From 5e816472912a5944f0e05c55c1336a6975548a5b Mon Sep 17 00:00:00 2001 From: Shane Snover Date: Sun, 17 Sep 2023 16:42:37 -0600 Subject: [PATCH 1/6] Implement FromTLV for Extensions manually --- rs-matter/src/cert/mod.rs | 52 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/rs-matter/src/cert/mod.rs b/rs-matter/src/cert/mod.rs index 9e03a52..5821c07 100644 --- a/rs-matter/src/cert/mod.rs +++ b/rs-matter/src/cert/mod.rs @@ -215,7 +215,7 @@ fn encode_extension_end(w: &mut dyn CertConsumer) -> Result<(), Error> { w.end_seq() } -#[derive(FromTLV, ToTLV, Default, Debug)] +#[derive(ToTLV, Default, Debug)] #[tlvargs(lifetime = "'a", start = 1, datatype = "list")] struct Extensions<'a> { basic_const: Option, @@ -272,6 +272,56 @@ impl<'a> Extensions<'a> { } } +impl<'a> crate::tlv::FromTLV<'a> for Extensions<'a> { + fn from_tlv(t: &TLVElement<'a>) -> Result { + let tlv_iter = t + .confirm_list()? + .enter() + .ok_or_else(|| Error::new(ErrorCode::Invalid))?; + let mut extensions = Extensions::default(); + for item in tlv_iter { + if item.check_ctx_tag(1u8) { + if extensions.basic_const.is_none() { + extensions.basic_const = Option::from_tlv(&item)?; + } else { + return Err(Error::new(ErrorCode::InvalidData)); + } + } else if item.check_ctx_tag(2u8) { + if extensions.key_usage.is_none() { + extensions.key_usage = Option::from_tlv(&item)?; + } else { + return Err(Error::new(ErrorCode::InvalidData)); + } + } else if item.check_ctx_tag(3u8) { + if extensions.ext_key_usage.is_none() { + extensions.ext_key_usage = Option::from_tlv(&item)?; + } else { + return Err(Error::new(ErrorCode::InvalidData)); + } + } else if item.check_ctx_tag(4u8) { + if extensions.subj_key_id.is_none() { + extensions.subj_key_id = Option::from_tlv(&item)?; + } else { + return Err(Error::new(ErrorCode::InvalidData)); + } + } else if item.check_ctx_tag(5u8) { + if extensions.auth_key_id.is_none() { + extensions.auth_key_id = Option::from_tlv(&item)?; + } else { + return Err(Error::new(ErrorCode::InvalidData)); + } + } else if item.check_ctx_tag(6u8) { + if extensions.future_extensions.is_none() { + extensions.future_extensions = Option::from_tlv(&item)?; + } else { + return Err(Error::new(ErrorCode::InvalidData)); + } + } + } + Ok(extensions) + } +} + #[derive(FromPrimitive, Copy, Clone)] enum DnTags { CommonName = 1, From 21536dd10e34e5e2479d8edde3bdbafbdcce6fd5 Mon Sep 17 00:00:00 2001 From: Shane Snover Date: Sun, 17 Sep 2023 17:07:40 -0600 Subject: [PATCH 2/6] Add test to verify the cert can be deserialized out of order, serialized again, and then when deserialized it matches --- rs-matter/src/cert/mod.rs | 15 +++++++++------ rs-matter/src/tlv/traits.rs | 22 ++++++++++++++++++++++ rs-matter/tests/common/handlers.rs | 2 +- 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/rs-matter/src/cert/mod.rs b/rs-matter/src/cert/mod.rs index 5821c07..1e1cda2 100644 --- a/rs-matter/src/cert/mod.rs +++ b/rs-matter/src/cert/mod.rs @@ -175,7 +175,7 @@ fn encode_extended_key_usage( w.end_seq() } -#[derive(FromTLV, ToTLV, Default, Debug)] +#[derive(FromTLV, ToTLV, Default, Debug, PartialEq)] #[tlvargs(start = 1)] struct BasicConstraints { is_ca: bool, @@ -215,7 +215,7 @@ fn encode_extension_end(w: &mut dyn CertConsumer) -> Result<(), Error> { w.end_seq() } -#[derive(ToTLV, Default, Debug)] +#[derive(ToTLV, Default, Debug, PartialEq)] #[tlvargs(lifetime = "'a", start = 1, datatype = "list")] struct Extensions<'a> { basic_const: Option, @@ -348,7 +348,7 @@ enum DnTags { NocCat = 22, } -#[derive(Debug)] +#[derive(Debug, PartialEq)] enum DistNameValue<'a> { Uint(u64), Utf8Str(&'a [u8]), @@ -357,7 +357,7 @@ enum DistNameValue<'a> { const MAX_DN_ENTRIES: usize = 5; -#[derive(Default, Debug)] +#[derive(Default, Debug, PartialEq)] struct DistNames<'a> { // The order in which the DNs arrive is important, as the signing // requires that the ASN1 notation retains the same order @@ -595,7 +595,7 @@ fn encode_dn_value( w.end_set() } -#[derive(FromTLV, ToTLV, Default, Debug)] +#[derive(FromTLV, ToTLV, Default, Debug, PartialEq)] #[tlvargs(lifetime = "'a", start = 1)] pub struct Cert<'a> { serial_no: OctetStr<'a>, @@ -922,7 +922,10 @@ mod tests { let mut wb = WriteBuf::new(&mut buf); let mut tw = TLVWriter::new(&mut wb); cert.to_tlv(&mut tw, TagType::Anonymous).unwrap(); - assert_eq!(*input, wb.as_slice()); + + let root2 = tlv::get_root_node(wb.as_slice()).unwrap(); + let cert2 = Cert::from_tlv(&root2).unwrap(); + assert_eq!(cert, cert2); } } diff --git a/rs-matter/src/tlv/traits.rs b/rs-matter/src/tlv/traits.rs index 8a7f49a..77e8d57 100644 --- a/rs-matter/src/tlv/traits.rs +++ b/rs-matter/src/tlv/traits.rs @@ -371,6 +371,28 @@ impl<'a, T: FromTLV<'a> + Clone> Iterator for TLVArrayIter<'a, T> { } } +impl<'a, 'b, T> PartialEq> for TLVArray<'a, T> +where + T: ToTLV + FromTLV<'a> + Clone + PartialEq, + 'b: 'a, +{ + fn eq(&self, other: &TLVArray<'b, T>) -> bool { + let mut iter1 = self.iter(); + let mut iter2 = other.iter(); + loop { + match (iter1.next(), iter2.next()) { + (None, None) => return true, + (Some(x), Some(y)) => { + if x != y { + return false; + } + } + _ => return false, + } + } + } +} + impl<'a, T> PartialEq<&[T]> for TLVArray<'a, T> where T: ToTLV + FromTLV<'a> + Clone + PartialEq, diff --git a/rs-matter/tests/common/handlers.rs b/rs-matter/tests/common/handlers.rs index 868f21a..198eb73 100644 --- a/rs-matter/tests/common/handlers.rs +++ b/rs-matter/tests/common/handlers.rs @@ -220,7 +220,7 @@ impl<'a> ImEngine<'a> { let out = &out[out.len() - 1]; let root = tlv::get_root_node_struct(&out.data).unwrap(); - match expected { + match *expected { WriteResponse::TransactionSuccess(t) => { assert_eq!(out.action, OpCode::WriteResponse); let resp = WriteResp::from_tlv(&root).unwrap(); From ed227f77cdaa807f89a7c35ed0637a182af59aa2 Mon Sep 17 00:00:00 2001 From: Shane Snover Date: Sun, 17 Sep 2023 17:15:42 -0600 Subject: [PATCH 3/6] Add ICAC cert test vector which exercises the non-consecutive extensions tag parsing --- rs-matter/src/cert/mod.rs | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/rs-matter/src/cert/mod.rs b/rs-matter/src/cert/mod.rs index 1e1cda2..edc8d6d 100644 --- a/rs-matter/src/cert/mod.rs +++ b/rs-matter/src/cert/mod.rs @@ -908,9 +908,10 @@ mod tests { #[test] fn test_tlv_conversions() { - let test_input: [&[u8]; 3] = [ + let test_input: [&[u8]; 4] = [ &test_vectors::NOC1_SUCCESS, &test_vectors::ICAC1_SUCCESS, + &test_vectors::ICAC2_SUCCESS, &test_vectors::RCA1_SUCCESS, ]; @@ -964,6 +965,41 @@ mod tests { 89, 175, 253, 78, 212, 7, 69, 207, 140, 45, 129, 249, 64, 104, 70, 68, 43, 164, 19, 126, 114, 138, 79, 104, 238, 20, 226, 88, 118, 105, 56, 12, 92, 31, 171, 24, ]; + // This cert has two of the fields in the extensions list swapped to a different order to be non-consecutive + pub const ICAC2_SUCCESS: [u8; 621] = [ + 21, 49, 1, 25, 1, 21, 48, 1, 17, 0, 216, 184, 140, 35, 236, 61, 104, 93, 172, 232, 160, + 39, 189, 250, 251, 104, 36, 2, 1, 55, 3, 39, 19, 254, 111, 27, 53, 189, 134, 103, 200, + 24, 38, 4, 6, 102, 72, 44, 38, 5, 22, 244, 223, 50, 55, 6, 39, 17, 198, 189, 6, 26, + 205, 152, 127, 190, 39, 21, 242, 137, 119, 166, 227, 250, 211, 102, 36, 22, 1, 24, 36, + 7, 1, 36, 8, 1, 48, 9, 65, 4, 255, 205, 50, 37, 213, 13, 210, 66, 226, 218, 18, 124, + 157, 34, 3, 202, 13, 102, 34, 95, 189, 33, 187, 19, 138, 187, 219, 242, 173, 208, 249, + 3, 108, 76, 55, 59, 116, 42, 233, 74, 167, 55, 101, 61, 1, 158, 198, 105, 73, 220, 94, + 203, 38, 194, 71, 241, 254, 206, 16, 249, 203, 72, 132, 212, 55, 10, 53, 1, 40, 1, 24, + 48, 5, 20, 88, 240, 172, 159, 2, 82, 193, 71, 83, 67, 184, 97, 99, 61, 125, 67, 232, + 202, 171, 107, 48, 4, 20, 240, 120, 145, 62, 218, 150, 208, 177, 31, 6, 138, 53, 177, + 29, 201, 85, 46, 50, 148, 61, 36, 2, 5, 54, 3, 4, 2, 4, 1, 24, 24, 48, 11, 64, 47, 118, + 45, 153, 222, 242, 163, 93, 58, 174, 62, 121, 25, 194, 150, 83, 148, 228, 25, 172, 167, + 49, 66, 193, 48, 205, 127, 14, 115, 255, 7, 33, 160, 43, 17, 180, 237, 73, 7, 24, 101, + 232, 140, 1, 17, 194, 134, 173, 187, 76, 205, 187, 131, 159, 137, 130, 98, 176, 136, + 72, 188, 218, 182, 142, 24, 49, 2, 7, 1, 21, 48, 1, 16, 67, 38, 73, 198, 26, 31, 20, + 101, 57, 46, 16, 143, 77, 160, 128, 161, 36, 2, 1, 55, 3, 39, 20, 255, 90, 200, 17, + 145, 105, 71, 215, 24, 38, 4, 123, 59, 211, 42, 38, 5, 35, 11, 27, 52, 55, 6, 39, 19, + 254, 111, 27, 53, 189, 134, 103, 200, 24, 36, 7, 1, 36, 8, 1, 48, 9, 65, 4, 88, 188, + 13, 87, 50, 3, 213, 248, 182, 12, 240, 164, 220, 127, 150, 65, 81, 244, 125, 24, 48, + 203, 83, 111, 133, 175, 182, 10, 40, 80, 147, 28, 39, 121, 183, 61, 159, 178, 231, 133, + 75, 189, 143, 136, 191, 254, 115, 228, 186, 129, 56, 137, 213, 177, 13, 46, 97, 202, + 95, 41, 5, 16, 24, 228, 55, 10, 53, 1, 41, 1, 36, 2, 0, 24, 48, 5, 20, 243, 119, 107, + 152, 3, 212, 205, 76, 85, 38, 158, 240, 27, 213, 11, 235, 33, 21, 38, 5, 48, 4, 20, 88, + 240, 172, 159, 2, 82, 193, 71, 83, 67, 184, 97, 99, 61, 125, 67, 232, 202, 171, 107, + 36, 2, 96, 24, 48, 11, 64, 70, 43, 150, 195, 194, 170, 43, 125, 91, 213, 210, 221, 175, + 131, 131, 85, 22, 247, 213, 