min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Deprecate X509Generator

This commit is contained in:
Steven Fackler 2016-11-07 21:36:09 +00:00
parent c0e02e7e51
commit 97872500a3
2 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openssl/src/x509/extension.rs
View File

@ -9,6 +9,7 @@ use x509::{X509v3Context, X509Extension};
/// See the `Extension` documentation for more information on the different /// See the `Extension` documentation for more information on the different
/// variants. /// variants.
#[derive(Clone,Hash,PartialEq,Eq)] #[derive(Clone,Hash,PartialEq,Eq)]
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub enum ExtensionType { pub enum ExtensionType {
KeyUsage, KeyUsage,
ExtKeyUsage, ExtKeyUsage,
@ -23,6 +24,7 @@ pub enum ExtensionType {
/// Only one extension of each type is allow in a certificate. /// Only one extension of each type is allow in a certificate.
/// See RFC 3280 for more information about extensions. /// See RFC 3280 for more information about extensions.
#[derive(Clone)] #[derive(Clone)]
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub enum Extension { pub enum Extension {
/// The purposes of the key contained in the certificate /// The purposes of the key contained in the certificate
KeyUsage(Vec<KeyUsageOption>), KeyUsage(Vec<KeyUsageOption>),
@ -58,6 +60,7 @@ pub enum Extension {
} }
impl Extension { impl Extension {
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn get_type(&self) -> ExtensionType { pub fn get_type(&self) -> ExtensionType {
match self { match self {
&Extension::KeyUsage(_) => ExtensionType::KeyUsage, &Extension::KeyUsage(_) => ExtensionType::KeyUsage,
@ -71,6 +74,7 @@ impl Extension {
} }
impl ExtensionType { impl ExtensionType {
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn get_nid(&self) -> Option<Nid> { pub fn get_nid(&self) -> Option<Nid> {
match self { match self {
&ExtensionType::KeyUsage => Some(nid::KEY_USAGE), &ExtensionType::KeyUsage => Some(nid::KEY_USAGE),
@ -82,6 +86,7 @@ impl ExtensionType {
} }
} }
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn get_name(&self) -> Option<&str> { pub fn get_name(&self) -> Option<&str> {
match self { match self {
&ExtensionType::OtherStr(ref s) => Some(s), &ExtensionType::OtherStr(ref s) => Some(s),
@ -122,6 +127,7 @@ impl ToString for Extension {
} }
#[derive(Clone,Copy)] #[derive(Clone,Copy)]
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub enum KeyUsageOption { pub enum KeyUsageOption {
DigitalSignature, DigitalSignature,
NonRepudiation, NonRepudiation,
@ -151,6 +157,7 @@ impl fmt::Display for KeyUsageOption {
} }
#[derive(Clone)] #[derive(Clone)]
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub enum ExtKeyUsageOption { pub enum ExtKeyUsageOption {
ServerAuth, ServerAuth,
ClientAuth, ClientAuth,
@ -187,6 +194,7 @@ impl fmt::Display for ExtKeyUsageOption {
} }
#[derive(Clone, Copy)] #[derive(Clone, Copy)]
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub enum AltNameOption { pub enum AltNameOption {
/// The value is specified as OID;content. See `man ASN1_generate_nconf` for more information on the content syntax. /// The value is specified as OID;content. See `man ASN1_generate_nconf` for more information on the content syntax.
/// ///

