min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #515 from sfackler/x509-builder 

Add X509 builders, deprecate X509Generator
This commit is contained in:
Steven Fackler 2017-02-11 11:15:15 -08:00 committed by GitHub
parent 3a0d24f729 980a71a008
commit 6d3fcedd66
14 changed files with 1008 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
openssl-sys/src/lib.rs
View File

@ -33,6 +33,7 @@ pub enum ASN1_OBJECT {}
pub enum BN_CTX {} pub enum BN_CTX {}
pub enum BN_GENCB {} pub enum BN_GENCB {}
pub enum CONF {} pub enum CONF {}
pub enum CONF_METHOD {}
pub enum COMP_METHOD {} pub enum COMP_METHOD {}
pub enum EC_KEY {} pub enum EC_KEY {}
pub enum EC_GROUP {} pub enum EC_GROUP {}
@ -1426,20 +1427,17 @@ extern {
pub fn BIO_set_flags(b: *mut BIO, flags: c_int); pub fn BIO_set_flags(b: *mut BIO, flags: c_int);
pub fn BIO_clear_flags(b: *mut BIO, flags: c_int); pub fn BIO_clear_flags(b: *mut BIO, flags: c_int);
pub fn BN_CTX_new() -> *mut BN_CTX;
pub fn BN_CTX_free(ctx: *mut BN_CTX);
pub fn BN_new() -> *mut BIGNUM; pub fn BN_new() -> *mut BIGNUM;
pub fn BN_dup(n: *const BIGNUM) -> *mut BIGNUM; pub fn BN_dup(n: *const BIGNUM) -> *mut BIGNUM;
pub fn BN_clear(bn: *mut BIGNUM); pub fn BN_clear(bn: *mut BIGNUM);
pub fn BN_free(bn: *mut BIGNUM); pub fn BN_free(bn: *mut BIGNUM);
pub fn BN_clear_free(bn: *mut BIGNUM); pub fn BN_clear_free(bn: *mut BIGNUM);
pub fn BN_CTX_new() -> *mut BN_CTX;
pub fn BN_CTX_free(ctx: *mut BN_CTX);
pub fn BN_num_bits(bn: *const BIGNUM) -> c_int; pub fn BN_num_bits(bn: *const BIGNUM) -> c_int;
pub fn BN_set_negative(bn: *mut BIGNUM, n: c_int); pub fn BN_set_negative(bn: *mut BIGNUM, n: c_int);
pub fn BN_set_word(bn: *mut BIGNUM, n: BN_ULONG) -> c_int; pub fn BN_set_word(bn: *mut BIGNUM, n: BN_ULONG) -> c_int;
/* Arithmetic operations on BIGNUMs */
pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_add(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int;
pub fn BN_div(dv: *mut BIGNUM, rem: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; pub fn BN_div(dv: *mut BIGNUM, rem: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
pub fn BN_exp(r: *mut BIGNUM, a: *const BIGNUM, p: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; pub fn BN_exp(r: *mut BIGNUM, a: *const BIGNUM, p: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
@ -1459,8 +1457,6 @@ extern {
pub fn BN_mod_word(r: *const BIGNUM, w: BN_ULONG) -> BN_ULONG; pub fn BN_mod_word(r: *const BIGNUM, w: BN_ULONG) -> BN_ULONG;
pub fn BN_sqr(r: *mut BIGNUM, a: *const BIGNUM, ctx: *mut BN_CTX) -> c_int; pub fn BN_sqr(r: *mut BIGNUM, a: *const BIGNUM, ctx: *mut BN_CTX) -> c_int;
pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_sub(r: *mut BIGNUM, a: *const BIGNUM, b: *const BIGNUM) -> c_int;
/* Bit operations on BIGNUMs */
pub fn BN_clear_bit(a: *mut BIGNUM, n: c_int) -> c_int; pub fn BN_clear_bit(a: *mut BIGNUM, n: c_int) -> c_int;
pub fn BN_is_bit_set(a: *const BIGNUM, n: c_int) -> c_int; pub fn BN_is_bit_set(a: *const BIGNUM, n: c_int) -> c_int;
pub fn BN_lshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int; pub fn BN_lshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int;
@ -1469,33 +1465,26 @@ extern {
pub fn BN_rshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int; pub fn BN_rshift(r: *mut BIGNUM, a: *const BIGNUM, n: c_int) -> c_int;
pub fn BN_set_bit(a: *mut BIGNUM, n: c_int) -> c_int; pub fn BN_set_bit(a: *mut BIGNUM, n: c_int) -> c_int;
pub fn BN_rshift1(r: *mut BIGNUM, a: *const BIGNUM) -> c_int; pub fn BN_rshift1(r: *mut BIGNUM, a: *const BIGNUM) -> c_int;
/* Comparisons on BIGNUMs */
pub fn BN_cmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_cmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int;
pub fn BN_ucmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int; pub fn BN_ucmp(a: *const BIGNUM, b: *const BIGNUM) -> c_int;
/* Prime handling */
pub fn BN_generate_prime_ex(r: *mut BIGNUM, bits: c_int, safe: c_int, add: *const BIGNUM, rem: *const BIGNUM, cb: *mut BN_GENCB) -> c_int; pub fn BN_generate_prime_ex(r: *mut BIGNUM, bits: c_int, safe: c_int, add: *const BIGNUM, rem: *const BIGNUM, cb: *mut BN_GENCB) -> c_int;
pub fn BN_is_prime_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, cb: *mut BN_GENCB) -> c_int; pub fn BN_is_prime_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, cb: *mut BN_GENCB) -> c_int;
pub fn BN_is_prime_fasttest_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, do_trial_division: c_int, cb: *mut BN_GENCB) -> c_int; pub fn BN_is_prime_fasttest_ex(p: *const BIGNUM, checks: c_int, ctx: *mut BN_CTX, do_trial_division: c_int, cb: *mut BN_GENCB) -> c_int;
/* Random number handling */
pub fn BN_rand(r: *mut BIGNUM, bits: c_int, top: c_int, bottom: c_int) -> c_int; pub fn BN_rand(r: *mut BIGNUM, bits: c_int, top: c_int, bottom: c_int) -> c_int;
pub fn BN_pseudo_rand(r: *mut BIGNUM, bits: c_int, top: c_int, bottom: c_int) -> c_int; pub fn BN_pseudo_rand(r: *mut BIGNUM, bits: c_int, top: c_int, bottom: c_int) -> c_int;
pub fn BN_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; pub fn BN_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int;
pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int; pub fn BN_pseudo_rand_range(r: *mut BIGNUM, range: *const BIGNUM) -> c_int;
/* Conversion from/to binary representation */
pub fn BN_bin2bn(s: *const u8, size: c_int, ret: *mut BIGNUM) -> *mut BIGNUM; pub fn BN_bin2bn(s: *const u8, size: c_int, ret: *mut BIGNUM) -> *mut BIGNUM;
pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> c_int; pub fn BN_bn2bin(a: *const BIGNUM, to: *mut u8) -> c_int;
/* Conversion from/to decimal string representation */
pub fn BN_dec2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int; pub fn BN_dec2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int;
pub fn BN_bn2dec(a: *const BIGNUM) -> *mut c_char; pub fn BN_bn2dec(a: *const BIGNUM) -> *mut c_char;
/* Conversion from/to hexidecimal string representation */
pub fn BN_hex2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int; pub fn BN_hex2bn(a: *mut *mut BIGNUM, s: *const c_char) -> c_int;
pub fn BN_bn2hex(a: *const BIGNUM) -> *mut c_char; pub fn BN_bn2hex(a: *const BIGNUM) -> *mut c_char;
pub fn BN_to_ASN1_INTEGER(bn: *const BIGNUM, ai: *mut ASN1_INTEGER) -> *mut ASN1_INTEGER;
pub fn NCONF_default() -> *mut CONF_METHOD;
pub fn NCONF_new(meth: *mut CONF_METHOD) -> *mut CONF;
pub fn NCONF_free(conf: *mut CONF);
pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void, pub fn CRYPTO_memcmp(a: *const c_void, b: *const c_void,
len: size_t) -> c_int; len: size_t) -> c_int;
@ -1923,6 +1912,8 @@ extern {
pub fn X509_gmtime_adj(time: *mut ASN1_TIME, adj: c_long) -> *mut ASN1_TIME; pub fn X509_gmtime_adj(time: *mut ASN1_TIME, adj: c_long) -> *mut ASN1_TIME;
pub fn X509_new() -> *mut X509; pub fn X509_new() -> *mut X509;
pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int; pub fn X509_set_issuer_name(x: *mut X509, name: *mut X509_NAME) -> c_int;
pub fn X509_set_subject_name(x: *mut X509, name: *mut X509_NAME) -> c_int;
pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int;
pub fn X509_set_version(x: *mut X509, version: c_long) -> c_int; pub fn X509_set_version(x: *mut X509, version: c_long) -> c_int;
pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int; pub fn X509_set_pubkey(x: *mut X509, pkey: *mut EVP_PKEY) -> c_int;
pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_sign(x: *mut X509, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
@ -1936,6 +1927,7 @@ extern {
pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION); pub fn X509_EXTENSION_free(ext: *mut X509_EXTENSION);
pub fn X509_NAME_new() -> *mut X509_NAME;
pub fn X509_NAME_free(x: *mut X509_NAME); pub fn X509_NAME_free(x: *mut X509_NAME);
pub fn X509_NAME_add_entry_by_txt(x: *mut X509_NAME, field: *const c_char, ty: c_int, bytes: *const c_uchar, len: c_int, loc: c_int, set: c_int) -> c_int; pub fn X509_NAME_add_entry_by_txt(x: *mut X509_NAME, field: *const c_char, ty: c_int, bytes: *const c_uchar, len: c_int, loc: c_int, set: c_int) -> c_int;
pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) -> c_int; pub fn X509_NAME_get_index_by_NID(n: *mut X509_NAME, nid: c_int, last_pos: c_int) -> c_int;
@ -1959,12 +1951,14 @@ extern {
pub fn X509_STORE_CTX_get_error_depth(ctx: *mut X509_STORE_CTX) -> c_int; pub fn X509_STORE_CTX_get_error_depth(ctx: *mut X509_STORE_CTX) -> c_int;
pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int); pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int);
pub fn X509V3_set_nconf(ctx: *mut X509V3_CTX, conf: *mut CONF);
pub fn X509_REQ_new() -> *mut X509_REQ;
pub fn X509_REQ_set_version(req: *mut X509_REQ, version: c_long) -> c_int;
pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut X509_NAME) -> c_int;
pub fn X509_REQ_set_pubkey(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int;
pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int; pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int;
pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
pub fn X509_REQ_set_version(x: *mut X509_REQ, version: c_long) -> c_int;
pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut ::X509_NAME) -> c_int;
#[cfg(not(ossl101))] #[cfg(not(ossl101))]
pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM); pub fn X509_VERIFY_PARAM_free(param: *mut X509_VERIFY_PARAM);