18, 101, 189, 30, 134, 20, 226, 217, 145, 41, 225, 181, + 150, 28, 200, 52, 237, 218, 195, 144, 209, 205, 73, 88, 114, 139, 216, 85, 170, 63, + 238, 164, 69, 35, 69, 39, 87, 211, 234, 57, 98, 19, 43, 13, 0, 24, 48, 3, 64, 186, 205, + 180, 254, 158, 160, 208, 170, 245, 103, 40, 213, 109, 32, 37, 181, 151, 231, 59, 199, + 255, 91, 132, 201, 39, 40, 244, 140, 61, 28, 67, 185, 57, 196, 168, 45, 252, 49, 245, + 108, 172, 202, 121, 106, 121, 59, 25, 9, 44, 145, 227, 207, 195, 146, 223, 43, 253, 63, + 244, 195, 46, 78, 228, 8, 24, + ]; // A single byte in the auth key id is changed in this pub const NOC1_AUTH_KEY_FAIL: [u8; 247] = [ 0x15, 0x30, 0x1, 0x1, 0x1, 0x24, 0x2, 0x1, 0x37, 0x3, 0x24, 0x13, 0x1, 0x24, 0x15, 0x1, From 629feea4ec42f33bb0979597c45b8269ae385671 Mon Sep 17 00:00:00 2001 From: Shane Snover Date: Sun, 17 Sep 2023 17:48:06 -0600 Subject: [PATCH 4/6] Oops too much of the structure --- rs-matter/src/cert/mod.rs | 49 ++++++++++++--------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/rs-matter/src/cert/mod.rs b/rs-matter/src/cert/mod.rs index edc8d6d..4b7e6b8 100644 --- a/rs-matter/src/cert/mod.rs +++ b/rs-matter/src/cert/mod.rs @@ -965,40 +965,21 @@ mod tests { 89, 175, 253, 78, 212, 7, 69, 207, 140, 45, 129, 249, 64, 104, 70, 68, 43, 164, 19, 126, 114, 138, 79, 104, 238, 20, 226, 88, 118, 105, 56, 12, 92, 31, 171, 24, ]; - // This cert has two of the fields in the extensions list swapped to a different order to be non-consecutive - pub const ICAC2_SUCCESS: [u8; 621] = [ - 21, 49, 1, 25, 1, 21, 48, 1, 17, 0, 216, 184, 140, 35, 236, 61, 104, 93, 172, 232, 160, - 39, 189, 250, 251, 104, 36, 2, 1, 55, 3, 39, 19, 254, 111, 27, 53, 189, 134, 103, 200, - 24, 38, 4, 6, 102, 72, 44, 38, 5, 22, 244, 223, 50, 55, 6, 39, 17, 198, 189, 6, 26, - 205, 152, 127, 190, 39, 21, 242, 137, 119, 166, 227, 250, 211, 102, 36, 22, 1, 24, 36, - 7, 1, 36, 8, 1, 48, 9, 65, 4, 255, 205, 50, 37, 213, 13, 210, 66, 226, 218, 18, 124, - 157, 34, 3, 202, 13, 102, 34, 95, 189, 33, 187, 19, 138, 187, 219, 242, 173, 208, 249, - 3, 108, 76, 55, 59, 116, 42, 233, 74, 167, 55, 101, 61, 1, 158, 198, 105, 73, 220, 94, - 203, 38, 194, 71, 241, 254, 206, 16, 249, 203, 72, 132, 212, 55, 10, 53, 1, 40, 1, 24, - 48, 5, 20, 88, 240, 172, 159, 2, 82, 193, 71, 83, 67, 184, 97, 99, 61, 125, 67, 232, - 202, 171, 107, 48, 4, 20, 240, 120, 145, 62, 218, 150, 208, 177, 31, 6, 138, 53, 177, - 29, 201, 85, 46, 50, 148, 61, 36, 2, 5, 54, 3, 4, 2, 4, 1, 24, 24, 48, 11, 64, 47, 118, - 45, 153, 222, 242, 163, 93, 58, 174, 62, 121, 25, 194, 150, 83, 148, 228, 25, 172, 167, - 49, 66, 193, 48, 205, 127, 14, 115, 255, 7, 33, 160, 43, 17, 180, 237, 73, 7, 24, 101, - 232, 140, 1, 17, 194, 134, 173, 187, 76, 205, 187, 131, 159, 137, 130, 98, 176, 136, - 72, 188, 218, 182, 142, 24, 49, 2, 7, 1, 21, 48, 1, 16, 67, 38, 73, 198, 26, 31, 20, - 101, 57, 46, 16, 143, 77, 160, 128, 161, 36, 2, 1, 55, 3, 39, 20, 255, 90, 200, 17, - 145, 105, 71, 215, 24, 38, 4, 123, 59, 211, 42, 38, 5, 35, 11, 27, 52, 55, 6, 39, 19, - 254, 111, 27, 53, 189, 134, 103, 200, 24, 36, 7, 1, 36, 8, 1, 48, 9, 65, 4, 88, 188, - 13, 87, 50, 3, 213, 248, 182, 12, 240, 164, 220, 127, 150, 65, 81, 244, 125, 24, 48, - 203, 83, 111, 133, 175, 182, 10, 40, 80, 147, 28, 39, 121, 183, 61, 159, 178, 231, 133, - 75, 189, 143, 136, 191, 254, 115, 228, 186, 129, 56, 137, 213, 177, 13, 46, 97, 202, - 95, 41, 5, 16, 24, 228, 55, 10, 53, 1, 41, 1, 36, 2, 0, 24, 48, 5, 20, 243, 119, 107, - 152, 3, 212, 205, 76, 85, 38, 158, 240, 27, 213, 11, 235, 33, 21, 38, 5, 48, 4, 20, 88, - 240, 172, 159, 2, 82, 193, 71, 83, 67, 184, 97, 99, 61, 125, 67, 232, 202, 171, 107, - 36, 2, 96, 24, 48, 11, 64, 70, 43, 150, 195, 194, 170, 43, 125, 91, 213, 210, 221, 175, - 131, 131, 85, 22, 247, 213, 18, 101, 189, 30, 134, 20, 226, 217, 145, 41, 225, 181, - 150, 28, 200, 52, 237, 218, 195, 144, 209, 205, 73, 88, 114, 139, 216, 85, 170, 63, - 238, 164, 69, 35, 69, 39, 87, 211, 234, 57, 98, 19, 43, 13, 0, 24, 48, 3, 64, 186, 205, - 180, 254, 158, 160, 208, 170, 245, 103, 40, 213, 109, 32, 37, 181, 151, 231, 59, 199, - 255, 91, 132, 201, 39, 40, 244, 140, 61, 28, 67, 185, 57, 196, 168, 45, 252, 49, 245, - 108, 172, 202, 121, 106, 121, 59, 25, 9, 44, 145, 227, 207, 195, 146, 223, 43, 253, 63, - 244, 195, 46, 78, 228, 8, 24, + pub const ICAC2_SUCCESS: [u8; 263] = [ + 21, 48, 1, 16, 67, 38, 73, 198, 26, 31, 20, 101, 57, 46, 16, 143, 77, 160, 128, 161, + 36, 2, 1, 55, 3, 39, 20, 255, 90, 200, 17, 145, 105, 71, 215, 24, 38, 4, 123, 59, 211, + 42, 38, 5, 35, 11, 27, 52, 55, 6, 39, 19, 254, 111, 27, 53, 189, 134, 103, 200, 24, 36, + 7, 1, 36, 8, 1, 48, 9, 65, 4, 88, 188, 13, 87, 50, 3, 213, 248, 182, 12, 240, 164, 220, + 127, 150, 65, 81, 244, 125, 24, 48, 203, 83, 111, 133, 175, 182, 10, 40, 80, 147, 28, + 39, 121, 183, 61, 159, 178, 231, 133, 75, 189, 143, 136, 191, 254, 115, 228, 186, 129, + 56, 137, 213, 177, 13, 46, 97, 202, 95, 41, 5, 16, 24, 228, 55, 10, 53, 1, 41, 1, 36, + 2, 0, 24, 48, 5, 20, 243, 119, 107, 152, 3, 212, 205, 76, 85, 38, 158, 240, 27, 213, + 11, 235, 33, 21, 38, 5, 48, 4, 20, 88, 240, 172, 159, 2, 82, 193, 71, 83, 67, 184, 97, + 99, 61, 125, 67, 232, 202, 171, 107, 36, 2, 96, 24, 48, 11, 64, 70, 43, 150, 195, 194, + 170, 43, 125, 91, 213, 210, 221, 175, 131, 131, 85, 22, 247, 213, 18, 101, 189, 30, + 134, 20, 226, 217, 145, 41, 225, 181, 150, 28, 200, 52, 237, 218, 195, 144, 209, 205, + 73, 88, 114, 139, 216, 85, 170, 63, 238, 164, 69, 35, 69, 39, 87, 211, 234, 57, 98, 19, + 43, 13, 0, 24, ]; // A single byte in the auth key id is changed in this pub const NOC1_AUTH_KEY_FAIL: [u8; 247] = [ From 5cda85898b1e49d6778229edee42daf933932c88 Mon Sep 17 00:00:00 2001 From: Shane Snover Date: Sun, 17 Sep 2023 17:49:15 -0600 Subject: [PATCH 5/6] Add comment explaining the difference between ICAC1_SUCCESS and ICAC2_SUCCESS --- rs-matter/src/cert/mod.