlgorithmIdentifier, + // issuer: Name::encode_from_string(params.issuer_name)?.map(Name), + // validity: Validity, + // subject: Name::encode_from_string(params.common_name)?.map(Name), + // subject_public_key_info: SubjectPublicKeyInfo<'a>, + // issuer_unique_id: Option>, + // subject_unique_id: Option>, + // extensions: Option>, + // }, + // signature_algorithm: AlgorithmIdentifier { + + // }, + // signature: BitStringRef { + + // }, + // } + } + + pub fn to_vec(&self) -> Result, Box> { + Ok(self.0.to_vec()?) + } + + pub fn from_der(bytes: &'a [u8]) -> Result> { + Ok(Self(x509_cert::Certificate::from_der(bytes)?)) + } + + pub fn public_key(&self) -> &'a [u8] { + self.0 + .tbs_certificate + .subject_public_key_info + .subject_public_key + } +} diff --git a/src/idp/error.rs b/src/idp/error.rs index 9006b31..2a89981 100644 --- a/src/idp/error.rs +++ b/src/idp/error.rs @@ -23,6 +23,7 @@ pub enum Error { error: crate::schema::authn_request::Error, }, + #[cfg(feature = "openssl")] #[snafu(display("OpenSSL Error: {}", stack))] OpenSSLError { stack: openssl::error::ErrorStack, @@ -32,14 +33,23 @@ pub enum Error { VerificationError { error: crate::crypto::Error, }, + + Unknown, } +#[cfg(feature = "openssl")] impl From for Error { fn from(error: openssl::error::ErrorStack) -> Self { Error::OpenSSLError { stack: error } } } +impl From> for Error { + fn from(error: Box) -> Self { + Error::Unknown + } +} + impl From for Error { fn from(error: crate::crypto::Error) -> Self { Error::VerificationError { error } diff --git a/src/idp/mod.rs b/src/idp/mod.rs index 4bab384..00fe87e 100644 --- a/src/idp/mod.rs +++ b/src/idp/mod.rs @@ -1,4 +1,5 @@ pub mod error; + use self::error::Error; pub mod response_builder; @@ -8,19 +9,15 @@ pub mod verified_request; #[cfg(test)] mod tests; -use openssl::bn::{BigNum, MsbOption}; -use openssl::nid::Nid; -use openssl::pkey::Private; -use openssl::{asn1::Asn1Time, pkey, rsa::Rsa, x509}; use std::str::FromStr; -use crate::crypto::{self}; +use crate::crypto::{self, rsa, x509}; use crate::idp::response_builder::{build_response_template, ResponseAttribute}; use crate::schema::Response; pub struct IdentityProvider { - private_key: pkey::PKey, + private_key: rsa::PrivateKey, } pub enum KeyType { @@ -47,57 +44,23 @@ pub struct CertificateParams<'a> { impl IdentityProvider { pub fn generate_new(key_type: KeyType) -> Result { - let rsa = Rsa::generate(key_type.bit_length())?; - let private_key = pkey::PKey::from_rsa(rsa)?; + let private_key = rsa::PrivateKey::new(usize::try_from(key_type.bit_length()).unwrap())?; Ok(IdentityProvider { private_key }) } pub fn from_private_key_der(der_bytes: &[u8]) -> Result { - let rsa = Rsa::private_key_from_der(der_bytes)?; - let private_key = pkey::PKey::from_rsa(rsa)?; + let private_key = rsa::PrivateKey::from_der(der_bytes)?; Ok(IdentityProvider { private_key }) } pub fn export_private_key_der(&self) -> Result, Error> { - let rsa: Rsa = self.private_key.rsa()?; - Ok(rsa.private_key_to_der()?) + Ok(self.private_key.to_der()?) } pub fn create_certificate(&self, params: &CertificateParams) -> Result, Error> { - let mut name = x509::X509Name::builder()?; - name.append_entry_by_nid(Nid::COMMONNAME, params.common_name)?; - let name = name.build(); - - let mut iss = x509::X509Name::builder()?; - iss.append_entry_by_nid(Nid::COMMONNAME, params.issuer_name)?; - let iss = iss.build(); - - let mut builder = x509::X509::builder()?; - - let serial_number = { - let mut serial = BigNum::new()?; - serial.rand(159, MsbOption::MAYBE_ZERO, false)?; - serial.to_asn1_integer()? - }; - - builder.set_serial_number(&serial_number)?; - builder.set_version(2)?; - builder.set_subject_name(&name)?; - builder.set_issuer_name(&iss)?; - builder.set_pubkey(&self.private_key)?; - - let starts = Asn1Time::days_from_now(0)?; // now - builder.set_not_before(&starts)?; - - let expires = Asn1Time::days_from_now(params.days_until_expiration)?; - builder.set_not_after(&expires)?; - - builder.sign(&self.private_key, openssl::hash::MessageDigest::sha256())?; - - let certificate: x509::X509 = builder.build(); - Ok(certificate.to_der()?) + Ok(x509::Certificate::new(&self.private_key.0, params)?.to_vec()?) } pub fn sign_authn_response( diff --git a/src/rsa.rs b/src/rsa.rs new file mode 100644 index 0000000..cd121b0 --- /dev/null +++ b/src/rsa.rs @@ -0,0 +1 @@ +#[cfg(feature = "openssl")] diff --git a/src/service_provider/mod.rs b/src/service_provider/mod.rs index d6c4613..51b42ec 100644 --- a/src/service_provider/mod.rs +++ b/src/service_provider/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto; +use crate::crypto::{self, rsa, x509}; use crate::metadata::{Endpoint, IndexedEndpoint, KeyDescriptor, NameIdFormat, SpSsoDescriptor}; use crate::schema::{Assertion, Response}; use crate::{ @@ -9,14 +9,12 @@ use crate::{ use chrono::prelude::*; use chrono::Duration; use flate2::{write::DeflateEncoder, Compression}; -use rsa::pkcs1::FromRsaPrivateKey; -use rsa::{Hash, PaddingScheme, RsaPrivateKey}; -use sha2::{Digest, Sha256}; use snafu::Snafu; use std::fmt::Debug; use std::io::Write; use url::Url; -use x509_parser::parse_x509_certificate; +#[cfg(feature = "rustcrypto")] +pub use x509_cert::der::{Decode, Encode}; #[cfg(test)] mod tests; @@ -114,11 +112,11 @@ pub enum Error { #[derive(Builder, Clone)] #[builder(default, setter(into))] -pub struct ServiceProvider { +pub struct ServiceProvider<'a> { pub entity_id: Option, - pub key: Option, - pub certificate: Option, - pub intermediates: Option>, + pub key: Option, + pub certificate: Option>, + pub intermediates: Option>>, pub metadata_url: Option, pub acs_url: Option, pub slo_url: Option, @@ -132,7 +130,7 @@ pub struct ServiceProvider { pub max_clock_skew: Duration, } -impl Default for ServiceProvider { +impl<'a> Default for ServiceProvider<'a> { fn default() -> Self { ServiceProvider { entity_id: None, @@ -154,7 +152,7 @@ impl Default for ServiceProvider { } } -impl ServiceProvider { +impl<'a> ServiceProvider<'a> { pub fn metadata(&self) -> Result> { let valid_duration = if let Some(duration) = self.metadata_valid_duration { Some(duration) @@ -172,10 +170,10 @@ impl ServiceProvider { let mut key_descriptors = vec![]; if let Some(cert) = &self.certificate { - let mut cert_bytes: Vec = cert.as_bytes().into(); + let mut cert_bytes: Vec = cert.to_vec()?; if let Some(intermediates) = &self.intermediates { for intermediate in intermediates { - cert_bytes.append(&mut intermediate.as_bytes().to_vec()); + cert_bytes.append(&mut intermediate.to_vec()?); } } key_descriptors.push(KeyDescriptor { @@ -286,7 +284,7 @@ impl ServiceProvider { None } - pub fn idp_signing_certs(&self) -> Result>, Error> { + pub fn idp_signing_certs(&self) -> Result>, Error> { let mut result = vec![]; if let Some(idp_sso_descriptors) = &self.idp_metadata.idp_sso_descriptors { for idp_sso_descriptor in idp_sso_descriptors { @@ -297,26 +295,7 @@ impl ServiceProvider { .filter(|key_use| *key_use == "signing") .is_some() { - if let Some(cert) = key_descriptor - .key_info - .x509_data - .as_ref() - .and_then(|data| data.certificate.as_ref()) - { - if