3
openssl-sys/src/libressl.rs
View File

@ -707,6 +707,7 @@ extern {
pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void;
pub fn X509_NAME_add_entry_by_NID(x: *mut ::X509_NAME, field: c_int, ty: c_int, bytes: *mut c_uchar, len: c_int, loc: c_int, set: c_int) -> c_int;
pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; pub fn X509_NAME_get_entry(n: *mut ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY;
pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING; pub fn X509_NAME_ENTRY_get_data(ne: *mut ::X509_NAME_ENTRY) -> *mut ::ASN1_STRING;
pub fn X509_STORE_CTX_get_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509; pub fn X509_STORE_CTX_get_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509;
@ -723,9 +724,11 @@ extern {
pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX); pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX);
pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int; pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int;
pub fn sk_new_null() -> *mut _STACK;
pub fn sk_num(st: *const _STACK) -> c_int; pub fn sk_num(st: *const _STACK) -> c_int;
pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void; pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void;
pub fn sk_free(st: *mut _STACK); pub fn sk_free(st: *mut _STACK);
pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> c_int;
pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>);
pub fn sk_pop(st: *mut _STACK) -> *mut c_void; pub fn sk_pop(st: *mut _STACK) -> *mut c_void;

3
openssl-sys/src/ossl10x.rs
View File

@ -856,6 +856,7 @@ extern {
pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; pub fn X509_get_ext_d2i(x: *mut ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void;
pub fn X509_NAME_add_entry_by_NID(x: *mut ::X509_NAME, field: c_int, ty: c_int, bytes: *mut c_uchar, len: c_int, loc: c_int, set: c_int) -> c_int;
#[cfg(not(ossl101))] #[cfg(not(ossl101))]
pub fn X509_get0_signature(psig: *mut *mut ::ASN1_BIT_STRING, palg: *mut *mut ::X509_ALGOR, x: *const ::X509); pub fn X509_get0_signature(psig: *mut *mut ::ASN1_BIT_STRING, palg: *mut *mut ::X509_ALGOR, x: *const ::X509);
#[cfg(not(ossl101))] #[cfg(not(ossl101))]
@ -878,9 +879,11 @@ extern {
pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX); pub fn EVP_MD_CTX_destroy(ctx: *mut EVP_MD_CTX);
pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int; pub fn EVP_PKEY_bits(key: *mut EVP_PKEY) -> c_int;
pub fn sk_new_null() -> *mut _STACK;
pub fn sk_num(st: *const _STACK) -> c_int; pub fn sk_num(st: *const _STACK) -> c_int;
pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void; pub fn sk_value(st: *const _STACK, n: c_int) -> *mut c_void;
pub fn sk_free(st: *mut _STACK); pub fn sk_free(st: *mut _STACK);
pub fn sk_push(st: *mut _STACK, data: *mut c_void) -> c_int;
pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); pub fn sk_pop_free(st: *mut _STACK, free: Option<unsafe extern "C" fn (*mut c_void)>);
pub fn sk_pop(st: *mut _STACK) -> *mut c_void; pub fn sk_pop(st: *mut _STACK) -> *mut c_void;

3
openssl-sys/src/ossl110.rs
View File

@ -86,6 +86,7 @@ extern {
pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set1_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int; pub fn X509_set1_notBefore(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
pub fn X509_get_ext_d2i(x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void; pub fn X509_get_ext_d2i(x: *const ::X509, nid: c_int, crit: *mut c_int, idx: *mut c_int) -> *mut c_void;
pub fn X509_NAME_add_entry_by_NID(x: *mut ::X509_NAME, field: c_int, ty: c_int, bytes: *const c_uchar, len: c_int, loc: c_int, set: c_int) -> c_int;
pub fn X509_get_signature_nid(x: *const X509) -> c_int; pub fn X509_get_signature_nid(x: *const X509) -> c_int;
pub fn X509_ALGOR_get0(paobj: *mut *const ::ASN1_OBJECT, pptype: *mut c_int, ppval: *mut *const c_void, alg: *const ::X509_ALGOR); pub fn X509_ALGOR_get0(paobj: *mut *const ::ASN1_OBJECT, pptype: *mut c_int, ppval: *mut *const c_void, alg: *const ::X509_ALGOR);
pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY; pub fn X509_NAME_get_entry(n: *const ::X509_NAME, loc: c_int) -> *mut ::X509_NAME_ENTRY;
@ -182,8 +183,10 @@ extern {
pub fn OpenSSL_version_num() -> c_ulong; pub fn OpenSSL_version_num() -> c_ulong;
pub fn OpenSSL_version(key: c_int) -> *const c_char; pub fn OpenSSL_version(key: c_int) -> *const c_char;
pub fn OPENSSL_sk_new_null() -> *mut ::OPENSSL_STACK;
pub fn OPENSSL_sk_free(st: *mut ::OPENSSL_STACK); pub fn OPENSSL_sk_free(st: *mut ::OPENSSL_STACK);
pub fn OPENSSL_sk_pop_free(st: *mut ::OPENSSL_STACK, free: Option<unsafe extern "C" fn (*mut c_void)>); pub fn OPENSSL_sk_pop_free(st: *mut ::OPENSSL_STACK, free: Option<unsafe extern "C" fn (*mut c_void)>);
pub fn OPENSSL_sk_push(st: *mut ::OPENSSL_STACK, data: *const c_void) -> c_int;
pub fn OPENSSL_sk_pop(st: *mut ::OPENSSL_STACK) -> *mut c_void; pub fn OPENSSL_sk_pop(st: *mut ::OPENSSL_STACK) -> *mut c_void;
pub fn PKCS12_create(pass: *const c_char, pub fn PKCS12_create(pass: *const c_char,

2
openssl/Cargo.toml
View File

@ -19,7 +19,7 @@ v110 = []
[dependencies] [dependencies]
bitflags = "0.7" bitflags = "0.7"
foreign-types = "0.1" foreign-types = "0.2"
lazy_static = "0.2" lazy_static = "0.2"
libc = "0.2" libc = "0.2"
openssl-sys = { version = "0.9.6", path = "../openssl-sys" } openssl-sys = { version = "0.9.6", path = "../openssl-sys" }

