Merge branch 'rrdp-testing' of https://github.com/NLnetLabs/rpki-rs i…

…nto rrdp-testing
NLnetLabs · Jan 20, 2025 · 1294231 · 1294231
2 parents 32a55fe + 54ef213
commit 1294231
Show file tree

Hide file tree

Showing 33 changed files with 465 additions and 219 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, windows-latest, macOS-latest]
-        rust: [1.70.0, stable, beta, nightly]
+        rust: [1.73.0, stable, beta, nightly]
     steps:
     - name: Checkout repository
       uses: actions/checkout@v1

diff --git a/Cargo.toml b/Cargo.toml
@@ -2,7 +2,7 @@
 name = "rpki"
 version = "0.18.4"
 edition = "2021"
-rust-version = "1.70"
+rust-version = "1.73"
 authors = ["NLnet Labs <rpki-team@nlnetlabs.nl>"]
 description = "A library for validating and creating RPKI data."
 documentation = "https://docs.rs/rpki/"

diff --git a/Changelog.md b/Changelog.md
@@ -12,9 +12,18 @@ New
 * Added `uri::{Rsync,Https}::path_into_dir` ([#302])
 * Added `Ipv4Block` and `Ipv6Block` and `FromIterator` impls for
   `Ipv4Blocks` and `Ipv6Blocks`. ([#298])
+* Made `AddressRange` public and added methods to convert ranges into
+  a set of prefixes. ([#306])
+* Updated the ASPA RTR PDU to conform with version -14 of
+  draft-ietf-sidrops-8210bis. ([#309])
+* Exposed `ca::idcert::TbsIdCert::validity`. ([#310]);
+* The ASPA `ProviderAsSet` now keeps track of its length and exposes it
+  via the new `len` method. ([#315])
 
 Bug fixes
 
+* Do not allow backslashes in idexchange handles. ([#304])
+
 Other changes
 
 * The minimum supported Rust version is now 1.70. ([#303])
@@ -25,6 +34,11 @@ Other changes
 [#300]: https://github.com/NLnetLabs/rpki-rs/pull/300
 [#302]: https://github.com/NLnetLabs/rpki-rs/pull/302
 [#303]: https://github.com/NLnetLabs/rpki-rs/pull/303
+[#304]: https://github.com/NLnetLabs/rpki-rs/pull/304
+[#306]: https://github.com/NLnetLabs/rpki-rs/pull/306
+[#309]: https://github.com/NLnetLabs/rpki-rs/pull/309
+[#310]: https://github.com/NLnetLabs/rpki-rs/pull/310
+[#315]: https://github.com/NLnetLabs/rpki-rs/pull/315
 
 
 ## 0.18.4

diff --git a/src/ca/idcert.rs b/src/ca/idcert.rs
@@ -419,6 +419,10 @@ impl TbsIdCert {
     pub fn subject(&self) -> &Name {
         &self.subject
     }
+
+    pub fn validity(&self) -> &Validity {
+        &self.validity
+    }
 }
 
 /// # Decoding and Encoding

diff --git a/src/ca/idexchange.rs b/src/ca/idexchange.rs
@@ -482,7 +482,7 @@ impl ChildRequest {
         writer.done()
     }
 
-    /// Writes the ChildRequest's XML representation to a new Vec<u8>.
+    /// Writes the ChildRequest's XML representation to a new `Vec<u8>`.
     pub fn to_xml_vec(&self) -> Vec<u8> {
         let mut vec = vec![];
         self.write_xml(&mut vec).unwrap(); // safe
@@ -730,7 +730,7 @@ impl ParentResponse {
         validate_idcert_at(&self.id_cert, when)
     }
 
-    /// Writes the ParentResponse's XML representation to a new Vec<u8>.
+    /// Writes the ParentResponse's XML representation to a new `Vec<u8>`.
     pub fn to_xml_vec(&self) -> Vec<u8> {
         let mut vec = vec![];
         self.write_xml(&mut vec).unwrap(); // safe
@@ -756,12 +756,12 @@ impl fmt::Display for ParentResponse {
 
 //------------ PublisherRequest ----------------------------------------------
 
-/// Type representing a <publisher_request/>
+/// Type representing a `<publisher_request/>`
 ///
 /// This is the XML message with identity information that a CA sends to a
 /// Publication Server.
 ///
-/// For more info, see: https://tools.ietf.org/html/rfc8183#section-5.2.3
+/// For more info, see: <https://tools.ietf.org/html/rfc8183#section-5.2.3>
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
 pub struct PublisherRequest {
     /// The self-signed IdCert containing the publisher's public key.
@@ -912,7 +912,7 @@ impl PublisherRequest {
         writer.done()
     }
 
-    /// Writes the PublisherRequest's XML representation to a new Vec<u8>.
+    /// Writes the PublisherRequest's XML representation to a new `Vec<u8>`.
     pub fn to_xml_vec(&self) -> Vec<u8> {
         let mut vec = vec![];
         self.write_xml(&mut vec).unwrap(); // safe
@@ -945,7 +945,7 @@ impl fmt::Display for PublisherRequest {
 /// This is the response sent to a CA by the publication server. It contains
 /// the details needed by the CA to send publication messages to the server.
 ///
-/// See https://tools.ietf.org/html/rfc8183#section-5.2.4
+/// See <https://tools.ietf.org/html/rfc8183#section-5.2.4>
 #[derive(Clone, Debug, Deserialize, Eq, Serialize, PartialEq)]
 pub struct RepositoryResponse {
     /// The Publication Server Identity Certificate
@@ -1155,7 +1155,7 @@ impl RepositoryResponse {
         validate_idcert_at(&self.id_cert, when)
     }
 
-    /// Writes the RepositoryResponse's XML representation to a new Vec<u8>.
+    /// Writes the RepositoryResponse's XML representation to a new `Vec<u8>`.
     pub fn to_xml_vec(&self) -> Vec<u8> {
         let mut vec = vec![];
         self.write_xml(&mut vec).unwrap(); // safe

diff --git a/src/ca/provisioning.rs b/src/ca/provisioning.rs
@@ -270,7 +270,7 @@ impl Message {
 /// # Decoding from XML
 ///
 impl Message {
-    /// Parses an RFC 6492 <message />
+    /// Parses an RFC 6492 `<message />`
     pub fn decode<R: io::BufRead>(reader: R) -> Result<Self, Error> {
         let mut reader = xml::decode::Reader::new(reader);
 
@@ -375,7 +375,7 @@ impl Payload {
 /// # Encoding to XML
 ///
 impl Payload {
-    /// Value for the type attribute in the <message /> element.
+    /// Value for the type attribute in the `<message />` element.
     pub fn payload_type(&self) -> PayloadType {
         match self {
             Payload::List => PayloadType::List,
@@ -723,7 +723,7 @@ impl IssuanceResponse {
 /// Note that the IssuanceRequest will be rejected by the parent, if the limit
 /// exceeds the child's entitlements.
 ///
-/// See: https://tools.ietf.org/html/rfc6492#section-3.4.1
+/// See: <https://tools.ietf.org/html/rfc6492#section-3.4.1>
 #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
 pub struct RequestResourceLimit {
     #[serde(
@@ -998,7 +998,7 @@ impl From<&RevocationRequest> for RevocationResponse {
 
