feat: validate cert before returning, fmt changes

chore: nightly cargo fmt for neater formatting

Author: bitfl0wer

src/api/cacheable_cert.rs

@@ -2,17 +2,15 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-use bigdecimal::num_bigint::BigUint;
 use der::{Any, DecodePem};
-use log::{debug, trace};
+use log::debug;
 use spki::AlgorithmIdentifier;
 
 use crate::Constrained;
 use crate::certs::Target;
 use crate::certs::idcert::IdCert;
 use crate::key::PublicKey;
 use crate::signature::Signature;
-use crate::types::der::asn1::Uint;
 
 #[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
 #[cfg_attr(feature = "serde", derive(serde::Deserialize, serde::Serialize))]

src/api/core/federated_identity.rs

@@ -27,7 +27,7 @@ mod registration_required {
                 .send()
                 .await;
             let pem = HttpClient::handle_response::<String>(request_response).await?;
-            log::debug!("Received IdCert: \n{}", pem);
+            log::debug!("Received IdCert: \n{pem}");
             let id_cert = IdCert::<S, T::PublicKey>::from_pem_unchecked(&pem)?;
             match id_cert.full_verify_home_server(
                 std::time::SystemTime::now()
@@ -184,7 +184,7 @@ mod registration_not_required {
                 request = request.body(json!({ "timestamp": time }).to_string());
             }
             let response = request.send().await;
-            trace!("Got response: {:?}", response);
+            trace!("Got response: {response:?}");
             let id_cert = HttpClient::handle_response::<CacheableIdCert>(response).await?;
             Ok(id_cert)
         }

src/api/core/migration.rs

@@ -204,7 +204,7 @@ mod registration_not_required {
                 Ok(text) => from_str::<Vec<KeyTrialResponse>>(&text)
                     .map_err(RequestError::DeserializationError),
                 Err(e) => Err(RequestError::Custom {
-                    reason: format!("Could not get the full response text: {}", e),
+                    reason: format!("Could not get the full response text: {e}"),
                 }),
             }
         }

src/certs/capabilities/basic_constraints.rs

@@ -187,7 +187,7 @@ impl TryFrom<Extension> for BasicConstraints {
     /// these resulting [BasicConstraints].
     fn try_from(value: Extension) -> Result<Self, Self::Error> {
         trace!("Converting Extension to BasicConstraints");
-        trace!("Extension: {:#?}", value);
+        trace!("Extension: {value:#?}");
         #[allow(unreachable_patterns)]
         if value.critical && !matches!(value.extn_id.to_string().as_str(), OID_BASIC_CONSTRAINTS) {
             // Error if we encounter a "critical" X.509 extension which we do not know of
@@ -242,8 +242,7 @@ impl TryFrom<Extension> for BasicConstraints {
             }
             if bool_encounters > 1 || int_encounters > 1 || null_encounters > 1 {
                 warn!(
-                    "Encountered too many values in BasicConstraints. BasicConstraints are likely malformed. BasicConstraints: {:#?}",
-                    value
+                    "Encountered too many values in BasicConstraints. BasicConstraints are likely malformed. BasicConstraints: {value:#?}"
                 );
                 return Err(CertificateConversionError::InvalidInput(
                     InvalidInput::Length {

src/certs/capabilities/key_usage.rs

@@ -90,7 +90,7 @@ impl KeyUsages {
     /// ```
     pub fn from_bitstring(bitstring: BitString) -> Result<Self, CertificateConversionError> {
         let mut byte_array = bitstring.raw_bytes().to_vec();
-        log::trace!("[from_bitstring] BitString raw bytes: {:?}", byte_array);
+        log::trace!("[from_bitstring] BitString raw bytes: {byte_array:?}");
         let mut key_usages = Vec::new();
         if byte_array == [0] || byte_array.is_empty() {
             // TODO: PLEASE write a test for this. Is an empty byte array valid? Is a byte array with a single 0 valid, and does it mean that no KeyUsage is set? -bitfl0wer
@@ -135,7 +135,7 @@ impl KeyUsages {
                 "Could not properly convert this BitString to KeyUsages. The BitString contains a value not representable by KeyUsages".to_string(),
             )));
         }
-        log::debug!("[from_bitstring] Converted KeyUsages: {:?}", key_usages);
+        log::debug!("[from_bitstring] Converted KeyUsages: {key_usages:?}");
         Ok(KeyUsages { key_usages })
     }
 
@@ -189,8 +189,8 @@ impl KeyUsages {
             // bits.
             unused_bits = 7;
         }
-        log::debug!("[to_bitstring] Unused bits: {}", unused_bits);
-        log::debug!("[to_bitstring] Encoded values: {:?}", encoded_numbers_vec);
+        log::debug!("[to_bitstring] Unused bits: {unused_bits}");
+        log::debug!("[to_bitstring] Encoded values: {encoded_numbers_vec:?}");
         BitString::new(unused_bits, encoded_numbers_vec)
             .expect("Error when converting KeyUsages to BitString. Please report this error to https://github.com/polyphony-chat/polyproto")
     }
@@ -225,7 +225,7 @@ impl TryFrom<Attribute> for KeyUsages {
             }
         };
         let inner_value = value.values.get(0).expect("Illegal state. Please report this error to https://github.com/polyphony-chat/polyproto");
-        log::debug!("Inner value: {:?}", inner_value);
+        log::debug!("Inner value: {inner_value:?}");
         KeyUsages::from_bitstring(BitString::from_der(&inner_value.to_der()?)?)
     }
 }

