Apply the Asn1Operation API to several extensions (#12019)

Author: alex

src/rust/cryptography-x509-verification/src/policy/extension.rs

@@ -530,6 +530,7 @@ pub(crate) mod ca {
 pub(crate) mod common {
     use cryptography_x509::{
         certificate::Certificate,
+        common::Asn1Read,
         extensions::{Extension, SequenceOfAccessDescriptions},
     };
 
@@ -546,7 +547,7 @@ pub(crate) mod common {
         if let Some(extn) = extn {
             // We don't currently do anything useful with these, but we
             // do check that they're well-formed.
-            let _: SequenceOfAccessDescriptions<'_> = extn.value()?;
+            let _: SequenceOfAccessDescriptions<'_, Asn1Read> = extn.value()?;
         }
 
         Ok(())

src/rust/cryptography-x509/src/common.rs

@@ -264,16 +264,27 @@ impl<T: asn1::SimpleAsn1Writable, U: asn1::SimpleAsn1Writable> asn1::SimpleAsn1W
 }
 
 pub trait Asn1Operation {
+    type SequenceOfVec<'a, T>
+    where
+        T: 'a;
     type OwnedBitString<'a>;
 }
 
 pub struct Asn1Read;
 pub struct Asn1Write;
 
 impl Asn1Operation for Asn1Read {
+    type SequenceOfVec<'a, T>
+        = asn1::SequenceOf<'a, T>
+    where
+        T: 'a;
     type OwnedBitString<'a> = asn1::BitString<'a>;
 }
 impl Asn1Operation for Asn1Write {
+    type SequenceOfVec<'a, T>
+        = asn1::SequenceOfWriter<'a, T, Vec<T>>
+    where
+        T: 'a;
     type OwnedBitString<'a> = asn1::OwnedBitString;
 }
 

src/rust/cryptography-x509/src/extensions.rs

@@ -94,48 +94,41 @@ pub struct AccessDescription<'a> {
     pub access_location: name::GeneralName<'a>,
 }
 
-pub type SequenceOfAccessDescriptions<'a> = common::Asn1ReadableOrWritable<
-    asn1::SequenceOf<'a, AccessDescription<'a>>,
-    asn1::SequenceOfWriter<'a, AccessDescription<'a>, Vec<AccessDescription<'a>>>,
->;
+pub type SequenceOfAccessDescriptions<'a, Op> =
+    <Op as Asn1Operation>::SequenceOfVec<'a, AccessDescription<'a>>;
 
 // Needed due to clippy type complexity warning.
-type SequenceOfPolicyQualifiers<'a> = common::Asn1ReadableOrWritable<
-    asn1::SequenceOf<'a, PolicyQualifierInfo<'a>>,
-    asn1::SequenceOfWriter<'a, PolicyQualifierInfo<'a>, Vec<PolicyQualifierInfo<'a>>>,
->;
+type SequenceOfPolicyQualifiers<'a, Op> =
+    <Op as Asn1Operation>::SequenceOfVec<'a, PolicyQualifierInfo<'a, Op>>;
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
-pub struct PolicyInformation<'a> {
+pub struct PolicyInformation<'a, Op: Asn1Operation + 'a> {
     pub policy_identifier: asn1::ObjectIdentifier,
-    pub policy_qualifiers: Option<SequenceOfPolicyQualifiers<'a>>,
+    pub policy_qualifiers: Option<SequenceOfPolicyQualifiers<'a, Op>>,
 }
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
-pub struct PolicyQualifierInfo<'a> {
+pub struct PolicyQualifierInfo<'a, Op: Asn1Operation> {
     pub policy_qualifier_id: asn1::ObjectIdentifier,
-    pub qualifier: Qualifier<'a>,
+    pub qualifier: Qualifier<'a, Op>,
 }
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
-pub enum Qualifier<'a> {
+pub enum Qualifier<'a, Op: Asn1Operation> {
     CpsUri(asn1::IA5String<'a>),
-    UserNotice(UserNotice<'a>),
+    UserNotice(UserNotice<'a, Op>),
 }
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
-pub struct UserNotice<'a> {
-    pub notice_ref: Option<NoticeReference<'a>>,
+pub struct UserNotice<'a, Op: Asn1Operation> {
+    pub notice_ref: Option<NoticeReference<'a, Op>>,
     pub explicit_text: Option<DisplayText<'a>>,
 }
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
-pub struct NoticeReference<'a> {
+pub struct NoticeReference<'a, Op: Asn1Operation> {
     pub organization: DisplayText<'a>,
-    pub notice_numbers: common::Asn1ReadableOrWritable<
-        asn1::SequenceOf<'a, asn1::BigUint<'a>>,
-        asn1::SequenceOfWriter<'a, asn1::BigUint<'a>, Vec<asn1::BigUint<'a>>>,
-    >,
+    pub notice_numbers: Op::SequenceOfVec<'a, asn1::BigUint<'a>>,
 }
 
