Initial commit for Jujitsu (JJ) vcs
This commit is contained in:
commit
df1d7e54ca
GPG key ID:
2813440C772555A4
14 changed files with 2004 additions and 0 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
/target
|
||||||
45
.vscode/launch.json
vendored
Normal file
45
.vscode/launch.json
vendored
Normal file
|
|
@ -0,0 +1,45 @@
|
||||||
|
{
|
||||||
|
// Use IntelliSense to learn about possible attributes.
|
||||||
|
// Hover to view descriptions of existing attributes.
|
||||||
|
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
|
||||||
|
"version": "0.2.0",
|
||||||
|
"configurations": [
|
||||||
|
{
|
||||||
|
"type": "lldb",
|
||||||
|
"request": "launch",
|
||||||
|
"name": "Debug executable 'ct'",
|
||||||
|
"cargo": {
|
||||||
|
"args": [
|
||||||
|
"build",
|
||||||
|
"--bin=ct",
|
||||||
|
"--package=ct"
|
||||||
|
],
|
||||||
|
"filter": {
|
||||||
|
"name": "ct",
|
||||||
|
"kind": "bin"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"args": [],
|
||||||
|
"cwd": "${workspaceFolder}"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "lldb",
|
||||||
|
"request": "launch",
|
||||||
|
"name": "Debug unit tests in executable 'ct'",
|
||||||
|
"cargo": {
|
||||||
|
"args": [
|
||||||
|
"test",
|
||||||
|
"--no-run",
|
||||||
|
"--bin=ct",
|
||||||
|
"--package=ct"
|
||||||
|
],
|
||||||
|
"filter": {
|
||||||
|
"name": "ct",
|
||||||
|
"kind": "bin"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"args": [],
|
||||||
|
"cwd": "${workspaceFolder}"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
7
.vscode/settings.json
vendored
Normal file
7
.vscode/settings.json
vendored
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
"cSpell.words": [
|
||||||
|
"Merkle",
|
||||||
|
"Precertificate"
|
||||||
|
],
|
||||||
|
"rust-analyzer.rustfmt.extraArgs": ["+nightly"]
|
||||||
|
}
|
||||||
1551
Cargo.lock
generated
Normal file
1551
Cargo.lock
generated
Normal file
File diff suppressed because it is too large
Load diff
18
Cargo.toml
Normal file
18
Cargo.toml
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
[package]
|
||||||
|
name = "ct"
|
||||||
|
version = "0.1.0"
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
anyhow = "1.0.90"
|
||||||
|
der-parser = "9.0.0"
|
||||||
|
nom = "7.1.3"
|
||||||
|
num-traits = "0.2.19"
|
||||||
|
reqwest = { version = "0.12.8", features = ["json"] }
|
||||||
|
serde = { version = "1.0.210", features = ["derive"] }
|
||||||
|
serde_json = "1.0.132"
|
||||||
|
sha2 = "0.10.8"
|
||||||
|
x509-parser = "0.16.0"
|
||||||
|
|
||||||
|
[dev-dependencies]
|
||||||
|
base64ct = "1.6.0"
|
||||||
36
rustfmt.toml
Normal file
36
rustfmt.toml
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
binop_separator = "Front"
|
||||||
|
brace_style = "SameLineWhere"
|
||||||
|
combine_control_expr = false
|
||||||
|
condense_wildcard_suffixes = true
|
||||||
|
control_brace_style = "AlwaysSameLine"
|
||||||
|
empty_item_single_line = true
|
||||||
|
error_on_line_overflow = true
|
||||||
|
fn_single_line = true
|
||||||
|
force_multiline_blocks = false
|
||||||
|
format_code_in_doc_comments = true
|
||||||
|
format_generated_files = false
|
||||||
|
format_strings = true
|
||||||
|
hard_tabs = true
|
||||||
|
imports_indent = "Block"
|
||||||
|
imports_layout = "HorizontalVertical"
|
||||||
|
indent_style = "Block"
|
||||||
|
match_arm_blocks = false
|
||||||
|
max_width = 90
|
||||||
|
imports_granularity = "Crate"
|
||||||
|
newline_style = "Unix"
|
||||||
|
normalize_comments = true
|
||||||
|
normalize_doc_attributes = true
|
||||||
|
overflow_delimited_expr = true
|
||||||
|
reorder_impl_items = true
|
||||||
|
group_imports = "StdExternalCrate"
|
||||||
|
reorder_modules = true
|
||||||
|
space_after_colon = true
|
||||||
|
space_before_colon = false
|
||||||
|
spaces_around_ranges = false
|
||||||
|
trailing_comma = "Never"
|
||||||
|
trailing_semicolon = true
|
||||||
|
use_field_init_shorthand = true
|
||||||
|
use_small_heuristics = "Default"
|
||||||
|
use_try_shorthand = true
|
||||||
|
where_single_line = false
|
||||||
|
wrap_comments = true
|
||||||
10
src/lib.rs
Normal file
10
src/lib.rs
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
//! A crate implementing aspects of Certificate Transparency as defined in
|
||||||
|
//! [RFC6926] in rust.
|
||||||
|
//!
|
||||||
|
//! Parsing logic for CT structures is defined in the [`parsing`] module. This
|
||||||
|
//! primarily uses the [`nom`] crate for parsing
|
||||||
|
//!
