Skip to content

Commit

Permalink
Misc PKCS7 fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
facutuesca committed Jan 22, 2024
1 parent 6efad7f commit e278436
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 21 deletions.
37 changes: 18 additions & 19 deletions src/rust/src/pkcs7.rs
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ fn smime_canonicalize(data: &[u8], text_mode: bool) -> (Cow<'_, [u8]>, Cow<'_, [
fn load_pkcs7_certificates(
py: pyo3::Python<'_>,
pkcs7: Pkcs7,
) -> CryptographyResult<Vec<x509::certificate::Certificate>> {
) -> CryptographyResult<&pyo3::types::PyList> {
let nid = pkcs7.type_().map(|t| t.nid());
if nid != Some(openssl::nid::Nid::PKCS7_SIGNED) {
let nid_string = nid.map_or("empty".to_string(), |n| n.as_raw().to_string());
Expand All @@ -319,24 +319,23 @@ fn load_pkcs7_certificates(
"The provided PKCS7 has no certificate data, but a cert loading method was called.",
),
)),
Some(c) => c
.iter()
.map(|c| {
load_der_x509_certificate(
py,
pyo3::types::PyBytes::new(py, c.to_der()?.as_slice()).into_py(py),
None,
)
})
.collect(),
Some(certificates) => {
let result = pyo3::types::PyList::empty(py);
for c in certificates {
let cert_der = pyo3::types::PyBytes::new(py, c.to_der()?.as_slice()).into_py(py);
let cert = load_der_x509_certificate(py, cert_der, None)?;
result.append(cert.into_py(py))?;
}
Ok(result)
}
}
}

#[pyo3::prelude::pyfunction]
fn load_pem_pkcs7_certificates(
py: pyo3::Python<'_>,
fn load_pem_pkcs7_certificates<'p>(
py: pyo3::Python<'p>,
data: &[u8],
) -> CryptographyResult<Vec<x509::certificate::Certificate>> {
) -> CryptographyResult<&'p pyo3::types::PyList> {
cfg_if::cfg_if! {
if #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] {
let pkcs7_decoded = openssl::pkcs7::Pkcs7::from_pem(data).map_err(|_| {
Expand All @@ -349,18 +348,18 @@ fn load_pem_pkcs7_certificates(
return Err(CryptographyError::from(
exceptions::UnsupportedAlgorithm::new_err((
"PKCS#7 is not supported by this backend.",
exceptions::Reasons::BACKEND_MISSING_INTERFACE,
exceptions::Reasons::UNSUPPORTED_SERIALIZATION,
)),
));
}
}
}

#[pyo3::prelude::pyfunction]
fn load_der_pkcs7_certificates(
py: pyo3::Python<'_>,
fn load_der_pkcs7_certificates<'p>(
py: pyo3::Python<'p>,
data: &[u8],
) -> CryptographyResult<Vec<x509::certificate::Certificate>> {
) -> CryptographyResult<&'p pyo3::types::PyList> {
cfg_if::cfg_if! {
if #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] {
let pkcs7_decoded = openssl::pkcs7::Pkcs7::from_der(data).map_err(|_| {
Expand All @@ -373,7 +372,7 @@ fn load_der_pkcs7_certificates(
return Err(CryptographyError::from(
exceptions::UnsupportedAlgorithm::new_err((
"PKCS#7 is not supported by this backend.",
exceptions::Reasons::BACKEND_MISSING_INTERFACE,
exceptions::Reasons::UNSUPPORTED_SERIALIZATION,
)),
));
}
Expand Down
4 changes: 2 additions & 2 deletions tests/hazmat/primitives/test_pkcs7.py
Original file line number Diff line number Diff line change
Expand Up @@ -930,8 +930,8 @@ def test_invalid_types(self):
)
class TestPKCS7Unsupported:
def test_pkcs7_functions_unsupported(self):
with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
pkcs7.load_der_pkcs7_certificates(b"nonsense")

with raises_unsupported_algorithm(_Reasons.BACKEND_MISSING_INTERFACE):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_SERIALIZATION):
pkcs7.load_pem_pkcs7_certificates(b"nonsense")

0 comments on commit e278436

Please sign in to comment.