 //------------ KeyElement ----------------------------------------------------
 
-/// This type represents a <key /> element as used in both the Certificate
+/// This type represents a `<key />` element as used in both the Certificate
 /// Revocation Request and Response, sections 3.5.1 and 3.5.2 respectively,
 /// of RFC6492.
 #[derive(Clone, Debug, Deserialize, Eq, Hash, PartialEq, Serialize)]
@@ -1096,7 +1096,7 @@ impl fmt::Display for KeyElement {
 /// This structure is what is called the "Resource Class List Response"
 /// in section 3.3.2 of RFC6492.
 ///
-/// This response can have 0 or more <class /> elements containing the
+/// This response can have 0 or more `<class />` elements containing the
 /// entitlements for 0 or more corresponding resource classes.
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
 pub struct ResourceClassListResponse {

diff --git a/src/ca/publication.rs b/src/ca/publication.rs
@@ -222,7 +222,7 @@ impl Message {
 /// # Decoding from XML
 /// 
 impl Message {
-    /// Parses an RFC 8181 <msg />
+    /// Parses an RFC 8181 `<msg />`
     pub fn decode<R: io::BufRead>(reader: R) -> Result<Self, Error> {
         let mut reader = xml::decode::Reader::new(reader);
 
@@ -539,7 +539,7 @@ impl QueryPdu {
 //------------ PublishDelta ------------------------------------------------
 
 /// This type represents a multi element query as described in
-/// https://tools.ietf.org/html/rfc8181#section-3.7
+/// <https://tools.ietf.org/html/rfc8181#section-3.7>
 #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
 pub struct PublishDelta(Vec<PublishDeltaElement>);
 
@@ -613,7 +613,7 @@ impl PublishDeltaElement {
 //------------ Publish -------------------------------------------------------
 
 /// Represents a publish element, that does not update any existing object.
-/// See: https://tools.ietf.org/html/rfc8181#section-3.1
+/// See: <https://tools.ietf.org/html/rfc8181#section-3.1>
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
 pub struct Publish {
     tag: Option<String>,
@@ -679,7 +679,7 @@ impl Publish {
 //------------ Update --------------------------------------------------------
 
 /// Represents a publish element, that replaces an existing object.
-/// See: https://tools.ietf.org/html/rfc8181#section-3.2
+/// See: <https://tools.ietf.org/html/rfc8181#section-3.2>
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
 pub struct Update {
     tag: Option<String>,
@@ -766,7 +766,7 @@ impl Update {
 //------------ Withdraw ------------------------------------------------------
 
 /// Represents a withdraw element that removes an object.
-/// See: https://tools.ietf.org/html/rfc8181#section-3.3
+/// See: <https://tools.ietf.org/html/rfc8181#section-3.3>
 #[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
 pub struct Withdraw {
     tag: Option<String>,
@@ -1062,7 +1062,7 @@ impl ReplyPdu {
 //------------ ListReply -----------------------------------------------------
 
 /// This type represents the list reply as described in
-/// https://tools.ietf.org/html/rfc8181#section-2.3
+/// <https://tools.ietf.org/html/rfc8181#section-2.3>
 #[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
 pub struct ListReply {
     elements: Vec<ListElement>,
@@ -1156,7 +1156,7 @@ impl ListElement {
 //------------ ErrorReply ----------------------------------------------------
 
 /// This type represents the error report as described in
-/// https://tools.ietf.org/html/rfc8181#section-3.5 and 3.6
+/// <https://tools.ietf.org/html/rfc8181#section-3.5> and 3.6
 #[derive(Clone, Debug, Default, Eq, PartialEq)]
 pub struct ErrorReply {
     errors: Vec<ReportError>,

diff --git a/src/ca/sigmsg.rs b/src/ca/sigmsg.rs
@@ -28,8 +28,11 @@ use super::idcert::IdCert;
 /// but similar structure.
 /// 
 /// Most important differences to watch out for:
-/// = This uses [`IdCert`] instead of [`Cert`] as the EE (no INRs needed)
-/// = This MUST include a CRL
+///  - This uses [`IdCert`] instead of [`Cert`] as the EE (no INRs needed)
+///  - This MUST include a CRL
+/// 
+/// [`Cert`]: crate::repository::cert::Cert 
+/// [`SignedObject`]: crate::repository::sigobj::SignedObject
 #[derive(Clone, Debug)]
 pub struct  SignedMessage {
     //--- From SignedData