|
||||||
|
//! [RFC6926]: https://datatracker.ietf.org/doc/html/rfc6962
|
||||||
|
|
||||||
|
pub mod merkle;
|
||||||
|
pub mod parsing;
|
||||||
74
src/merkle/consts.rs
Normal file
74
src/merkle/consts.rs
Normal file
|
|
@ -0,0 +1,74 @@
|
||||||
|
pub const LEAF_BASE64_BUFFER_SIZE: usize = 3072;
|
||||||
|
|
||||||
|
pub const LEAF_HASH_PREFIX: u8 = 0x00;
|
||||||
|
pub const INTERIOR_HASH_PREFIX: u8 = 0x01;
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
pub(crate) mod test_constants {
|
||||||
|
// TODO Write a script to populate this with random entries
|
||||||
|
pub(crate) const LEAF_INPUT_EXAMPLES: &[(&str, &str, u64)] = &[
|
||||||
|
(
|
||||||
|
"AAAAAAGSnKkrxAAAAAOJMIIDhTCCAwygAwIBAgISBIMWztGBRQE+UJezy64M233lMAoGCCqGSM49BAMDMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJFNjAeFw0yNDEwMTcyMTQ3NTRaFw0yNTAxMTUyMTQ3NTNaMB0xGzAZBgNVBAMTEnRlc3QubXlyaWF0aW9uLnh5ejBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCcExgJVV0VmpNBZLxu0fs4Gd/HY5a00y9gopHs8bHe7in2X+TqP+20WsT11e1RvddEXX7L+k2U9/jBiODsz7x6jggIVMIICETAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBGQZpFKlhRGYfUFTZCnc1mk50owMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEnRlc3QubXlyaWF0aW9uLnh5ejATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABkpypKigAAAQDAEgwRgIhAPoiAdbJaceE7OUIW1IkZdFD8MUSgrbMbe3b+Iaoy8hfAiEAm7BMs2I1ypCOSITJkJ/wAL190sYvE/aVSunjhUMelZ8AdgDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLEsE2lbW9UBAAAAZKcqSpMAAAEAwBHMEUCIEnBfxjCFgX9kosEUzevs/svFmv2uWSOoa0vPU+iEZx8AiEAlqPAXBXYSTYb+SpCK918/9ScUxWdSpQpVnWmqpAhbjIwCgYIKoZIzj0EAwMDZwAwZAIwJMRuFTLJYtCaeQ90Nf9bwUfE2GtBKKaIhJIbPZ0qGsh2ZcAIkebpwx81c0JVrsaKAjA8YKB65FvxWhXEfvMTuZfGjhvOvruBo1LkXMQpKqiqYkSX6aRM3eoAqUFs09gE4h8AAA==",
|
||||||
|
"CN=test.myriation.xyz",
|
||||||
|
1729205185476
|
||||||
|
),
|
||||||
|
// Entries from https://oak.ct.letsencrypt.org/2025h2
|
||||||
|
(
|
||||||
|
"AAAAAAGJ/gGuKgAAAATzMIIE7zCCAtegAwIBAgIHBgMINo8NzTANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJHQjEPMA0GA1UECAwGTG9uZG9uMRcwFQYDVQQKDA5Hb29nbGUgVUsgTHRkLjEhMB8GA1UECwwYQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5MSMwIQYDVQQDDBpNZXJnZSBEZWxheSBJbnRlcm1lZGlhdGUgMTAeFw0yMzA4MTYxMTAxMTBaFw0yNTEyMDYwNjU0MThaMGMxCzAJBgNVBAYTAkdCMQ8wDQYDVQQHDAZMb25kb24xKDAmBgNVBAoMH0dvb2dsZSBDZXJ0aWZpY2F0ZSBUcmFuc3BhcmVuY3kxGTAXBgNVBAUTEDE2OTIxODM2NzAyMzA0NzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMCO5UNo/GSySPl+yBIvUSTqiw7AKSB4oUO2yeXwwBc32ePUPQKvuOTjRUEYE5/Yh7993HvCr3Nb+A5pLosYxCOQQRHZa+xSmtCYl2EEgwwqnJUOiUoccrN6FYXE3JGfYu4Moy+GofeM2h5n5nRi4tL2WanudJYuj63lhk/Msjfr/ntIU/18xNSQ9PdtIY9RinsN73zsGxWXlR1gamO1pbyLxbiImaRmF8zRWKXqODqb6ohPvThlbXB0P3r8uoroReanykMO8/WwAdZkD6TlD4ziQqt9eX8qe2NMsxrovnRcmAMIDEIjJ4kHaPg672SXKO2lN+tIu58XWRHcio1QGpAgMBAAGjgYswgYgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIwYDVR0RBBwwGoIYZmxvd2Vycy10by10aGUtd29ybGQuY29tMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU6TwE4YAvwoQTLSZwnvL9Gs+q/sYwHQYDVR0OBBYEFBo7+cBBDDd/KMeUsc1Vo3EpMz4VMA0GCSqGSIb3DQEBCwUAA4ICAQABe/kV4PedePHdRo/zTdCzPym6oPuPlOSBW76PvnX/TMcZSjbyis8ILrZ/DWlelVXFN44FTjQyh0gjOig06EgW20cF9pFuKPncskJLAu7FSOo3cYbRe/gySiWx17p6adkpbQo7jt0bctiFe2G/qXq5fr3p24+Ap7J7UmJ8ihcOVhKGVjj0tV2X7Q7LGQnzL1nK8uP61onh8uECI31YZ42CdqxDLxSSVvfLT4huZqy/QzWgva3dyVg62itefDePrgMHudPRijSfCuANbAA6bSlbpjNWkbNxRvuqygOuso14CzcJDF2eCPjfF0IxzxifWKbTge6Fd9C8XHavCEz1oWtJoBrXKQE0hsRcFfSFeV1xkxNXGAtUf0VA9PNZaZ4Z9+ghOQDnqeQQw6qxzp1AeR+DWUVUeBQDKt1/eYN0VXTpmMNisl3tEwRdmxTmSw2uFFRgHgAIFWDgKfNVg1PnTGje8frPOA7fTYqLFzeeDAUfaNXmizQoDB25ifJIhvRqX+gl6Ff+i+uXIeHc097UbRK2bPKIf8XtqD94n48OnfmJBvcGnTl5PaI4Bec3J4tpZ/w6FhZ17FIvP3hxaERmFt89SyYKzCLC2bhnVByHi2f8/jYJVv2nMycjoDxMTJUFRDCn+3BAcAyYbibc+BQLNlGMS04YDZerEJ4BmWTDd1nQZgAA",
|
||||||
|
"C=GB, L=London, O=Google Certificate Transparency, serialNumber=1692183670230477",
|
||||||
|
1692183670314
