Created
March 25, 2021 10:01
-
-
Save leplatrem/fa45deabce1d8e902f2390c8e15d8a26 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // [dependencies] | |
| // x509-parser = "0.9" | |
| // ring = "0.16" | |
| // oid-registry = "0.1" | |
| use oid_registry; | |
| use ring::signature; | |
| use x509_parser::{self, certificate::X509Certificate, pem::Pem}; | |
| fn verify_chain(pem_content: &[u8]) { | |
| let blocks = split_pem(&pem_content); | |
| let pems: Vec<Pem> = blocks | |
| .iter() | |
| .rev() // first will be root, last will be leaf. | |
| .map(|block| { | |
| let (_, pem) = x509_parser::pem::parse_x509_pem(&block).unwrap(); | |
| pem | |
| }) | |
| .collect(); | |
| let certs: Vec<X509Certificate> = pems | |
| .iter() | |
| .map(|pem| { | |
| let (_, cert) = x509_parser::parse_x509_certificate(&pem.contents).unwrap(); | |
| cert | |
| }) | |
| .collect(); | |
| // Verify signature chain. | |
| for i in 0..=certs.len() - 1 { | |
| let parent = &certs[i]; | |
| let child = &certs[i + 1]; | |
| let signature_alg = &parent.signature_algorithm.algorithm; | |
| let verification_alg: &dyn signature::VerificationAlgorithm = | |
| if *signature_alg == oid_registry::OID_PKCS1_SHA1WITHRSA { | |
| &signature::RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY | |
| } else if *signature_alg == oid_registry::OID_PKCS1_SHA256WITHRSA { | |
| &signature::RSA_PKCS1_2048_8192_SHA256 | |
| } else if *signature_alg == oid_registry::OID_PKCS1_SHA384WITHRSA { | |
| &signature::RSA_PKCS1_2048_8192_SHA384 | |
| } else if *signature_alg == oid_registry::OID_PKCS1_SHA512WITHRSA { | |
| &signature::RSA_PKCS1_2048_8192_SHA512 | |
| } else if *signature_alg == oid_registry::OID_SIG_ECDSA_WITH_SHA256 { | |
| &signature::ECDSA_P256_SHA256_ASN1 | |
| } else if *signature_alg == oid_registry::OID_SIG_ECDSA_WITH_SHA384 { | |
| &signature::ECDSA_P384_SHA384_ASN1 | |
| } else { | |
| panic!("Unsupported sig {}", signature_alg); | |
| }; | |
| let parent_pk_bytes = parent.tbs_certificate.subject_pki.subject_public_key.data; | |
| let parent_pk = signature::UnparsedPublicKey::new(verification_alg, &parent_pk_bytes); | |
| let child_sig_bytes = child.signature_value.data; | |
| let res = parent_pk.verify(child.tbs_certificate.as_ref(), child_sig_bytes); | |
| println!("{} --> {}: {:?}", i, i + 1, res); | |
| } | |
| } | |
| fn split_pem(pem_content: &[u8]) -> Vec<&[u8]> { | |
| let mut blocks = vec![]; | |
| let needle = b"-----BEGIN CERTIFICATE"; | |
| let window = needle.len(); | |
| let mut last = 0; | |
| if pem_content.len() > window { | |
| let mut i = 0; | |
| while i < pem_content.len() - window - 1 { | |
| let portion = &pem_content[i..i + window]; | |
| if portion == needle && i > last { | |
| blocks.push(&pem_content[last..i]); | |
| last = i; | |
| i = i + window; | |
| } else { | |
| i = i + 1; | |
| } | |
| } | |
| } | |
| if last < pem_content.len() { | |
| blocks.push(&pem_content[last..]); | |
| } | |
| blocks | |
| } | |
| fn main() { | |
| verify_chain(b"-----BEGIN CERTIFICATE----- | |