let Ok(decoded) = base64::decode(cert.as_bytes()) { - if let Ok((_, parsed)) = parse_x509_certificate(&decoded) { - result.push(parsed.raw_serial_as_string()) - } else { - return Err(Error::FailedToParseCert { - cert: cert.to_string(), - }); - } - } else { - return Err(Error::FailedToParseCert { - cert: cert.to_string(), - }); - } - } + result.append(&mut parse_certificates(key_descriptor)?); } } } @@ -327,26 +306,7 @@ impl ServiceProvider { if key_descriptor.key_use == None || key_descriptor.key_use == Some("".to_string()) { - if let Some(cert) = key_descriptor - .key_info - .x509_data - .as_ref() - .and_then(|data| data.certificate.as_ref()) - { - if let Ok(decoded) = base64::decode(cert.as_bytes()) { - if let Ok((_, parsed)) = parse_x509_certificate(&decoded) { - result.push(parsed.raw_serial_as_string()) - } else { - return Err(Error::FailedToParseCert { - cert: cert.to_string(), - }); - } - } else { - return Err(Error::FailedToParseCert { - cert: cert.to_string(), - }); - } - } + result.append(&mut parse_certificates(key_descriptor)?); } } } @@ -359,10 +319,10 @@ impl ServiceProvider { }) } - pub fn parse_base64_response( + pub fn parse_response + Debug>( &self, encoded_resp: &str, - possible_request_ids: Option<&[&str]>, + possible_request_ids: &[AsStr], ) -> Result> { let bytes = base64::decode(encoded_resp)?; let decoded = std::str::from_utf8(&bytes)?; @@ -370,10 +330,10 @@ impl ServiceProvider { Ok(assertion) } - pub fn parse_xml_response( + pub fn parse_xml_response + Debug>( &self, response_xml: &str, - possible_request_ids: Option<&[&str]>, + possible_request_ids: &[AsStr], ) -> Result { let reduced_xml = if let Some(sign_certs) = self.idp_signing_certs()? { reduce_xml_to_signed(response_xml, &sign_certs) @@ -388,11 +348,9 @@ impl ServiceProvider { let mut request_id_valid = false; if self.allow_idp_initiated { request_id_valid = true; - } else if let (Some(in_response_to), Some(possible_request_ids)) = - (&response.in_response_to, possible_request_ids) - { + } else if let Some(in_response_to) = &response.in_response_to { for req_id in possible_request_ids { - if req_id == in_response_to { + if req_id.as_ref() == in_response_to { request_id_valid = true; } } @@ -400,9 +358,8 @@ impl ServiceProvider { if !request_id_valid { return Err(Error::ResponseInResponseToInvalid { possible_ids: possible_request_ids - .into_iter() - .flatten() - .map(|e| e.to_string()) + .iter() + .map(|e| e.as_ref().to_string()) .collect(), }); } @@ -440,10 +397,10 @@ impl ServiceProvider { } } - fn validate_assertion( + fn validate_assertion + Debug>( &self, assertion: &Assertion, - _possible_request_ids: Option<&[&str]>, + _possible_request_ids: &[AsStr], ) -> Result<(), Error> { if assertion.issue_instant + self.max_issue_delay < Utc::now() { return Err(Error::AssertionExpired { @@ -540,7 +497,7 @@ impl ServiceProvider { } } -fn parse_certificates(key_descriptor: &KeyDescriptor) -> Result, Error> { +fn parse_certificates(key_descriptor: &KeyDescriptor) -> Result, Error> { key_descriptor .key_info .x509_data @@ -551,7 +508,7 @@ fn parse_certificates(key_descriptor: &KeyDescriptor) -> Result, .map(|cert| { crypto::decode_x509_cert(cert) .ok() - .and_then(|decoded| openssl::x509::X509::from_der(&decoded).ok()) + .and_then(|decoded| x509::Certificate::from_der(&decoded).ok()) .ok_or_else(|| Error::FailedToParseCert { cert: cert.to_string(), }) @@ -636,20 +593,17 @@ impl AuthnRequest { // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ // // then add the "Signature" query parameter afterwards. - let string_to_sign: String = unsigned_url + let query_string: String = unsigned_url .query() .ok_or(Error::UnexpectedError)? .to_string(); - // Use openssl's bindings to sign - let pkey = RsaPrivateKey::from_pkcs1_der(&private_key_der)?; - let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); - let hashed = Sha256::digest(string_to_sign.as_bytes()); - let signature = pkey.sign(padding, &hashed[..])?; + let private_key = rsa::PrivateKey::from_der(private_key_der)?; - unsigned_url - .query_pairs_mut() - .append_pair("Signature", &base64::encode(signature)); + unsigned_url.query_pairs_mut().append_pair( + "Signature", + &base64::encode(private_key.sign_sha256(query_string)?), + ); // Past this point, it's a signed url :) Ok(Some(unsigned_url)) From c089f4b84e98fb63887d7eaed92271607da45121 Mon Sep 17 00:00:00 2001 From: Martin Madsen Date: Sun, 21 Aug 2022 22:52:10 +0200 Subject: [PATCH 4/5] Drop unused verify_signed_redirect_url test --- src/rsa.rs | 1 - src/schema/authn_request.rs | 52 ------------------------------------- 2 files changed, 53 deletions(-) delete mode 100644 src/rsa.rs diff --git a/src/rsa.rs b/src/rsa.rs deleted file mode 100644 index cd121b0..0000000 --- a/src/rsa.rs +++ /dev/null @@ -1 +0,0 @@ -#[cfg(feature = "openssl")] diff --git a/src/schema/authn_request.rs b/src/schema/authn_request.rs index a7aa9d2..387d8a4 100644 --- a/src/schema/authn_request.rs +++ b/src/schema/authn_request.rs @@ -212,12 +212,6 @@ impl AuthnRequest { mod test { use super::*; use crate::crypto::UrlVerifier; - use std::collections::HashMap; - - use rsa::{pkcs8::FromPublicKey, Hash, PaddingScheme, PublicKey, RsaPublicKey}; - use sha2::{Digest, Sha256}; - - use super::*; #[test] #[cfg(feature = "xmlsec")] @@ -252,52 +246,6 @@ mod test { Ok(()) } - pub fn verify_signed_redirect_url( - signed_authn_redirect_url: &url::Url, - public_key_pem: &[u8], - ) -> Result> { - // Should look like: - // - // http://idp.example.com/SSOService.php?SAMLRequest=...&SigAlg=...&Signature=... - // - // Remove Signature, then verify percent encoded query string using - // openssl bindings. - - let query_params = signed_authn_redirect_url - .query_pairs() - .into_owned() - .collect::>(); - let signature: &String = &query_params["Signature"]; - - let mut verify_url = url::Url::parse( - format!( - "{}://{}", - signed_authn_redirect_url.scheme(), - signed_authn_redirect_url.host_str().unwrap(), - ) - .as_str(), - )?; - - for key in vec!["SAMLRequest", "RelayState", "SigAlg"] { - if query_params.contains_key(key) { - verify_url - .query_pairs_mut() - .append_pair(key, &query_params[key]); - } - } - - let signed_string: String = verify_url.query().unwrap().to_string(); - let public = RsaPublicKey::from_public_key_pem(std::str::from_utf8(public_key_pem)?)?; - - let hashed = Sha256::digest(signed_string.as_bytes()); - let signature_bytes = base64::decode(signature)?; - let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); - - public.verify(padding, &hashed[..], signature_bytes.as_slice())?; - - Ok(true) - } - #[test] pub fn test_redirect_signature() -> Result<(), Box> { let private_key = include_bytes!(concat!