diff --git a/Cargo.toml b/Cargo.toml index b4e380153b..bddc367fc0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,6 +23,7 @@ oci-distribution = { version = "0.9", default-features = false } olpc-cjson = "0.1" open = "3.0.1" openidconnect = { version = "2.3", default-features = false, features = [ "reqwest" ] } +openssl = "0.10.38" pem = "1.0.2" picky = { version = "7.0.0-rc.3", default-features = false, features = [ "x509", "ec" ] } regex = "1.5.5" @@ -57,7 +58,6 @@ anyhow = "1.0.54" assert-json-diff = "2.0.2" chrono = "0.4.20" clap = { version = "4.0.8", features = ["derive"] } -openssl = "0.10.38" rstest = "0.15.0" tempfile = "3.3.0" tracing-subscriber = { version = "0.3.9", features = ["env-filter"] } diff --git a/src/errors.rs b/src/errors.rs index 9a7f35d86b..95b10b6960 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -49,12 +49,16 @@ pub enum SigstoreError { #[error(transparent)] X509ParseError(#[from] x509_parser::nom::Err), + #[error(transparent)] X509Error(#[from] x509_parser::error::X509Error), #[error(transparent)] CertError(#[from] picky::x509::certificate::CertError), + #[error(transparent)] + ErrorStack(#[from] openssl::error::ErrorStack), + #[error(transparent)] Base64DecodeError(#[from] base64::DecodeError), diff --git a/src/fulcio/mod.rs b/src/fulcio/mod.rs index 9941109365..058b046886 100644 --- a/src/fulcio/mod.rs +++ b/src/fulcio/mod.rs @@ -5,6 +5,7 @@ use crate::crypto::SigningScheme; use crate::errors::{Result, SigstoreError}; use crate::fulcio::oauth::OauthTokenProvider; use openidconnect::core::CoreIdToken; +use openssl::x509::X509; use reqwest::Body; use serde::ser::SerializeStruct; use serde::{Serialize, Serializer}; @@ -78,6 +79,27 @@ impl AsRef<[u8]> for FulcioCert { } } +impl FulcioCert { + pub fn new(s: &str) -> FulcioCert { + FulcioCert(String::from(s)) + } + + pub fn to_inner(&self) -> &str { + &self.0 + } + + pub fn to_x509(&self) -> Result { + let x509 = X509::from_pem(self.to_inner().as_bytes())?; + Ok(x509) + } + + pub fn extract_pubkey_string(&self) -> Result { + let certificate = self.to_x509()?; + let pub_key_pem = certificate.public_key()?.public_key_to_pem()?; + String::from_utf8(pub_key_pem).map_err(|e| SigstoreError::from(e.utf8_error())) + } +} + impl Display for FulcioCert { fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { std::fmt::Display::fmt(&self.0, f)