crl: remove exports of untrusted::Input.

We don't want to add `untrusted` to webpki's public API, but several fields of the `CertificateRevocationList` type did this accidentally. This commit makes the `untrusted::Input` fields crate-private and adds public methods that can return `&[u8]` versions of these fields for external usage. Along the way I also deleted the `CertificateRevocationLists` type - we didn't export that from `lib.rs`. I added this type before landing on the `CrlProvider` trait implemented in a separate branch. With that approach there's no need for a list-of-CRLs type.
rustls · Jun 15, 2023 · fab5190 · fab5190
1 parent 7b74dfa
commit fab5190
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 14 deletions.
diff --git a/src/crl.rs b/src/crl.rs
@@ -18,24 +18,17 @@ use crate::der::Tag;
 use crate::x509::{remember_extension, set_extension_once, Extension};
 use crate::{der, signed_data, Error, Time};
 
-/// A collection of Certificate Revocation Lists (CRLs) which may be used to check client                                                         
-/// certificates for revocation status.
-// TODO(@cpu): Remove allows once used.
-// TODO(@cpu): I suspect at this stage we mostly want to index this by issuer name. Is there
-//             a better way to express that while still being no-std/no-alloc?
-#[allow(unused, unreachable_pub)]
-pub struct CertificateRevocationLists<'a>(pub &'a [CertRevocationList<'a>]);
-
 /// Representation of a RFC 5280[^1] profile Certificate Revocation List (CRL).
 ///
 /// [^1]: <https://www.rfc-editor.org/rfc/rfc5280#section-5>
 pub struct CertRevocationList<'a> {
     /// A `SignedData` structure that can be passed to `verify_signed_data`.
-    pub signed_data: signed_data::SignedData<'a>,
+    #[allow(unused)] // TODO(@cpu): Remove when support for revocation checking is added.
+    pub(crate) signed_data: signed_data::SignedData<'a>,
 
     /// Identifies the entity that has signed and issued this
     /// CRL.
-    pub issuer: untrusted::Input<'a>,
+    pub(crate) issuer: untrusted::Input<'a>,
 
     /// Indicates the issue date of this CRL.
     pub this_update: Time,
@@ -44,16 +37,29 @@ pub struct CertRevocationList<'a> {
     pub next_update: Time,
 
     /// List of certificates revoked by the issuer in this CRL.
-    pub revoked_certs: untrusted::Input<'a>,
+    pub(crate) revoked_certs: untrusted::Input<'a>,
 
     /// Provides a means of identifying the public key corresponding to the private key used to
     /// sign this CRL.
-    pub authority_key_identifier: Option<untrusted::Input<'a>>,
+    pub(crate) authority_key_identifier: Option<untrusted::Input<'a>>,
 
     /// A monotonically increasing sequence number for a given CRL scope and CRL issuer.
     pub crl_number: Option<&'a [u8]>,
 }
 
+impl<'a> CertRevocationList<'a> {
+    /// Raw DER encoding of the issuer of the CRL.
+    pub fn issuer(&self) -> &[u8] {
+        self.issuer.as_slice_less_safe()
+    }
+
+    /// DER encoding of the authority key identifier (AKI) of the CRL.
+    pub fn authority_key_identifier(&self) -> Option<&[u8]> {
+        self.authority_key_identifier
+            .map(|input| input.as_slice_less_safe())
+    }
+}
+
 /// Representation of a RFC 5280[^1] profile Certificate Revocation List (CRL) revoked certificate
 /// entry.
 ///

diff --git a/tests/crl_tests.rs b/tests/crl_tests.rs
@@ -18,8 +18,8 @@ fn parse_valid_crl() {
         0x30, 0x16, 0x80, 0x14, 0x01, 0xDA, 0xBB, 0x7A, 0xCB, 0x25, 0x20, 0x8E, 0x5E, 0x79, 0xD6,
         0xF9, 0x96, 0x42, 0x2F, 0x02, 0x41, 0x29, 0x07, 0xBE,
     ];
-    let aki = crl.authority_key_identifier.expect("missing AKI");
-    assert_eq!(aki.as_slice_less_safe(), expected_aki);
+    let aki = crl.authority_key_identifier().expect("missing AKI");
+    assert_eq!(aki, expected_aki);
 
     // We should find the expected revoked certificate with the expected serial number.
     assert!(crl.find_serial(REVOKED_SERIAL).is_some())