Skip to content

Commit

Permalink
fmt
Browse files Browse the repository at this point in the history
  • Loading branch information
@justAnIdentity
justAnIdentity committed Nov 22, 2023
1 parent f397430 commit d0b91d8
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 64 deletions.
12 changes: 6 additions & 6 deletions src/definitions/namespaces/latin1.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,12 +95,12 @@ mod test {
#[test]
fn upper_latin() {
let upper_latin_chars = vec![
' ', '¡', '¢', '£', '¤', '¥', '¦', '§', '¨', '©', 'ª', '«', '¬', '\u{AD}', '®', '¯', '°',
'±', '²', '³', '´', 'µ', '¶', '·', '¸', '¹', 'º', '»', '¼', '½', '¾', '¿', ', ',
'Â', 'Ã', 'Ä', 'Å', 'Æ', 'Ç', 'È', 'É', 'Ê', 'Ë', 'Ì', 'Í', 'Î', 'Ï', 'Ð', ', ',
'Ó', 'Ô', 'Õ', 'Ö', '×', 'Ø', 'Ù', 'Ú', 'Û', 'Ü', 'Ý', 'Þ', 'ß', 'à', 'á', ', ',
'ä', 'å', 'æ', 'ç', 'è', 'é', 'ê', 'ë', 'ì', 'í', 'î', 'ï', 'ð', 'ñ', 'ò', ', ',
'õ', 'ö', '÷', 'ø', 'ù', 'ú', 'û', 'ü', 'ý', 'þ', 'ÿ',
' ', '¡', '¢', '£', '¤', '¥', '¦', '§', '¨', '©', 'ª', '«', '¬', '\u{AD}', '®', '¯',
'°', '±', '²', '³', '´', 'µ', '¶', '·', '¸', '¹', 'º', '»', '¼', '½', '¾', '¿', 'À',
'Á', 'Â', 'Ã', 'Ä', 'Å', 'Æ', 'Ç', 'È', 'É', 'Ê', 'Ë', 'Ì', 'Í', 'Î', 'Ï', 'Ð', 'Ñ',
'Ò', 'Ó', 'Ô', 'Õ', 'Ö', '×', 'Ø', 'Ù', 'Ú', 'Û', 'Ü', 'Ý', 'Þ', 'ß', 'à', 'á', 'â',
'ã', 'ä', 'å', 'æ', 'ç', 'è', 'é', 'ê', 'ë', 'ì', 'í', 'î', 'ï', 'ð', 'ñ', 'ò', 'ó',
'ô', 'õ', 'ö', '÷', 'ø', 'ù', 'ú', 'û', 'ü', 'ý', 'þ', 'ÿ',
];
assert!(upper_latin_chars.iter().all(is_upper_latin));
}
Expand Down
62 changes: 32 additions & 30 deletions src/presentation/mdoc_auth.rs
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,22 @@
use issuer_signed::IssuerSigned;
use crate::definitions::{
helpers::Tag24,
SessionTranscript180135, device_signed::DeviceAuthentication,
};
use crate::definitions::device_response::Document;
use crate::definitions::issuer_signed;
use crate::definitions::DeviceAuth;
use crate::definitions::Mso;
use crate::definitions::{
device_signed::DeviceAuthentication, helpers::Tag24, SessionTranscript180135,
};
use crate::presentation::reader::Error;
use serde_cbor::Value as CborValue;
use anyhow::Result;
use crate::presentation::reader::Error as ReaderError;
use anyhow::Result;
use elliptic_curve::generic_array::GenericArray;
use issuer_signed::IssuerSigned;
use p256::ecdsa::Signature;
use p256::ecdsa::VerifyingKey;
use p256::pkcs8::DecodePublicKey;
use serde_cbor::Value as CborValue;
use ssi_jwk::Params;
use ssi_jwk::JWK as SsiJwk;
use p256::pkcs8::DecodePublicKey;
use x509_cert::der::Decode;
use p256::ecdsa::Signature;
use p256::ecdsa::VerifyingKey;
use elliptic_curve::generic_array::GenericArray;
use crate::definitions::device_response::Document;

