fix: Fix incorrect calculation for the reserved size

internal/crypto/src/raw_signature/openssl/signers/ecdsa_signer.rs

@@ -39,7 +39,7 @@
 pub struct EcdsaSigner {
     alg: EcdsaSigningAlg,
 
-    cert_chain: Vec<X509>,
+    cert_chain: Vec<Vec<u8>>,
     cert_chain_len: usize,
 
     private_key: EcKey<Private>,
@@ -69,14 +69,28 @@
         let _openssl = OpenSslMutex::acquire()?;
 
         let cert_chain = X509::stack_from_pem(cert_chain)?;
-        let cert_chain_len = cert_chain.len();
 
         if !check_chain_order(&cert_chain) {
             return Err(RawSignerError::InvalidSigningCredentials(
                 "certificate chain in incorrect order".to_string(),
             ));
         }
 
+        // certs in DER format
+        let cert_chain = cert_chain
+            .iter()
+            .map(|cert| {
+                cert.to_der().map_err(|_| {
+                    RawSignerError::CryptoLibraryError(
+                        "could not encode certificate to DER".to_string(),
+                    )
+                })
+            })
+            .collect::<Result<Vec<_>, RawSignerError>>()?;
+
+        // get the actual length of the certificate chain
+        let cert_chain_len = cert_chain.iter().fold(0usize, |sum, c| sum + c.len());
+
         let private_key = EcKey::private_key_from_pem(private_key)?;
 
         Ok(EcdsaSigner {
@@ -134,10 +148,7 @@
     fn cert_chain(&self) -> Result<Vec<Vec<u8>>, RawSignerError> {
         let _openssl = OpenSslMutex::acquire()?;
 
-        self.cert_chain
-            .iter()
-            .map(|cert| cert.to_der().map_err(|e| e.into()))
-            .collect()
+        Ok(self.cert_chain.clone())
     }
 }
 

internal/crypto/src/raw_signature/openssl/signers/ed25519_signer.rs

@@ -28,7 +28,7 @@
 /// Implements `RawSigner` trait using OpenSSL's implementation of
 /// Edwards Curve encryption.
 pub struct Ed25519Signer {
-    cert_chain: Vec<X509>,
+    cert_chain: Vec<Vec<u8>>,
     cert_chain_len: usize,
 
     private_key: PKey<Private>,
@@ -46,22 +46,34 @@
         let _openssl = OpenSslMutex::acquire()?;
 
         let cert_chain = X509::stack_from_pem(cert_chain)?;
-        let cert_chain_len = cert_chain.len();
 
         if !check_chain_order(&cert_chain) {
             return Err(RawSignerError::InvalidSigningCredentials(
                 "certificate chain in incorrect order".to_string(),
             ));
         }
 
+        // certs in DER format
+        let cert_chain = cert_chain
+            .iter()
+            .map(|cert| {
+                cert.to_der().map_err(|_| {
+                    RawSignerError::CryptoLibraryError(
+                        "could not encode certificate to DER".to_string(),
+                    )
+                })
+            })
+            .collect::<Result<Vec<_>, RawSignerError>>()?;
+
+        // get the actual length of the certificate chain
+        let cert_chain_len = cert_chain.iter().fold(0usize, |sum, c| sum + c.len());
+
         let private_key = PKey::private_key_from_pem(private_key)?;
 
         Ok(Ed25519Signer {
             cert_chain,
             cert_chain_len,
-
             private_key,
-
             time_stamp_service_url,
             time_stamp_size: 10000,
             // TO DO: Call out to time stamp service to get actual time stamp and use that size?
@@ -89,10 +101,7 @@
     fn cert_chain(&self) -> Result<Vec<Vec<u8>>, RawSignerError> {
         let _openssl = OpenSslMutex::acquire()?;
 