( From 8a3e1c728bbfdc742885edea5a1658eebd513152 Mon Sep 17 00:00:00 2001 From: Martin Madsen Date: Wed, 24 Aug 2022 19:17:20 +0200 Subject: [PATCH 5/5] Define traits for rsa and x509 modules --- src/crypto/mod.rs | 18 ++++++---- src/crypto/rsa/mod.rs | 32 ++++++++++++++++++ src/crypto/rsa/openssl.rs | 43 ++++++++++------------- src/crypto/rsa/rustcrypto.rs | 64 +++++++++++++---------------------- src/crypto/x509/mod.rs | 19 +++++++++++ src/crypto/x509/openssl.rs | 19 ++++++----- src/crypto/x509/rustcrypto.rs | 35 ++++++++----------- src/idp/error.rs | 7 ++++ src/idp/mod.rs | 16 ++++++--- src/service_provider/mod.rs | 14 +++++--- 10 files changed, 156 insertions(+), 111 deletions(-) diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs index d2a6708..609d777 100644 --- a/src/crypto/mod.rs +++ b/src/crypto/mod.rs @@ -1,3 +1,4 @@ +use crate::crypto::x509::CertificateLike; use std::collections::HashMap; use std::convert::TryInto; use std::ffi::CString; @@ -19,6 +20,8 @@ use crate::xmlsec::{self, XmlSecKey, XmlSecKeyFormat, XmlSecSignatureContext}; #[cfg(feature = "xmlsec")] use libxml::parser::Parser as XmlParser; +use self::rsa::PublicKeyLike; + #[cfg(feature = "xmlsec")] const XMLNS_XML_DSIG: &str = "http://www.w3.org/2000/09/xmldsig#"; #[cfg(feature = "xmlsec")] @@ -537,18 +540,21 @@ pub enum UrlVerifierError { SigAlgUnimplemented { sigalg: String }, } -pub struct UrlVerifier { - keypair: rsa::PublicKey, +pub struct UrlVerifier +where + PublicKey: rsa::PublicKeyLike, +{ + keypair: PublicKey, } -impl UrlVerifier { +impl UrlVerifier { pub fn from_rsa_pem(public_key_pem: &[u8]) -> Result> { - let keypair = rsa::PublicKey::from_pem(public_key_pem)?; + let keypair = rsa::PublicKeyLike::from_pem(public_key_pem)?; Ok(Self { keypair }) } pub fn from_rsa_der(public_key_der: &[u8]) -> Result> { - let keypair = rsa::PublicKey::from_der(public_key_der)?; + let keypair = rsa::PublicKeyLike::from_der(public_key_der)?; Ok(Self { keypair }) } @@ -557,7 +563,7 @@ impl UrlVerifier { } pub fn from_x509_cert_pem(public_cert_pem: &str) -> Result> { - let x509 = x509::Certificate::from_der(public_cert_pem.as_bytes())?; + let x509 = x509::CertificateLike::from_der(public_cert_pem.as_bytes())?; Self::from_x509(&x509) } diff --git a/src/crypto/rsa/mod.rs b/src/crypto/rsa/mod.rs index edce2d8..3445972 100644 --- a/src/crypto/rsa/mod.rs +++ b/src/crypto/rsa/mod.rs @@ -7,3 +7,35 @@ pub use self::openssl::*; mod rustcrypto; #[cfg(feature = "rustcrypto")] pub use rustcrypto::*; + +pub trait PrivateKeyLike +where + Self: Sized, +{ + fn new(bit_size: usize) -> Result>; + + fn from_pem(pem: &str) -> Result>; + + fn from_der(der: &[u8]) -> Result>; + + fn to_der(&self) -> Result, Box>; + + fn sign_sha256(&self, content_to_sign: String) -> Result, Box>; +} + +pub trait PublicKeyLike +where + Self: Sized, +{ + fn from_pem(pem: &[u8]) -> Result>; + + fn from_der(der: &[u8]) -> Result>; + + fn to_der(&self) -> Result, Box>; + + fn verify_sha256( + &self, + signature: &[u8], + data: &[u8], + ) -> Result>; +} diff --git a/src/crypto/rsa/openssl.rs b/src/crypto/rsa/openssl.rs index 9af5bca..629cdab 100644 --- a/src/crypto/rsa/openssl.rs +++ b/src/crypto/rsa/openssl.rs @@ -4,33 +4,29 @@ use openssl::rsa::Rsa; use openssl::sign::Signer; use openssl::sign::Verifier; -type RsaPrivate = Rsa; -type RsaPublic = Rsa; +use crate::crypto::rsa::{PrivateKeyLike, PublicKeyLike}; -#[derive(Clone)] -pub struct PrivateKey(pub RsaPrivate); +pub type PrivateKey = Rsa; +pub type PublicKey = Rsa; -impl PrivateKey { - pub fn new(bit_size: usize) -> Result> { - Ok(Self(RsaPrivate::generate(bit_size as u32)?)) +impl PrivateKeyLike for PrivateKey { + fn new(bit_size: usize) -> Result> { + Ok(Self::generate(bit_size as u32)?) } - pub fn from_pem(pem: &str) -> Result> { - Ok(Rsa::private_key_from_pem(pem)?) + fn from_pem(pem: &str) -> Result> { + Ok(Self::private_key_from_pem(pem.as_bytes())?) } - pub fn from_der(der: &[u8]) -> Result> { - Ok(Rsa::private_key_from_der(der)?) + fn from_der(der: &[u8]) -> Result> { + Ok(Self::private_key_from_der(der)?) } - pub fn to_der(&self) -> Result, Box> { - Ok(self.0.to_pkcs8_der()?.as_ref().to_vec()) + fn to_der(&self) -> Result, Box> { + Ok(self.to_pkcs8_der()?.as_ref().to_vec()) } - pub fn sign_sha256( - &self, - content_to_sign: String, - ) -> Result, Box> { + fn sign_sha256(&self, content_to_sign: String) -> Result, Box> { let pkey = PKey::from_rsa(self.0)?; let mut signer = Signer::new(MessageDigest::sha256(), pkey.as_ref())?; @@ -41,23 +37,20 @@ impl PrivateKey { } } -#[derive(Clone)] -pub struct PublicKey(pub RsaPublic); - -impl PublicKey { - pub fn from_pem(pem: &[u8]) -> Result> { +impl PublicKeyLike for PublicKey { + fn from_pem(pem: &[u8]) -> Result> { Ok(Rsa::public_key_from_pem(pem)?) } - pub fn from_der(der: &[u8]) -> Result> { + fn from_der(der: &[u8]) -> Result> { Ok(Rsa::public_key_from_der(der)?) } - pub fn to_der(&self) -> Result, Box> { + fn to_der(&self) -> Result, Box> { Ok(self.0.to_public_key_der()?.as_ref().to_vec()) } - pub fn verify_sha256( + fn verify_sha256( &self, signature: &[u8], data: &[u8], diff --git a/src/crypto/rsa/rustcrypto.rs b/src/crypto/rsa/rustcrypto.rs index 8eee4ed..d547be8 100644 --- a/src/crypto/rsa/rustcrypto.rs +++ b/src/crypto/rsa/rustcrypto.rs @@ -8,77 +8,61 @@ use rsa::{ use rsa::{Hash, PaddingScheme, PublicKey as FromPublicKey}; use sha2::{Digest, Sha256}; -pub use rsa::RsaPrivateKey; -pub use rsa::RsaPublicKey; +use super::{PrivateKeyLike, PublicKeyLike}; -#[derive(Clone)] -pub struct PrivateKey(pub RsaPrivateKey); +pub use rsa::RsaPrivateKey as PrivateKey; +pub use rsa::RsaPublicKey as PublicKey; -impl PrivateKey { - pub fn new(bit_size: usize) -> Result> { +impl PrivateKeyLike for PrivateKey { + fn new(bit_size: usize) -> Result> { let mut rng = rand::thread_rng(); - Ok(Self(RsaPrivateKey::new(&mut rng, bit_size)?)) + Ok(PrivateKey::new(&mut rng, bit_size)?) } - pub fn from_pem(pem: &str) -> Result> { - Ok(PrivateKey( - RsaPrivateKey::from_pkcs8_pem(pem).or_else(|_| RsaPrivateKey::from_pkcs1_pem(pem))?, - )) + fn from_pem(pem: &str) -> Result> { + Ok(Self::from_pkcs8_pem(pem).or_else(|_| Self::from_pkcs1_pem(pem))?) } - pub fn from_der(der: &[u8]) -> Result> { - Ok(PrivateKey( - RsaPrivateKey::from_pkcs8_der(der).or_else(|_| RsaPrivateKey::from_pkcs1_der(der))?, - )) + fn from_der(der: &[u8]) -> Result> { + Ok(Self::from_pkcs8_der(der).or_else(|_| Self::from_pkcs1_der(der))?) } - pub fn to_der(&self) -> Result, Box> { - Ok(self.0.to_pkcs8_der()?.as_ref().to_vec()) + fn to_der(&self) -> Result, Box> { + Ok(self.to_pkcs8_der()?.as_ref().to_vec()) } - pub fn sign_sha256( - &self, - content_to_sign: String, - ) -> Result, Box> { + fn sign_sha256(&self, content_to_sign: String) -> Result, Box> { let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); let hashed = Sha256::digest(content_to_sign.as_bytes()); - let signature = self.0.sign(padding, &hashed[..])?; + let signature = self.sign(padding, &hashed[..])