update to asn1 0.19 and use X509GeneralizedTime (#11988)

Author: reaperhulk

Cargo.lock

@@ -19,7 +19,7 @@ publish = false
 rust-version = "1.65.0"
 
 [workspace.dependencies]
-asn1 = { version = "0.18.0", default-features = false }
+asn1 = { version = "0.19.0", default-features = false }
 pyo3 = { version = "0.23.1", features = ["abi3"] }
 
 [profile.release]

Cargo.toml

@@ -780,7 +780,7 @@ mod tests {
             let generalized_dt = utc_dt.clone();
             let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap());
             let generalized_validity =
-                Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+                Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&utc_validity).is_ok());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&generalized_validity).is_err());
         }
@@ -790,7 +790,7 @@ mod tests {
             let generalized_dt = utc_dt.clone();
             let utc_validity = Time::UtcTime(asn1::UtcTime::new(utc_dt).unwrap());
             let generalized_validity =
-                Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+                Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&utc_validity).is_ok());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&generalized_validity).is_err());
         }
@@ -800,7 +800,7 @@ mod tests {
             let generalized_dt = utc_dt.clone();
             assert!(asn1::UtcTime::new(utc_dt).is_err());
             let generalized_validity =
-                Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+                Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&generalized_validity).is_ok());
         }
         {
@@ -810,7 +810,7 @@ mod tests {
             // The `asn1::UtcTime` constructor prevents this.
             assert!(asn1::UtcTime::new(utc_dt).is_err());
             let generalized_validity =
-                Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+                Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&generalized_validity).is_ok());
         }
         {
@@ -820,7 +820,7 @@ mod tests {
             // The `asn1::UtcTime` constructor prevents this.
             assert!(asn1::UtcTime::new(utc_dt).is_err());
             let generalized_validity =
-                Time::GeneralizedTime(asn1::GeneralizedTime::new(generalized_dt).unwrap());
+                Time::GeneralizedTime(asn1::X509GeneralizedTime::new(generalized_dt).unwrap());
             assert!(permits_validity_date::<PublicKeyErrorOps>(&generalized_validity).is_ok());
         }
     }

src/rust/cryptography-x509-verification/src/policy/mod.rs

@@ -207,7 +207,7 @@ impl asn1::Asn1Writable for RawTlv<'_> {
 #[derive(asn1::Asn1Read, asn1::Asn1Write, PartialEq, Eq, Hash, Clone)]
 pub enum Time {
     UtcTime(asn1::UtcTime),
-    GeneralizedTime(asn1::GeneralizedTime),
+    GeneralizedTime(asn1::X509GeneralizedTime),
 }
 
 impl Time {

src/rust/cryptography-x509/src/common.rs

@@ -39,7 +39,7 @@ pub struct ResponseData<'a> {
     #[default(0)]
     pub version: u8,
     pub responder_id: ResponderId<'a>,
-    pub produced_at: asn1::GeneralizedTime,
+    pub produced_at: asn1::X509GeneralizedTime,
     pub responses: common::Asn1ReadableOrWritable<
         asn1::SequenceOf<'a, SingleResponse<'a>>,
         asn1::SequenceOfWriter<'a, SingleResponse<'a>, Vec<SingleResponse<'a>>>,
@@ -60,9 +60,9 @@ pub enum ResponderId<'a> {
 pub struct SingleResponse<'a> {
     pub cert_id: ocsp_req::CertID<'a>,
     pub cert_status: CertStatus,
-    pub this_update: asn1::GeneralizedTime,
+    pub this_update: asn1::X509GeneralizedTime,
     #[explicit(0)]
-    pub next_update: Option<asn1::GeneralizedTime>,
+    pub next_update: Option<asn1::X509GeneralizedTime>,
     #[explicit(1)]
     pub raw_single_extensions: Option<extensions::RawExtensions<'a>>,
 }
@@ -79,7 +79,7 @@ pub enum CertStatus {
 
 #[derive(asn1::Asn1Read, asn1::Asn1Write)]
 pub struct RevokedInfo {
-    pub revocation_time: asn1::GeneralizedTime,
+    pub revocation_time: asn1::X509GeneralizedTime,
     #[explicit(0)]
     pub revocation_reason: Option<crl::CRLReason>,
 }

src/rust/cryptography-x509/src/ocsp_resp.rs

@@ -965,9 +965,9 @@ pub(crate) fn time_from_py(
 
 pub(crate) fn time_from_datetime(dt: asn1::DateTime) -> CryptographyResult<common::Time> {
     if dt.year() >= 2050 {
-        Ok(common::Time::GeneralizedTime(asn1::GeneralizedTime::new(
-            dt,
-        )?))
+        Ok(common::Time::GeneralizedTime(
+            asn1::X509GeneralizedTime::new(dt)?,
+        ))
     } else {
         Ok(common::Time::UtcTime(asn1::UtcTime::new(dt).unwrap()))
     }

src/rust/src/x509/certificate.rs

@@ -678,7 +678,9 @@ pub(crate) fn encode_extension(
         &oid::INVALIDITY_DATE_OID => {
             let py_dt = ext.getattr(pyo3::intern!(py, "invalidity_date_utc"))?;
             let dt = x509::py_to_datetime(py, py_dt)?;
-            Ok(Some(asn1::write_single(&asn1::GeneralizedTime::new(dt)?)?))
+            Ok(Some(asn1::write_single(&asn1::X509GeneralizedTime::new(
+                dt,
+            )?)?))
         }
         &oid::CRL_NUMBER_OID | &oid::DELTA_CRL_INDICATOR_OID => {
             let intval = ext

src/rust/src/x509/extensions.rs

@@ -728,7 +728,8 @@ pub(crate) fn create_ocsp_response(
         };
         // REVOKED
         let py_revocation_time = py_single_resp.getattr(pyo3::intern!(py, "_revocation_time"))?;
-        let revocation_time = asn1::GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?;
+        let revocation_time =
+            asn1::X509GeneralizedTime::new(py_to_datetime(py, py_revocation_time)?)?;
         ocsp_resp::CertStatus::Revoked(ocsp_resp::RevokedInfo {
             revocation_time,
             revocation_reason,
@@ -739,15 +740,15 @@ pub(crate) fn create_ocsp_response(
         .is_none()
     {
         let py_next_update = py_single_resp.getattr(pyo3::intern!(py, "_next_update"))?;
-        Some(asn1::GeneralizedTime::new(py_to_datetime(
+        Some(asn1::X509GeneralizedTime::new(py_to_datetime(
             py,
             py_next_update,
         )?)?)
     } else {
         None
     };
     let py_this_update = py_single_resp.getattr(pyo3::intern!(py, "_this_update"))?;
-    let this_update = asn1::GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?;
+    let this_update = asn1::X509GeneralizedTime::new(py_to_datetime(py, py_this_update)?)?;
 
     let ka_vec = cryptography_keepalive::KeepAlive::new();
     let ka_bytes = cryptography_keepalive::KeepAlive::new();
@@ -789,7 +790,7 @@ pub(crate) fn create_ocsp_response(
 
     let tbs_response_data = ocsp_resp::ResponseData {
         version: 0,
-        produced_at: asn1::GeneralizedTime::new(x509::common::datetime_now(py)?)?,
+        produced_at: asn1::X509GeneralizedTime::new(x509::common::datetime_now(py)?)?,
         responder_id,
         responses: common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(
             responses,