9
openssl/src/bn.rs
View File

@ -7,6 +7,7 @@ use std::{fmt, ptr};
use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref}; use std::ops::{Add, Div, Mul, Neg, Rem, Shl, Shr, Sub, Deref};
use {cvt, cvt_p, cvt_n}; use {cvt, cvt_p, cvt_n};
use asn1::Asn1Integer;
use error::ErrorStack; use error::ErrorStack;
use string::OpensslString; use string::OpensslString;
@ -513,6 +514,14 @@ impl BigNumRef {
Ok(OpensslString::from_ptr(buf)) Ok(OpensslString::from_ptr(buf))
} }
} }
/// Returns an `Asn1Integer` containing the value of `self`.
pub fn to_asn1_integer(&self) -> Result<Asn1Integer, ErrorStack> {
unsafe {
cvt_p(ffi::BN_to_ASN1_INTEGER(self.as_ptr(), ptr::null_mut()))
.map(|p| Asn1Integer::from_ptr(p))
}
}
} }
foreign_type! { foreign_type! {

37
openssl/src/conf.rs Normal file
View File

@ -0,0 +1,37 @@
use ffi;
use cvt_p;
use error::ErrorStack;
pub struct ConfMethod(*mut ffi::CONF_METHOD);
impl ConfMethod {
pub fn default() -> ConfMethod {
unsafe {
ffi::init();
ConfMethod(ffi::NCONF_default())
}
}
pub unsafe fn from_ptr(ptr: *mut ffi::CONF_METHOD) -> ConfMethod {
ConfMethod(ptr)
}
pub fn as_ptr(&self) -> *mut ffi::CONF_METHOD {
self.0
}
}
foreign_type! {
type CType = ffi::CONF;
fn drop = ffi::NCONF_free;
pub struct Conf;
pub struct ConfRef;
}
impl Conf {
pub fn new(method: ConfMethod) -> Result<Conf, ErrorStack> {
unsafe { cvt_p(ffi::NCONF_new(method.as_ptr())).map(Conf) }
}
}

1
openssl/src/lib.rs
View File

@ -29,6 +29,7 @@ mod util;
pub mod aes; pub mod aes;
pub mod asn1; pub mod asn1;
pub mod bn; pub mod bn;
pub mod conf;
pub mod crypto; pub mod crypto;
pub mod dh; pub mod dh;
pub mod dsa; pub mod dsa;

31
openssl/src/pkcs12.rs
View File

@ -173,10 +173,12 @@ mod test {
use hash::MessageDigest; use hash::MessageDigest;
use hex::ToHex; use hex::ToHex;
use ::rsa::Rsa; use asn1::Asn1Time;
use ::pkey::*; use rsa::Rsa;
use ::x509::*; use pkey::PKey;
use ::x509::extension::*; use nid;
use x509::{X509, X509Name};
use x509::extension::KeyUsage;
use super::*; use super::*;
@ -200,13 +202,22 @@ mod test {
let rsa = Rsa::generate(2048).unwrap(); let rsa = Rsa::generate(2048).unwrap();
let pkey = PKey::from_rsa(rsa).unwrap(); let pkey = PKey::from_rsa(rsa).unwrap();
let gen = X509Generator::new() let mut name = X509Name::builder().unwrap();
.set_valid_period(365*2) name.append_entry_by_nid(nid::COMMONNAME, subject_name).unwrap();
.add_name("CN".to_owned(), subject_name.to_string()) let name = name.build();
.set_sign_hash(MessageDigest::sha256())
.add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));
let cert = gen.sign(&pkey).unwrap(); let key_usage = KeyUsage::new().digital_signature().build().unwrap();;
let mut builder = X509::builder().unwrap();
builder.set_version(2).unwrap();
builder.set_not_before(&Asn1Time::days_from_now(0).unwrap()).unwrap();
builder.set_not_after(&Asn1Time::days_from_now(365).unwrap()).unwrap();
builder.set_subject_name(&name).unwrap();
builder.set_issuer_name(&name).unwrap();
builder.append_extension(key_usage).unwrap();
builder.set_pubkey(&pkey).unwrap();
builder.sign(&pkey, MessageDigest::sha256()).unwrap();
let cert = builder.build();
let pkcs12_builder = Pkcs12::builder(); let pkcs12_builder = Pkcs12::builder();
let pkcs12 = pkcs12_builder.build("mypass", subject_name, &pkey, &cert).unwrap(); let pkcs12 = pkcs12_builder.build("mypass", subject_name, &pkey, &cert).unwrap();

6
openssl/src/ssl/mod.rs
View File

@ -1061,9 +1061,15 @@ impl ForeignType for SslCipher {
type CType = ffi::SSL_CIPHER; type CType = ffi::SSL_CIPHER;
type Ref = SslCipherRef; type Ref = SslCipherRef;
#[inline]
unsafe fn from_ptr(ptr: *mut ffi::SSL_CIPHER) -> SslCipher { unsafe fn from_ptr(ptr: *mut ffi::SSL_CIPHER) -> SslCipher {
SslCipher(ptr) SslCipher(ptr)
} }
#[inline]
fn as_ptr(&self) -> *mut ffi::SSL_CIPHER {
self.0
}
} }
impl Deref for SslCipher { impl Deref for SslCipher {

34
openssl/src/stack.rs
View File

@ -5,15 +5,21 @@ use std::convert::AsRef;
use std::iter; use std::iter;
use std::marker::PhantomData; use std::marker::PhantomData;
use std::mem; use std::mem;
use ffi;
use {cvt, cvt_p};
use error::ErrorStack;
use std::ops::{Deref, DerefMut, Index, IndexMut}; use std::ops::{Deref, DerefMut, Index, IndexMut};
use util::Opaque; use util::Opaque;
#[cfg(ossl10x)] #[cfg(ossl10x)]
use ffi::{sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num, use ffi::{sk_pop as OPENSSL_sk_pop, sk_free as OPENSSL_sk_free, sk_num as OPENSSL_sk_num,
sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK}; sk_value as OPENSSL_sk_value, _STACK as OPENSSL_STACK,
sk_new_null as OPENSSL_sk_new_null, sk_push as OPENSSL_sk_push};
#[cfg(ossl110)] #[cfg(ossl110)]
use ffi::{OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK}; use ffi::{OPENSSL_sk_pop, OPENSSL_sk_free, OPENSSL_sk_num, OPENSSL_sk_value, OPENSSL_STACK,
OPENSSL_sk_new_null, OPENSSL_sk_push};
/// Trait implemented by types which can be placed in a stack. /// Trait implemented by types which can be placed in a stack.
/// ///
@ -30,9 +36,12 @@ pub trait Stackable: ForeignType {
pub struct Stack<T: Stackable>(*mut T::StackType); pub struct Stack<T: Stackable>(*mut T::StackType);
impl<T: Stackable> Stack<T> { impl<T: Stackable> Stack<T> {
/// Return a new Stack<T>, taking ownership of the handle pub fn new() -> Result<Stack<T>, ErrorStack> {
pub unsafe fn from_ptr(stack: *mut T::StackType) -> Stack<T> { unsafe {
Stack(stack) ffi::init();
let ptr = try!(cvt_p(OPENSSL_sk_new_null()));
Ok(Stack(ptr as *mut _))
}
} }
} }
@ -75,9 +84,15 @@ impl<T: Stackable> ForeignType for Stack<T> {
type CType = T::StackType; type CType = T::StackType;
type Ref = StackRef<T>; type Ref = StackRef<T>;
#[inline]
unsafe fn from_ptr(ptr: *mut T::StackType) -> Stack<T> { unsafe fn from_ptr(ptr: *mut T::StackType) -> Stack<T> {
Stack(ptr) Stack(ptr)
} }
#[inline]
fn as_ptr(&self) -> *mut T::StackType {
self.0
}
} }
impl<T: Stackable> Deref for Stack<T> { impl<T: Stackable> Deref for Stack<T> {
@ -197,6 +212,15 @@ impl<T: Stackable> StackRef<T> {
} }
} }
/// Pushes a value onto the top of the stack.
pub fn push(&mut self, data: T) -> Result<(), ErrorStack> {
unsafe {
try!(cvt(OPENSSL_sk_push(self.as_stack(), data.as_ptr() as *mut _)));
mem::forget(data);
Ok(())
}
}
/// Removes the last element from the stack and returns it. /// Removes the last element from the stack and returns it.
pub fn pop(&mut self) -> Option<T> { pub fn pop(&mut self) -> Option<T> {
unsafe { unsafe {