37
openssl/src/x509/mod.rs
View File

@ -1,3 +1,4 @@
#![allow(deprecated)]
use libc::{c_int, c_long}; use libc::{c_int, c_long};
use std::borrow::Borrow; use std::borrow::Borrow;
use std::cmp; use std::cmp;
@ -89,31 +90,7 @@ impl X509StoreContextRef {
} }
} }
#[allow(non_snake_case)] #[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
/// Generator of private key/certificate pairs
///
/// # Example
///
/// ```
/// use openssl::hash::MessageDigest;
/// use openssl::pkey::PKey;
/// use openssl::rsa::Rsa;
/// use openssl::x509::X509Generator;
/// use openssl::x509::extension::{Extension, KeyUsageOption};
///
/// let rsa = Rsa::generate(2048).unwrap();
/// let pkey = PKey::from_rsa(rsa).unwrap();
///
/// let gen = X509Generator::new()
/// .set_valid_period(365*2)
/// .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
/// .set_sign_hash(MessageDigest::sha256())
/// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));
///
/// let cert = gen.sign(&pkey).unwrap();
/// let cert_pem = cert.to_pem().unwrap();
/// let pkey_pem = pkey.private_key_to_pem().unwrap();
/// ```
pub struct X509Generator { pub struct X509Generator {
days: u32, days: u32,
names: Vec<(String, String)>, names: Vec<(String, String)>,
@ -121,6 +98,7 @@ pub struct X509Generator {
hash_type: MessageDigest, hash_type: MessageDigest,
} }
#[allow(deprecated)]
impl X509Generator { impl X509Generator {
/// Creates a new generator with the following defaults: /// Creates a new generator with the following defaults:
/// ///
@ -129,6 +107,7 @@ impl X509Generator {
/// CN: "rust-openssl" /// CN: "rust-openssl"
/// ///
/// hash: SHA1 /// hash: SHA1
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn new() -> X509Generator { pub fn new() -> X509Generator {
X509Generator { X509Generator {
days: 365, days: 365,
@ -139,6 +118,7 @@ impl X509Generator {
} }
/// Sets certificate validity period in days since today /// Sets certificate validity period in days since today
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn set_valid_period(mut self, days: u32) -> X509Generator { pub fn set_valid_period(mut self, days: u32) -> X509Generator {
self.days = days; self.days = days;
self self
@ -150,6 +130,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_name("CN".to_string(),"example.com".to_string()); /// generator.add_name("CN".to_string(),"example.com".to_string());
/// ``` /// ```
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
self.names.push((attr_type, attr_value)); self.names.push((attr_type, attr_value));
self self
@ -161,6 +142,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
/// ``` /// ```
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_names<I>(mut self, attrs: I) -> X509Generator pub fn add_names<I>(mut self, attrs: I) -> X509Generator
where I: IntoIterator<Item = (String, String)> where I: IntoIterator<Item = (String, String)>
{ {
@ -179,6 +161,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])); /// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));
/// ``` /// ```
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator { pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator {
self.extensions.add(ext); self.extensions.add(ext);
self self
@ -195,6 +178,7 @@ impl X509Generator {
/// # let generator = openssl::x509::X509Generator::new(); /// # let generator = openssl::x509::X509Generator::new();
/// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]); /// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);
/// ``` /// ```
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn add_extensions<I>(mut self, exts: I) -> X509Generator pub fn add_extensions<I>(mut self, exts: I) -> X509Generator
where I: IntoIterator<Item = extension::Extension> where I: IntoIterator<Item = extension::Extension>
{ {
@ -205,12 +189,14 @@ impl X509Generator {
self self
} }
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator { pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator {
self.hash_type = hash_type; self.hash_type = hash_type;
self self
} }
/// Sets the certificate public-key, then self-sign and return it /// Sets the certificate public-key, then self-sign and return it
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn sign(&self, p_key: &PKeyRef) -> Result<X509, ErrorStack> { pub fn sign(&self, p_key: &PKeyRef) -> Result<X509, ErrorStack> {
let mut builder = try!(X509::builder()); let mut builder = try!(X509::builder());
try!(builder.set_version(2)); try!(builder.set_version(2));
@ -262,6 +248,7 @@ impl X509Generator {
} }
/// Obtain a certificate signing request (CSR) /// Obtain a certificate signing request (CSR)
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
pub fn request(&self, p_key: &PKeyRef) -> Result<X509Req, ErrorStack> { pub fn request(&self, p_key: &PKeyRef) -> Result<X509Req, ErrorStack> {
let cert = match self.sign(p_key) { let cert = match self.sign(p_key) {
Ok(c) => c, Ok(c) => c,