Skip to content

Commit 62f3742

Browse files
stanislav-tkachstanislav-tkach
committed
Fix verifying key extraction
1 parent 72ff86c commit 62f3742

File tree

1 file changed

+24
-7
lines changed

1 file changed

+24
-7
lines changed

rust/rbac-registration/src/cardano/cip509/validation.rs

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -326,7 +326,7 @@ fn validate_role_0(
326326
fn x509_cert_key(
327327
cert: &Certificate, context: &str, report: &ProblemReport,
328328
) -> Option<VerifyingKey> {
329-
let Some(bytes) = cert
329+
let Some(extended_public_key) = cert
330330
.tbs_certificate
331331
.subject_public_key_info
332332
.subject_public_key
@@ -340,19 +340,36 @@ fn x509_cert_key(
340340
);
341341
return None;
342342
};
343-
verifying_key(bytes, context, report)
343+
verifying_key(extended_public_key, context, report)
344344
}
345345

346346
/// Extracts `VerifyingKey` from the given `C509` certificate.
347347
fn c509_cert_key(cert: &C509, context: &str, report: &ProblemReport) -> Option<VerifyingKey> {
348348
verifying_key(cert.tbs_cert().subject_public_key(), context, report)
349349
}
350350

351-
/// Creates `VerifyingKey` from the given byte slice.
352-
fn verifying_key(bytes: &[u8], context: &str, report: &ProblemReport) -> Option<VerifyingKey> {
353-
println!("FIXME: bytes len = {}", bytes.len());
354-
println!("FIXME: PUBLIC_KEY_LENGTH len = {PUBLIC_KEY_LENGTH}");
355-
let bytes: &[u8; PUBLIC_KEY_LENGTH] = match bytes.try_into() {
351+
/// Creates `VerifyingKey` from the given extended public key.
352+
fn verifying_key(
353+
extended_public_key: &[u8], context: &str, report: &ProblemReport,
354+
) -> Option<VerifyingKey> {
355+
const EXTENDED_PUBLIC_KEY_LENGTH: usize = 64;
356+
357+
if extended_public_key.len() != EXTENDED_PUBLIC_KEY_LENGTH {
358+
report.other(
359+
&format!("Unexpected extended public key length in certificate: {}, expected {EXTENDED_PUBLIC_KEY_LENGTH}",
360+
extended_public_key.len()),
361+
context,
362+
);
363+
return None;
364+
}
365+
366+
// This should never fail because of the check above.
367+
let Some(public_key) = extended_public_key.get(0..PUBLIC_KEY_LENGTH) else {
368+
report.other("Unable to get public key part", context);
369+
return None;
370+
};
371+
372+
let bytes: &[u8; PUBLIC_KEY_LENGTH] = match public_key.try_into() {
356373
Ok(v) => v,
357374
Err(e) => {
358375
report.other(

0 commit comments

Comments
 (0)