From 2f59515752b4c67d60818f9a0a7bb0c2efa9ff25 Mon Sep 17 00:00:00 2001
From: Sergio Benitez <sb@sergio.bz>
Date: Tue, 22 Feb 2022 12:51:59 -0800
Subject: [PATCH] Update 'x509-parser' to 0.12.

Closes #2100.
---
 core/http/Cargo.toml      |  2 +-
 core/http/src/tls/mtls.rs | 17 +++++++++--------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/core/http/Cargo.toml b/core/http/Cargo.toml
index c11ad7e2..c81aecfa 100644
--- a/core/http/Cargo.toml
+++ b/core/http/Cargo.toml
@@ -43,7 +43,7 @@ cookie = { version = "0.16.0", features = ["percent-encode", "secure"] }
 state = "0.5.1"
 
 [dependencies.x509-parser]
-version = "0.9.2"
+version = "0.12"
 optional = true
 
 [dependencies.hyper]
diff --git a/core/http/src/tls/mtls.rs b/core/http/src/tls/mtls.rs
index d588ef3a..3df8d5d5 100644
--- a/core/http/src/tls/mtls.rs
+++ b/core/http/src/tls/mtls.rs
@@ -30,16 +30,16 @@ pub mod x509 {
     pub use x509_parser::x509::*;
     pub use x509_parser::der_parser::der;
     pub use x509_parser::der_parser::ber;
+    pub use x509_parser::traits::*;
 }
 
 use std::fmt;
 use std::ops::Deref;
-use std::collections::HashMap;
 use std::num::NonZeroUsize;
 
 use ref_cast::RefCast;
 use x509_parser::nom;
-use x509::{ParsedExtension, X509Name, X509Certificate, TbsCertificate, X509Error};
+use x509::{ParsedExtension, X509Name, X509Certificate, TbsCertificate, X509Error, FromDer};
 use oid::OID_X509_EXT_SUBJECT_ALT_NAME as SUBJECT_ALT_NAME;
 
 use crate::listener::RawCertificate;
@@ -201,8 +201,9 @@ impl<'a> Certificate<'a> {
             return Err(Error::Trailing(left.len()));
         }
 
+        // Ensure we have a subject or a subjectAlt.
         if x509.subject().as_raw().is_empty() {
-            if let Some(ext) = x509.extensions().get(&SUBJECT_ALT_NAME) {
+            if let Some(ext) = x509.extensions().iter().find(|e| e.oid == SUBJECT_ALT_NAME) {
                 if !matches!(ext.parsed_extension(), ParsedExtension::SubjectAlternativeName(..)) {
                     return Err(Error::NoSubject);
                 } else if !ext.critical {
@@ -308,7 +309,7 @@ impl<'a> Certificate<'a> {
         Name::ref_cast(&self.inner().issuer)
     }
 
-    /// Returns a map of the extensions in the X.509 certificate.
+    /// Returns a slice of the extensions in the X.509 certificate.
     ///
     /// # Example
     ///
@@ -319,8 +320,8 @@ impl<'a> Certificate<'a> {
     ///
     /// #[get("/auth")]
     /// fn auth(cert: Certificate<'_>) {
-    ///     let subject_alt = cert.extensions()
-    ///         .get(&oid::OID_X509_EXT_SUBJECT_ALT_NAME)
+    ///     let subject_alt = cert.extensions().iter()
+    ///         .find(|e| e.oid == oid::OID_X509_EXT_SUBJECT_ALT_NAME)
     ///         .and_then(|e| match e.parsed_extension() {
     ///             x509::ParsedExtension::SubjectAlternativeName(s) => Some(s),
     ///             _ => None
@@ -335,8 +336,8 @@ impl<'a> Certificate<'a> {
     ///     }
     /// }
     /// ```
-    pub fn extensions(&self) -> &HashMap<oid::Oid<'a>, x509::X509Extension<'a>> {
-        &self.inner().extensions
+    pub fn extensions(&self) -> &[x509::X509Extension<'a>] {
+        &self.inner().extensions()
     }
 
     /// Checks if the certificate has the serial number `number`.