diff --git a/src/rust/cryptography-x509-validation/src/certificate.rs b/src/rust/cryptography-x509-validation/src/certificate.rs index b5bc267480705..6a03a829f9848 100644 --- a/src/rust/cryptography-x509-validation/src/certificate.rs +++ b/src/rust/cryptography-x509-validation/src/certificate.rs @@ -50,16 +50,16 @@ impl<'a> CertificateExt<'a> for Certificate<'a> { } fn is_self_signed(&self) -> bool { - let pk = B::public_key(&self); - self.is_self_issued() && B::is_signed_by(&self, pk) + let pk = B::public_key(self); + self.is_self_issued() && B::is_signed_by(self, pk) } fn issuer(&self) -> &Name<'a> { - &self.tbs_cert.issuer.unwrap_read() + self.tbs_cert.issuer.unwrap_read() } fn subject(&self) -> &Name<'a> { - &self.tbs_cert.subject.unwrap_read() + self.tbs_cert.subject.unwrap_read() } fn extensions(&'a self) -> Result, CertificateError> { diff --git a/src/rust/cryptography-x509-validation/src/lib.rs b/src/rust/cryptography-x509-validation/src/lib.rs index c0a5b2484ec5b..893a24682059b 100644 --- a/src/rust/cryptography-x509-validation/src/lib.rs +++ b/src/rust/cryptography-x509-validation/src/lib.rs @@ -142,11 +142,11 @@ where // policy. if let Ok(next_depth) = self.policy - .valid_issuer(&issuing_cert_candidate, working_cert, current_depth) + .valid_issuer(issuing_cert_candidate, working_cert, current_depth) { println!("descending: {current_depth} -> {next_depth}"); let mut chain = vec![working_cert.clone()]; - chain.extend(self.build_chain_inner(&issuing_cert_candidate, next_depth)?); + chain.extend(self.build_chain_inner(issuing_cert_candidate, next_depth)?); return Ok(chain); } } @@ -193,7 +193,7 @@ pub(crate) mod tests { type Key = (); fn public_key(_cert: &Certificate) -> Self::Key { - () + } fn is_signed_by(_cert: &Certificate, _key: Self::Key) -> bool { diff --git a/src/rust/cryptography-x509-validation/src/policy/profile/rfc5280.rs b/src/rust/cryptography-x509-validation/src/policy/profile/rfc5280.rs index e4a77bda7aa68..8a7be4b0738ea 100644 --- a/src/rust/cryptography-x509-validation/src/policy/profile/rfc5280.rs +++ b/src/rust/cryptography-x509-validation/src/policy/profile/rfc5280.rs @@ -104,12 +104,10 @@ impl Profile for RFC5280 { if aki.key_identifier.is_none() { return Err("AuthorityKeyIdentifier.keyIdentifier must be present".into()); } - } else { - if !cert.is_self_signed::() { - return Err( - "certificates must have a AuthorityKeyIdentifier unless self-signed".into(), - ); - } + } else if !cert.is_self_signed::() { + return Err( + "certificates must have a AuthorityKeyIdentifier unless self-signed".into(), + ); } // 4.2.1.2: Subject Key Identifier diff --git a/src/rust/cryptography-x509-validation/src/types.rs b/src/rust/cryptography-x509-validation/src/types.rs index 90d21b2a57115..f2c4ca2db5f4d 100644 --- a/src/rust/cryptography-x509-validation/src/types.rs +++ b/src/rust/cryptography-x509-validation/src/types.rs @@ -57,7 +57,7 @@ impl DNSString { let hostname = self.as_str(); let pattern = pattern.as_str(); - match (hostname.split_once("."), pattern.split_once(".")) { + match (hostname.split_once('.'), pattern.split_once('.')) { // If both hostname and pattern contain multiple labels, then // we attempt to match using a subset of RFC 6125 6.4.3. // In particular, we don't attempt to support anything