cmpv2: build OobCertHash from a certificate

Author: baloo

Cargo.lock

@@ -21,6 +21,8 @@ der = { version = "0.8.0-rc.0", features = ["alloc", "derive", "flagset", "oid"]
 spki = { version = "0.8.0-rc.0" }
 x509-cert = { version = "=0.3.0-pre.0", default-features = false }
 
+digest = { version = "0.11.0-pre.10", optional = true, default-features = false }
+
 [dev-dependencies]
 const-oid = { version = "0.10.0-rc.0", features = ["db"] }
 hex-literal = "0.4"
@@ -30,6 +32,7 @@ alloc = ["der/alloc"]
 std = ["der/std", "spki/std"]
 
 pem = ["alloc", "der/pem"]
+digest = ["dep:digest", "spki/digest"]
 
 [package.metadata.docs.rs]
 all-features = true

cmpv2/Cargo.toml

@@ -6,6 +6,13 @@ use der::asn1::BitString;
 use crmf::controls::CertId;
 use spki::AlgorithmIdentifierOwned;
 
+#[cfg(feature = "digest")]
+use {
+    der::{Encode, asn1::Null, oid::AssociatedOid},
+    spki::DigestWriter,
+    x509_cert::{Certificate, ext::pkix::name::GeneralName},
+};
+
 use crate::header::CmpCertificate;
 
 /// The `OOBCert` type is defined in [RFC 4210 Section 5.2.5].
@@ -48,3 +55,29 @@ pub struct OobCertHash {
     pub cert_id: Option<CertId>,
     pub hash_val: BitString,
 }
+
+#[cfg(feature = "digest")]
+impl OobCertHash {
+    /// Create an [`OobCertHash`] from a given certificate
+    pub fn from_certificate<D>(cert: &Certificate) -> der::Result<Self>
+    where
+        D: digest::Digest + AssociatedOid,
+    {
+        let mut digest = D::new();
+
+        cert.encode(&mut DigestWriter(&mut digest))?;
+
+        Ok(Self {
+            hash_alg: Some(AlgorithmIdentifierOwned {
+                oid: D::OID,
+                parameters: Some(Null.into()),
+            }),
+            // TODO
+            cert_id: Some(CertId {
+                issuer: GeneralName::DirectoryName(cert.tbs_certificate().issuer().clone()),
+                serial_number: cert.tbs_certificate().serial_number().clone(),
+            }),
+            hash_val: BitString::from_bytes(&digest.finalize())?,
+        })
+    }
+}