pub fn issuer_authentication(x5chain: CborValue, issuer_signed: IssuerSigned) -> Result<(), Error> {
let signer_key = get_signer_key(&x5chain)?;
Expand All @@ -31,7 +30,11 @@ pub fn issuer_authentication(x5chain: CborValue, issuer_signed: IssuerSigned) ->
}
}

pub fn device_authentication(mso: Tag24<Mso>, document: Document, session_transcript: SessionTranscript180135) -> Result<(), Error>{
pub fn device_authentication(
mso: Tag24<Mso>,
document: Document,
session_transcript: SessionTranscript180135,
) -> Result<(), Error> {
let device_key = mso.into_inner().device_key_info.device_key;
let jwk = SsiJwk::try_from(device_key)?;
match jwk.params {
Expand Down Expand Up @@ -86,27 +89,26 @@ fn get_signer_key(x5chain: &CborValue) -> Result<VerifyingKey, Error> {
let signer = match x5chain {
CborValue::Text(t) => {
let x509 = x509_cert::Certificate::from_der(t.as_bytes())?;
let signer_key = x509.tbs_certificate.subject_public_key_info.subject_public_key;
let signer_key = x509
.tbs_certificate
.subject_public_key_info
.subject_public_key;
signer_key
}
CborValue::Array(a) => {
match a.first() {
Some(CborValue::Text(t)) => {
let x509 = x509_cert::Certificate::from_der(t.as_bytes())?;

x509
.tbs_certificate
.subject_public_key_info
.subject_public_key
}
_ => return Err(ReaderError::CborDecodingError)?,
}
}
CborValue::Array(a) => match a.first() {
Some(CborValue::Text(t)) => {
let x509 = x509_cert::Certificate::from_der(t.as_bytes())?;

x509.tbs_certificate
.subject_public_key_info
.subject_public_key
}
_ => return Err(ReaderError::CborDecodingError)?,
},
CborValue::Bytes(b) => {
let x509 = x509_cert::Certificate::from_der(b)?;

x509
.tbs_certificate

x509.tbs_certificate
.subject_public_key_info
.subject_public_key
}
Expand Down
46 changes: 26 additions & 20 deletions src/presentation/reader.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
use super::{
mdoc_auth::device_authentication,
mdoc_auth::issuer_authentication,
mdoc_auth::device_authentication, mdoc_auth::issuer_authentication,
trust_anchor::ValidationRuleSet,
};
use crate::definitions::device_key::cose_key::Error as CoseError;
Expand All @@ -17,10 +16,11 @@ use crate::{
self, create_p256_ephemeral_keys, derive_session_key, get_shared_secret, Handover,
SessionEstablishment,
},

},
definitions::{DeviceEngagement, DeviceResponse, SessionData, SessionTranscript180135},
issuance::X5Chain, presentation::trust_anchor::TrustAnchor};
definitions::{DeviceEngagement, DeviceResponse, SessionData, SessionTranscript180135},
issuance::X5Chain,
presentation::trust_anchor::TrustAnchor,
};
use anyhow::{anyhow, Result};
use serde::{Deserialize, Serialize};
use serde_cbor::Value as CborValue;
Expand Down Expand Up @@ -255,7 +255,11 @@ impl SessionManager {
.map_err(|e| anyhow!("unable to encrypt request: {}", e))
}

pub fn handle_response(&mut self, response: &[u8], session_transcript: SessionTranscript180135) -> Result<ValidatedResponse, Error> {
pub fn handle_response(
&mut self,
response: &[u8],
session_transcript: SessionTranscript180135,
) -> Result<ValidatedResponse, Error> {
let session_data: SessionData = serde_cbor::from_slice(response)?;
let encrypted_response = match session_data.data {
None => return Err(Error::HolderError),
Expand All @@ -270,7 +274,6 @@ impl SessionManager {
let mut core_namespace = BTreeMap::<String, serde_json::Value>::new();
let mut aamva_namespace = BTreeMap::<String, serde_json::Value>::new();


let device_response: DeviceResponse = serde_cbor::from_slice(&decrypted_response)?;

let document = device_response
Expand All @@ -297,8 +300,7 @@ impl SessionManager {
};

let mut parsed_response = BTreeMap::<String, serde_json::Value>::new();
let mut namespaces =
device_response
let mut namespaces = device_response
.documents
.ok_or(Error::DeviceTransmissionError)?
.into_inner()
Expand All @@ -323,7 +325,10 @@ impl SessionManager {
}
});

parsed_response.insert("org.iso.18013.5.1".to_string(), serde_json::to_value(core_namespace)?);
parsed_response.insert(
"org.iso.18013.5.1".to_string(),
serde_json::to_value(core_namespace)?,
);

if let Some(aamva_response) = namespaces.remove("org.iso.18013.5.1.aamva") {
aamva_response
Expand All @@ -337,15 +342,18 @@ impl SessionManager {
}
});

parsed_response.insert("org.iso.18013.5.1.aamva".to_string(), serde_json::to_value(aamva_namespace)?);
parsed_response.insert(
"org.iso.18013.5.1.aamva".to_string(),
serde_json::to_value(aamva_namespace)?,
);
}

let mut validated_response = ValidatedResponse{
response: parsed_response,
issuer_authentication: Status::Unchecked,
device_authentication: Status::Unchecked,
errors: ValidationErrors(BTreeMap::new()),
};
let mut validated_response = ValidatedResponse {
response: parsed_response,
issuer_authentication: Status::Unchecked,
device_authentication: Status::Unchecked,
errors: ValidationErrors(BTreeMap::new()),
};

let certificate_errors =
validate_x5chain(x5chain.to_owned(), self.trust_anchor_registry.clone());
Expand Down Expand Up @@ -374,8 +382,7 @@ impl SessionManager {
Err(_e) => validated_response.issuer_authentication = Status::Invalid,
}

let valid_device_authentication =
device_authentication(mso, document, session_transcript);
let valid_device_authentication = device_authentication(mso, document, session_transcript);
match valid_device_authentication {
Ok(_r) => {
validated_response.device_authentication = Status::Valid;
Expand Down Expand Up @@ -537,7 +544,6 @@ pub mod test {
presentation::trust_anchor::{TrustAnchor, TrustAnchorRegistry},
};
use anyhow::anyhow;


static IACA_ROOT: &[u8] = include_bytes!("../../test/presentation/isomdl_iaca_root_cert.pem");
//TODO fix this cert to contain issuer alternative name
Expand Down
12 changes: 4 additions & 8 deletions src/presentation/trust_anchor.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,10 +312,8 @@ pub fn validate_iaca_root_extensions(root_extensions: Vec<Extension>) -> Result<
}
}

let root_crit_extensions: Vec<&Extension> = root_extensions
.iter()
.filter(|ext| ext.critical)
.collect();
let root_crit_extensions: Vec<&Extension> =
root_extensions.iter().filter(|ext| ext.critical).collect();

// Key Usage 2.5.29.15
let Some(key_usage) = root_crit_extensions.iter().find(|ext|ext.extn_id.to_string() == *OID_KEY_USAGE) else {
Expand Down Expand Up @@ -417,10 +415,8 @@ pub fn validate_iaca_signer_extensions(
}
}

let leaf_crit_extensions: Vec<&Extension> = leaf_extensions
.iter()
.filter(|ext| ext.critical)
.collect();
let leaf_crit_extensions: Vec<&Extension> =
leaf_extensions.iter().filter(|ext| ext.critical).collect();
// Key Usage 2.5.29.15
let Some(key_usage) = leaf_crit_extensions.iter().find(|ext| ext.extn_id.to_string() == *OID_KEY_USAGE) else {
return Err(Error::MdocAuth("Missing critical KeyUsage extension in the signer certificate".to_string()))
Expand Down

0 comments on commit d0b91d8

Please sign in to comment.