-        self.cert_chain
-            .iter()
-            .map(|cert| cert.to_der().map_err(|e| e.into()))
-            .collect()
+        Ok(self.cert_chain.clone())
     }
 }
 

internal/crypto/src/raw_signature/openssl/signers/rsa_signer.rs

@@ -38,7 +38,7 @@
 pub(crate) struct RsaSigner {
     alg: RsaSigningAlg,
 
-    cert_chain: Vec<X509>,
+    cert_chain: Vec<Vec<u8>>,
     cert_chain_len: usize,
 
     private_key: PKey<Private>,
@@ -57,14 +57,28 @@
         let _openssl = OpenSslMutex::acquire()?;
 
         let cert_chain = X509::stack_from_pem(cert_chain)?;
-        let cert_chain_len = cert_chain.len();
 
         if !check_chain_order(&cert_chain) {
             return Err(RawSignerError::InvalidSigningCredentials(
                 "certificate chain in incorrect order".to_string(),
             ));
         }
 
+        // certs in DER format
+        let cert_chain = cert_chain
+            .iter()
+            .map(|cert| {
+                cert.to_der().map_err(|_| {
+                    RawSignerError::CryptoLibraryError(
+                        "could not encode certificate to DER".to_string(),
+                    )
+                })
+            })
+            .collect::<Result<Vec<_>, RawSignerError>>()?;
+
+        // get the actual length of the certificate chain
+        let cert_chain_len = cert_chain.iter().fold(0usize, |sum, c| sum + c.len());
+
         // Rebuild RSA keys to eliminate incompatible values.
         let private_key = Rsa::private_key_from_pem(private_key)?;
 
@@ -162,10 +176,7 @@
     fn cert_chain(&self) -> Result<Vec<Vec<u8>>, RawSignerError> {
         let _openssl = OpenSslMutex::acquire()?;
 
-        self.cert_chain
-            .iter()
-            .map(|cert| cert.to_der().map_err(|e| e.into()))
-            .collect()
+        Ok(self.cert_chain.clone())
     }
 
     fn alg(&self) -> SigningAlg {

internal/crypto/src/raw_signature/rust_native/signers/ecdsa_signer.rs

@@ -61,7 +61,7 @@ impl EcdsaSigner {
             .collect::<Result<Vec<Vec<u8>>, PEMError>>()
             .map_err(|e| RawSignerError::InvalidSigningCredentials(e.to_string()))?;
 
-        let cert_chain_len = cert_chain.len();
+        let cert_chain_len = cert_chain.iter().fold(0usize, |sum, c| sum + c.len());
 
         let private_key_pem = std::str::from_utf8(private_key).map_err(|e| {
             RawSignerError::InvalidSigningCredentials(format!("invalid private key: {e}"))

internal/crypto/src/raw_signature/rust_native/signers/ed25519_signer.rs

@@ -46,7 +46,7 @@ impl Ed25519Signer {
             .collect::<Result<Vec<Vec<u8>>, PEMError>>()
             .map_err(|e| RawSignerError::InvalidSigningCredentials(e.to_string()))?;
 
-        let cert_chain_len = cert_chain.len();
+        let cert_chain_len = cert_chain.iter().fold(0usize, |sum, c| sum + c.len());
 
         let private_key_pem = std::str::from_utf8(private_key).map_err(|e| {
             RawSignerError::InvalidSigningCredentials(format!("invalid private key: {e}"))

internal/crypto/src/raw_signature/rust_native/signers/rsa_signer.rs

@@ -68,9 +68,7 @@ impl RsaSigner {
             .collect::<Result<Vec<Vec<u8>>, PEMError>>()
             .map_err(|e| RawSignerError::InvalidSigningCredentials(e.to_string()))?;
 
-        // TO DO: check_chain_order(&cert_chain).await?;
-
-        let cert_chain_len = cert_chain.len();
+        let cert_chain_len = cert_chain.iter().fold(0usize, |sum, c| sum + c.len());
 
         let pem_str = std::str::from_utf8(private_key)
             .map_err(|e| RawSignerError::InvalidSigningCredentials(e.to_string()))?;