Add functionality to parse pubkey from Fulcio cert

Signed-off-by: Lily Sturmann <lsturman@redhat.com>
sigstore · Oct 24, 2022 · 75a8bef · 75a8bef
1 parent 0725c0d
commit 75a8bef
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 1 deletion.
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,6 +23,7 @@ oci-distribution = { version = "0.9", default-features = false }
 olpc-cjson = "0.1"
 open = "3.0.1"
 openidconnect = { version = "2.3", default-features = false, features = [ "reqwest" ] }
+openssl = "0.10.38"
 pem = "1.0.2"
 picky = { version = "7.0.0-rc.3", default-features = false, features = [ "x509", "ec" ] }
 regex = "1.5.5"
@@ -57,7 +58,6 @@ anyhow = "1.0.54"
 assert-json-diff = "2.0.2"
 chrono = "0.4.20"
 clap = { version = "4.0.8", features = ["derive"] }
-openssl = "0.10.38"
 rstest = "0.15.0"
 tempfile = "3.3.0"
 tracing-subscriber = { version = "0.3.9", features = ["env-filter"] }

diff --git a/src/errors.rs b/src/errors.rs
@@ -49,12 +49,16 @@ pub enum SigstoreError {
 
     #[error(transparent)]
     X509ParseError(#[from] x509_parser::nom::Err<x509_parser::error::X509Error>),
+
     #[error(transparent)]
     X509Error(#[from] x509_parser::error::X509Error),
 
     #[error(transparent)]
     CertError(#[from] picky::x509::certificate::CertError),
 
+    #[error(transparent)]
+    ErrorStack(#[from] openssl::error::ErrorStack),
+
     #[error(transparent)]
     Base64DecodeError(#[from] base64::DecodeError),
 

diff --git a/src/fulcio/mod.rs b/src/fulcio/mod.rs
@@ -5,6 +5,7 @@ use crate::crypto::SigningScheme;
 use crate::errors::{Result, SigstoreError};
 use crate::fulcio::oauth::OauthTokenProvider;
 use openidconnect::core::CoreIdToken;
+use openssl::x509::X509;
 use reqwest::Body;
 use serde::ser::SerializeStruct;
 use serde::{Serialize, Serializer};
@@ -78,6 +79,27 @@ impl AsRef<[u8]> for FulcioCert {
     }
 }
 
+impl FulcioCert {
+    pub fn new(s: &str) -> FulcioCert {
+        FulcioCert(String::from(s))
+    }
+
+    pub fn to_inner(&self) -> &str {
+        &self.0
+    }
+
+    pub fn to_x509(&self) -> Result<X509> {
+        let x509 = X509::from_pem(self.to_inner().as_bytes())?;
+        Ok(x509)
+    }
+
+    pub fn extract_pubkey_string(&self) -> Result<String> {
+        let certificate = self.to_x509()?;
+        let pub_key_pem = certificate.public_key()?.public_key_to_pem()?;
+        String::from_utf8(pub_key_pem).map_err(|e| SigstoreError::from(e.utf8_error()))
+    }
+}
+
 impl Display for FulcioCert {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         std::fmt::Display::fmt(&self.0, f)