webpki/
trust_anchor.rs

1use crate::cert::{certificate_serial_number, Cert};
2use crate::{
3    cert::{parse_cert_internal, EndEntityOrCa},
4    der, Error,
5};
6
7/// A trust anchor (a.k.a. root CA).
8///
9/// Traditionally, certificate verification libraries have represented trust
10/// anchors as full X.509 root certificates. However, those certificates
11/// contain a lot more data than is needed for verifying certificates. The
12/// `TrustAnchor` representation allows an application to store just the
13/// essential elements of trust anchors. The `webpki::trust_anchor_util` module
14/// provides functions for converting X.509 certificates to to the minimized
15/// `TrustAnchor` representation, either at runtime or in a build script.
16#[derive(Debug)]
17pub struct TrustAnchor<'a> {
18    /// The value of the `subject` field of the trust anchor.
19    pub subject: &'a [u8],
20
21    /// The value of the `subjectPublicKeyInfo` field of the trust anchor.
22    pub spki: &'a [u8],
23
24    /// The value of a DER-encoded NameConstraints, containing name
25    /// constraints to apply to the trust anchor, if any.
26    pub name_constraints: Option<&'a [u8]>,
27}
28
29/// Trust anchors which may be used for authenticating servers.
30#[derive(Debug)]
31pub struct TlsServerTrustAnchors<'a>(pub &'a [TrustAnchor<'a>]);
32
33/// Trust anchors which may be used for authenticating clients.
34#[derive(Debug)]
35pub struct TlsClientTrustAnchors<'a>(pub &'a [TrustAnchor<'a>]);
36
37impl<'a> TrustAnchor<'a> {
38    /// Interprets the given DER-encoded certificate as a `TrustAnchor`. The
39    /// certificate is not validated. In particular, there is no check that the
40    /// certificate is self-signed or even that the certificate has the cA basic
41    /// constraint.
42    pub fn try_from_cert_der(cert_der: &'a [u8]) -> Result<Self, Error> {
43        let cert_der = untrusted::Input::from(cert_der);
44
45        // XXX: `EndEntityOrCA::EndEntity` is used instead of `EndEntityOrCA::CA`
46        // because we don't have a reference to a child cert, which is needed for
47        // `EndEntityOrCA::CA`. For this purpose, it doesn't matter.
48        //
49        // v1 certificates will result in `Error::BadDER` because `parse_cert` will
50        // expect a version field that isn't there. In that case, try to parse the
51        // certificate using a special parser for v1 certificates. Notably, that
52        // parser doesn't allow extensions, so there's no need to worry about
53        // embedded name constraints in a v1 certificate.
54        match parse_cert_internal(
55            cert_der,
56            EndEntityOrCa::EndEntity,
57            possibly_invalid_certificate_serial_number,
58        ) {
59            Ok(cert) => Ok(Self::from(cert)),
60            Err(Error::UnsupportedCertVersion) => parse_cert_v1(cert_der).or(Err(Error::BadDer)),
61            Err(err) => Err(err),
62        }
63    }
64}
65
66fn possibly_invalid_certificate_serial_number(input: &mut untrusted::Reader) -> Result<(), Error> {
67    // https://tools.ietf.org/html/rfc5280#section-4.1.2.2:
68    // * Conforming CAs MUST NOT use serialNumber values longer than 20 octets."
69    // * "The serial number MUST be a positive integer [...]"
70    //
71    // However, we don't enforce these constraints on trust anchors, as there
72    // are widely-deployed trust anchors that violate these constraints.
73    skip(input, der::Tag::Integer)
74}
75
76impl<'a> From<Cert<'a>> for TrustAnchor<'a> {
77    fn from(cert: Cert<'a>) -> Self {
78        Self {
79            subject: cert.subject.as_slice_less_safe(),
80            spki: cert.spki.value().as_slice_less_safe(),
81            name_constraints: cert.name_constraints.map(|nc| nc.as_slice_less_safe()),
82        }
83    }
84}
85
86/// Parses a v1 certificate directly into a TrustAnchor.
87fn parse_cert_v1(cert_der: untrusted::Input) -> Result<TrustAnchor, Error> {
88    // X.509 Certificate: https://tools.ietf.org/html/rfc5280#section-4.1.
89    cert_der.read_all(Error::BadDer, |cert_der| {
90        der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |cert_der| {
91            let anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |tbs| {
92                // The version number field does not appear in v1 certificates.
93                certificate_serial_number(tbs)?;
94
95                skip(tbs, der::Tag::Sequence)?; // signature.
96                skip(tbs, der::Tag::Sequence)?; // issuer.
97                skip(tbs, der::Tag::Sequence)?; // validity.
98                let subject = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)?;
99                let spki = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)?;
100
101                Ok(TrustAnchor {
102                    subject: subject.as_slice_less_safe(),
103                    spki: spki.as_slice_less_safe(),
104                    name_constraints: None,
105                })
106            });
107
108            // read and discard signatureAlgorithm + signature
109            skip(cert_der, der::Tag::Sequence)?;
110            skip(cert_der, der::Tag::BitString)?;
111
112            anchor
113        })
114    })
115}
116
117fn skip(input: &mut untrusted::Reader, tag: der::Tag) -> Result<(), Error> {
118    der::expect_tag_and_get_value(input, tag).map(|_| ())
119}