sigTst2 fixes

sdk/src/assertions/actions.rs

@@ -76,6 +76,7 @@ pub static V2_DEPRECATED_ACTIONS: [&str; 7] = [
 /// We use this to allow SourceAgent to be either a string or a ClaimGeneratorInfo
 #[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Eq)]
 #[serde(untagged)]
+#[allow(clippy::large_enum_variant)]
 pub enum SoftwareAgent {
     String(String),
     ClaimGeneratorInfo(ClaimGeneratorInfo),

sdk/src/claim.rs

@@ -439,7 +439,7 @@ impl Claim {
         let uuid =
             Uuid::try_parse(&ug).map_err(|_e| Error::BadParam("invalid Claim GUID".into()))?;
         match uuid.get_version() {
-            Some(v) if v == uuid::Version::Random => (),
+            Some(uuid::Version::Random) => (),
             _ => return Err(Error::BadParam("invalid Claim GUID".into())),
         }
         let label = if claim_version == 1 {

sdk/src/jumbf/labels.rs

@@ -210,16 +210,12 @@ pub(crate) fn manifest_label_to_parts(uri: &str) -> Option<ManifestParts> {
                         return None;
                     }
 
-                    if parts.len() > 3 {
-                        if !parts[3].is_empty() {
-                            vendor = Some(parts[3].to_owned());
-                        }
+                    if parts.len() > 3 && !parts[3].is_empty() {
+                        vendor = Some(parts[3].to_owned());
                     }
 
-                    if parts.len() > 4 {
-                        if !parts[4].is_empty() {
-                            version = Some(parts[4].to_owned());
-                        }
+                    if parts.len() > 4 && !parts[4].is_empty() {
+                        version = Some(parts[4].to_owned());
                     }
                 }
 

sdk/src/openssl/openssl_trust_handler.rs

@@ -278,7 +278,7 @@ pub(crate) fn verify_trust(
             .set_flags(X509VerifyFlags::NO_CHECK_TIME)
             .map_err(Error::OpenSslError)?;
     }
-     
+
     builder
         .set_param(&verify_param)
         .map_err(Error::OpenSslError)?;

sdk/src/time_stamp.rs

@@ -13,13 +13,15 @@
 
 use std::ops::Deref;
 
+use asn1_rs::nom::AsBytes;
 use async_generic::async_generic;
 use bcder::{
     decode::{Constructed, SliceSource},
     encode::Values,
     ConstOid, OctetString,
 };
 use coset::{sig_structure_data, ProtectedHeader};
+use rasn::{AsnType, Decode, Encode};
 use serde::{Deserialize, Serialize};
 use x509_certificate::DigestAlgorithm::{self};
 
@@ -33,8 +35,8 @@ use crate::{
     asn1::{
         rfc3161::{TimeStampResp, TimeStampToken, TstInfo, OID_CONTENT_TYPE_TST_INFO},
         rfc5652::{
-            CertificateChoices::Certificate, ContentInfo, SignedData, OID_ID_SIGNED_DATA,
-            OID_MESSAGE_DIGEST, OID_SIGNING_TIME,
+            CertificateChoices::Certificate, SignedData, OID_ID_SIGNED_DATA, OID_MESSAGE_DIGEST,
+            OID_SIGNING_TIME,
         },
     },
     error::{Error, Result},
@@ -444,29 +446,30 @@ fn get_validator_type(sig_alg: &bcder::Oid, hash_alg: &bcder::Oid) -> Option<Str
     }
 }
 
+#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
+pub struct ContentInfo {
+    pub content_type: rasn::types::ObjectIdentifier,
+    #[rasn(tag(explicit(0)))]
+    pub content: rasn::types::Any,
+}
+
 // Return timeStampToken used by sigTst2
 pub(crate) fn timestamptoken_from_timestamprsp(ts: &[u8]) -> Option<Vec<u8>> {
     let ts_resp = get_timestamp_response(ts).ok()?;
 
     let tst = ts_resp.0.time_stamp_token?;
-    let mut tst_der = Vec::new();
-    tst.write_encoded(bcder::Mode::Der, &mut tst_der).ok()?;
-
-    if let Ok(ts) = Constructed::decode(tst_der.as_ref(), bcder::Mode::Der, |cons| {
-        cons.take_sequence(|cons| {
-            let content_type = crate::asn1::rfc5652::ContentType::take_from(cons)?;
-            let content = cons.take_constructed_if(bcder::Tag::CTX_0, |cons| cons.capture_all())?;
-
-            Ok(ContentInfo {
-                content_type,
-                content,
-            })
-        })
-    }) {
-        println!("{:?}", ts);
-    }
+    let a: Result<Vec<u32>> = tst
+        .content_type
+        .iter()
+        .map(|v| v.to_u32().ok_or(Error::NotFound))
+        .collect();
+
+    let ci = ContentInfo {
+        content_type: rasn::types::ObjectIdentifier::new(a.ok()?)?,
+        content: rasn::types::Any::new(tst.content.as_bytes().to_vec()),
+    };
 
-    Some(tst_der)
+    rasn::der::encode(&ci).ok()
 }
 
 // Returns TimeStamp token info if ts verifies against supplied data
@@ -784,13 +787,13 @@ pub(crate) fn get_timestamp_signed_data(data: &[u8]) -> Result<Option<SignedData
 
     if let Some(token) = &tst {
         if token.content_type == OID_ID_SIGNED_DATA {
-            return Ok(Some(
+            Ok(Some(
                 token
                     .content
                     .clone()
                     .decode(SignedData::take_from)
                     .map_err(|_err| Error::CoseInvalidTimeStamp)?,
-            ));
+            ))
         } else {
             Err(Error::CoseInvalidTimeStamp)
         }

sdk/src/utils/test.rs

@@ -365,7 +365,7 @@ pub(crate) fn temp_signer() -> Box<dyn Signer> {
             &sign_cert,
             &pem_key,
             SigningAlg::Ps256,
-            Some("http://timestamp.digicert.com".into()),
+            None, // Some("http://timestamp.digicert.com".into()),
         )
         .expect("get_temp_signer");