422
openssl/src/x509/extension.rs
View File

@ -1,12 +1,15 @@
use std::fmt; use std::fmt::{self, Write};
use error::ErrorStack;
use nid::{self, Nid}; use nid::{self, Nid};
use x509::{X509v3Context, X509Extension};
/// Type-only version of the `Extension` enum. /// Type-only version of the `Extension` enum.
/// ///
/// See the `Extension` documentation for more information on the different /// See the `Extension` documentation for more information on the different
/// variants. /// variants.
#[derive(Clone,Hash,PartialEq,Eq)] #[derive(Clone,Hash,PartialEq,Eq)]
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub enum ExtensionType { pub enum ExtensionType {
KeyUsage, KeyUsage,
ExtKeyUsage, ExtKeyUsage,
@ -21,6 +24,7 @@ pub enum ExtensionType {
/// Only one extension of each type is allow in a certificate. /// Only one extension of each type is allow in a certificate.
/// See RFC 3280 for more information about extensions. /// See RFC 3280 for more information about extensions.
#[derive(Clone)] #[derive(Clone)]
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub enum Extension { pub enum Extension {
/// The purposes of the key contained in the certificate /// The purposes of the key contained in the certificate
KeyUsage(Vec<KeyUsageOption>), KeyUsage(Vec<KeyUsageOption>),
@ -56,6 +60,7 @@ pub enum Extension {
} }
impl Extension { impl Extension {
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn get_type(&self) -> ExtensionType { pub fn get_type(&self) -> ExtensionType {
match self { match self {
&Extension::KeyUsage(_) => ExtensionType::KeyUsage, &Extension::KeyUsage(_) => ExtensionType::KeyUsage,
@ -69,6 +74,7 @@ impl Extension {
} }
impl ExtensionType { impl ExtensionType {
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn get_nid(&self) -> Option<Nid> { pub fn get_nid(&self) -> Option<Nid> {
match self { match self {
&ExtensionType::KeyUsage => Some(nid::KEY_USAGE), &ExtensionType::KeyUsage => Some(nid::KEY_USAGE),
@ -80,6 +86,7 @@ impl ExtensionType {
} }
} }
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn get_name(&self) -> Option<&str> { pub fn get_name(&self) -> Option<&str> {
match self { match self {
&ExtensionType::OtherStr(ref s) => Some(s), &ExtensionType::OtherStr(ref s) => Some(s),
@ -120,6 +127,7 @@ impl ToString for Extension {
} }
#[derive(Clone,Copy)] #[derive(Clone,Copy)]
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub enum KeyUsageOption { pub enum KeyUsageOption {
DigitalSignature, DigitalSignature,
NonRepudiation, NonRepudiation,
@ -149,6 +157,7 @@ impl fmt::Display for KeyUsageOption {
} }
#[derive(Clone)] #[derive(Clone)]
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub enum ExtKeyUsageOption { pub enum ExtKeyUsageOption {
ServerAuth, ServerAuth,
ClientAuth, ClientAuth,
@ -185,6 +194,7 @@ impl fmt::Display for ExtKeyUsageOption {
} }
#[derive(Clone, Copy)] #[derive(Clone, Copy)]
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub enum AltNameOption { pub enum AltNameOption {
/// The value is specified as OID;content. See `man ASN1_generate_nconf` for more information on the content syntax. /// The value is specified as OID;content. See `man ASN1_generate_nconf` for more information on the content syntax.
/// ///
@ -219,3 +229,413 @@ impl fmt::Display for AltNameOption {
}) })
} }
} }
pub struct BasicConstraints {
critical: bool,
ca: bool,
pathlen: Option<u32>,
}
impl BasicConstraints {
pub fn new() -> BasicConstraints {
BasicConstraints {
critical: false,
ca: false,
pathlen: None,
}
}
pub fn critical(&mut self) -> &mut BasicConstraints {
self.critical = true;
self
}
pub fn ca(&mut self) -> &mut BasicConstraints {
self.ca = true;
self
}
pub fn pathlen(&mut self, pathlen: u32) -> &mut BasicConstraints {
self.pathlen = Some(pathlen);
self
}
pub fn build(&self) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
if self.critical {
value.push_str("critical,");
}
value.push_str("CA:");
if self.ca {
value.push_str("TRUE");
} else {
value.push_str("FALSE");
}
if let Some(pathlen) = self.pathlen {
write!(value, ",pathlen:{}", pathlen).unwrap();
}
X509Extension::new_nid(None, None, nid::BASIC_CONSTRAINTS, &value)
}
}
pub struct KeyUsage {
critical: bool,
digital_signature: bool,
non_repudiation: bool,
key_encipherment: bool,
data_encipherment: bool,
key_agreement: bool,
key_cert_sign: bool,
crl_sign: bool,
encipher_only: bool,
decipher_only: bool,
}
impl KeyUsage {
pub fn new() -> KeyUsage {
KeyUsage {
critical: false,
digital_signature: false,
non_repudiation: false,
key_encipherment: false,
data_encipherment: false,
key_agreement: false,
key_cert_sign: false,
crl_sign: false,
encipher_only: false,
decipher_only: false,
}
}
pub fn critical(&mut self) -> &mut KeyUsage {
self.critical = true;
self
}
pub fn digital_signature(&mut self) -> &mut KeyUsage {
self.digital_signature = true;
self
}
pub fn non_repudiation(&mut self) -> &mut KeyUsage {
self.non_repudiation = true;
self
}
pub fn key_encipherment(&mut self) -> &mut KeyUsage {
self.key_encipherment = true;
self
}
pub fn data_encipherment(&mut self) -> &mut KeyUsage {
self.data_encipherment = true;
self
}
pub fn key_agreement(&mut self) -> &mut KeyUsage {
self.key_agreement = true;
self
}
pub fn key_cert_sign(&mut self) -> &mut KeyUsage {
self.key_cert_sign = true;
self
}
pub fn crl_sign(&mut self) -> &mut KeyUsage {
self.crl_sign = true;
self
}
pub fn encipher_only(&mut self) -> &mut KeyUsage {
self.encipher_only = true;
self
}
pub fn decipher_only(&mut self) -> &mut KeyUsage {
self.decipher_only = true;
self
}
pub fn build(&self) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
append(&mut value, &mut first, self.critical, "critical");
append(&mut value, &mut first, self.digital_signature, "digitalSignature");
append(&mut value, &mut first, self.non_repudiation, "nonRepudiation");
append(&mut value, &mut first, self.key_encipherment, "keyEncipherment");
append(&mut value, &mut first, self.data_encipherment, "dataEncipherment");
append(&mut value, &mut first, self.key_agreement, "keyAgreement");
append(&mut value, &mut first, self.key_cert_sign, "keyCertSign");
append(&mut value, &mut first, self.crl_sign, "cRLSign");
append(&mut value, &mut first, self.encipher_only, "encipherOnly");
append(&mut value, &mut first, self.decipher_only, "decipherOnly");
X509Extension::new_nid(None, None, nid::KEY_USAGE, &value)
}
}
pub struct ExtendedKeyUsage {
critical: bool,
server_auth: bool,
client_auth: bool,
code_signing: bool,
email_protection: bool,
time_stamping: bool,
ms_code_ind: bool,
ms_code_com: bool,
ms_ctl_sign: bool,
ms_sgc: bool,
ms_efs: bool,
ns_sgc: bool,
other: Vec<String>,
}
impl ExtendedKeyUsage {
pub fn new() -> ExtendedKeyUsage {
ExtendedKeyUsage {
critical: false,
server_auth: false,
client_auth: false,
code_signing: false,
email_protection: false,
time_stamping: false,
ms_code_ind: false,
ms_code_com: false,
ms_ctl_sign: false,
ms_sgc: false,
ms_efs: false,
ns_sgc: false,
other: vec![],
}
}
pub fn critical(&mut self) -> &mut ExtendedKeyUsage {
self.critical = true;
self
}
pub fn server_auth(&mut self) -> &mut ExtendedKeyUsage {
self.server_auth = true;
self
}
pub fn client_auth(&mut self) -> &mut ExtendedKeyUsage {
self.client_auth = true;
self
}
pub fn code_signing(&mut self) -> &mut ExtendedKeyUsage {
self.code_signing = true;
self
}
pub fn time_stamping(&mut self) -> &mut ExtendedKeyUsage {
self.time_stamping = true;
self
}
pub fn ms_code_ind(&mut self) -> &mut ExtendedKeyUsage {
self.ms_code_ind = true;
self
}
pub fn ms_code_com(&mut self) -> &mut ExtendedKeyUsage {
self.ms_code_com = true;
self
}
pub fn ms_ctl_sign(&mut self) -> &mut ExtendedKeyUsage {
self.ms_ctl_sign = true;
self
}
pub fn ms_sgc(&mut self) -> &mut ExtendedKeyUsage {
self.ms_sgc = true;
self
}
pub fn ms_efs(&mut self) -> &mut ExtendedKeyUsage {
self.ms_efs = true;
self
}
pub fn ns_sgc(&mut self) -> &mut ExtendedKeyUsage {
self.ns_sgc = true;
self
}
pub fn other(&mut self, other: &str) -> &mut ExtendedKeyUsage {
self.other.push(other.to_owned());
self
}
pub fn build(&self) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
append(&mut value, &mut first, self.critical, "critical");
append(&mut value, &mut first, self.server_auth, "serverAuth");
append(&mut value, &mut first, self.client_auth, "clientAuth");
append(&mut value, &mut first, self.code_signing, "codeSigning");
append(&mut value, &mut first, self.email_protection, "emailProtection");
append(&mut value, &mut first, self.time_stamping, "timeStamping");
append(&mut value, &mut first, self.ms_code_ind, "msCodeInd");
append(&mut value, &mut first, self.ms_code_com, "msCodeCom");
append(&mut value, &mut first, self.ms_ctl_sign, "msCTLSign");
append(&mut value, &mut first, self.ms_sgc, "msSGC");
append(&mut value, &mut first, self.ms_efs, "msEFS");
append(&mut value, &mut first, self.ns_sgc, "nsSGC");
for other in &self.other {
append(&mut value, &mut first, true, other);
}
X509Extension::new_nid(None, None, nid::EXT_KEY_USAGE, &value)
}
}
pub struct SubjectKeyIdentifier {
critical: bool,
}
impl SubjectKeyIdentifier {
pub fn new() -> SubjectKeyIdentifier {
SubjectKeyIdentifier {
critical: false,
}
}
pub fn critical(&mut self) -> &mut SubjectKeyIdentifier {
self.critical = true;
self
}
pub fn build(&self, ctx: &X509v3Context) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
append(&mut value, &mut first, self.critical, "critical");
append(&mut value, &mut first, true, "hash");
X509Extension::new_nid(None, Some(ctx), nid::SUBJECT_KEY_IDENTIFIER, &value)
}
}
pub struct AuthorityKeyIdentifier {
critical: bool,
keyid: Option<bool>,
issuer: Option<bool>,
}
impl AuthorityKeyIdentifier {
pub fn new() -> AuthorityKeyIdentifier {
AuthorityKeyIdentifier {
critical: false,
keyid: None,
issuer: None,
}
}
pub fn critical(&mut self) -> &mut AuthorityKeyIdentifier {
self.critical = true;
self
}
pub fn keyid(&mut self, always: bool) -> &mut AuthorityKeyIdentifier {
self.keyid = Some(always);
self
}
pub fn issuer(&mut self, always: bool) -> &mut AuthorityKeyIdentifier {
self.issuer = Some(always);
self
}
pub fn build(&self, ctx: &X509v3Context) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
append(&mut value, &mut first, self.critical, "critical");
match self.keyid {
Some(true) => append(&mut value, &mut first, true, "keyid:always"),
Some(false) => append(&mut value, &mut first, true, "keyid"),
None => {}
}
match self.issuer {
Some(true) => append(&mut value, &mut first, true, "issuer:always"),
Some(false) => append(&mut value, &mut first, true, "issuer"),
None => {}
}
X509Extension::new_nid(None, Some(ctx), nid::AUTHORITY_KEY_IDENTIFIER, &value)
}
}
pub struct SubjectAlternativeName {
critical: bool,
names: Vec<String>,
}
impl SubjectAlternativeName {
pub fn new() -> SubjectAlternativeName {
SubjectAlternativeName {
critical: false,
names: vec![],
}
}
pub fn critical(&mut self) -> &mut SubjectAlternativeName {
self.critical = true;
self
}
pub fn email(&mut self, email: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("email:{}", email));
self
}
pub fn uri(&mut self, uri: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("URI:{}", uri));
self
}
pub fn dns(&mut self, dns: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("DNS:{}", dns));
self
}
pub fn rid(&mut self, rid: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("RID:{}", rid));
self
}
pub fn ip(&mut self, ip: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("IP:{}", ip));
self
}
pub fn dir_name(&mut self, dir_name: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("dirName:{}", dir_name));
self
}
pub fn other_name(&mut self, other_name: &str) -> &mut SubjectAlternativeName {
self.names.push(format!("otherName:{}", other_name));
self
}
pub fn build(&self, ctx: &X509v3Context) -> Result<X509Extension, ErrorStack> {
let mut value = String::new();
let mut first = true;
append(&mut value, &mut first, self.critical, "critical");
for name in &self.names {
append(&mut value, &mut first, true, name);
}
X509Extension::new_nid(None, Some(ctx), nid::SUBJECT_ALT_NAME, &value)
}
}
fn append(value: &mut String, first: &mut bool, should: bool, element: &str) {
if !should {
return;
}
if !*first {
value.push(',');
}
*first = false;
value.push_str(element);
}