| MIIDBTCCAougAwIBAgIIFmvvKwxhfbAwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYT | |
| AlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3pp | |
| bGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29u | |
| dGVudCBTaWduaW5nIEludGVybWVkaWF0ZS9lbWFpbEFkZHJlc3M9Zm94c2VjQG1v | |
| emlsbGEuY29tMB4XDTIxMDIxMTE1MDQxOVoXDTIxMDUwMjE1MDQxOVowgakxCzAJ | |
| BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFp | |
| biBWaWV3MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMRcwFQYDVQQLEw5D | |
| bG91ZCBTZXJ2aWNlczE2MDQGA1UEAxMtcmVtb3RlLXNldHRpbmdzLmNvbnRlbnQt | |
| c2lnbmF0dXJlLm1vemlsbGEub3JnMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJMgu | |
| GNFArtWDvghGfUqaKwWHjguiGH10CF4BEzeyb7hEox6++AvC2VOCdFzmJgVXSup5 | |
| WgQxdPF2ZiwCTdJGw3XZm/SBs2l+nBeT6iRRUQrTzLD9pzgm7HZocIK5OYheo4GD | |
| MIGAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAfBgNVHSME | |
| GDAWgBSgHUoXT4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0 | |
| dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMD | |
| aAAwZQIwagBtt7TpipeDlGsZfvwutLoHy+jZnD8G8mmdqPGraYfgLVMyXFzMjVui | |
| f3cc8vMiAjEAlHl2QWOoFrpfvRlgp3QA8yYUQGMsYN2JKyrHlZB0f3jw9yAKhz3e | |
| 5NFa6l5NDIR2 | |
| -----END CERTIFICATE----- | |
| -----BEGIN CERTIFICATE----- | |
| MIIFfzCCA2egAwIBAgIDEAAJMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVT | |
| MRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxh | |
| IEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1j | |
| YS1wcm9kdWN0aW9uLWFtbzAiGA8yMDIwMTIzMTAwMDAwMFoYDzIwMjUwMzE0MjI1 | |
| MzU3WjCBozELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRp | |
| b24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2 | |
| aWNlMUUwQwYDVQQDDDxDb250ZW50IFNpZ25pbmcgSW50ZXJtZWRpYXRlL2VtYWls | |
| QWRkcmVzcz1mb3hzZWNAbW96aWxsYS5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNi | |
| AAQklaclq89BKPcYIfUdVS4JF/pZxjTVOlYVdj4QJ5xopHAngXkUggYkkHj0tmZV | |
| EcrXrCVq1qEtB/k7wXXkU4HN9rX7WcUkksClDJmUQ2qabzP7i20q3epGNq57RE2p | |
| 3hKjggGJMIIBhTAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSUB | |
| Af8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUoB1KF0+Mwis1RfFj8dpwcKfO+OEw | |
| gagGA1UdIwSBoDCBnYAUs7zqWHSr4W54KrKrnCMeqGMsl7ehgYGkfzB9MQswCQYD | |
| VQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMm | |
| TW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxHzAdBgNVBAMT | |
| FnJvb3QtY2EtcHJvZHVjdGlvbi1hbW+CAQEwMwYJYIZIAYb4QgEEBCYWJGh0dHA6 | |
| Ly9hZGRvbnMuYWxsaXpvbS5vcmcvY2EvY3JsLnBlbTBOBgNVHR4ERzBFoEMwIIIe | |
| LmNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMB+CHWNvbnRlbnQtc2lnbmF0 | |
| dXJlLm1vemlsbGEub3JnMA0GCSqGSIb3DQEBDAUAA4ICAQALeUuF/7hcmM/LFnK6 | |
| 6a5lBQk5z5JBr2bNNvKVs/mtdIcVKcxjWxOBM5rorZiM5UWE7BmAm8E7gFCCq30y | |
| ZnNn6BO04z5LtDRHxa3IGhgECloyOJUSi9xxFxe5p5wJzFdArl7happSOUwOi+z2 | |
| aDqS6uTJWubIY4Uz7h7S2UkUm52CTYnvpioS7eQoovvrlUsgIhkkIwDQnu7RWSej | |
| 6nkc5o5SNwAJWsQvxIko32AxhvPmmtv1T/mtXY488TJ0VoBZ6lRkJJIxIJ48pGHJ | |
| +YRt1tzO2aqCEs9pNPGWfhrpcDc2mu4fvlSX1elWYiGrpQBVbdEJlDkGAD0AC8on | |