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rs-matter/src/cert/mod.rs b/rs-matter/src/cert/mod.rs index 4b7e6b8..9e449f8 100644 --- a/rs-matter/src/cert/mod.rs +++ b/rs-matter/src/cert/mod.rs @@ -965,6 +965,7 @@ mod tests { 89, 175, 253, 78, 212, 7, 69, 207, 140, 45, 129, 249, 64, 104, 70, 68, 43, 164, 19, 126, 114, 138, 79, 104, 238, 20, 226, 88, 118, 105, 56, 12, 92, 31, 171, 24, ]; + // This cert has two of the fields in the extensions list swapped to a different order to be non-consecutive pub const ICAC2_SUCCESS: [u8; 263] = [ 21, 48, 1, 16, 67, 38, 73, 198, 26, 31, 20, 101, 57, 46, 16, 143, 77, 160, 128, 161, 36, 2, 1, 55, 3, 39, 20, 255, 90, 200, 17, 145, 105, 71, 215, 24, 38, 4, 123, 59, 211, From f8cd4021539a04651175c19b29842d48c0fe8652 Mon Sep 17 00:00:00 2001 From: Shane Snover Date: Tue, 19 Sep 2023 22:55:34 -0600 Subject: [PATCH 6/6] Use the unordered parameter to the tlv derive macro --- rs-matter/src/cert/mod.rs | 54 ++------------------------------------- 1 file changed, 2 insertions(+), 52 deletions(-) diff --git a/rs-matter/src/cert/mod.rs b/rs-matter/src/cert/mod.rs index 9e449f8..274bbc8 100644 --- a/rs-matter/src/cert/mod.rs +++ b/rs-matter/src/cert/mod.rs @@ -215,8 +215,8 @@ fn encode_extension_end(w: &mut dyn CertConsumer) -> Result<(), Error> { w.end_seq() } -#[derive(ToTLV, Default, Debug, PartialEq)] -#[tlvargs(lifetime = "'a", start = 1, datatype = "list")] +#[derive(FromTLV, ToTLV, Default, Debug, PartialEq)] +#[tlvargs(lifetime = "'a", start = 1, datatype = "list", unordered)] struct Extensions<'a> { basic_const: Option, key_usage: Option, @@ -272,56 +272,6 @@ impl<'a> Extensions<'a> { } } -impl<'a> crate::tlv::FromTLV<'a> for Extensions<'a> { - fn from_tlv(t: &TLVElement<'a>) -> Result { - let tlv_iter = t - .confirm_list()? - .enter() - .ok_or_else(|| Error::new(ErrorCode::Invalid))?; - let mut extensions = Extensions::default(); - for item in tlv_iter { - if item.check_ctx_tag(1u8) { - if extensions.basic_const.is_none() { - extensions.basic_const = Option::from_tlv(&item)?; - } else { - return Err(Error::new(ErrorCode::InvalidData)); - } - } else if item.check_ctx_tag(2u8) { - if extensions.key_usage.is_none() { - extensions.key_usage = Option::from_tlv(&item)?; - } else { - return Err(Error::new(ErrorCode::InvalidData)); - } - } else if item.check_ctx_tag(3u8) { - if extensions.ext_key_usage.is_none() { - extensions.ext_key_usage = Option::from_tlv(&item)?; - } else { - return Err(Error::new(ErrorCode::InvalidData)); - } - } else if item.check_ctx_tag(4u8) { - if extensions.subj_key_id.is_none() { - extensions.subj_key_id = Option::from_tlv(&item)?; - } else { - return Err(Error::new(ErrorCode::InvalidData)); - } - } else if item.check_ctx_tag(5u8) { - if extensions.auth_key_id.is_none() { - extensions.auth_key_id = Option::from_tlv(&item)?; - } else { - return Err(Error::new(ErrorCode::InvalidData)); - } - } else if item.check_ctx_tag(6u8) { - if extensions.future_extensions.is_none() { - extensions.future_extensions = Option::from_tlv(&item)?; - } else { - return Err(Error::new(ErrorCode::InvalidData)); - } - } - } - Ok(extensions) - } -} - #[derive(FromPrimitive, Copy, Clone)] enum DnTags { CommonName = 1,