?; Ok(signature) } } -#[derive(Clone)] -pub struct PublicKey(pub RsaPublicKey); - -impl PublicKey { - pub fn from_pem(pem: &[u8]) -> Result> { - Ok(Self( - RsaPublicKey::from_public_key_pem(std::str::from_utf8(pem)?) - .or_else(|_| RsaPublicKey::from_pkcs1_der(pem))?, - )) +impl PublicKeyLike for PublicKey { + fn from_pem(pem: &[u8]) -> Result> { + Ok(Self::from_public_key_pem(std::str::from_utf8(pem)?) + .or_else(|_| Self::from_pkcs1_der(pem))?) } - pub fn from_der(der: &[u8]) -> Result> { - Ok(Self( - RsaPublicKey::from_public_key_der(der) - .or_else(|_| RsaPublicKey::from_pkcs1_der(der))?, - )) + fn from_der(der: &[u8]) -> Result> { + Ok(Self::from_public_key_der(der).or_else(|_| Self::from_pkcs1_der(der))?) } - pub fn to_der(&self) -> Result, Box> { - Ok(self.0.to_public_key_der()?.as_ref().to_vec()) + fn to_der(&self) -> Result, Box> { + Ok(self.to_public_key_der()?.as_ref().to_vec()) } - pub fn verify_sha256( + fn verify_sha256( &self, signature: &[u8], data: &[u8], ) -> Result> { let padding = PaddingScheme::new_pkcs1v15_sign(Some(Hash::SHA2_256)); - self.0.verify(padding, data, signature)?; + self.verify(padding, data, signature)?; Ok(true) } diff --git a/src/crypto/x509/mod.rs b/src/crypto/x509/mod.rs index edce2d8..e85bfc8 100644 --- a/src/crypto/x509/mod.rs +++ b/src/crypto/x509/mod.rs @@ -1,3 +1,6 @@ +use crate::crypto::rsa; +use crate::idp::CertificateParams; + #[cfg(feature = "openssl")] mod openssl; #[cfg(feature = "openssl")] @@ -7,3 +10,19 @@ pub use self::openssl::*; mod rustcrypto; #[cfg(feature = "rustcrypto")] pub use rustcrypto::*; + +pub trait CertificateLike +where + Self: Sized, +{ + fn new( + private_key: &Key, + params: &CertificateParams, + ) -> Result>; + + fn to_vec(&self) -> Result, Box>; + + fn from_der(der: &[u8]) -> Result>; + + fn public_key(&self) -> &[u8]; +} diff --git a/src/crypto/x509/openssl.rs b/src/crypto/x509/openssl.rs index e8c90da..181cd6d 100644 --- a/src/crypto/x509/openssl.rs +++ b/src/crypto/x509/openssl.rs @@ -7,13 +7,14 @@ use openssl::x509::{X509Name as Name, X509}; use crate::crypto::rsa; use crate::idp::CertificateParams; -#[derive(Clone)] -pub struct Certificate<'a>(pub X509); +use crate::crypto::x509::CertificateLike; -impl<'a> Certificate { - pub fn new( - &self, - private_key: &rsa::PrivateKey, +// #[derive(Clone)] +// pub struct Certificate<'a>(pub X509); + +impl CertificateLike for X509 { + fn new( + private_key: &Key, params: &CertificateParams, ) -> Result> { let mut name = Name::builder()?; @@ -36,7 +37,7 @@ impl<'a> Certificate { builder.set_version(2)?; builder.set_subject_name(&name)?; builder.set_issuer_name(&iss)?; - builder.set_pubkey(&self.private_key.0)?; + builder.set_pubkey(&private_key)?; let starts = Asn1Time::days_from_now(0)?; // now builder.set_not_before(&starts)?; @@ -49,11 +50,11 @@ impl<'a> Certificate { Ok(Self(builder.build()?)) } - pub fn to_vec(&self) -> Result, Box> { + fn to_vec(&self) -> Result, Box> { self.0.to_der() } - pub fn public_key(&self) -> &[u8] { + fn public_key(&self) -> &[u8] { self.0.public_key() } } diff --git a/src/crypto/x509/rustcrypto.rs b/src/crypto/x509/rustcrypto.rs index 247bbcf..37cf9eb 100644 --- a/src/crypto/x509/rustcrypto.rs +++ b/src/crypto/x509/rustcrypto.rs @@ -1,24 +1,18 @@ use crate::crypto::rsa; use x509_cert::der::{Decode, Encode}; -pub use x509_cert::{ - der::{ - asn1::{BitStringRef, UIntRef}, - Sequence, - }, - name::{Name, RdnSequence}, - TbsCertificate, Version, -}; +use super::CertificateLike; use crate::idp::CertificateParams; +pub use x509_cert::Certificate; -#[derive(Clone)] -pub struct Certificate<'a>(pub x509_cert::Certificate<'a>); +// #[derive(Clone)] +// pub struct Certificate<'a>(pub x509_cert::Certificate<'a>); -impl<'a> Certificate<'a> { - pub fn new( - private_key: &rsa::RsaPrivateKey, +impl<'a> CertificateLike for Certificate<'a> { + fn new( + private_key: &rsa::PrivateKey, params: &CertificateParams, - ) -> Result, Box> { + ) -> Result> { todo!