1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 17 Nov 2024 07:28:04 -0800
Subject: update to asn1 0.19 and use X509GeneralizedTime
---
src/rust/cryptography-x509-verification/src/policy/mod.rs | 10 +++++-----
src/rust/cryptography-x509/src/common.rs | 2 +-
src/rust/cryptography-x509/src/ocsp_resp.rs | 8 ++++----
src/rust/src/x509/certificate.rs | 6 +++---
src/rust/src/x509/extensions.rs | 4 +++-
src/rust/src/x509/ocsp_resp.rs | 9 +++++----
6 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs
index 5616a83..a67eaf9 100644
--- a/src/rust/cryptography-x509-verification/src/policy/mod.rs
+++ b/src/rust/cryptography-x509-verification/src/policy/mod.rs
@@ -769,7 +769,7 @@ mod tests {
let generalized_dt = utc_dt.clone();
let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap());
let generalized_validity =
- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
assert!(permits_validity_date(&utc_validity).is_ok());
assert!(permits_validity_date(&generalized_validity).is_err());
}
@@ -779,7 +779,7 @@ mod tests {
let generalized_dt = utc_dt.clone();
let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap());
let generalized_validity =
- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
assert!(permits_validity_date(&utc_validity).is_ok());
assert!(permits_validity_date(&generalized_validity).is_err());
}
@@ -789,7 +789,7 @@ mod tests {
let generalized_dt = utc_dt.clone();
assert!(asn1::UtcTime::new(utc_dt).is_err());
let generalized_validity =
- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
assert!(permits_validity_date(&generalized_validity).is_ok());
}
{
@@ -799,7 +799,7 @@ mod tests {
// The `asn1::UtcTime` constructor prevents this.
assert!(asn1::UtcTime::new(utc_dt).is_err());
let generalized_validity =
- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
assert!(permits_validity_date(&generalized_validity).is_ok());
}
{
@@ -809,7 +809,7 @@ mod tests {
// The `asn1::UtcTime` constructor prevents this.
assert!(asn1::UtcTime::new(utc_dt).is_err());
let generalized_validity =
- Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+ Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
assert!(permits_validity_date(&generalized_validity).is_ok());
}
}
diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs
index 0b95553..2957eeb 100644
--- a/src/rust/cryptography-x509/src/common.rs
+++ b/src/rust/cryptography-x509/src/common.rs
@@ -207,7 +207,7 @@ impl<'a> asn1::Asn1Writable for RawTlv<'a> {
#[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)]
pub enum Time {
UtcTime(asn1::UtcTime),
- GeneralizedTime(asn1::GeneralizedTime),
+ GeneralizedTime(asn1::X509GeneralizedTime),
}
impl Time {
diff --git a/src/rust/cryptography-x509/src/ocsp_resp.rs b/src/rust/cryptography-x509/src/ocsp_resp.rs
index f40707e..5b0338b 100644
--- a/src/rust/cryptography-x509/src/ocsp_resp.rs
+++ b/src/rust/cryptography-x509/src/ocsp_resp.rs
@@ -39,7 +39,7 @@ pub struct ResponseData<'a> {
#[default(0)]
pub version: u8,
pub responder_id: ResponderId<'a>,
- pub produced_at: asn1::GeneralizedTime,
+ pub produced_at: asn1::X509GeneralizedTime,
pub responses: common::Asn1ReadableOrWritable<
asn1::SequenceOf<'a, SingleResponse<'a>>,
asn1::SequenceOfWriter<'a, SingleResponse<'a>, Vec<SingleResponse<'a>>>,
@@ -60,9 +60,9 @@ pub enum ResponderId<'a> {
pub struct SingleResponse<'a> {
pub cert_id: ocsp_req::CertID<'a>,
pub cert_status: CertStatus,
- pub this_update: asn1::GeneralizedTime,
+ pub this_update: asn1::X509GeneralizedTime,
#[explicit(0)]
- pub next_update: Option<asn1::GeneralizedTime>,
+ pub next_update: Option<asn1::X509GeneralizedTime>,
#[explicit(1)]
pub raw_single_extensions: Option<extensions::RawExtensions<'a>>,
}
@@ -79,7 +79,7 @@ pub enum CertStatus {
#[derive(asn1::Asn1Read, asn1::Asn1Write)]
pub struct RevokedInfo {
- pub revocation_time: asn1::GeneralizedTime,
+ pub revocation_time: asn1::X509GeneralizedTime,
#[explicit(0)]
pub revocation_reason: Option<crl::CRLReason>,
}
diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs
index 810d7aa..246c15f 100644
--- a/src/rust/src/x509/certificate.rs
+++ b/src/rust/src/x509/certificate.rs
@@ -877,9 +877,9 @@ pub(crate) fn time_from_py(
pub(crate) fn time_from_datetime(dt: asn1::DateTime) -> CryptographyResult<common::Time> {
if dt.year() >= 2050 {
- Ok(common::Time::GeneralizedTime(asn1::GeneralizedTime::new(
- dt,
- )?))
+ Ok(common::Time::GeneralizedTime(
+ asn1::X509GeneralizedTime::new(dt)?,
+ ))
} else {
Ok(common::Time::UtcTime(asn1::UtcTime::new(dt).unwrap()))
}
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
index 9bd9425..d3396ff 100644
--- a/src/rust/src/x509/extensions.rs
+++ b/src/rust/src/x509/extensions.rs
@@ -532,7 +532,9 @@ pub(crate) fn encode_extension(
&oid::INVALIDITY_DATE_OID => {
let py_dt = ext.getattr(pyo3::intern!(py, "invalidity_date_utc"))?;
let dt = x509::py_to_datetime(py, py_dt)?;
- Ok(Some(asn1::write_single(&asn1::GeneralizedTime::new(dt)?)?))
+ Ok(Some(asn1::write_single(&asn1::X509GeneralizedTime::new(
+ dt,
+ )?)?))
}
&oid::CRL_NUMBER_OID | &oid::DELTA_CRL_INDICATOR_OID => {
let intval = ext
diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs
index 955bf35..1a24188 100644
--- a/src/rust/src/x509/ocsp_resp.rs
+++ b/src/rust/src/x509/ocsp_resp.rs
@@ -746,7 +746,8 @@ pub(crate) fn create_ocsp_response(
};
// REVOKED
let py_revocation_time = py_single_resp.getattr(pyo3::intern!(py, "_revocation_time"))?;
- let revocation_time = asn1::GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?;
+ let revocation_time =
+ asn1::X509GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?;
ocsp_resp::CertStatus::Revoked(ocsp_resp::RevokedInfo {
revocation_time,
revocation_reason,
@@ -757,7 +758,7 @@ pub(crate) fn create_ocsp_response(
.is_none()
{
let py_next_update = py_single_resp.getattr(pyo3::intern!(py, "_next_update"))?;
- Some(asn1::GeneralizedTime::new(py_to_datetime(
+ Some(asn1::X509GeneralizedTime::new(py_to_datetime(
py,
py_next_update,
)?)?)
@@ -765,7 +766,7 @@ pub(crate) fn create_ocsp_response(
None
};
let py_this_update = py_single_resp.getattr(pyo3::intern!(py, "_this_update"))?;
- let this_update = asn1::GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?;
+ let this_update = asn1::X509GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?;
let ka_vec = cryptography_keepalive::KeepAlive::new();
let ka_bytes = cryptography_keepalive::KeepAlive::new();
@@ -807,7 +808,7 @@ pub(crate) fn create_ocsp_response(
let tbs_response_data = ocsp_resp::ResponseData {
version: 0,
- produced_at: asn1::GeneralizedTime::new(x509::common::datetime_now(py)?)?,
+ produced_at: asn1::X509GeneralizedTime::new(x509::common::datetime_now(py)?)?,
responder_id,
responses: common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(
responses,
|