 // DisplayText also allows BMPString, which we currently do not support.

src/rust/src/x509/certificate.rs

@@ -498,7 +498,7 @@ fn parse_display_text<'p>(
 
 fn parse_user_notice<'p>(
     py: pyo3::Python<'p>,
-    un: UserNotice<'_>,
+    un: UserNotice<'_, Asn1Read>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
     let et = match un.explicit_text {
         Some(data) => parse_display_text(py, data)?,
@@ -508,7 +508,7 @@ fn parse_user_notice<'p>(
         Some(data) => {
             let org = parse_display_text(py, data.organization)?;
             let numbers = pyo3::types::PyList::empty(py);
-            for num in data.notice_numbers.unwrap_read().clone() {
+            for num in data.notice_numbers.clone() {
                 numbers.append(big_byte_slice_to_py_int(py, num.as_bytes())?)?;
             }
             types::NOTICE_REFERENCE.get(py)?.call1((org, numbers))?
@@ -520,7 +520,7 @@ fn parse_user_notice<'p>(
 
 fn parse_policy_qualifiers<'a>(
     py: pyo3::Python<'a>,
-    policy_qualifiers: &asn1::SequenceOf<'a, PolicyQualifierInfo<'a>>,
+    policy_qualifiers: &asn1::SequenceOf<'a, PolicyQualifierInfo<'a, Asn1Read>>,
 ) -> CryptographyResult<pyo3::Bound<'a, pyo3::PyAny>> {
     let py_pq = pyo3::types::PyList::empty(py);
     for pqi in policy_qualifiers.clone() {
@@ -556,14 +556,12 @@ fn parse_cp<'p>(
     py: pyo3::Python<'p>,
     ext: &Extension<'_>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
-    let cp = ext.value::<asn1::SequenceOf<'_, PolicyInformation<'_>>>()?;
+    let cp = ext.value::<asn1::SequenceOf<'_, PolicyInformation<'_, Asn1Read>>>()?;
     let certificate_policies = pyo3::types::PyList::empty(py);
     for policyinfo in cp {
         let pi_oid = oid_to_py_oid(py, &policyinfo.policy_identifier)?;
         let py_pqis = match policyinfo.policy_qualifiers {
-            Some(policy_qualifiers) => {
-                parse_policy_qualifiers(py, policy_qualifiers.unwrap_read())?
-            }
+            Some(policy_qualifiers) => parse_policy_qualifiers(py, &policy_qualifiers)?,
             None => py.None().into_bound(py),
         };
         let pi = types::POLICY_INFORMATION
@@ -695,8 +693,8 @@ pub(crate) fn parse_access_descriptions<'p>(
     ext: &Extension<'_>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::PyAny>> {
     let ads = pyo3::types::PyList::empty(py);
-    let parsed = ext.value::<SequenceOfAccessDescriptions<'_>>()?;
-    for access in parsed.unwrap_read().clone() {
+    let parsed = ext.value::<SequenceOfAccessDescriptions<'_, Asn1Read>>()?;
+    for access in parsed {
         let py_oid = oid_to_py_oid(py, &access.access_method)?;
         let gn = x509::parse_general_name(py, access.access_location)?;
         let ad = types::ACCESS_DESCRIPTION.get(py)?.call1((py_oid, gn))?;

src/rust/src/x509/extensions.rs

@@ -275,9 +275,7 @@ fn encode_certificate_policies(
                             organization: extensions::DisplayText::Utf8String(
                                 asn1::Utf8String::new(py_notice_str),
                             ),
-                            notice_numbers: common::Asn1ReadableOrWritable::new_write(
-                                asn1::SequenceOfWriter::new(notice_numbers),
-                            ),
+                            notice_numbers: asn1::SequenceOfWriter::new(notice_numbers),
                         })
                     } else {
                         None
@@ -304,14 +302,12 @@ fn encode_certificate_policies(
                 };
                 qualifiers.push(qualifier);
             }
-            Some(common::Asn1ReadableOrWritable::new_write(
-                asn1::SequenceOfWriter::new(qualifiers),
-            ))
+            Some(asn1::SequenceOfWriter::new(qualifiers))
         } else {
             None
         };
         let py_policy_id = py_policy_info.getattr(pyo3::intern!(py, "policy_identifier"))?;
-        policy_informations.push(extensions::PolicyInformation {
+        policy_informations.push(extensions::PolicyInformation::<Asn1Write> {
             policy_identifier: py_oid_to_oid(py_policy_id)?,
             policy_qualifiers: qualifiers,
         });