514
openssl/src/x509/mod.rs
View File

@ -1,11 +1,13 @@
#![allow(deprecated)]
use libc::{c_int, c_long};
use ffi; use ffi;
use foreign_types::{ForeignType, ForeignTypeRef}; use foreign_types::{ForeignType, ForeignTypeRef};
use libc::{c_char, c_int, c_long, c_ulong};
use std::borrow::Borrow; use std::borrow::Borrow;
use std::collections::HashMap; use std::collections::HashMap;
use std::error::Error; use std::error::Error;
use std::ffi::{CStr, CString}; use std::ffi::{CStr, CString};
use std::fmt; use std::fmt;
use std::marker::PhantomData;
use std::mem; use std::mem;
use std::path::Path; use std::path::Path;
use std::ptr; use std::ptr;
@ -13,15 +15,16 @@ use std::slice;
use std::str; use std::str;
use {cvt, cvt_p}; use {cvt, cvt_p};
use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef, Asn1BitStringRef, Asn1ObjectRef}; use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef, Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef};
use bio::MemBioSlice; use bio::MemBioSlice;
use hash::MessageDigest; use bn::{BigNum, MSB_MAYBE_ZERO};
use pkey::{PKey, PKeyRef}; use conf::ConfRef;
use rand::rand_bytes;
use error::ErrorStack; use error::ErrorStack;
use nid::Nid; use hash::MessageDigest;
use string::OpensslString; use nid::{self, Nid};
use pkey::{PKey, PKeyRef};
use stack::{Stack, StackRef, Stackable}; use stack::{Stack, StackRef, Stackable};
use string::OpensslString;
#[cfg(ossl10x)] #[cfg(ossl10x)]
use ffi::{X509_set_notBefore, X509_set_notAfter, ASN1_STRING_data, X509_STORE_CTX_get_chain}; use ffi::{X509_set_notBefore, X509_set_notAfter, ASN1_STRING_data, X509_STORE_CTX_get_chain};
@ -94,31 +97,7 @@ impl X509StoreContextRef {
} }
} }
#[allow(non_snake_case)] #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
/// Generator of private key/certificate pairs
///
/// # Example
///
/// ```
/// use openssl::hash::MessageDigest;
/// use openssl::pkey::PKey;
/// use openssl::rsa::Rsa;
/// use openssl::x509::X509Generator;
/// use openssl::x509::extension::{Extension, KeyUsageOption};
///
/// let rsa = Rsa::generate(2048).unwrap();
/// let pkey = PKey::from_rsa(rsa).unwrap();
///
/// let gen = X509Generator::new()
/// .set_valid_period(365*2)
/// .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
/// .set_sign_hash(MessageDigest::sha256())
/// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));
///
/// let cert = gen.sign(&pkey).unwrap();
/// let cert_pem = cert.to_pem().unwrap();
/// let pkey_pem = pkey.private_key_to_pem().unwrap();
/// ```
pub struct X509Generator { pub struct X509Generator {
days: u32, days: u32,
names: Vec<(String, String)>, names: Vec<(String, String)>,
@ -126,6 +105,7 @@ pub struct X509Generator {
hash_type: MessageDigest, hash_type: MessageDigest,
} }
#[allow(deprecated)]
impl X509Generator { impl X509Generator {
/// Creates a new generator with the following defaults: /// Creates a new generator with the following defaults:
/// ///
@ -134,6 +114,7 @@ impl X509Generator {
/// CN: "rust-openssl" /// CN: "rust-openssl"
/// ///
/// hash: SHA1 /// hash: SHA1
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn new() -> X509Generator { pub fn new() -> X509Generator {
X509Generator { X509Generator {
days: 365, days: 365,
@ -144,6 +125,7 @@ impl X509Generator {
} }
/// Sets certificate validity period in days since today /// Sets certificate validity period in days since today
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn set_valid_period(mut self, days: u32) -> X509Generator { pub fn set_valid_period(mut self, days: u32) -> X509Generator {
self.days = days; self.days = days;
self self
@ -155,6 +137,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_name("CN".to_string(),"example.com".to_string()); /// generator.add_name("CN".to_string(),"example.com".to_string());
/// ``` /// ```
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
self.names.push((attr_type, attr_value)); self.names.push((attr_type, attr_value));
self self
@ -166,6 +149,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
/// ``` /// ```
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_names<I>(mut self, attrs: I) -> X509Generator pub fn add_names<I>(mut self, attrs: I) -> X509Generator
where I: IntoIterator<Item = (String, String)> where I: IntoIterator<Item = (String, String)>
{ {
@ -184,6 +168,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])); /// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));
/// ``` /// ```
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator { pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator {
self.extensions.add(ext); self.extensions.add(ext);
self self
@ -200,6 +185,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]); /// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);
/// ``` /// ```
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_extensions<I>(mut self, exts: I) -> X509Generator pub fn add_extensions<I>(mut self, exts: I) -> X509Generator
where I: IntoIterator<Item = extension::Extension> where I: IntoIterator<Item = extension::Extension>
{ {
@ -210,131 +196,66 @@ impl X509Generator {
self self
} }
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator { pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator {
self.hash_type = hash_type; self.hash_type = hash_type;
self self
} }
fn add_extension_internal(x509: *mut ffi::X509, /// Sets the certificate public-key, then self-sign and return it
exttype: &extension::ExtensionType, #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
value: &str) pub fn sign(&self, p_key: &PKeyRef) -> Result<X509, ErrorStack> {
-> Result<(), ErrorStack> { let mut builder = try!(X509::builder());
unsafe { try!(builder.set_version(2));
let mut ctx: ffi::X509V3_CTX = mem::zeroed();
ffi::X509V3_set_ctx(&mut ctx, x509, x509, ptr::null_mut(), ptr::null_mut(), 0); let mut serial = try!(BigNum::new());
let value = CString::new(value.as_bytes()).unwrap(); try!(serial.rand(128, MSB_MAYBE_ZERO, false));
let ext = match exttype.get_nid() { let serial = try!(serial.to_asn1_integer());
try!(builder.set_serial_number(&serial));
let not_before = try!(Asn1Time::days_from_now(0));
try!(builder.set_not_before(&not_before));
let not_after = try!(Asn1Time::days_from_now(self.days));
try!(builder.set_not_after(&not_after));
try!(builder.set_pubkey(p_key));
let mut name = try!(X509Name::builder());
if self.names.is_empty() {
try!(name.append_entry_by_nid(nid::COMMONNAME, "rust-openssl"));
} else {
for &(ref key, ref value) in &self.names {
try!(name.append_entry_by_text(key, value));
}
}
let name = name.build();
try!(builder.set_subject_name(&name));
try!(builder.set_issuer_name(&name));
for (exttype, ext) in self.extensions.iter() {
let extension = match exttype.get_nid() {
Some(nid) => { Some(nid) => {
try!(cvt_p(ffi::X509V3_EXT_nconf_nid(ptr::null_mut(), let ctx = builder.x509v3_context(None, None);
&mut ctx, try!(X509Extension::new_nid(None, Some(&ctx), nid, &ext.to_string()))
nid.as_raw(),
value.as_ptr() as *mut c_char)))
} }