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGKCs8mKgAAAAU2MIIFMjCCAxqgAwIBAgIJAPXCmTa0J/XPMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xFzAVBgNVBAoMDkdvb2dsZSBVSyBMdGQuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0ZSBUcmFuc3BhcmVuY3kxIzAhBgNVBAMMGk1lcmdlIERlbGF5IEludGVybWVkaWF0ZSAxMB4XDTI1MDgxNzA5NDIyMloXDTI1MDgxODA5NDIyMlowdTELMAkGA1UEBhMCR0IxDzANBgNVBAcTBkxvbmRvbjEPMA0GA1UEChMGR29vZ2xlMSEwHwYDVQQLExhDZXJ0aWZpY2F0ZSBUcmFuc3BhcmVuY3kxITAfBgNVBAMTGGZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJtHYIEazPHQhDE0LDSZlFexMoMoRmAZ1711p5HW1LjQcEFpULoTa52o+LsqEC7plZd7V77TaTfYG51NRE9cOwl/ndxtItJTECnp09NL1LOvXHWckeR+EAUfA2uewCmdgJ+mjndVwIH98jqapH4+ANgiGQEf5TsYvQAQQUYUmXX2zkoTJlQ2ZRMr1pwxAXMQJrEsOq/IZhirK7TGu5gRikQuvWco3ZX2/G587HnC2uEVd8FkRzZjxVjMk9TZY3p+LVF+K51tArquD8zID8P8BFdOiZl4oEaWveRollsrBOSalaXLiH8m26j1UqhVNKgEuxGBZW2DIOzU/Z1hXr7dZRkCAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTpPAThgC/ChBMtJnCe8v0az6r+xjBhBgNVHREEWjBYghhmbG93ZXJzLXRvLXRoZS13b3JsZC5jb22CPDIyLjE4LjA4LjIwMjMubGV0c2VuY3J5cHRfb2FrMjAyNWgyLmZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAgxaaRC6InFBZbrGbhytR6Am5EZv++G0VBTeh5JWJTNyhwF1wD0yyCP0uPMdlWBpQFBXmp/pwGQ72pBE4hboKDMz9wLPpSu1kHh0KUCt8ugjssfk59P9ECGcCxmg2mGIXE0kCFwlJ5xGlIzNiD/hyJGM28zwM6iZ+sITmF+2dzxBa54bVFPDtD3+A5d47ad5XIFAzzMIsJjfrEnFwLU69MffyuhABhIBUzlzU6mPKOPoXpsP9MDCwAEljiyksHKdOcxoPDlchTRvPAn+FngkELiR80HbHsi703UG3KGBSNrDiQCHNCmO/lF6c1kN+/Ij29zu+Wle8Q8veJAanKE8WDGnlU1pFw9nuCaIAtxX8AiMUDuLrAHj38Mj7MIQS4CzloAp4UMqvaupOc+cxJ/8psbUy+MkI6dMww3N5gZE6EV6WCF21Ogm/zqMQwy/Fj1P7dpl+BFYEmJzP0yhiZMh2a9okbpienKL8zaiz/b/27ffO/IxaxT5IwJ60k6Bj9kB9M3H9leFA5EgSpe7buoK86z8LQJ+KHCWErl616TsW2KocycD+dAyNsGk9OlSL8WpKDV5KFmyO1HWDCIpC8WYE/miWH1zwKbmDVJJOEVUBbfNWwy9EbgxHdDvwYChC9/EfIOxCOEj/JQZoEiHjVUy0PGsO59JaxG/citHaQr5Uv48AAA==",
|
||||||
|
"C=GB, L=London, O=Google, OU=Certificate Transparency, CN=flowers-to-the-world.com",
|
||||||
|
1692398462506
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGKDLItnQAB43aJADBzoMZJzGVt6UbAMXTSXFZv48OAW4RvUjaUN5gAAx0wggMZoAMCAQICCHHWBy81SwwSMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xFzAVBgNVBAoMDkdvb2dsZSBVSyBMdGQuMSEwHwYDVQQLDBhDZXJ0aWZpY2F0ZSBUcmFuc3BhcmVuY3kxIzAhBgNVBAMMGk1lcmdlIERlbGF5IEludGVybWVkaWF0ZSAxMB4XDTI2MDEwNTE4MDkwNVoXDTI2MDEwNjE4MDkwNVowdTELMAkGA1UEBhMCR0IxDzANBgNVBAcTBkxvbmRvbjEPMA0GA1UEChMGR29vZ2xlMSEwHwYDVQQLExhDZXJ0aWZpY2F0ZSBUcmFuc3BhcmVuY3kxITAfBgNVBAMTGGZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlyEW37k0qzzAURkI8auNwkyG/p8lh802KPRueNahXxaf73M9vTMIl2czqosnYxhGKmcXdi8jgtRrUJ69+/qmxX7sG454Odz2ocWKGWcwNvhw/roqbATUBYG32sPpUkUTuyeB6nJY1aEQnDDTTIkbx8zBlKo9e3E9lkYVi5rLvbdGBwm+YaopW9TaVSl/npkPXCDUv5LDvMyKDREu2GW/NRLWErP9eg0FB9RpdaXRcAvrNh3/a+NMxRhjJX0oH3xhIvlkoCADJX2dU1V1Bd/QUuvSW/0BjdXRjl9ivmcN3WhhTE+ZpVUusJHJ6wB0bYLlWR5bCxqYbpmsRsov49tZ8CAwEAAaOBujCBtzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTpPAThgC/ChBMtJnCe8v0az6r+xjBhBgNVHREEWjBYghhmbG93ZXJzLXRvLXRoZS13b3JsZC5jb22CPDA3LjE5LjA4LjIwMjMubGV0c2VuY3J5cHRfb2FrMjAyNWgyLmZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbQAA",
|
||||||
|
"C=GB, L=London, O=Google, OU=Certificate Transparency, CN=flowers-to-the-world.com",
|
||||||
|
1692430118301
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGKDNNwjwAB43aJADBzoMZJzGVt6UbAMXTSXFZv48OAW4RvUjaUN5gAAx4wggMaoAMCAQICCQCQAkpeGcWGRjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJHQjEPMA0GA1UECAwGTG9uZG9uMRcwFQYDVQQKDA5Hb29nbGUgVUsgTHRkLjEhMB8GA1UECwwYQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5MSMwIQYDVQQDDBpNZXJnZSBEZWxheSBJbnRlcm1lZGlhdGUgMTAeFw0yNjAxMTgyMTU3MjNaFw0yNjAxMTkyMTU3MjNaMHUxCzAJBgNVBAYTAkdCMQ8wDQYDVQQHEwZMb25kb24xDzANBgNVBAoTBkdvb2dsZTEhMB8GA1UECxMYQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5MSEwHwYDVQQDExhmbG93ZXJzLXRvLXRoZS13b3JsZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZm2mTxtaoH0AIZ0ZVTduHeCIo0kC8M6T6OPQw07Ock+mhtMblMnk7KZAsmgCFWSa6sFQ/IdLuDreWAVSdYJqeNHtDb+Hrla+sDUXDheNEqBFFav5o/G3kO+csbp3sR9If6dZiGHwzLC8ismQT2QDUgvqw/sb/7GrojArouVbvhFR2HBjD73qF5/cOzmOuoLg1OhHIsn5dBtEmK5izkgrrk0CULanGiDzAcGP6i+ldAOnES8Y1hTkKyT1d9woxmBHmVZ/wyKXiL//6h6A6qTVQ0QGGf4RvhW9+v6LhBMQcZEyoSMc164cvc6iaThcbS3koAr9nUuMyG2XpLo5TCexvAgMBAAGjgbowgbcwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU6TwE4YAvwoQTLSZwnvL9Gs+q/sYwYQYDVR0RBFowWIIYZmxvd2Vycy10by10aGUtd29ybGQuY29tgjwwOC4xOS4wOC4yMDIzLmxldHNlbmNyeXB0X29hazIwMjVoMi5mbG93ZXJzLXRvLXRoZS13b3JsZC5jb20AAA==",