src/certs/idcert.rs

@@ -2,7 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-use der::asn1::Uint;
 use der::pem::LineEnding;
 use der::{Decode, DecodePem, Encode, EncodePem};
 use x509_cert::Certificate;
@@ -132,7 +131,7 @@ impl<S: Signature, P: PublicKey<S>> IdCert<S, P> {
         log::trace!("[IdCert::from_actor_csr()] creating actor certificate");
         let signature_algorithm = signing_key.algorithm_identifier();
         log::trace!("[IdCert::from_actor_csr()] creating IdCertTbs");
-        log::trace!("[IdCert::from_actor_csr()] Issuer: {}", issuer);
+        log::trace!("[IdCert::from_actor_csr()] Issuer: {issuer}");
         log::trace!(
             "[IdCert::from_actor_csr()] Subject: {}",
             id_csr.inner_csr.subject
@@ -293,8 +292,7 @@ impl<S: Signature, P: PublicKey<S>> IdCert<S, P> {
             Ok(der) => der,
             Err(_) => {
                 log::warn!(
-                    "[IdCert::full_verify_actor(&self)] {}",
-                    ERR_CERTIFICATE_TO_DER_ERROR
+                    "[IdCert::full_verify_actor(&self)] {ERR_CERTIFICATE_TO_DER_ERROR}"
                 );
                 return Err(InvalidCert::InvalidProperties(ConstraintError::Malformed(
                     Some(ERR_CERTIFICATE_TO_DER_ERROR.to_string()),
@@ -327,8 +325,7 @@ impl<S: Signature, P: PublicKey<S>> IdCert<S, P> {
             Ok(data) => data,
             Err(_) => {
                 log::warn!(
-                    "[IdCert::full_verify_home_server(&self)] {}",
-                    ERR_CERTIFICATE_TO_DER_ERROR
+                    "[IdCert::full_verify_home_server(&self)] {ERR_CERTIFICATE_TO_DER_ERROR}"
                 );
                 return Err(InvalidCert::InvalidProperties(ConstraintError::Malformed(
                     Some(ERR_CERTIFICATE_TO_DER_ERROR.to_string()),

src/certs/idcerttbs.rs

@@ -223,7 +223,7 @@ fn rdns_to_url(rdn_sequence: &RdnSequence) -> Result<url::Url, url::ParseError>
         url_str += ".";
     }
     let _ = url_str.pop();
-    trace!(r#"Trying to parse string "{}" as url::Url..."#, url_str);
+    trace!(r#"Trying to parse string "{url_str}" as url::Url..."#);
     Url::parse(url_str.trim())
 }
 
@@ -256,7 +256,7 @@ impl<P: Profile, S: Signature, Q: PublicKey<S>> TryFrom<TbsCertificateInner<P>>
             value.serial_number.as_bytes(),
         )?);
 
-        Ok(Self {
+        let id_cert_tbs = Self {
             serial_number,
             signature_algorithm: value.signature,
             issuer: value.issuer,
@@ -265,7 +265,10 @@ impl<P: Profile, S: Signature, Q: PublicKey<S>> TryFrom<TbsCertificateInner<P>>
             subject_public_key: subject_public_key_info,
             capabilities,
             s: std::marker::PhantomData,
-        })
+        };
+        id_cert_tbs.validate(None)?;
+
+        Ok(id_cert_tbs)
     }
 }
 
@@ -282,8 +285,7 @@ impl<P: Profile, S: Signature, Q: PublicKey<S>> TryFrom<IdCertTbs<S, Q>>
             Err(e) => {
                 return Err(CertificateConversionError::InvalidInput(
                     crate::errors::base::InvalidInput::Malformed(format!(
-                        "Could not convert serial number: {}",
-                        e
+                        "Could not convert serial number: {e}"
                     )),
                 ));
             }

src/certs/idcsr.rs

@@ -84,7 +84,7 @@ impl<S: Signature, P: PublicKey<S>> IdCsr<S, P> {
             signature_algorithm,
             signature,
         };
-        log::trace!("[IdCsr::new()] Validating self with Target: {:?}", target);
+        log::trace!("[IdCsr::new()] Validating self with Target: {target:?}");
         id_csr.validate(target)?;
         Ok(id_csr)
     }

src/certs/mod.rs

@@ -66,7 +66,7 @@ impl SessionId {
 
     /// Converts this [SessionId] into a [Name] for use in a certificate.
     pub fn to_rdn_sequence(&self) -> Name {
-        RdnSequence::from_str(&format!("uniqueIdentifier={}", self)).unwrap()
+        RdnSequence::from_str(&format!("uniqueIdentifier={self}")).unwrap()
     }
 
     /// Returns the inner [Ia5String] of this [SessionId] as an owned value.

src/constraints/capabilities.rs

@@ -65,8 +65,7 @@ impl Constrained for Capabilities {
             }
             if !key_cert_sign {
                 return Err(ConstraintError::Malformed(Some(format!(
-                    "{} Missing capability \"KeyCertSign\"",
-                    ERR_MSG_HOME_SERVER_MISSING_CA_ATTR
+                    "{ERR_MSG_HOME_SERVER_MISSING_CA_ATTR} Missing capability \"KeyCertSign\""
                 ))));
             }
         }