Skip to content

Commit

Permalink
Clarify search through trust anchors and intermediates in path building.
Browse files Browse the repository at this point in the history
  • Loading branch information
briansmith committed Feb 18, 2021
1 parent 1d5f4bd commit 5796ab0
Showing 1 changed file with 15 additions and 28 deletions.
43 changes: 15 additions & 28 deletions src/verify_cert.rs
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ pub fn build_chain(

// TODO: revocation.

match loop_while_non_fatal_error(trust_anchors, |trust_anchor: &TrustAnchor| {
let found_trust_anchor = find_ok(trust_anchors, |trust_anchor: &TrustAnchor| {
let trust_anchor_subject = untrusted::Input::from(trust_anchor.subject);
if cert.issuer != trust_anchor_subject {
return Err(Error::UnknownIssuer);
Expand All @@ -72,16 +72,13 @@ pub fn build_chain(
check_signatures(supported_sig_algs, cert, trust_anchor_spki)?;

Ok(())
}) {
Ok(()) => {
return Ok(());
}
Err(..) => {
// If the error is not fatal, then keep going.
}
});

if found_trust_anchor {
return Ok(());
}

loop_while_non_fatal_error(intermediate_certs, |cert_der| {
let found_chain = find_ok(intermediate_certs, |cert_der| {
let potential_issuer =
cert::parse_cert(untrusted::Input::from(*cert_der), EndEntityOrCA::CA(&cert))?;

Expand Down Expand Up @@ -125,7 +122,13 @@ pub fn build_chain(
time,
next_sub_ca_count,
)
})
});

if found_chain {
return Ok(());
}

return Err(Error::UnknownIssuer);
}

fn check_signatures(
Expand Down Expand Up @@ -331,22 +334,6 @@ fn check_eku(
}
}

fn loop_while_non_fatal_error<V>(
values: V,
f: impl Fn(V::Item) -> Result<(), Error>,
) -> Result<(), Error>
where
V: IntoIterator,
{
for v in values {
match f(v) {
Ok(()) => {
return Ok(());
}
Err(..) => {
// If the error is not fatal, then keep going.
}
}
}
Err(Error::UnknownIssuer)
fn find_ok<I>(values: impl IntoIterator<Item = I>, f: impl Fn(I) -> Result<(), Error>) -> bool {
values.into_iter().map(f).find(|r| r.is_ok()).is_some()
}

0 comments on commit 5796ab0

Please sign in to comment.