|
||||||
|
"C=GB, L=London, O=Google, OU=Certificate Transparency, CN=flowers-to-the-world.com",
|
||||||
|
1692432298127
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGKX6GKQwAAAAU1MIIFMTCCAxmgAwIBAgIIUh+QcsMl2wgwDQYJKoZIhvcNAQELBQAwfzELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEXMBUGA1UECgwOR29vZ2xlIFVLIEx0ZC4xITAfBgNVBAsMGENlcnRpZmljYXRlIFRyYW5zcGFyZW5jeTEjMCEGA1UEAwwaTWVyZ2UgRGVsYXkgSW50ZXJtZWRpYXRlIDEwHhcNMjUwODIyMjE1MDM3WhcNMjUwODIzMjE1MDM3WjB1MQswCQYDVQQGEwJHQjEPMA0GA1UEBxMGTG9uZG9uMQ8wDQYDVQQKEwZHb29nbGUxITAfBgNVBAsTGENlcnRpZmljYXRlIFRyYW5zcGFyZW5jeTEhMB8GA1UEAxMYZmxvd2Vycy10by10aGUtd29ybGQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilgJxY/IGyH6LHfhdfF+Yi1rvP7Fbeblmlvjw6tKJslXcT4KZkctPPa/jJxXG6KsMz/aoncQeXEVREnDocyIKhh5HdnIxuu0dovOvmd2zCbjDFHyEgkUzmUEfb0ysHwSETSGi7b4C0nNDrjsQ/w4TDx87CDjUM8xSiI9R6YpkGShEZ0bTpO/X3PtvHeAa1bctQ9sXyYdUW33Jh5yV7LOl7cnwAawlUTGowcip0kXVNQJYzmx3HOsklkiyrqQFPoNYPNWHxX5hxdCxvd1F1+ga1L+7hg5pZOnqOWMA8JbnktqH0Jb2TVgmWDpFe15qpKbJOfb/1XUef450bZqlOT7lwIDAQABo4G6MIG3MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFOk8BOGAL8KEEy0mcJ7y/RrPqv7GMGEGA1UdEQRaMFiCGGZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbYI8MDkuMDQuMDkuMjAyMy5sZXRzZW5jcnlwdF9vYWsyMDI1aDIuZmxvd2Vycy10by10aGUtd29ybGQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQB8B5jCukPDWYAwTTL2tVKyMcQAZNU8N5C2pn4hnuvjHIIpXeDuGtDwW8iGQYoi7AN/a8+ImWbjcTgdlxicICc/52gNyLXNKLpPVK5Hwloq8JRkyShezS9izBLX9NzNhGN4DGUPaptIgcMcLPv1hjCQy3ZEbh2lip5j9ZqhUuMPaR8f+K0S6y8NlRjPgwXtJXIQMwuIvSfWIHPgwnf16v9p/eW8vcoLPD2aM5VD2XUZJrA/AT6EjVRH2rvdF0urDODFtm4EP6dDvRpcCAgAmmFUEyrTQIlvC0S6+c4PsIDcdI3TiF+XrAree54jBXGYH2pBqShH/sVfEKSJw17DTvat1tNgyBxIHWl+7AKH23L0W1w4xR35eZVyGsEkGi8EFQT70V7VFuGiUw53W1NF/2GxBet/ywDD5x/R6XyrbNP56B/KGSE24Z7iIyIl3FRKE4LHZ97fH2o8SkLHSskSwiVSQd3/gk9jf6d8fVIyFj2ZDvzFks0ACepvJ2hVbTJHvqVWoRyT5lxJ6Mmb01bhocJsxgcCgvs361lBSa4URS5a7u2jULcsFnx8niHjhMJHjXnhc+Me3UduIYGA/c2gJ+IX8dpPBeL/eYx+3bsCmcVH2w94j3IiC49APA6ZMhuBXh351/X4RcHODDiNLqe0rLPqPbfdl+d3r+pVLuRnb4lKygAA",
|
||||||
|
"C=GB, L=London, O=Google, OU=Certificate Transparency, CN=flowers-to-the-world.com",
|
||||||
|
1693821536835
|
||||||
|
),
|
||||||
|
// Entries from https://oak.ct.letsencrypt.org/2024h1
|
||||||
|
(
|
||||||
|
"AAAAAAGEy7byEAABJSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFAAA38wggN7oAMCAQICEAx1UGAuOrXH8cPGn545U3kwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDFCMQ8wDQYDVQQDEwZBbWF6b24wHhcNMjIxMjAxMDAwMDAwWhcNMjMxMjMxMjM1OTU5WjAqMSgwJgYDVQQDDB8qLmQzcHgwd3Y3ZjF0cTdrLmFtcGxpZnlhcHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOoOv6C59kRAOoUxIP5jsxS2hVqKWV4BAPuZEz1b2s2riCGJRDWjhHhT8yxFTDXOnhl0UxcJ82gaAnK92i00eeShWenqfGcPw6crMs2xmKQL2CywwOqKSpVquY2ySZDhQ2xdPCH4RjLNlUR/KDknrJXFU0LK6kTGpzmPcgokmqh544XoOTyOLh7DvYaJ1Hwv6cGk1vTXy8Z5YqUjWor+tNLzjDSbCSQY/WrG6kButBH3jCSt6KLqCcuRpBc2ObpSa2LMFjFVYEO34hWRRMLZzhaLCJtMo21s2mpSnbuV/esihwEOCU28MlzB2sVPXAbd0IofyqkRBVkbAyquUf+NWwIDAQABo4IBlzCCAZMwHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5PdAwHQYDVR0OBBYEFMZcVj6Sv4Q7nebAzjRjAhKGI4nSMEkGA1UdEQRCMECCHyouZDNweDB3djdmMXRxN2suYW1wbGlmeWFwcC5jb22CHWQzcHgwd3Y3ZjF0cTdrLmFtcGxpZnlhcHAuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWItMS5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5zY2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAAAA=",
|
||||||
|
"CN=*.d3px0wv7f1tq7k.amplifyapp.com",
|
||||||
|
1669865075216