("Certificate creation is not yet supported for the rustcrypto backend"); // let sn: [u8; 0] = []; // Certificate { @@ -43,17 +37,16 @@ impl<'a> Certificate<'a> { // } } - pub fn to_vec(&self) -> Result, Box> { - Ok(self.0.to_vec()?) + fn to_vec(&self) -> Result, Box> { + Ok(Encode::to_vec(self)?) } - pub fn from_der(bytes: &'a [u8]) -> Result> { - Ok(Self(x509_cert::Certificate::from_der(bytes)?)) + fn from_der(der: &[u8]) -> Result> { + Ok(Decode::from_der(der)?) } - pub fn public_key(&self) -> &'a [u8] { - self.0 - .tbs_certificate + fn public_key(&self) -> &[u8] { + self.tbs_certificate .subject_public_key_info .subject_public_key } diff --git a/src/idp/error.rs b/src/idp/error.rs index 2a89981..6da2fc3 100644 --- a/src/idp/error.rs +++ b/src/idp/error.rs @@ -50,6 +50,13 @@ impl From> for Error { } } +#[cfg(feature = "rustcrypto")] +impl From for Error { + fn from(error: rsa::errors::Error) -> Self { + Error::Unknown + } +} + impl From for Error { fn from(error: crate::crypto::Error) -> Self { Error::VerificationError { error } diff --git a/src/idp/mod.rs b/src/idp/mod.rs index 00fe87e..55f24d2 100644 --- a/src/idp/mod.rs +++ b/src/idp/mod.rs @@ -11,13 +11,18 @@ mod tests; use std::str::FromStr; +use crate::crypto::rsa::PrivateKeyLike; +use crate::crypto::x509::CertificateLike; use crate::crypto::{self, rsa, x509}; use crate::idp::response_builder::{build_response_template, ResponseAttribute}; use crate::schema::Response; -pub struct IdentityProvider { - private_key: rsa::PrivateKey, +pub struct IdentityProvider +where + PrivateKey: rsa::PrivateKeyLike, +{ + private_key: PrivateKey, } pub enum KeyType { @@ -42,9 +47,10 @@ pub struct CertificateParams<'a> { pub days_until_expiration: u32, } -impl IdentityProvider { +impl IdentityProvider { pub fn generate_new(key_type: KeyType) -> Result { - let private_key = rsa::PrivateKey::new(usize::try_from(key_type.bit_length()).unwrap())?; + let private_key = + rsa::PrivateKeyLike::new(usize::try_from(key_type.bit_length()).unwrap())?; Ok(IdentityProvider { private_key }) } @@ -60,7 +66,7 @@ impl IdentityProvider { } pub fn create_certificate(&self, params: &CertificateParams) -> Result, Error> { - Ok(x509::Certificate::new(&self.private_key.0, params)?.to_vec()?) + Ok(x509::Certificate::new(&self.private_key, params)?.to_vec()?) } pub fn sign_authn_response( diff --git a/src/service_provider/mod.rs b/src/service_provider/mod.rs index 51b42ec..f7234ef 100644 --- a/src/service_provider/mod.rs +++ b/src/service_provider/mod.rs @@ -1,3 +1,4 @@ +use crate::crypto::rsa::PrivateKeyLike; use crate::crypto::{self, rsa, x509}; use crate::metadata::{Endpoint, IndexedEndpoint, KeyDescriptor, NameIdFormat, SpSsoDescriptor}; use crate::schema::{Assertion, Response}; @@ -112,11 +113,14 @@ pub enum Error { #[derive(Builder, Clone)] #[builder(default, setter(into))] -pub struct ServiceProvider<'a> { +pub struct ServiceProvider +where + ServiceProvider: Default, +{ pub entity_id: Option, pub key: Option, - pub certificate: Option>, - pub intermediates: Option>>, + pub certificate: Option, + pub intermediates: Option>, pub metadata_url: Option, pub acs_url: Option, pub slo_url: Option, @@ -130,7 +134,7 @@ pub struct ServiceProvider<'a> { pub max_clock_skew: Duration, } -impl<'a> Default for ServiceProvider<'a> { +impl Default for ServiceProvider> { fn default() -> Self { ServiceProvider { entity_id: None, @@ -152,7 +156,7 @@ impl<'a> Default for ServiceProvider<'a> { } } -impl<'a> ServiceProvider<'a> { +impl ServiceProvider> { pub fn metadata(&self) -> Result> { let valid_duration = if let Some(duration) = self.metadata_valid_duration { Some(duration)