Replace usage of KeyUnknownCert::check_key.
This commit is contained in:
parent
eb356323bd
commit
56c6e4345b
|
@ -191,7 +191,7 @@ mod test {
|
|||
|
||||
let decoded = Ed25519Cert::decode(&encoded).unwrap(); // Well-formed?
|
||||
let validated = decoded
|
||||
.check_key(Some(&keypair.public.into()))
|
||||
.should_be_signed_with(&keypair.public.into())
|
||||
.unwrap()
|
||||
.check_signature()
|
||||
.unwrap(); // Well-signed?
|
||||
|
|
|
@ -69,7 +69,7 @@ fn mismatched_signing_key() {
|
|||
// We give the wrong key to check_key, so it will tell us that
|
||||
// wasn't what the cert contained.
|
||||
assert_eq!(
|
||||
cert.check_key(Some(¬_that_key)).err().unwrap(),
|
||||
cert.should_be_signed_with(¬_that_key).err().unwrap(),
|
||||
CertError::KeyMismatch
|
||||
);
|
||||
|
||||
|
@ -86,7 +86,7 @@ fn mismatched_signing_key() {
|
|||
// We give no key to check_key, which will tell us that there wasn't
|
||||
// a signing-key extension in the cert.
|
||||
assert_eq!(
|
||||
cert.check_key(None).err().unwrap(),
|
||||
cert.should_have_signing_key().err().unwrap(),
|
||||
CertError::MissingPubKey
|
||||
);
|
||||
}
|
||||
|
|
|
@ -29,7 +29,7 @@ fn test_valid_ed() {
|
|||
assert_eq!(cert.peek_cert_type(), 4.into());
|
||||
assert_eq!(cert.peek_subject_key().as_ed25519(), Some(&signing_key));
|
||||
let cert = cert
|
||||
.check_key(None)
|
||||
.should_have_signing_key()
|
||||
.unwrap()
|
||||
.check_signature()
|
||||
.unwrap()
|
||||
|
@ -58,7 +58,7 @@ fn test_valid_ed() {
|
|||
assert_eq!(cert.peek_cert_type(), 5.into());
|
||||
assert_eq!(cert.peek_subject_key().as_bytes(), &tls_cert_digest[..]);
|
||||
let cert = cert
|
||||
.check_key(Some(&signing_key))
|
||||
.should_be_signed_with(&signing_key)
|
||||
.unwrap()
|
||||
.check_signature()
|
||||
.unwrap()
|
||||
|
|
|
@ -133,7 +133,7 @@ fn handle_inner_certificate(
|
|||
|
||||
// These certs have to include a signing key.
|
||||
let cert = cert
|
||||
.check_key(None) // TODO arti#759
|
||||
.should_have_signing_key()
|
||||
.map_err(|e| make_err(e, "Certificate was not self-signed"))?;
|
||||
|
||||
// Peel off the signature.
|
||||
|
|
|
@ -222,7 +222,7 @@ impl HsDescOuter {
|
|||
.parse_obj::<UnvalidatedEdCert>("ED25519 CERT")?
|
||||
.check_cert_type(tor_cert::CertType::HS_BLINDED_ID_V_SIGNING)?
|
||||
.into_unchecked()
|
||||
.check_key(None) // require that the cert contains its signing key.
|
||||
.should_have_signing_key()
|
||||
.map_err(|err| {
|
||||
EK::BadObjectVal
|
||||
.err()
|
||||
|
|
|
@ -479,7 +479,7 @@ impl RouterDesc {
|
|||
.parse_obj::<UnvalidatedEdCert>("ED25519 CERT")?
|
||||
.check_cert_type(tor_cert::CertType::IDENTITY_V_SIGNING)?
|
||||
.into_unchecked()
|
||||
.check_key(None)
|
||||
.should_have_signing_key()
|
||||
.map_err(|err| {
|
||||
EK::BadObjectVal
|
||||
.err()
|
||||
|
@ -607,7 +607,7 @@ impl RouterDesc {
|
|||
.check_cert_type(tor_cert::CertType::NTOR_CC_IDENTITY)?
|
||||
.check_subject_key_is(identity_cert.peek_signing_key())?
|
||||
.into_unchecked()
|
||||
.check_key(Some(&ntor_as_ed.into()))
|
||||
.should_be_signed_with(&ntor_as_ed.into())
|
||||
.map_err(|err| EK::BadSignature.err().with_source(err))?
|
||||
};
|
||||
|
||||
|
|
|
@ -425,7 +425,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static, S: SleepProvider> Unver
|
|||
|
||||
// Check the identity->signing cert
|
||||
let (id_sk, id_sk_sig) = id_sk
|
||||
.check_key(None)
|
||||
.should_have_signing_key()
|
||||
.map_err(Error::HandshakeCertErr)?
|
||||
.dangerously_split()
|
||||
.map_err(Error::HandshakeCertErr)?;
|
||||
|
@ -445,7 +445,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static, S: SleepProvider> Unver
|
|||
// Now look at the signing->TLS cert and check it against the
|
||||
// peer certificate.
|
||||
let (sk_tls, sk_tls_sig) = sk_tls
|
||||
.check_key(Some(signing_key))
|
||||
.should_be_signed_with(signing_key)
|
||||
.map_err(Error::HandshakeCertErr)?
|
||||
.dangerously_split()
|
||||
.map_err(Error::HandshakeCertErr)?;
|
||||
|
|
Loading…
Reference in New Issue