None => { None => {
let name = CString::new(exttype.get_name().unwrap().as_bytes()).unwrap(); let ctx = builder.x509v3_context(None, None);
try!(cvt_p(ffi::X509V3_EXT_nconf(ptr::null_mut(), try!(X509Extension::new(None,
&mut ctx, Some(&ctx),
name.as_ptr() as *mut c_char, &exttype.get_name().unwrap(),
value.as_ptr() as *mut c_char))) &ext.to_string()))
} }
}; };
if ffi::X509_add_ext(x509, ext, -1) != 1 { try!(builder.append_extension(extension));
ffi::X509_EXTENSION_free(ext);
Err(ErrorStack::get())
} else {
Ok(())
}
}
}
fn add_name_internal(name: *mut ffi::X509_NAME,
key: &str,
value: &str)
-> Result<(), ErrorStack> {
let value_len = value.len() as c_int;
unsafe {
let key = CString::new(key.as_bytes()).unwrap();
let value = CString::new(value.as_bytes()).unwrap();
cvt(ffi::X509_NAME_add_entry_by_txt(name,
key.as_ptr() as *const _,
ffi::MBSTRING_UTF8,
value.as_ptr() as *const _,
value_len,
-1,
0))
.map(|_| ())
}
}
fn random_serial() -> Result<c_long, ErrorStack> {
let len = mem::size_of::<c_long>();
let mut bytes = vec![0; len];
try!(rand_bytes(&mut bytes));
let mut res = 0;
for b in bytes.iter() {
res = res << 8;
res |= (*b as c_long) & 0xff;
} }
// While OpenSSL is actually OK to have negative serials try!(builder.sign(p_key, self.hash_type));
// other libraries (for example, Go crypto) can drop Ok(builder.build())
// such certificates as invalid, so we clear the high bit
Ok(((res as c_ulong) >> 1) as c_long)
}
/// Sets the certificate public-key, then self-sign and return it
pub fn sign(&self, p_key: &PKeyRef) -> Result<X509, ErrorStack> {
ffi::init();
unsafe {
let x509 = X509::from_ptr(try!(cvt_p(ffi::X509_new())));
try!(cvt(ffi::X509_set_version(x509.as_ptr(), 2)));
try!(cvt(ffi::ASN1_INTEGER_set(ffi::X509_get_serialNumber(x509.as_ptr()),
try!(X509Generator::random_serial()))));
let not_before = try!(Asn1Time::days_from_now(0));
let not_after = try!(Asn1Time::days_from_now(self.days));
try!(cvt(X509_set_notBefore(x509.as_ptr(), not_before.as_ptr() as *const _)));
// If prev line succeded - ownership should go to cert
mem::forget(not_before);
try!(cvt(X509_set_notAfter(x509.as_ptr(), not_after.as_ptr() as *const _)));
// If prev line succeded - ownership should go to cert
mem::forget(not_after);
try!(cvt(ffi::X509_set_pubkey(x509.as_ptr(), p_key.as_ptr())));
let name = try!(cvt_p(ffi::X509_get_subject_name(x509.as_ptr())));
let default = [("CN", "rust-openssl")];
let default_iter = &mut default.iter().map(|&(k, v)| (k, v));
let arg_iter = &mut self.names.iter().map(|&(ref k, ref v)| (&k[..], &v[..]));
let iter: &mut Iterator<Item = (&str, &str)> = if self.names.len() == 0 {
default_iter
} else {
arg_iter
};
for (key, val) in iter {
try!(X509Generator::add_name_internal(name, &key, &val));
}
try!(cvt(ffi::X509_set_issuer_name(x509.as_ptr(), name)));
for (exttype, ext) in self.extensions.iter() {
try!(X509Generator::add_extension_internal(x509.as_ptr(),
&exttype,
&ext.to_string()));
}
let hash_fn = self.hash_type.as_ptr();
try!(cvt(ffi::X509_sign(x509.as_ptr(), p_key.as_ptr(), hash_fn)));
Ok(x509)
}
} }
/// Obtain a certificate signing request (CSR) /// Obtain a certificate signing request (CSR)
#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")]
pub fn request(&self, p_key: &PKeyRef) -> Result<X509Req, ErrorStack> { pub fn request(&self, p_key: &PKeyRef) -> Result<X509Req, ErrorStack> {
let cert = match self.sign(p_key) { let cert = match self.sign(p_key) {
Ok(c) => c, Ok(c) => c,
@ -360,6 +281,108 @@ impl X509Generator {
} }
} }
/// A builder type which can create `X509` objects.
pub struct X509Builder(X509);
impl X509Builder {
/// Creates a new builder.
pub fn new() -> Result<X509Builder, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::X509_new()).map(|p| X509Builder(X509(p)))
}
}
/// Sets the notAfter constraint on the certificate.
pub fn set_not_after(&mut self, not_after: &Asn1TimeRef) -> Result<(), ErrorStack> {
unsafe { cvt(X509_set_notAfter(self.0.as_ptr(), not_after.as_ptr())).map(|_| ()) }
}
/// Sets the notBefore constraint on the certificate.
pub fn set_not_before(&mut self, not_before: &Asn1TimeRef) -> Result<(), ErrorStack> {
unsafe { cvt(X509_set_notBefore(self.0.as_ptr(), not_before.as_ptr())).map(|_| ()) }
}
/// Sets the version of the certificate.
///
/// Note that the version is zero-indexed; that is, a certificate corresponding to version 3 of
/// the X.509 standard should pass `2` to this method.
pub fn set_version(&mut self, version: i32) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_set_version(self.0.as_ptr(), version.into())).map(|_| ()) }
}
/// Sets the serial number of the certificate.
pub fn set_serial_number(&mut self,
serial_number: &Asn1IntegerRef)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_set_serialNumber(self.0.as_ptr(), serial_number.as_ptr())).map(|_| ())
}
}
/// Sets the issuer name of the certificate.
pub fn set_issuer_name(&mut self, issuer_name: &X509NameRef) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_set_issuer_name(self.0.as_ptr(), issuer_name.as_ptr())).map(|_| ()) }
}
/// Sets the subject name of the certificate.
pub fn set_subject_name(&mut self, subject_name: &X509NameRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_set_subject_name(self.0.as_ptr(), subject_name.as_ptr())).map(|_| ())
}
}
/// Sets the public key associated with the certificate.
pub fn set_pubkey(&mut self, key: &PKeyRef) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_set_pubkey(self.0.as_ptr(), key.as_ptr())).map(|_| ()) }
}
/// Returns a context object which is needed to create certain X509 extension values.
///
/// Set `issuer` to `None` if the certificate will be self-signed.
pub fn x509v3_context<'a>(&'a self,
issuer: Option<&'a X509Ref>,
conf: Option<&'a ConfRef>)
-> X509v3Context<'a> {
unsafe {
let mut ctx = mem::zeroed();
let issuer = match issuer {
Some(issuer) => issuer.as_ptr(),
None => self.0.as_ptr(),
};
let subject = self.0.as_ptr();
ffi::X509V3_set_ctx(&mut ctx, issuer, subject, ptr::null_mut(), ptr::null_mut(), 0);
// nodb case taken care of since we zeroed ctx above
if let Some(conf) = conf {
ffi::X509V3_set_nconf(&mut ctx, conf.as_ptr());
}
X509v3Context(ctx, PhantomData)
}
}
/// Adds an X509 extension value to the certificate.
pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> {
unsafe {
try!(cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1)));
mem::forget(extension);
Ok(())
}
}
/// Signs the certificate with a private key.
pub fn sign(&mut self, key: &PKeyRef, hash: MessageDigest) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) }
}
/// Consumes the builder, returning the certificate.
pub fn build(self) -> X509 {
self.0
}
}
foreign_type! { foreign_type! {
type CType = ffi::X509; type CType = ffi::X509;
fn drop = ffi::X509_free; fn drop = ffi::X509_free;
@ -483,6 +506,11 @@ impl ToOwned for X509Ref {
} }
impl X509 { impl X509 {
/// Returns a new builder.
pub fn builder() -> Result<X509Builder, ErrorStack> {
X509Builder::new()
}
