min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add public generic extension interface to X509Generator 

* Add add_extension and add_extensions functions
* Deprecate set_usage and set_ext_usage
* Change test to use add_extension
This commit is contained in:
Jethro Beekman 2015-06-30 22:30:54 -07:00
parent 53b868697a
commit 2fa1344367
2 changed files with 49 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
openssl/src/x509/mod.rs
View File

@ -21,7 +21,7 @@ use ffi;
use ssl::error::{SslError, StreamError};
use nid;
mod extension;
pub mod extension;
use self::extension::{ExtensionType,Extension};
@ -190,15 +190,50 @@ impl X509Generator {
self
}
/// Sets what for certificate could be used
pub fn set_usage(mut self, purposes: &[KeyUsage]) -> X509Generator {
self.extensions.insert(ExtensionType::KeyUsage,Extension::KeyUsage(purposes.to_owned()));
/// (deprecated) Sets what for certificate could be used
///
/// This function is deprecated, use `X509Generator.add_extension` instead.
pub fn set_usage(self, purposes: &[KeyUsage]) -> X509Generator {
self.add_extension(Extension::KeyUsage(purposes.to_owned()))
}
/// (deprecated) Sets allowed extended usage of certificate
///
/// This function is deprecated, use `X509Generator.add_extension` instead.
pub fn set_ext_usage(self, purposes: &[ExtKeyUsage]) -> X509Generator {
self.add_extension(Extension::ExtKeyUsage(purposes.to_owned()))
}
/// Add an extension to a certificate
///
/// If the extension already exists, it will be replaced.
///
/// ```
/// use openssl::x509::extension::Extension::*;
/// use openssl::x509::extension::KeyUsageOption::*;
///
/// # let generator = openssl::x509::X509Generator::new();
/// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));
/// ```
pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator {
self.extensions.insert(ext.get_type(),ext);
self
}
/// Sets allowed extended usage of certificate
pub fn set_ext_usage(mut self, purposes: &[ExtKeyUsage]) -> X509Generator {
self.extensions.insert(ExtensionType::ExtKeyUsage,Extension::ExtKeyUsage(purposes.to_owned()));
/// Add multiple extensions to a certificate
///
/// If any of the extensions already exist, they will be replaced.
///
/// ```
/// use openssl::x509::extension::Extension::*;
/// use openssl::x509::extension::KeyUsageOption::*;
///
/// # let generator = openssl::x509::X509Generator::new();
/// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);
/// ```
pub fn add_extensions<I>(mut self, exts: I) -> X509Generator
where I: IntoIterator<Item=extension::Extension> {
self.extensions.extend(exts.into_iter().map(|ext|(ext.get_type(),ext)));
self
}
@ -207,7 +242,7 @@ impl X509Generator {
self
}
fn add_extension(x509: *mut ffi::X509, extension: c_int, value: &str) -> Result<(), SslError> {
fn add_extension_internal(x509: *mut ffi::X509, extension: c_int, value: &str) -> Result<(), SslError> {
unsafe {
let mut ctx: ffi::X509V3_CTX = mem::zeroed();
ffi::X509V3_set_ctx(&mut ctx, x509, x509,
@ -297,7 +332,7 @@ impl X509Generator {
ffi::X509_set_issuer_name(x509.handle, name);
for ext in self.extensions.values() {
try!(X509Generator::add_extension(x509.handle, ext.get_nid() as c_int, &ext.to_string()));
try!(X509Generator::add_extension_internal(x509.handle, ext.get_nid() as c_int, &ext.to_string()));
}
let hash_fn = self.hash_type.evp_md();

9
openssl/src/x509/tests.rs
View File

@ -5,8 +5,9 @@ use std::fs::File;
use crypto::hash::Type::{SHA256};
use x509::{X509, X509Generator};
use x509::KeyUsage::{DigitalSignature, KeyEncipherment};
use x509::ExtKeyUsage::{self, ClientAuth, ServerAuth};
use x509::extension::Extension::{KeyUsage,ExtKeyUsage};
use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment};
use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth};
use nid::Nid;
#[test]
@ -16,8 +17,8 @@ fn test_cert_gen() {
.set_valid_period(365*2)
.set_CN("test_me")
.set_sign_hash(SHA256)
.set_usage(&[DigitalSignature, KeyEncipherment])
.set_ext_usage(&[ClientAuth, ServerAuth, ExtKeyUsage::Other("2.999".to_owned())]);
.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
.add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999".to_owned())]));
let (cert, pkey) = gen.generate().unwrap();
cert.write_pem(&mut io::sink()).unwrap();