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGEy7dwawAB18tkPyr2nckv4fgo0dhAkaUtJ2hu2831xlO2SKhq8dgAA3MwggNvoAMCAQICEAE1jj/k+7zQMDuEt/osQZ8wDQYJKoZIhvcNAQELBQAwPDELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEcMBoGA1UEAxMTQW1hem9uIFJTQSAyMDQ4IE0wMjAeFw0yMjEyMDEwMDAwMDBaFw0yMzEyMzEyMzU5NTlaMCoxKDAmBgNVBAMMHyouZDE3cm5ydzhseWlyYjMuYW1wbGlmeWFwcC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8CPTybP53vjsRdvl95sAfLQkkPoojyq5ifzUBUUv/E9MYiUjatH+QSguLKFo/mD9NBN2JP7UKUR6BmBj0A5kUhTDWeM2DjO7W8tAN55fO17nyEs23bErQOJxuajM6Uf8q7M768IocncqHJ5wEnR1NoO+pZ+ubANRJsgygxfuNEwnBZTEX7Igvx4P+gMH/IvZwRkKPY01nsvIB3TZECNqF0CDkyVs3Lq6Aez0rvCRcg3StEaLhV2YpSre+XnrVCep0gsgFGDEia73QX04t7PicxqGmYh9ACvsJ+n5ktDhmDfwo3ErV72fGGu9GCQ/U0VrwN8z3RLm1Ocf3bWQ+ltBXAgMBAAGjggGVMIIBkTAfBgNVHSMEGDAWgBTAMVLNWlDDgnx0cc7L6Zz5euuC4jAdBgNVHQ4EFgQUPDyOfCFS8b1aJVy/6CCc9/3YQjUwSQYDVR0RBEIwQIIfKi5kMTdybnJ3OGx5aXJiMy5hbXBsaWZ5YXBwLmNvbYIdZDE3cm5ydzhseWlyYjMuYW1wbGlmeWFwcC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwEwYDVR0gBAwwCjAIBgZngQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAMBgNVHRMBAf8EAjAAAAA=",
|
||||||
|
"CN=*.d17rnrw8lyirb3.amplifyapp.com",
|
||||||
|
1669865107563
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGEy7ecXQABJSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFAAA60wggOpoAMCAQICEA2e4xabSznm/RQ5D2RE1pgwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDFCMQ8wDQYDVQQDEwZBbWF6b24wHhcNMjIxMjAxMDAwMDAwWhcNMjMxMjMxMjM1OTU5WjBBMT8wPQYDVQQDEzZxeXl5Z3JucG5maDN6eGxzYTZxa2VuYnRxeS5hcC1zb3V0aC0xLmVzLmFtYXpvbmF3cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXMwBZs3dFeAl3CKe24HMnApkzvHZLrURn2my9V+wvR4UrmG06aU49D5CX3c1zNU7OE9EF0iIru+SR3s65F7zD61N4OwQyAW8uk/ZjF7S8P/jmRlmBYUmFag6bJXUovrL6aSUkcafevhx1vysA5ebnphEoD2c7V3CPihFqgHyZvdUGT498lv/d2la6XLH7BNyI4oCjEH7waIREnSMxbh4IFmnuJxTKjKDPRm3wL/ArdHEAhrT3p9cOD248Ba5tiibQo5ULADyn5K8e71APOiVpBKia6mn2O4tR+tD4kVDJF4VEIY2/2qbmqz+xvkksR23yuNJIzqMbpEIFNp82w2EtAgMBAAGjggGuMIIBqjAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUvY51uZyNjFkbakm4Kj8eheikuhUwYAYDVR0RBFkwV4I2cXl5eWdybnBuZmgzenhsc2E2cWtlbmJ0cXkuYXAtc291dGgtMS5lcy5hbWF6b25hd3MuY29tgh0qLmFwLXNvdXRoLTEuZXMuYW1hem9uYXdzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwAAAA",
|
||||||
|
"CN=qyyygrnpnfh3zxlsa6qkenbtqy.ap-south-1.es.amazonaws.com",
|
||||||
|
1669865118813
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGDEsi8aAAB43aJADBzoMZJzGVt6UbAMXTSXFZv48OAW4RvUjaUN5gAAtswggLXoAMCAQICBwXoAWAfbEIwDQYJKoZIhvcNAQELBQAwfzELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEXMBUGA1UECgwOR29vZ2xlIFVLIEx0ZC4xITAfBgNVBAsMGENlcnRpZmljYXRlIFRyYW5zcGFyZW5jeTEjMCEGA1UEAwwaTWVyZ2UgRGVsYXkgSW50ZXJtZWRpYXRlIDEwHhcNMjIwOTA2MTIzMTI4WhcNMjQwMzI3MTIzNjAwWjBjMQswCQYDVQQGEwJHQjEPMA0GA1UEBwwGTG9uZG9uMSgwJgYDVQQKDB9Hb29nbGUgQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5MRkwFwYDVQQFExAxNjYyNDY3NDg4ODM2Njc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu9Z9FYOVuAKPPWDFTjYhJEur3Co6LU/NbXJ4x3gHbXxHYmNl9OPOhURDW7p9X8MCtDyMjOKWBeEbzSxICXM+vvXMdEfOuB02HZ5RtbsHISbOw/vd1+pl3Nb0fiq/8Q086VzzrmfeBzFfG4BFBqOjb2g+J3retqDmvK9GCnp1kmwBV1jE05Bmdl2fjyZqE6xh6zgzGPvGpr2OC+pSytfd0oNS0V/WDSq5xI6TqFdcAY83vo+Vbt6KTbPLdU96aToxrd/evFAyyPyn/Vy9FUS+k4LcAYlycAZ5LML610kE5gYdh9UnUSdT04Sf94sYcaXEuHCu3Q7tx2a6nhsByLVuQIDAQABo4GLMIGIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCMGA1UdEQQcMBqCGGZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFOk8BOGAL8KEEy0mcJ7y/RrPqv7GMB0GA1UdDgQWBBSMSOrfFXpOlTDmSRMME4rvGdOGuQAA",
|
||||||
|
"C=GB, L=London, O=Google Certificate Transparency, serialNumber=1662467488836674",
|
||||||
|
1662467488872
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"AAAAAAGDIBwiqQAB43aJADBzoMZJzGVt6UbAMXTSXFZv48OAW4RvUjaUN5gAAtswggLXoAMCAQICBwXoNW3movkwDQYJKoZIhvcNAQELBQAwfzELMAkGA1UEBhMCR0IxDzANBgNVBAgMBkxvbmRvbjEXMBUGA1UECgwOR29vZ2xlIFVLIEx0ZC4xITAfBgNVBAsMGENlcnRpZmljYXRlIFRyYW5zcGFyZW5jeTEjMCEGA1UEAwwaTWVyZ2UgRGVsYXkgSW50ZXJtZWRpYXRlIDEwHhcNMjIwOTA5MDIzNzM4WhcNMjQwNjEzMjE0OTAwWjBjMQswCQYDVQQGEwJHQjEPMA0GA1UEBwwGTG9uZG9uMSgwJgYDVQQKDB9Hb29nbGUgQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5MRkwFwYDVQQFExAxNjYyNjkxMDU4Mjk1NTQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv139MZdfpcq6+OQMmxbsO0a9UkyXjyObBcgJzQ+g8KtUdvQQptLmN++pqfnxmI18IyqtZyekpH/enlbEVIdcJ9O0hSMtTM92CaHudKLpV46SEhJcbzwUd9u1w7EdnKjjUq6gmj9zckOjTg09KJyJ95EKbv0ZpYFhsMOeTyhHidYy2wNCNJhO9nx3YE/cnQ9UVo8R3m9dlcDRgHtdQwMjMjPomKgsmJgEXVPPwjKMhVR25O2u21cqsVxItOgEa8WyeR/0awkm1+OMUdEtv0CDSqc5mwKc63dNAnHjJjVq68LJAPfzbR72lW0CxZETOIKI5Hd/jSrL96Cu57RXsC7YRQIDAQABo4GLMIGIMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCMGA1UdEQQcMBqCGGZsb3dlcnMtdG8tdGhlLXdvcmxkLmNvbTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFOk8BOGAL8KEEy0mcJ7y/RrPqv7GMB0GA1UdDgQWBBSRIw7tu+hiIeKf0gO+lTZfhwxK6gAA",
