Skip to content

[WIP] Migrating from x509-parser to x509-cert#28

Draft
timweri wants to merge 7 commits intoyk8from
yk8-thanh
Draft

[WIP] Migrating from x509-parser to x509-cert#28
timweri wants to merge 7 commits intoyk8from
yk8-thanh

Conversation

@timweri
Copy link
Collaborator

@timweri timweri commented Apr 16, 2025
edited
Loading

Status: Doesn't build

All of these are untested. Just committing for visbility.

It seems like x509-cert doesn't implement cert signature verification.

timweri and others added 7 commits April 16, 2025 00:18
@timweri
Port x509/mod.rs
c8a501b
@timweri
WIP PIV verification
4ab3ebb
@timweri @obelisk
Add support for new Yubico FIDO and PIV attestation root CA (#26)
c4ffc4c 
* Add Yubico FIDO Root CA Serial 450203556

* Use Attestation Root instead of FIDO Root CA

* Refactor

* Make Tests Consistent

When I was originally writing the Mozilla handler for this library, I
didn't implement hashing of the challenge because there is no way to
take in a challenge from a remote host. This is why @timweri had to
remove the hashing from the test in his earlier commits.

We now generate random data first, then hash it such that we can get the
preimage to test it properly. This also will allow us to extend the API
into the future to allow remote challenges for key generation
verification.

* Bump version

* Add new PIV root CA and intermediates

---------

Co-authored-by: Mitchell Grenier <mitchell@confurious.io>
@timweri
Merge remote-tracking branch 'origin/main' into yk8-thanh
f90438b
@timweri
Revert x509-parser -> x509-cert migration
4ae4dd3
@timweri
Create nongeneric yk::provision variants
005d106
@timweri
Add generate csr example
530f994
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@timweri