from_pem!(X509, ffi::PEM_read_bio_X509); from_pem!(X509, ffi::PEM_read_bio_X509);
from_der!(X509, ffi::d2i_X509); from_der!(X509, ffi::d2i_X509);
@ -545,6 +573,122 @@ impl Stackable for X509 {
type StackType = ffi::stack_st_X509; type StackType = ffi::stack_st_X509;
} }
/// A context object required to construct certain X509 extension values.
pub struct X509v3Context<'a>(ffi::X509V3_CTX, PhantomData<(&'a X509Ref, &'a ConfRef)>);
impl<'a> X509v3Context<'a> {
pub fn as_ptr(&self) -> *mut ffi::X509V3_CTX {
&self.0 as *const _ as *mut _
}
}
foreign_type! {
type CType = ffi::X509_EXTENSION;
fn drop = ffi::X509_EXTENSION_free;
pub struct X509Extension;
pub struct X509ExtensionRef;
}
impl Stackable for X509Extension {
type StackType = ffi::stack_st_X509_EXTENSION;
}
impl X509Extension {
/// Constructs an X509 extension value. See `man x509v3_config` for information on supported
/// names and their value formats.
///
/// Some extension types, such as `subjectAlternativeName`, require an `X509v3Context` to be
/// provided.
///
/// See the extension module for builder types which will construct certain common extensions.
pub fn new(conf: Option<&ConfRef>,
context: Option<&X509v3Context>,
name: &str,
value: &str)
-> Result<X509Extension, ErrorStack> {
let name = CString::new(name).unwrap();
let value = CString::new(value).unwrap();
unsafe {
ffi::init();
let conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
let context = context.map_or(ptr::null_mut(), X509v3Context::as_ptr);
let name = name.as_ptr() as *mut _;
let value = value.as_ptr() as *mut _;
cvt_p(ffi::X509V3_EXT_nconf(conf, context, name, value)).map(X509Extension)
}
}
/// Constructs an X509 extension value. See `man x509v3_config` for information on supported
/// extensions and their value formats.
///
/// Some extension types, such as `nid::SUBJECT_ALTERNATIVE_NAME`, require an `X509v3Context` to
/// be provided.
///
/// See the extension module for builder types which will construct certain common extensions.
pub fn new_nid(conf: Option<&ConfRef>,
context: Option<&X509v3Context>,
name: Nid,
value: &str)
-> Result<X509Extension, ErrorStack> {
let value = CString::new(value).unwrap();
unsafe {
ffi::init();
let conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
let context = context.map_or(ptr::null_mut(), X509v3Context::as_ptr);
let name = name.as_raw();
let value = value.as_ptr() as *mut _;
cvt_p(ffi::X509V3_EXT_nconf_nid(conf, context, name, value)).map(X509Extension)
}
}
}
pub struct X509NameBuilder(X509Name);
impl X509NameBuilder {
pub fn new() -> Result<X509NameBuilder, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::X509_NAME_new()).map(|p| X509NameBuilder(X509Name(p)))
}
}
pub fn append_entry_by_text(&mut self, field: &str, value: &str) -> Result<(), ErrorStack> {
unsafe {
let field = CString::new(field).unwrap();
assert!(value.len() <= c_int::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_txt(self.0.as_ptr(),
field.as_ptr() as *mut _,
ffi::MBSTRING_UTF8,
value.as_ptr(),
value.len() as c_int,
-1,
0))
.map(|_| ())
}
}
pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> {
unsafe {
assert!(value.len() <= c_int::max_value() as usize);
cvt(ffi::X509_NAME_add_entry_by_NID(self.0.as_ptr(),
field.as_raw(),
ffi::MBSTRING_UTF8,
value.as_ptr() as *mut _,
value.len() as c_int,
-1,
0))
.map(|_| ())
}
}
pub fn build(self) -> X509Name {
self.0
}
}
foreign_type! { foreign_type! {
type CType = ffi::X509_NAME; type CType = ffi::X509_NAME;
fn drop = ffi::X509_NAME_free; fn drop = ffi::X509_NAME_free;
@ -554,6 +698,11 @@ foreign_type! {
} }
impl X509Name { impl X509Name {
/// Returns a new builder.
pub fn builder() -> Result<X509NameBuilder, ErrorStack> {
X509NameBuilder::new()
}
/// Loads subject names from a file containing PEM-formatted certificates. /// Loads subject names from a file containing PEM-formatted certificates.
/// ///
/// This is commonly used in conjunction with `SslContextBuilder::set_client_ca_list`. /// This is commonly used in conjunction with `SslContextBuilder::set_client_ca_list`.
@ -622,6 +771,70 @@ impl X509NameEntryRef {
} }
} }
pub struct X509ReqBuilder(X509Req);
impl X509ReqBuilder {
pub fn new() -> Result<X509ReqBuilder, ErrorStack> {
unsafe {
ffi::init();
cvt_p(ffi::X509_REQ_new()).map(|p| X509ReqBuilder(X509Req(p)))
}
}
pub fn set_version(&mut self, version: i32) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_REQ_set_version(self.0.as_ptr(), version.into())).map(|_| ()) }
}
pub fn set_subject_name(&mut self, subject_name: &X509NameRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_REQ_set_subject_name(self.0.as_ptr(), subject_name.as_ptr())).map(|_| ())
}
}
pub fn set_pubkey(&mut self, key: &PKeyRef) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_REQ_set_pubkey(self.0.as_ptr(), key.as_ptr())).map(|_| ()) }
}
pub fn x509v3_context<'a>(&'a self,
conf: Option<&'a ConfRef>)
-> X509v3Context<'a> {
unsafe {
let mut ctx = mem::zeroed();
ffi::X509V3_set_ctx(&mut ctx,
ptr::null_mut(),
ptr::null_mut(),
self.0.as_ptr(),
ptr::null_mut(),
0);
// nodb case taken care of since we zeroed ctx above
if let Some(conf) = conf {
ffi::X509V3_set_nconf(&mut ctx, conf.as_ptr());
}
X509v3Context(ctx, PhantomData)
}
}
pub fn add_extensions(&mut self,
extensions: &StackRef<X509Extension>)
-> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_REQ_add_extensions(self.0.as_ptr(), extensions.as_ptr())).map(|_| ())
}
}
pub fn sign(&mut self, key: &PKeyRef, hash: MessageDigest) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::X509_REQ_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) }
}
pub fn build(self) -> X509Req {
self.0
}
}
foreign_type! { foreign_type! {
type CType = ffi::X509_REQ; type CType = ffi::X509_REQ;
fn drop = ffi::X509_REQ_free; fn drop = ffi::X509_REQ_free;
@ -631,6 +844,10 @@ foreign_type! {
} }
impl X509Req { impl X509Req {
pub fn builder() -> Result<X509ReqBuilder, ErrorStack> {
X509ReqBuilder::new()
}
/// Reads CSR from PEM /// Reads CSR from PEM
pub fn from_pem(buf: &[u8]) -> Result<X509Req, ErrorStack> { pub fn from_pem(buf: &[u8]) -> Result<X509Req, ErrorStack> {
let mem_bio = try!(MemBioSlice::new(buf)); let mem_bio = try!(MemBioSlice::new(buf));
@ -657,13 +874,6 @@ impl X509ReqRef {
} }
} }
pub fn set_version(&mut self, value: i32) -> Result<(), ErrorStack>
{
unsafe {
cvt(ffi::X509_REQ_set_version(self.as_ptr(), value as c_long)).map(|_| ())
}
}
pub fn subject_name(&self) -> &X509NameRef { pub fn subject_name(&self) -> &X509NameRef {
unsafe { unsafe {
let name = compat::X509_REQ_get_subject_name(self.as_ptr()); let name = compat::X509_REQ_get_subject_name(self.as_ptr());
@ -671,12 +881,6 @@ impl X509ReqRef {
X509NameRef::from_ptr(name) X509NameRef::from_ptr(name)
} }
} }
pub fn set_subject_name(&mut self, value: &X509NameRef) -> Result<(), ErrorStack> {
unsafe {
cvt(ffi::X509_REQ_set_subject_name(self.as_ptr(), value.as_ptr())).map(|_| ())
}
}
} }
/// A collection of X.509 extensions. /// A collection of X.509 extensions.