| /7ybD2pEdh7pViVLV78Md+DNNquqqNhRJpn65k4lhvgDLHYvLNOrrtAmcmQonNdU | |
| OSumIuqcGk7dm/7gr9lrwAm8V8/GwDyzTgi4wNA4vwln3c7iMFGLL/b2piEQCSl+ | |
| mqL1LeWJV+8rkbi8l2T0QIBwjDgR97ZxpLPwmUdDNiGAWeEFxn0jU9CQtQKjOj84 | |
| VPZUM7aSHhVQ0bQpnjua7IWvLKK7F2fOo3PmuLacnnfyrzr2C/Le5k6EK/0q2cKf | |
| P6JzDWwt8werc6E3C6z3jbUdAwgNpv/fGz8gQBPf7NeiYkqMUNB2Z3aF8He8Jg15 | |
| Abv+2+rSOLpBsTU67AHzMKJ8hw== | |
| -----END CERTIFICATE----- | |
| -----BEGIN CERTIFICATE----- | |
| MIIGYTCCBEmgAwIBAgIBATANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJVUzEc | |
| MBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBB | |
| TU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxHzAdBgNVBAMTFnJvb3QtY2Et | |
| cHJvZHVjdGlvbi1hbW8wHhcNMTUwMzE3MjI1MzU3WhcNMjUwMzE0MjI1MzU3WjB9 | |
| MQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0G | |
| A1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxHzAd | |
| BgNVBAMTFnJvb3QtY2EtcHJvZHVjdGlvbi1hbW8wggIgMA0GCSqGSIb3DQEBAQUA | |
| A4ICDQAwggIIAoICAQC0u2HXXbrwy36+MPeKf5jgoASMfMNz7mJWBecJgvlTf4hH | |
| JbLzMPsIUauzI9GEpLfHdZ6wzSyFOb4AM+D1mxAWhuZJ3MDAJOf3B1Rs6QorHrl8 | |
| qqlNtPGqepnpNJcLo7JsSqqE3NUm72MgqIHRgTRsqUs+7LIPGe7262U+N/T0LPYV | |
| Le4rZ2RDHoaZhYY7a9+49mHOI/g2YFB+9yZjE+XdplT2kBgA4P8db7i7I0tIi4b0 | |
| B0N6y9MhL+CRZJyxdFe2wBykJX14LsheKsM1azHjZO56SKNrW8VAJTLkpRxCmsiT | |
| r08fnPyDKmaeZ0BtsugicdipcZpXriIGmsZbI12q5yuwjSELdkDV6Uajo2n+2ws5 | |
| uXrP342X71WiWhC/dF5dz1LKtjBdmUkxaQMOP/uhtXEKBrZo1ounDRQx1j7+SkQ4 | |
| BEwjB3SEtr7XDWGOcOIkoJZWPACfBLC3PJCBWjTAyBlud0C5n3Cy9regAAnOIqI1 | |
| t16GU2laRh7elJ7gPRNgQgwLXeZcFxw6wvyiEcmCjOEQ6PM8UQjthOsKlszMhlKw | |
| vjyOGDoztkqSBy/v+Asx7OW2Q7rlVfKarL0mREZdSMfoy3zTgtMVCM0vhNl6zcvf | |
| 5HNNopoEdg5yuXo2chZ1p1J+q86b0G5yJRMeT2+iOVY2EQ37tHrqUURncCy4uwIB | |
| A6OB7TCB6jAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAWBgNVHSUBAf8E | |
| DDAKBggrBgEFBQcDAzCBkgYDVR0jBIGKMIGHoYGBpH8wfTELMAkGA1UEBhMCVVMx | |
| HDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEg | |
| QU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNh | |
| LXByb2R1Y3Rpb24tYW1vggEBMB0GA1UdDgQWBBSzvOpYdKvhbngqsqucIx6oYyyX | |
| tzANBgkqhkiG9w0BAQwFAAOCAgEAaNSRYAaECAePQFyfk12kl8UPLh8hBNidP2H6 | |
| KT6O0vCVBjxmMrwr8Aqz6NL+TgdPmGRPDDLPDpDJTdWzdj7khAjxqWYhutACTew5 | |
| eWEaAzyErbKQl+duKvtThhV2p6F6YHJ2vutu4KIciOMKB8dslIqIQr90IX2Usljq | |
| 8Ttdyf+GhUmazqLtoB0GOuESEqT4unX6X7vSGu1oLV20t7t5eCnMMYD67ZBn0YIU | |
| /cm/+pan66hHrja+NeDGF8wabJxdqKItCS3p3GN1zUGuJKrLykxqbOp/21byAGog | |
| Z1amhz6NHUcfE6jki7sM7LHjPostU5ZWs3PEfVVgha9fZUhOrIDsyXEpCWVa3481 | |
| LlAq3GiUMKZ5DVRh9/Nvm4NwrTfB3QkQQJCwfXvO9pwnPKtISYkZUqhEqvXk5nBg | |
| QCkDSLDjXTx39naBBGIVIqBtKKuVTla9enngdq692xX/CgO6QJVrwpqdGjebj5P8 | |
| 5fNZPABzTezG3Uls5Vp+4iIWVAEDkK23cUj3c/HhE+Oo7kxfUeu5Y1ZV3qr61+6t | |
| ZARKjbu1TuYQHf0fs+GwID8zeLc2zJL7UzcHFwwQ6Nda9OJN4uPAuC/BKaIpxCLL | |
| 26b24/tRam4SJjqpiq20lynhUrmTtt6hbG3E1Hpy3bmkt2DYnuMFwEx2gfXNcnbT | |
| wNuvFqc= | |
| -----END CERTIFICATE-----"); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment