From 22702f5e206604890349983f9c334dbc244d6f18 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 15 Aug 2023 11:18:19 -0400
Subject: [PATCH] tests: better DER sequence wrap w/ yasna.

While updating the webpki-roots `codegen.rs` test to generate the root
collection using CCADB data we took a dev dependency on yasna[0] to
support DER serializing name constraints extensions based on a string
representation.

Having this dependency means we can drop the crummy hand-serialized
SEQUENCE wrapping that the `name_constraints` test from
`tests/verify.rs` was doing, replacing it with a Yasna serializer.

[0]: https://docs.rs/yasna/latest/yasna/
---
 tests/verify.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/verify.rs b/tests/verify.rs
index 690c80a..ed1d316 100644
--- a/tests/verify.rs
+++ b/tests/verify.rs
@@ -109,11 +109,11 @@ fn rcgen_ee_for_name(name: String, issuer: &Certificate) -> Vec<u8> {
 fn rcgen_name_constraints(der: &[u8]) -> rcgen::NameConstraints {
     // x509 parser expects the outer SEQUENCE that the webpki trust anchor representation elides
     // so wrap the DER up.
-    //
-    // Note: We take the cheap way out here and assume single byte length - if the following
-    // assert fails we'll need to more intelligently encode the sequence DER length.
-    assert!(der.len() < 0x80, "name constraint too long");
-    let wrapped_der = [&[0x30, der.len() as u8], der].concat();
+    let wrapped_der = yasna::construct_der(|writer| {
+        writer.write_sequence(|writer| {
+            writer.next().write_der(der);
+        })
+    });
 
     // Constraints should parse with no trailing data.
     let (trailing, constraints) = X509ParserNameConstraints::from_der(&wrapped_der).unwrap();