diff --git a/src/crypto/digest.rs b/src/crypto/digest.rs
@@ -103,7 +103,7 @@ impl DigestAlgorithm {
 /// The functions and methods in this section allow decoding and encoding
 /// such values.
 ///
-/// [`SignatureAlgorithm`]: ../signature/struct.SignatureAlgorithm.html
+/// [`SignatureAlgorithm`]: super::SignatureAlgorithm
 /// [RFC 5754]: https://tools.ietf.org/html/rfc5754
 /// [RFC 7935]: https://tools.ietf.org/html/rfc7935
 impl DigestAlgorithm {
@@ -180,7 +180,7 @@ impl DigestAlgorithm {
         encode::sequence(oid::SHA256.encode())
     }
 
-    /// Provides an encoder for a indentifer as the sole value of a set.
+    /// Provides an encoder for a identifier as the sole value of a set.
     pub fn encode_set(self) -> impl encode::Values {
         encode::set(
             self.encode()

diff --git a/src/crypto/keys.rs b/src/crypto/keys.rs
@@ -78,7 +78,7 @@ impl PublicKeyFormat {
 /// defined by [RFC 4055] and the parameters must be present and NULL.
 /// When parsing, we generously also allow it to be absent altogether.
 ///
-/// For ECDSA keys, the object identifer needs to be `ecPublicKey` defined
+/// For ECDSA keys, the object identifier needs to be `ecPublicKey` defined
 /// in [RFC 5480] with the parameter being the object identifier `secp256r1`
 /// defined in the same RFC.
 ///
@@ -113,7 +113,7 @@ impl PublicKeyFormat{
         }
     }
 
-    /// Provides an encoder for the algorihm identifier.
+    /// Provides an encoder for the algorithm identifier.
     pub fn encode(self) -> impl encode::Values {
         match self {
             PublicKeyFormat::Rsa => {
@@ -177,7 +177,7 @@ impl PublicKey {
     /// Creates an RSA Public Key based on the supplied exponent and modulus.
     /// 
     /// See:
-    /// [RFC 4055]: https://tools.ietf.org/html/rfc4055
+    /// [RFC 4055]: <https://tools.ietf.org/html/rfc4055>
     /// 
     /// An RSA Public Key uses the following DER encoded structure inside its
     /// BitString component:
@@ -421,7 +421,7 @@ impl PrimitiveContent for PublicKeyCn {
 pub struct KeyIdentifier([u8; 20]);
 
 impl KeyIdentifier {
-    /// Returns an octet slice of the key identifer’s value.
+    /// Returns an octet slice of the key identifier’s value.
     pub fn as_slice(&self) -> &[u8] {
         self.0.as_ref()
     }
@@ -456,7 +456,7 @@ impl KeyIdentifier {
         cons.take_opt_value_if(bcder::Tag::OCTET_STRING, Self::from_content)
     }
 
-    /// Parses an encoded key identifer from encoded content.
+    /// Parses an encoded key identifier from encoded content.
     pub fn from_content<S: Source>(
         content: &mut decode::Content<S>
     ) -> Result<Self, DecodeError<S::Error>> {
@@ -481,7 +481,7 @@ impl KeyIdentifier {
         }
     }
 
-    /// Skips over an encoded key indentifier.
+    /// Skips over an encoded key identifier.
     pub fn skip_opt_in<S: Source>(
         cons: &mut decode::Constructed<S>
     ) -> Result<Option<()>, DecodeError<S::Error>> {
@@ -609,7 +609,7 @@ impl<'de> serde::Deserialize<'de> for KeyIdentifier {
     ) -> Result<Self, D::Error> {
         struct KeyIdentifierVisitor;
 
-        impl<'de> serde::de::Visitor<'de> for KeyIdentifierVisitor {
+        impl serde::de::Visitor<'_> for KeyIdentifierVisitor {
             type Value = KeyIdentifier;
 
             fn expecting(