src/lib/webpki-roots-fuchsia/src/lib.rs - fuchsia - Git at Google

 // Copyright 2020 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #[macro_use]
 extern crate lazy_static;

 use base64::engine::{general_purpose::STANDARD as BASE64_STANDARD, Engine as _};
 use webpki::trust_anchor_util::cert_der_as_trust_anchor;

 static CERT_PATH: &'static str = "/config/ssl/cert.pem";

 lazy_static! {
     // To meet the required lifetime constraints we need to chain together
     // a series of statics.
     static ref RAW_DATA: String = {
         // I could have an environment variable override this, but i'd want it keyed
         // on being a dev build so you couldn't harm trust in prod
         std::fs::read_to_string(CERT_PATH).expect("Unable to find root store")
     };
     static ref CERT_DERS: Vec<Vec<u8>> = {
         let lines: Vec<&str> = RAW_DATA
             .split('\n')
             .filter(|l| !l.is_empty() && !l.starts_with(':') && !l.starts_with('#'))
             .collect();
         let mut cert_ders = vec![];
         let mut i = 0;
         while i < lines.len() {
             let start = i;
             if lines[i] != "-----BEGIN CERTIFICATE-----" {
                 panic!("Missing certificate prefix");
             }
             while i < lines.len() && lines[i] != "-----END CERTIFICATE-----" {
                 i += 1;
             }
             if i == lines.len() {
                 panic!("Missing certificate suffix");
             }
             let end = i;
             i += 1;
             let cert_base64 = &lines[start + 1..end].join("");

             let cert_bytes = BASE64_STANDARD.decode(cert_base64.as_bytes())
                 .expect("Invalid base64 encoding in root store");
             cert_ders.push(cert_bytes);
         }
         cert_ders
     };
     static ref ROOTS: Vec<webpki::TrustAnchor<'static>> = {
         CERT_DERS.iter().map(|cert_bytes| {
             cert_der_as_trust_anchor(&cert_bytes)
                 .expect("Parsing root certificate failed")
         }).collect()
     };

     pub static ref TLS_SERVER_ROOTS: webpki::TLSServerTrustAnchors<'static> =
         webpki::TLSServerTrustAnchors(&ROOTS);
 }

 #[cfg(test)]
 mod test {
     #[test]
     fn test_load() {
         let webpki::TLSServerTrustAnchors(roots) =
             &crate::TLS_SERVER_ROOTS as &webpki::TLSServerTrustAnchors<'static>;
         assert_ne!(roots.len(), 0);
     }
 }
	// Copyright 2020 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#[macro_use]
	extern crate lazy_static;

	use base64::engine::{general_purpose::STANDARD as BASE64_STANDARD, Engine as _};
	use webpki::trust_anchor_util::cert_der_as_trust_anchor;

	static CERT_PATH: &'static str = "/config/ssl/cert.pem";

	lazy_static! {
	// To meet the required lifetime constraints we need to chain together
	// a series of statics.
	static ref RAW_DATA: String = {
	// I could have an environment variable override this, but i'd want it keyed
	// on being a dev build so you couldn't harm trust in prod
	std::fs::read_to_string(CERT_PATH).expect("Unable to find root store")
	};
	static ref CERT_DERS: Vec<Vec<u8>> = {
	let lines: Vec<&str> = RAW_DATA
	.split('\n')
	.filter(\|l\| !l.is_empty() && !l.starts_with(':') && !l.starts_with('#'))
	.collect();
	let mut cert_ders = vec![];
	let mut i = 0;
	while i < lines.len() {
	let start = i;
	if lines[i] != "-----BEGIN CERTIFICATE-----" {
	panic!("Missing certificate prefix");
	}
	while i < lines.len() && lines[i] != "-----END CERTIFICATE-----" {
	i += 1;
	}
	if i == lines.len() {
	panic!("Missing certificate suffix");
	}
	let end = i;
	i += 1;
	let cert_base64 = &lines[start + 1..end].join("");

	let cert_bytes = BASE64_STANDARD.decode(cert_base64.as_bytes())
	.expect("Invalid base64 encoding in root store");
	cert_ders.push(cert_bytes);
	}
	cert_ders
	};
	static ref ROOTS: Vec<webpki::TrustAnchor<'static>> = {
	CERT_DERS.iter().map(\|cert_bytes\| {
	cert_der_as_trust_anchor(&cert_bytes)
	.expect("Parsing root certificate failed")
	}).collect()
	};

	pub static ref TLS_SERVER_ROOTS: webpki::TLSServerTrustAnchors<'static> =
	webpki::TLSServerTrustAnchors(&ROOTS);
	}

	#[cfg(test)]
	mod test {
	#[test]
	fn test_load() {
	let webpki::TLSServerTrustAnchors(roots) =
	&crate::TLS_SERVER_ROOTS as &webpki::TLSServerTrustAnchors<'static>;
	assert_ne!(roots.len(), 0);
	}
	}