vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace usage of KeyUnknownCert::check_key.

This commit is contained in:
Nick Mathewson 2023-05-15 16:59:02 -04:00
parent eb356323bd
commit 56c6e4345b
7 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crates/tor-cert/src/encode.rs
View File

@ -191,7 +191,7 @@ mod test {
let decoded = Ed25519Cert::decode(&encoded).unwrap(); // Well-formed?
let validated = decoded
.check_key(Some(&keypair.public.into()))
.should_be_signed_with(&keypair.public.into())
.unwrap()
.check_signature()
.unwrap(); // Well-signed?

4
crates/tor-cert/tests/invalid_certs.rs
View File

@ -69,7 +69,7 @@ fn mismatched_signing_key() {
// We give the wrong key to check_key, so it will tell us that
// wasn't what the cert contained.
assert_eq!(
cert.check_key(Some(&not_that_key)).err().unwrap(),
cert.should_be_signed_with(&not_that_key).err().unwrap(),
CertError::KeyMismatch
);
@ -86,7 +86,7 @@ fn mismatched_signing_key() {
// We give no key to check_key, which will tell us that there wasn't
// a signing-key extension in the cert.
assert_eq!(
cert.check_key(None).err().unwrap(),
cert.should_have_signing_key().err().unwrap(),
CertError::MissingPubKey
);
}

4
crates/tor-cert/tests/testvec_certs.rs
View File

@ -29,7 +29,7 @@ fn test_valid_ed() {
assert_eq!(cert.peek_cert_type(), 4.into());
assert_eq!(cert.peek_subject_key().as_ed25519(), Some(&signing_key));
let cert = cert
.check_key(None)
.should_have_signing_key()
.unwrap()
.check_signature()
.unwrap()
@ -58,7 +58,7 @@ fn test_valid_ed() {
assert_eq!(cert.peek_cert_type(), 5.into());
assert_eq!(cert.peek_subject_key().as_bytes(), &tls_cert_digest[..]);
let cert = cert
.check_key(Some(&signing_key))
.should_be_signed_with(&signing_key)
.unwrap()
.check_signature()
.unwrap()

2
crates/tor-netdoc/src/doc/hsdesc/inner.rs
View File

@ -133,7 +133,7 @@ fn handle_inner_certificate(
// These certs have to include a signing key.
let cert = cert
.check_key(None) // TODO arti#759
.should_have_signing_key()
.map_err(|e| make_err(e, "Certificate was not self-signed"))?;
// Peel off the signature.

2
crates/tor-netdoc/src/doc/hsdesc/outer.rs
View File

@ -222,7 +222,7 @@ impl HsDescOuter {
.parse_obj::<UnvalidatedEdCert>("ED25519 CERT")?
.check_cert_type(tor_cert::CertType::HS_BLINDED_ID_V_SIGNING)?
.into_unchecked()
.check_key(None) // require that the cert contains its signing key.
.should_have_signing_key()
.map_err(|err| {
EK::BadObjectVal
.err()

4
crates/tor-netdoc/src/doc/routerdesc.rs
View File

@ -479,7 +479,7 @@ impl RouterDesc {
.parse_obj::<UnvalidatedEdCert>("ED25519 CERT")?
.check_cert_type(tor_cert::CertType::IDENTITY_V_SIGNING)?
.into_unchecked()
.check_key(None)
.should_have_signing_key()
.map_err(|err| {
EK::BadObjectVal
.err()
@ -607,7 +607,7 @@ impl RouterDesc {
.check_cert_type(tor_cert::CertType::NTOR_CC_IDENTITY)?
.check_subject_key_is(identity_cert.peek_signing_key())?
.into_unchecked()
.check_key(Some(&ntor_as_ed.into()))
.should_be_signed_with(&ntor_as_ed.into())
.map_err(|err| EK::BadSignature.err().with_source(err))?
};

4
crates/tor-proto/src/channel/handshake.rs
View File

@ -425,7 +425,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static, S: SleepProvider> Unver
// Check the identity->signing cert
let (id_sk, id_sk_sig) = id_sk
.check_key(None)
.should_have_signing_key()
.map_err(Error::HandshakeCertErr)?
.dangerously_split()
.map_err(Error::HandshakeCertErr)?;
@ -445,7 +445,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static, S: SleepProvider> Unver
// Now look at the signing->TLS cert and check it against the
// peer certificate.
let (sk_tls, sk_tls_sig) = sk_tls
.check_key(Some(signing_key))
.should_be_signed_with(signing_key)
.map_err(Error::HandshakeCertErr)?
.dangerously_split()
.map_err(Error::HandshakeCertErr)?;