This commit is contained in:
parent
6b96e1db51
commit
4a27ce4620
1 changed files with 19 additions and 20 deletions
|
|
@ -1,6 +1,7 @@
|
|||
#![allow(unused)]
|
||||
use std::io::{Cursor, Write};
|
||||
use std::ops::{Deref, DerefMut};
|
||||
use std::sync::{LazyLock, OnceLock};
|
||||
// Don't import until required.
|
||||
// use argon2::{Algorithm, Argon2, PasswordHash, PasswordHasher, PasswordVerifier};
|
||||
// use argon2::password_hash::rand_core::OsRng;
|
||||
|
|
@ -13,9 +14,12 @@ use base64::prelude::BASE64_STANDARD;
|
|||
use binrw::{BinRead, binread};
|
||||
use bytemuck::bytes_of;
|
||||
use chrono::{NaiveDate, NaiveDateTime, Utc};
|
||||
use openssl::bn::BigNum;
|
||||
use openssl::bn::{BigNum, BigNumContext};
|
||||
use openssl::ec::{EcGroup, EcKey, EcKeyRef, EcPoint};
|
||||
use openssl::ecdsa::EcdsaSig;
|
||||
use openssl::error::ErrorStack;
|
||||
use openssl::nid::Nid;
|
||||
use openssl::pkey::Public;
|
||||
use rand::Rng;
|
||||
use rocket::http::Status;
|
||||
use rocket::request::{FromRequest, Outcome};
|
||||
|
|
@ -395,11 +399,6 @@ struct OuterCertificate {
|
|||
data: [u8; 0x100],
|
||||
}
|
||||
|
||||
const PUB_PEM: &[u8] = br#"-----BEGIN PUBLIC KEY-----
|
||||
MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAP1WBBgs8XUJIQDDCK5IOZEbb5+h1TqV
|
||||
rwgzSUcrAAFxMWm1kf/TDL9z2nZkuo0N+VtNEQREZDXA7aQv
|
||||
-----END PUBLIC KEY-----"#;
|
||||
|
||||
#[derive(thiserror::Error, Debug)]
|
||||
enum CertError {
|
||||
#[error("unable to decode base64: {0}")]
|
||||
|
|
@ -423,8 +422,6 @@ impl Certificate {
|
|||
let cert =
|
||||
OuterCertificate::read(&mut Cursor::new(&data)).map_err(CertError::OuterBinError)?;
|
||||
|
||||
let key = openssl::ec::EcKey::public_key_from_pem(PUB_PEM).expect("invalid pem file");
|
||||
|
||||
let sig_components = read_p1363(&cert.signature)
|
||||
.expect("unable to read signature despite fixed size signature");
|
||||
|
||||
|
|
@ -438,7 +435,7 @@ impl Certificate {
|
|||
let hash = hasher.finish();
|
||||
|
||||
if !sig
|
||||
.verify(&hash[..], &key)
|
||||
.verify(&hash[..], &PUB_KEY)
|
||||
.map_err(CertError::CryptoVerifError)?
|
||||
{
|
||||
return Err(CertError::ValidationError);
|
||||
|
|
@ -471,14 +468,16 @@ fn read_p1363(data: &[u8]) -> Option<(BigNum, BigNum)> {
|
|||
))
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod test {
|
||||
use crate::account::account::Certificate;
|
||||
static PUB_KEY: LazyLock<EcKey<Public>> = LazyLock::new(|| {
|
||||
let point = [
|
||||
4, 0, 253, 86, 4, 24, 44, 241, 117, 9, 33, 0, 195, 8, 174, 72, 57, 145, 27, 111, 159, 161,
|
||||
213, 58, 149, 175, 8, 51, 73, 71, 43, 0, 1, 113, 49, 105, 181, 145, 255, 211, 12, 191, 115,
|
||||
218, 118, 100, 186, 141, 13, 249, 91, 77, 17, 4, 68, 100, 53, 192, 237, 164, 47,
|
||||
];
|
||||
let curve = EcGroup::from_curve_name(Nid::SECT233R1).expect("unable to get curve");
|
||||
let mut bignum = BigNumContext::new().expect("unable to create big num context");
|
||||
let point =
|
||||
EcPoint::from_bytes(&curve, &point[..], &mut bignum).expect("unable to create point");
|
||||
|
||||
#[test]
|
||||
fn test() {
|
||||
const CERT: &str = "AAEABQAsTGvAP1XNwh6JO+z47AkwVvqPYHRDO9X11BdhYwCIEipUJne32JSWMAYsFe1LqWT+0AkSnaDCkMWK1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSb290LUNBMDAwMDAwMDMtTVMwMDAwMDAxMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk5HNDQ0Y2FiZmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1/THZAcTyFksveCuIl5fOM7Fb6ebi6mUqcVJlQQDqvsgMAW12aEaECJWV+Y6wXOL+E7yP5WJ/9VAd4jlgrvZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
|
||||
|
||||
Certificate::new(CERT).unwrap();
|
||||
}
|
||||
}
|
||||
EcKey::from_public_key(&curve, &point).expect("unable to construct key")
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue