diff --git a/Cargo.lock b/Cargo.lock index 7cc5a9f..fbe17f7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -971,9 +971,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ "const-oid 0.9.6", - "der_derive", + "der_derive 0.7.3", "flagset", - "pem-rfc7468", + "pem-rfc7468 0.7.0", + "zeroize", +] + +[[package]] +name = "der" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a69dedd701da44b0536442edf09c81a64b0ab97a7a4a5e3d1971f00027cbc63d" +dependencies = [ + "const-oid 0.10.2", + "der_derive 0.8.0", + "flagset", + "pem-rfc7468 1.0.0", "zeroize", ] @@ -988,6 +1001,17 @@ dependencies = [ "syn", ] +[[package]] +name = "der_derive" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59600e2c2d636fde9b65e99cc6445ac770c63d3628195ff39932b8d6d7409903" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "deranged" version = "0.5.8" @@ -1164,12 +1188,12 @@ version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ - "der", + "der 0.7.10", "digest 0.10.7", "elliptic-curve", "rfc6979", "signature 2.2.0", - "spki", + "spki 0.7.3", ] [[package]] @@ -1217,7 +1241,7 @@ dependencies = [ "generic-array 0.14.7", "group", "hkdf", - "pem-rfc7468", + "pem-rfc7468 0.7.0", "pkcs8", "rand_core 0.6.4", "sec1", @@ -2834,7 +2858,7 @@ version = "0.2.0" dependencies = [ "anyhow", "base64 0.22.1", - "const-oid 0.9.6", + "const-oid 0.10.2", "openidconnect", "pdf-sign-core", "regex", @@ -2846,7 +2870,7 @@ dependencies = [ "tokio", "tracing", "webbrowser", - "x509-cert", + "x509-cert 0.3.0", ] [[package]] @@ -2887,6 +2911,15 @@ dependencies = [ "base64ct", ] +[[package]] +name = "pem-rfc7468" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6305423e0e7738146434843d1694d621cce767262b2a86910beab705e4493d9" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.2" @@ -2974,9 +3007,9 @@ version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ - "der", + "der 0.7.10", "pkcs8", - "spki", + "spki 0.7.3", ] [[package]] @@ -2987,11 +3020,11 @@ checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6" dependencies = [ "aes", "cbc", - "der", + "der 0.7.10", "pbkdf2 0.12.2", "scrypt 0.11.0", "sha2 0.10.9", - "spki", + "spki 0.7.3", ] [[package]] @@ -3000,10 +3033,10 @@ version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ - "der", + "der 0.7.10", "pkcs5", "rand_core 0.6.4", - "spki", + "spki 0.7.3", ] [[package]] @@ -3541,7 +3574,7 @@ dependencies = [ "pkcs8", "rand_core 0.6.4", "signature 2.2.0", - "spki", + "spki 0.7.3", "subtle", "zeroize", ] @@ -3767,7 +3800,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ "base16ct", - "der", + "der 0.7.10", "generic-array 0.14.7", "pkcs8", "serdect", @@ -4241,7 +4274,7 @@ dependencies = [ "tracing", "url", "webbrowser", - "x509-cert", + "x509-cert 0.2.5", "zeroize", ] @@ -4373,7 +4406,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", - "der", + "der 0.7.10", +] + +[[package]] +name = "spki" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d9efca8738c78ee9484207732f728b1ef517bbb1833d6fc0879ca898a522f6f" +dependencies = [ + "base64ct", + "der 0.8.1", ] [[package]] @@ -5396,10 +5439,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid 0.9.6", - "der", + "der 0.7.10", "sha1", "signature 2.2.0", - "spki", + "spki 0.7.3", + "tls_codec", +] + +[[package]] +name = "x509-cert" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "105ef4642d9cb137ef83d623d0e4bf08b8adf69e9918ca904a174adb6d3d038b" +dependencies = [ + "const-oid 0.10.2", + "der 0.8.1", + "spki 0.8.0", "tls_codec", ] diff --git a/Cargo.toml b/Cargo.toml index 089083a..a3eab0f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,8 +45,8 @@ sequoia-gpg-agent = "0.6" # Sigstore dependencies sigstore = { version = "0.14", default-features = false } sigstore_protobuf_specs = "0.5" -x509-cert = "0.2" -const-oid = { version = "0.9", features = ["db"] } +x509-cert = "0.3" +const-oid = { version = "0.10", features = ["db"] } openidconnect = "4.0.1" webbrowser = "1.2" regex = "1.12" diff --git a/crates/sigstore/src/sign.rs b/crates/sigstore/src/sign.rs index 64ae219..19cf2ec 100644 --- a/crates/sigstore/src/sign.rs +++ b/crates/sigstore/src/sign.rs @@ -182,9 +182,8 @@ fn extract_bundle_info(bundle: &sigstore::bundle::Bundle) -> Result<(String, Str // Extract SAN for identity let san_ext = cert - .tbs_certificate - .extensions - .as_ref() + .tbs_certificate() + .extensions() .and_then(|exts| { exts .iter() @@ -213,9 +212,8 @@ fn extract_bundle_info(bundle: &sigstore::bundle::Bundle) -> Result<(String, Str const_oid::ObjectIdentifier::new("1.3.6.1.4.1.57264.1.1").expect("Invalid issuer OID"); let issuer = cert - .tbs_certificate - .extensions - .as_ref() + .tbs_certificate() + .extensions() .and_then(|exts| exts.iter().find(|ext| ext.extn_id == issuer_oid)) .map(|ext| String::from_utf8_lossy(ext.extn_value.as_bytes()).to_string()) .unwrap_or_else(|| "unknown".to_string()); diff --git a/crates/sigstore/src/verify.rs b/crates/sigstore/src/verify.rs index 2994a4c..3c95a67 100644 --- a/crates/sigstore/src/verify.rs +++ b/crates/sigstore/src/verify.rs @@ -215,9 +215,8 @@ fn extract_identity_from_bundle(bundle: &sigstore::bundle::Bundle) -> Result<(St // Extract SAN for identity let san_ext = cert - .tbs_certificate - .extensions - .as_ref() + .tbs_certificate() + .extensions() .and_then(|exts| { exts .iter() @@ -245,12 +244,11 @@ fn extract_identity_from_bundle(bundle: &sigstore::bundle::Bundle) -> Result<(St const_oid::ObjectIdentifier::new("1.3.6.1.4.1.57264.1.1").expect("Invalid issuer OID"); let cert_issuer = cert - .tbs_certificate - .extensions - .as_ref() + .tbs_certificate() + .extensions() .and_then(|exts| exts.iter().find(|ext| ext.extn_id == issuer_oid)) .and_then(|ext| { - let s = String::from_utf8(ext.extn_value.clone().into_bytes()).ok()?; + let s = String::from_utf8(ext.extn_value.as_bytes().to_vec()).ok()?; Some( s.trim_matches(|c: char| c.is_whitespace() || c == '\0') .to_string(), @@ -291,9 +289,8 @@ fn extract_bundle_info(bundle: &sigstore::bundle::Bundle) -> Result<(String, Str // Extract SAN for identity let san_ext = cert - .tbs_certificate - .extensions - .as_ref() + .tbs_certificate() + .extensions() .and_then(|exts| { exts .iter() @@ -321,11 +318,10 @@ fn extract_bundle_info(bundle: &sigstore::bundle::Bundle) -> Result<(String, Str const_oid::ObjectIdentifier::new("1.3.6.1.4.1.57264.1.1").expect("Invalid issuer OID"); let cert_issuer = cert - .tbs_certificate - .extensions - .as_ref() + .tbs_certificate() + .extensions() .and_then(|exts| exts.iter().find(|ext| ext.extn_id == issuer_oid)) - .and_then(|ext| String::from_utf8(ext.extn_value.clone().into_bytes()).ok()) + .and_then(|ext| String::from_utf8(ext.extn_value.as_bytes().to_vec()).ok()) .unwrap_or_else(|| "unknown".to_string()); Ok((