rust: better error types, dedupe

Signed-off-by: William Woodruff <[email protected]>

extensions: unwrap -> expect

Signed-off-by: William Woodruff <[email protected]>

Author: woodruffw

src/rust/cryptography-x509/src/certificate.rs

@@ -5,6 +5,7 @@
 use crate::common;
 use crate::extensions;
 use crate::extensions::Extensions;
+use crate::extensions::ExtensionsError;
 use crate::name;
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Clone)]
@@ -36,7 +37,7 @@ pub struct TbsCertificate<'a> {
 }
 
 impl<'a> TbsCertificate<'a> {
-    pub fn extensions(&'a self) -> Result<Option<Extensions<'a>>, asn1::ObjectIdentifier> {
+    pub fn extensions(&'a self) -> Result<Option<Extensions<'a>>, ExtensionsError> {
         Extensions::from_raw_extensions(self.raw_extensions.as_ref())
     }
 }

src/rust/cryptography-x509/src/extensions.rs

@@ -14,6 +14,10 @@ pub type RawExtensions<'a> = common::Asn1ReadableOrWritable<
     asn1::SequenceOfWriter<'a, Extension<'a>, Vec<Extension<'a>>>,
 >;
 
+pub enum ExtensionsError {
+    DuplicateOid(asn1::ObjectIdentifier),
+}
+
 /// An invariant-enforcing wrapper for `RawExtensions`.
 ///
 /// In particular, an `Extensions` cannot be constructed from a `RawExtensions`
@@ -27,14 +31,14 @@ impl<'a> Extensions<'a> {
     /// OID, if there are any duplicates.
     pub fn from_raw_extensions(
         raw: Option<&RawExtensions<'a>>,
-    ) -> Result<Option<Self>, asn1::ObjectIdentifier> {
+    ) -> Result<Option<Self>, ExtensionsError> {
         match raw {
             Some(raw_exts) => {
                 let mut seen_oids = HashSet::new();
 
                 for ext in raw_exts.unwrap_read().clone() {
                     if !seen_oids.insert(ext.extn_id.clone()) {
-                        return Err(ext.extn_id);
+                        return Err(ExtensionsError::DuplicateOid(ext.extn_id));
                     }
                 }
 

src/rust/src/x509/certificate.rs

@@ -193,8 +193,8 @@ impl Certificate {
         let val = self.raw.borrow_value();
         let mut tbs_precert = val.tbs_cert.clone();
         // Remove the SCT list extension
-        match val.tbs_cert.extensions() {
-            Ok(Some(extensions)) => {
+        match val.tbs_cert.extensions()? {
+            Some(extensions) => {
                 let readable_extensions = extensions.as_raw().unwrap_read().clone();
                 let ext_count = readable_extensions.len();
                 let filtered_extensions: Vec<Extension<'_>> = readable_extensions
@@ -214,19 +214,11 @@ impl Certificate {
                 let result = asn1::write_single(&tbs_precert)?;
                 Ok(pyo3::types::PyBytes::new(py, &result))
             }
-            Ok(None) => Err(CryptographyError::from(
+            None => Err(CryptographyError::from(
                 pyo3::exceptions::PyValueError::new_err(
                     "Could not find any extensions in TBS certificate",
                 ),
             )),
-            Err(oid) => {
-                let oid_obj = oid_to_py_oid(py, &oid)?;
-                Err(exceptions::DuplicateExtension::new_err((
-                    format!("Duplicate {} extension found", oid),
-                    oid_obj.into_py(py),
-                ))
-                .into())
-            }
         }
     }
 

src/rust/src/x509/common.rs

@@ -9,7 +9,7 @@ use cryptography_x509::common::{Asn1ReadableOrWritable, AttributeTypeValue, RawT
 use cryptography_x509::extensions::{AccessDescription, Extension, Extensions, RawExtensions};
 use cryptography_x509::name::{GeneralName, Name, OtherName, UnvalidatedIA5String};
 use pyo3::types::IntoPyDict;
-use pyo3::{IntoPy, ToPyObject};
+use pyo3::ToPyObject;
 
 /// Parse all sections in a PEM file and return the first matching section.
 /// If no matching sections are found, return an error.
@@ -397,16 +397,8 @@ pub(crate) fn parse_and_cache_extensions<
         return Ok(cached.clone_ref(py));
     }
 
-    let extensions = match Extensions::from_raw_extensions(raw_extensions.as_ref()) {
-        Ok(extensions) => extensions,
-        Err(oid) => {
-            let oid_obj = oid_to_py_oid(py, &oid)?;
-            return Err(exceptions::DuplicateExtension::new_err((
-                format!("Duplicate {} extension found", oid),
-                oid_obj.into_py(py),
-            )));
-        }
-    };
+    let extensions = Extensions::from_raw_extensions(raw_extensions.as_ref())
+        .map_err(CryptographyError::from)?;
 
     let x509_module = py.import(pyo3::intern!(py, "cryptography.x509"))?;
     let exts = pyo3::types::PyList::empty(py);

src/rust/src/x509/extensions.rs

@@ -2,11 +2,29 @@
 // 2.0, and the BSD License. See the LICENSE file in the root of this repository
 // for complete details.
 
-use crate::asn1::{py_oid_to_oid, py_uint_to_big_endian_bytes};
+use crate::asn1::{oid_to_py_oid, py_oid_to_oid, py_uint_to_big_endian_bytes};
 use crate::error::{CryptographyError, CryptographyResult};
-use crate::x509;
 use crate::x509::{certificate, sct};
+use crate::{exceptions, x509};
+use cryptography_x509::extensions::ExtensionsError;
 use cryptography_x509::{common, crl, extensions, oid};
+use pyo3::IntoPy;
+
+impl From<ExtensionsError> for CryptographyError {
+    fn from(err: ExtensionsError) -> Self {
+        match err {
+            ExtensionsError::DuplicateOid(oid) => pyo3::Python::with_gil(|py| {
+                let oid_obj =
+                    oid_to_py_oid(py, &oid).expect("Failed to convert OID to Python object");
+                exceptions::DuplicateExtension::new_err((
+                    format!("Duplicate {} extension found", oid),
+                    oid_obj.into_py(py),
+                ))
+                .into()
+            }),
+        }
+    }
+}
 
 fn encode_general_subtrees<'a>(
     py: pyo3::Python<'a>,