|
||||||
|
"C=GB, L=London, O=Google Certificate Transparency, serialNumber=1662691058295545",
|
||||||
|
1662691058345
|
||||||
|
),
|
||||||
|
// Entries from https://ct.googleapis.com/logs/eu1/xenon2025h1
|
||||||
|
(
|
||||||
|
"AAAAAAGSl0salwAAAAPKMIIDxjCCA0ygAwIBAgISBPmkPV0s/bLTwy6BR95mo9omMAoGCCqGSM49BAMDMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJFNTAeFw0yNDEwMTYyMDQ3MDNaFw0yNTAxMTQyMDQ3MDJaMD4xPDA6BgNVBAMTM3BvY2h0YWJhbmsuby5hdml0by5yeWdpbm1sZDFhd28wdmUuZWlwLmVuc2ltcG9jLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKY6DHnXvMW2xICZcpJ//cr2ttCyBjUk8xonMewjCUPqXS0z79qgCaqFzbaOrqDc61LoOux19e3nhyIBL6QrM3WjggI0MIICMDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMlIByYCus9M860DtNvXARmDYBjJMB8GA1UdIwQYMBaAFJ8rX888IU+dBLftKyzExnCL0tcNMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U1Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTUuaS5sZW5jci5vcmcvMD4GA1UdEQQ3MDWCM3BvY2h0YWJhbmsuby5hdml0by5yeWdpbm1sZDFhd28wdmUuZWlwLmVuc2ltcG9jLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AM8RVu7VLnyv84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABkpdLGCsAAAQDAEYwRAIgSUOJf8l6+Tzmv+ClWY4C3MaDztQMXt6G1HGHlctLUawCIFa+17WSp6uk4RqCiY1e1LVUaNmbIDUhiR2AX05MhdQQAHYAE0rfGrWYQgl4DG/vTHqRpBa3I0nOWFdq367ap8Kr4CIAAAGSl0sZMwAABAMARzBFAiEAlN9seh/z9GSf2nMwvEOpx1noTqxv6yPKhB276U6jd0YCIE6L4TKVHY+7FIwSjP73VT+AJfzsss4f2KsqMlgHx1LVMAoGCCqGSM49BAMDA2gAMGUCMCNwRE9tv2JA3iIdpagARFw64TGL/4yec0YwknBvECnafyPwwkYo7mbvowPS4QowOgIxAKvb2zBO/+ykpeWBBOJ4wvoGAHCHcGUKeszXXBycjfvlSeh+l4DhXiLpAD6fn4ANfwAA",
|
||||||
|
"CN=pochtabank.o.avito.ryginmld1awo0ve.eip.ensimpoc.com",
|
||||||
|
1729115134615
|
||||||
|
)
|
||||||
|
];
|
||||||
|
}
|
||||||
1
src/merkle/hash.rs
Normal file
1
src/merkle/hash.rs
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
|
||||||
3
src/merkle/mod.rs
Normal file
3
src/merkle/mod.rs
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
pub mod consts;
|
||||||
|
pub mod hash;
|
||||||
|
pub mod types;
|
||||||
37
src/merkle/types.rs
Normal file
37
src/merkle/types.rs
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
use x509_parser::prelude::TbsCertificate;
|
||||||
|
|
||||||
|
#[repr(u8)]
|
||||||
|
#[non_exhaustive]
|
||||||
|
#[derive(Debug, PartialEq, Eq, PartialOrd, Ord)]
|
||||||
|
pub enum Version {
|
||||||
|
V1 = 0
|
||||||
|
}
|
||||||
|
|
||||||
|
pub type CtExtensions = Vec<u8>;
|
||||||
|
|
||||||
|
#[repr(u8)]
|
||||||
|
#[non_exhaustive]
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum MerkleLeafType<'a> {
|
||||||
|
TimeStampedEntry {
|
||||||
|
timestamp: u64,
|
||||||
|
entry_type: LogEntryType<'a>,
|
||||||
|
extensions: CtExtensions
|
||||||
|
} = 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#[repr(u16)]
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum LogEntryType<'a> {
|
||||||
|
X509Entry(x509_parser::certificate::X509Certificate<'a>) = 0,
|
||||||
|
PrecertEntry {
|
||||||
|
issuer_key_hash: [u8; 32],
|
||||||
|
tbs_certificate: TbsCertificate<'a>
|
||||||
|
} = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub struct MerkleTreeLeaf<'a> {
|
||||||
|
pub version: Version,
|
||||||
|
pub leaf_type: MerkleLeafType<'a>
|
||||||
|
}
|
||||||
115
src/parsing/leaf.rs
Normal file
115
src/parsing/leaf.rs
Normal file
|
|
@ -0,0 +1,115 @@
|
||||||
|
use super::{
|
||||||
|
structures::{parse_tbs_certificate_der, parse_x509_der},
|
||||||
|
LeafParsingEnumType,
|
||||||
|
LeafParsingError
|
||||||
|
};
|
||||||
|
use crate::merkle::types::{LogEntryType, MerkleLeafType, MerkleTreeLeaf, Version};
