min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #227 from jethrogb/topic/x509_name 

Allow setting of arbitrary X509 names
This commit is contained in:
Steven Fackler 2015-07-08 10:21:19 -07:00
parent 0cb4368ef8 e3c562d6a0
commit 3351d5b807
2 changed files with 47 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
openssl/src/x509/mod.rs
View File

@ -145,7 +145,7 @@ pub use self::extension::ExtKeyUsageOption as ExtKeyUsage;
pub struct X509Generator { pub struct X509Generator {
bits: u32, bits: u32,
days: u32, days: u32,
CN: String, names: Vec<(String,String)>,
// RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension. // RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension.
extensions: HashMap<ExtensionType,Extension>, extensions: HashMap<ExtensionType,Extension>,
hash_type: HashType, hash_type: HashType,
@ -165,7 +165,7 @@ impl X509Generator {
X509Generator { X509Generator {
bits: 1024, bits: 1024,
days: 365, days: 365,
CN: "rust-openssl".to_string(), names: vec![],
extensions: HashMap::new(), extensions: HashMap::new(),
hash_type: HashType::SHA1 hash_type: HashType::SHA1
} }
@ -184,9 +184,41 @@ impl X509Generator {
} }
#[allow(non_snake_case)] #[allow(non_snake_case)]
/// Sets Common Name of certificate /// (deprecated) Sets Common Name of certificate
///
/// This function is deprecated, use `X509Generator.add_name` instead.
/// Don't use this function AND the `add_name` method
pub fn set_CN(mut self, CN: &str) -> X509Generator { pub fn set_CN(mut self, CN: &str) -> X509Generator {
self.CN = CN.to_string(); match self.names.get_mut(0) {
Some(&mut(_,ref mut val)) => *val=CN.to_string(),
_ => {} /* would move push here, but borrow checker won't let me */
}
if self.names.len()==0 {
self.names.push(("CN".to_string(),CN.to_string()));
}
self
}
/// Add attribute to the name of the certificate
///
/// ```
/// # let generator = openssl::x509::X509Generator::new();
/// generator.add_name("CN".to_string(),"example.com".to_string());
/// ```
pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
self.names.push((attr_type,attr_value));
self
}
/// Add multiple attributes to the name of the certificate
///
/// ```
/// # let generator = openssl::x509::X509Generator::new();
/// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
/// ```
pub fn add_names<I>(mut self, attrs: I) -> X509Generator
where I: IntoIterator<Item=(String,String)> {
self.names.extend(attrs);
self self
} }
@ -267,7 +299,7 @@ impl X509Generator {
} }
} }
fn add_name(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> { fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> {
let value_len = value.len() as c_int; let value_len = value.len() as c_int;
lift_ssl!(unsafe { lift_ssl!(unsafe {
let key = CString::new(key.as_bytes()).unwrap(); let key = CString::new(key.as_bytes()).unwrap();
@ -333,7 +365,15 @@ impl X509Generator {
let name = ffi::X509_get_subject_name(x509.handle); let name = ffi::X509_get_subject_name(x509.handle);
try_ssl_null!(name); try_ssl_null!(name);
try!(X509Generator::add_name(name, "CN", &self.CN)); let default=[("CN","rust-openssl")];
let default_iter=&mut default.iter().map(|&(k,v)|(k,v));
let arg_iter=&mut self.names.iter().map(|&(ref k,ref v)|(&k[..],&v[..]));
let iter: &mut Iterator<Item=(&str,&str)> =
if self.names.len()==0 { default_iter } else { arg_iter };
for (key,val) in iter {
try!(X509Generator::add_name_internal(name, &key, &val));
}
ffi::X509_set_issuer_name(x509.handle, name); ffi::X509_set_issuer_name(x509.handle, name);
for (exttype,ext) in self.extensions.iter() { for (exttype,ext) in self.extensions.iter() {

2
openssl/src/x509/tests.rs
View File

@ -16,7 +16,7 @@ fn test_cert_gen() {
let gen = X509Generator::new() let gen = X509Generator::new()
.set_bitlength(2048) .set_bitlength(2048)
.set_valid_period(365*2) .set_valid_period(365*2)
.set_CN("test_me") .add_name("CN".to_string(),"test_me".to_string())
.set_sign_hash(SHA256) .set_sign_hash(SHA256)
.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
.add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())])) .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())]))