108
openssl/src/x509/tests.rs
View File

@ -1,13 +1,17 @@
use hex::{FromHex, ToHex}; use hex::{FromHex, ToHex};
use asn1::Asn1Time;
use bn::{BigNum, MSB_MAYBE_ZERO};
use ec::{NAMED_CURVE, EcGroup, EcKey}; use ec::{NAMED_CURVE, EcGroup, EcKey};
use hash::MessageDigest; use hash::MessageDigest;
use nid::X9_62_PRIME256V1; use nid::X9_62_PRIME256V1;
use pkey::PKey; use pkey::PKey;
use rsa::Rsa; use rsa::Rsa;
use stack::Stack;
use x509::{X509, X509Generator, X509Name, X509Req};
use x509::extension::{Extension, BasicConstraints, KeyUsage, ExtendedKeyUsage,
SubjectKeyIdentifier, AuthorityKeyIdentifier, SubjectAlternativeName};
use ssl::{SslMethod, SslContextBuilder}; use ssl::{SslMethod, SslContextBuilder};
use x509::{X509, X509Generator, X509Req};
use x509::extension::Extension::{KeyUsage, ExtKeyUsage, SubjectAltName, OtherNid, OtherStr};
use x509::extension::AltNameOption as SAN; use x509::extension::AltNameOption as SAN;
use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment}; use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment};
use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth}; use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth};
@ -18,13 +22,13 @@ fn get_generator() -> X509Generator {
.set_valid_period(365 * 2) .set_valid_period(365 * 2)
.add_name("CN".to_string(), "test_me".to_string()) .add_name("CN".to_string(), "test_me".to_string())
.set_sign_hash(MessageDigest::sha1()) .set_sign_hash(MessageDigest::sha1())
.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) .add_extension(Extension::KeyUsage(vec![DigitalSignature, KeyEncipherment]))
.add_extension(ExtKeyUsage(vec![ClientAuth, .add_extension(Extension::ExtKeyUsage(vec![ClientAuth,
ServerAuth, ServerAuth,
ExtKeyUsageOption::Other("2.999.1".to_owned())])) ExtKeyUsageOption::Other("2.999.1".to_owned())]))
.add_extension(SubjectAltName(vec![(SAN::DNS, "example.com".to_owned())])) .add_extension(Extension::SubjectAltName(vec![(SAN::DNS, "example.com".to_owned())]))
.add_extension(OtherNid(nid::BASIC_CONSTRAINTS, "critical,CA:TRUE".to_owned())) .add_extension(Extension::OtherNid(nid::BASIC_CONSTRAINTS, "critical,CA:TRUE".to_owned()))
.add_extension(OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned())) .add_extension(Extension::OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned()))
} }
fn pkey() -> PKey { fn pkey() -> PKey {
@ -51,8 +55,8 @@ fn test_cert_gen() {
fn test_cert_gen_extension_ordering() { fn test_cert_gen_extension_ordering() {
let pkey = pkey(); let pkey = pkey();
get_generator() get_generator()
.add_extension(OtherNid(nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned())) .add_extension(Extension::OtherNid(nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned()))
.add_extension(OtherNid(nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned())) .add_extension(Extension::OtherNid(nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned()))
.sign(&pkey) .sign(&pkey)
.expect("Failed to generate cert with order-dependent extensions"); .expect("Failed to generate cert with order-dependent extensions");
} }
@ -63,8 +67,8 @@ fn test_cert_gen_extension_ordering() {
fn test_cert_gen_extension_bad_ordering() { fn test_cert_gen_extension_bad_ordering() {
let pkey = pkey(); let pkey = pkey();
let result = get_generator() let result = get_generator()
.add_extension(OtherNid(nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned())) .add_extension(Extension::OtherNid(nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned()))
.add_extension(OtherNid(nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned())) .add_extension(Extension::OtherNid(nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned()))
.sign(&pkey); .sign(&pkey);
assert!(result.is_err()); assert!(result.is_err());
@ -183,6 +187,88 @@ fn test_subject_alt_name_iter() {
assert!(subject_alt_names_iter.next().is_none()); assert!(subject_alt_names_iter.next().is_none());
} }
#[test]
fn x509_builder() {
let pkey = pkey();
let mut name = X509Name::builder().unwrap();
name.append_entry_by_nid(nid::COMMONNAME, "foobar.com").unwrap();
let name = name.build();
let mut builder = X509::builder().unwrap();
builder.set_version(2).unwrap();
builder.set_subject_name(&name).unwrap();
builder.set_issuer_name(&name).unwrap();
builder.set_not_before(&Asn1Time::days_from_now(0).unwrap()).unwrap();
builder.set_not_after(&Asn1Time::days_from_now(365).unwrap()).unwrap();
builder.set_pubkey(&pkey).unwrap();
let mut serial = BigNum::new().unwrap();;
serial.rand(128, MSB_MAYBE_ZERO, false).unwrap();
builder.set_serial_number(&serial.to_asn1_integer().unwrap()).unwrap();
let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap();
builder.append_extension(basic_constraints).unwrap();
let key_usage = KeyUsage::new().digital_signature().key_encipherment().build().unwrap();
builder.append_extension(key_usage).unwrap();
let ext_key_usage = ExtendedKeyUsage::new()
.client_auth()
.server_auth()
.other("2.999.1")
.build()
.unwrap();
builder.append_extension(ext_key_usage).unwrap();
let subject_key_identifier = SubjectKeyIdentifier::new()
.build(&builder.x509v3_context(None, None))
.unwrap();
builder.append_extension(subject_key_identifier).unwrap();
let authority_key_identifier = AuthorityKeyIdentifier::new()
.keyid(true)
.build(&builder.x509v3_context(None, None))
.unwrap();
builder.append_extension(authority_key_identifier).unwrap();
let subject_alternative_name = SubjectAlternativeName::new()
.dns("example.com")
.build(&builder.x509v3_context(None, None))
.unwrap();
builder.append_extension(subject_alternative_name).unwrap();
builder.sign(&pkey, MessageDigest::sha256()).unwrap();
let x509 = builder.build();
assert!(pkey.public_eq(&x509.public_key().unwrap()));
let cn = x509.subject_name().entries_by_nid(nid::COMMONNAME).next().unwrap();
assert_eq!("foobar.com".as_bytes(), cn.data().as_slice());
}
#[test]
fn x509_req_builder() {
let pkey = pkey();
let mut name = X509Name::builder().unwrap();
name.append_entry_by_nid(nid::COMMONNAME, "foobar.com").unwrap();
let name = name.build();
let mut builder = X509Req::builder().unwrap();
builder.set_version(2).unwrap();
builder.set_subject_name(&name).unwrap();
builder.set_pubkey(&pkey).unwrap();
let mut extensions = Stack::new().unwrap();
let key_usage = KeyUsage::new().digital_signature().key_encipherment().build().unwrap();
extensions.push(key_usage).unwrap();
let subject_alternative_name = SubjectAlternativeName::new()
.dns("example.com")
.build(&builder.x509v3_context(None))
.unwrap();
extensions.push(subject_alternative_name).unwrap();
builder.add_extensions(&extensions).unwrap();
builder.sign(&pkey, MessageDigest::sha256()).unwrap();
}
#[test] #[test]
fn test_stack_from_pem() { fn test_stack_from_pem() {
let certs = include_bytes!("../../test/certs.pem"); let certs = include_bytes!("../../test/certs.pem");