|
||||||
|
|
||||||
|
/// Parses a MerkleTreeLeaf structure as specified in [RFC6962](https://datatracker.ietf.org/doc/html/rfc6962):
|
||||||
|
/// ```txt
|
||||||
|
/// struct {
|
||||||
|
/// Version version;
|
||||||
|
/// MerkleLeafType leaf_type;
|
||||||
|
/// select (leaf_type) {
|
||||||
|
/// case timestamped_entry: TimestampedEntry;
|
||||||
|
/// }
|
||||||
|
/// } MerkleTreeLeaf;
|
||||||
|
/// ```
|
||||||
|
///
|
||||||
|
/// This function assumes a binary format for the leaf, rather than a
|
||||||
|
/// base64-encoded version, so make sure to manually decode it from the HTTP
|
||||||
|
/// response before use.
|
||||||
|
pub fn parse_merkle_tree_leaf(
|
||||||
|
input: &[u8]
|
||||||
|
) -> nom::IResult<&[u8], MerkleTreeLeaf, LeafParsingError<&[u8]>> {
|
||||||
|
let (input, version /* Version version; */) = nom::number::complete::u8(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::Nom(e)))?;
|
||||||
|
let (input, leaf_type /* MerkleLeafType leaf_type; */) =
|
||||||
|
nom::number::complete::u8(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::Nom(e)))?;
|
||||||
|
|
||||||
|
Ok((input, MerkleTreeLeaf {
|
||||||
|
version: match version {
|
||||||
|
0 => Version::V1,
|
||||||
|
_ =>
|
||||||
|
return Err(nom::Err::Failure(LeafParsingError::InvalidEnum {
|
||||||
|
input,
|
||||||
|
enum_type: LeafParsingEnumType::Version
|
||||||
|
})),
|
||||||
|
},
|
||||||
|
leaf_type: match leaf_type {
|
||||||
|
// struct {
|
||||||
|
// uint64 timestamp;
|
||||||
|
// LogEntryType entry_type; /* 2 bytes */
|
||||||
|
// select(entry_type) {
|
||||||
|
// case x509_entry: ASN.1Cert;
|
||||||
|
// case precert_entry: PreCert;
|
||||||
|
// } signed_entry;
|
||||||
|
// CtExtensions extensions;
|
||||||
|
// } TimestampedEntry;
|
||||||
|
0 => {
|
||||||
|
let (input, timestamp /* uint64 timestamp; */) =
|
||||||
|
nom::number::complete::u64(nom::number::Endianness::Big)(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::Nom(e)))?;
|
||||||
|
let (input, entry_type /* LogEntryType entry_type; */) =
|
||||||
|
nom::number::complete::u16(nom::number::Endianness::Big)(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::Nom(e)))?;
|
||||||
|
|
||||||
|
let (input, entry_type) = match entry_type {
|
||||||
|
0 => {
|
||||||
|
let (input, der /* opaque ASN.1Cert<1..2^24-1> */) =
|
||||||
|
parse_x509_der(input).map_err(|e| {
|
||||||
|
e.map(|e| LeafParsingError::DerParsing(e))
|
||||||
|
})?;
|
||||||
|
|
||||||
|
(input, LogEntryType::X509Entry(der))
|
||||||
|
}
|
||||||
|
// case precert_entry: PreCert;
|
||||||
|
1 => {
|
||||||
|
let (
|
||||||
|
input,
|
||||||
|
issuer_key_hash // opaque issuer_key_hash[32];
|
||||||
|
) = nom::bytes::complete::take(32usize)(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::Nom(e)))?;
|
||||||
|
let (
|
||||||
|
input,
|
||||||
|
tbs_certificate // TBSCertificate tbs_certificate;
|
||||||
|
) = parse_tbs_certificate_der(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::DerParsing(e)))?;
|
||||||
|
|
||||||
|
(input, LogEntryType::PrecertEntry {
|
||||||
|
issuer_key_hash: issuer_key_hash.try_into().map_err(
|
||||||
|
|_| {
|
||||||
|
nom::Err::Failure(LeafParsingError::InvalidTakeLength)
|
||||||
|
}
|
||||||
|
)?,
|
||||||
|
tbs_certificate
|
||||||
|
})
|
||||||
|
}
|
||||||
|
_ =>
|
||||||
|
return Err(nom::Err::Failure(LeafParsingError::InvalidEnum {
|
||||||
|
input,
|
||||||
|
enum_type: LeafParsingEnumType::LogEntryType
|
||||||
|
})),
|
||||||
|
};
|
||||||
|
|
||||||
|
let (
|
||||||
|
_, // no more to parse
|
||||||
|
ct_extensions // opaque CtExtensions<0..2^16-1>
|
||||||
|
) = nom::multi::length_data(nom::number::complete::be_u16)(input)
|
||||||
|
.map_err(|e| e.map(|e| LeafParsingError::Nom(e)))?;
|
||||||
|
|
||||||
|
MerkleLeafType::TimeStampedEntry {
|
||||||
|
timestamp,
|
||||||
|
entry_type,
|
||||||
|
extensions: ct_extensions.to_vec()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
_ =>
|
||||||
|
return Err(nom::Err::Failure(LeafParsingError::InvalidEnum {
|
||||||
|
input,
|
||||||
|
enum_type: LeafParsingEnumType::MerkleLeafType
|
||||||
|
})),
|
||||||
|
}
|
||||||
|
}))
|
||||||
|
}
|
||||||
85
src/parsing/mod.rs
Normal file
85
src/parsing/mod.rs
Normal file
|
|
@ -0,0 +1,85 @@
|
||||||
|
pub mod leaf;
|
||||||
|
pub mod structures;
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum LeafParsingError<I> {
|
||||||
|
Nom(nom::error::Error<I>),
|
||||||
|
InvalidEnum {
|
||||||
|
input: I,
|
||||||
|
enum_type: LeafParsingEnumType
|
||||||
|
},
|
||||||
|
DerParsing(x509_parser::error::X509Error),
|
||||||
|
InvalidTakeLength
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum LeafParsingEnumType {
|
||||||
|
Version,
|
||||||
|
MerkleLeafType,
|
||||||
|
LogEntryType
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod test {
|
||||||
|
use base64ct::Encoding;
|
||||||
|
|
||||||
|
use crate::{
|
||||||
|
merkle::{
|
||||||
|
consts::{test_constants, LEAF_BASE64_BUFFER_SIZE},
|
||||||
|
types::{LogEntryType, MerkleLeafType}
|
||||||
|
},
|
||||||
|
parsing::leaf::parse_merkle_tree_leaf
|
||||||
|
};
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn parse_leaf_inputs() {
|
||||||
|
let mut decoded_base64 = [0u8; LEAF_BASE64_BUFFER_SIZE];
|
||||||
|
for (i, (leaf_input, subject, timestamp)) in
|
||||||
|
test_constants::LEAF_INPUT_EXAMPLES.into_iter().enumerate()
|
||||||
|
{
|
||||||
|
decoded_base64[..leaf_input.len()].copy_from_slice(leaf_input.as_bytes());
|
||||||
|
let decoded_base64 = base64ct::Base64::decode_in_place(
|
||||||
|
&mut decoded_base64[..leaf_input.len()]
|
||||||
|
)
|
||||||
|
.expect("Should parse base64 properly");
|
||||||
|
|
||||||
|
let (_, parsed) =
|
||||||
|
parse_merkle_tree_leaf(decoded_base64).expect("should complete");
|
||||||
|
|
||||||
|
let MerkleLeafType::TimeStampedEntry {
|
||||||
|
timestamp: parsed_timestamp,
|
||||||
|
entry_type,
|
||||||
|
extensions: _
|
||||||
|
} = parsed.leaf_type;
|
||||||
|
|
||||||
|
assert_eq!(
|
||||||
|
*timestamp, parsed_timestamp,
|
||||||
|
"leaf_input should have expected timestamp"
|
||||||
|
);
|
||||||
|
|
||||||
|
match entry_type {
|
||||||
|
LogEntryType::X509Entry(x509_cert) => {
|
||||||
|
assert_eq!(
|
||||||
|
&x509_cert.subject.to_string(),
|
||||||
|
subject,
|
||||||
|
"leaf_entry x509 cert should have expected subject field"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
LogEntryType::PrecertEntry {
|
||||||
|
issuer_key_hash: _,
|
||||||
|
tbs_certificate
|
||||||
|
} => {
|
||||||
|
assert_eq!(
|
||||||
|
&tbs_certificate.subject.to_string(),
|
||||||
|
subject,
|
||||||
|
"leaf_entry tbs cert should have expected subject field"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
println!(
|
||||||
|
"[{i}] Correctly parsed leaf_input for subject '{subject}' issued at \
|
||||||
|
{timestamp}"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
21
src/parsing/structures.rs
Normal file
21
src/parsing/structures.rs
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
use x509_parser::{
|
||||||
|
error::X509Result,
|
||||||
|
prelude::{TbsCertificate, X509Certificate}
|
||||||
|
};
|
||||||
|
|
||||||
|
/// Parses a type `opaque ASN.1Cert<1..2^24-1>;`
|
||||||
|
pub fn parse_x509_der(input: &[u8]) -> X509Result<X509Certificate> {
|
||||||
|
nom::combinator::map_parser(
|
||||||
|
nom::multi::length_data(nom::number::complete::be_u24),
|
||||||
|
x509_parser::parse_x509_certificate
|
||||||
|
)(input)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Parses a type `opaque TBSCertificate<1..2^24-1>;`
|
||||||
|
pub fn parse_tbs_certificate_der(input: &[u8]) -> X509Result<TbsCertificate> {
|
||||||
|
nom::combinator::map_parser(
|
||||||
|
nom::multi::length_data(nom::number::complete::be_u24),
|
||||||
|
x509_parser::certificate::TbsCertificateParser::new()
|
||||||
|
.with_deep_parse_extensions(true)
|
||||||
|
)(input)
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue