Deprecate X509Generator
This commit is contained in:
Steven Fackler
parent
c0e02e7e51
commit
97872500a3
|
|
@ -9,6 +9,7 @@ use x509::{X509v3Context, X509Extension};
|
|||
/// See the `Extension` documentation for more information on the different
|
||||
/// variants.
|
||||
#[derive(Clone,Hash,PartialEq,Eq)]
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub enum ExtensionType {
|
||||
KeyUsage,
|
||||
ExtKeyUsage,
|
||||
|
|
@ -23,6 +24,7 @@ pub enum ExtensionType {
|
|||
/// Only one extension of each type is allow in a certificate.
|
||||
/// See RFC 3280 for more information about extensions.
|
||||
#[derive(Clone)]
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub enum Extension {
|
||||
/// The purposes of the key contained in the certificate
|
||||
KeyUsage(Vec<KeyUsageOption>),
|
||||
|
|
@ -58,6 +60,7 @@ pub enum Extension {
|
|||
}
|
||||
|
||||
impl Extension {
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn get_type(&self) -> ExtensionType {
|
||||
match self {
|
||||
&Extension::KeyUsage(_) => ExtensionType::KeyUsage,
|
||||
|
|
@ -71,6 +74,7 @@ impl Extension {
|
|||
}
|
||||
|
||||
impl ExtensionType {
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn get_nid(&self) -> Option<Nid> {
|
||||
match self {
|
||||
&ExtensionType::KeyUsage => Some(nid::KEY_USAGE),
|
||||
|
|
@ -82,6 +86,7 @@ impl ExtensionType {
|
|||
}
|
||||
}
|
||||
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn get_name(&self) -> Option<&str> {
|
||||
match self {
|
||||
&ExtensionType::OtherStr(ref s) => Some(s),
|
||||
|
|
@ -122,6 +127,7 @@ impl ToString for Extension {
|
|||
}
|
||||
|
||||
#[derive(Clone,Copy)]
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub enum KeyUsageOption {
|
||||
DigitalSignature,
|
||||
NonRepudiation,
|
||||
|
|
@ -151,6 +157,7 @@ impl fmt::Display for KeyUsageOption {
|
|||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub enum ExtKeyUsageOption {
|
||||
ServerAuth,
|
||||
ClientAuth,
|
||||
|
|
@ -187,6 +194,7 @@ impl fmt::Display for ExtKeyUsageOption {
|
|||
}
|
||||
|
||||
#[derive(Clone, Copy)]
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub enum AltNameOption {
|
||||
/// The value is specified as OID;content. See `man ASN1_generate_nconf` for more information on the content syntax.
|
||||
///
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
#![allow(deprecated)]
|
||||
use libc::{c_int, c_long};
|
||||
use std::borrow::Borrow;
|
||||
use std::cmp;
|
||||
|
|
@ -89,31 +90,7 @@ impl X509StoreContextRef {
|
|||
}
|
||||
}
|
||||
|
||||
#[allow(non_snake_case)]
|
||||
/// Generator of private key/certificate pairs
|
||||
///
|
||||
/// # Example
|
||||
///
|
||||
/// ```
|
||||
/// use openssl::hash::MessageDigest;
|
||||
/// use openssl::pkey::PKey;
|
||||
/// use openssl::rsa::Rsa;
|
||||
/// use openssl::x509::X509Generator;
|
||||
/// use openssl::x509::extension::{Extension, KeyUsageOption};
|
||||
///
|
||||
/// let rsa = Rsa::generate(2048).unwrap();
|
||||
/// let pkey = PKey::from_rsa(rsa).unwrap();
|
||||
///
|
||||
/// let gen = X509Generator::new()
|
||||
/// .set_valid_period(365*2)
|
||||
/// .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
|
||||
/// .set_sign_hash(MessageDigest::sha256())
|
||||
/// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));
|
||||
///
|
||||
/// let cert = gen.sign(&pkey).unwrap();
|
||||
/// let cert_pem = cert.to_pem().unwrap();
|
||||
/// let pkey_pem = pkey.private_key_to_pem().unwrap();
|
||||
/// ```
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub struct X509Generator {
|
||||
days: u32,
|
||||
names: Vec<(String, String)>,
|
||||
|
|
@ -121,6 +98,7 @@ pub struct X509Generator {
|
|||
hash_type: MessageDigest,
|
||||
}
|
||||
|
||||
#[allow(deprecated)]
|
||||
impl X509Generator {
|
||||
/// Creates a new generator with the following defaults:
|
||||
///
|
||||
|
|
@ -129,6 +107,7 @@ impl X509Generator {
|
|||
/// CN: "rust-openssl"
|
||||
///
|
||||
/// hash: SHA1
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn new() -> X509Generator {
|
||||
X509Generator {
|
||||
days: 365,
|
||||
|
|
@ -139,6 +118,7 @@ impl X509Generator {
|
|||
}
|
||||
|
||||
/// Sets certificate validity period in days since today
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn set_valid_period(mut self, days: u32) -> X509Generator {
|
||||
self.days = days;
|
||||
self
|
||||
|
|
@ -150,6 +130,7 @@ impl X509Generator {
|
|||
/// # let generator = openssl::x509::X509Generator::new();
|
||||
/// generator.add_name("CN".to_string(),"example.com".to_string());
|
||||
/// ```
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
|
||||
self.names.push((attr_type, attr_value));
|
||||
self
|
||||
|
|
@ -161,6 +142,7 @@ impl X509Generator {
|
|||
/// # let generator = openssl::x509::X509Generator::new();
|
||||
/// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
|
||||
/// ```
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn add_names<I>(mut self, attrs: I) -> X509Generator
|
||||
where I: IntoIterator<Item = (String, String)>
|
||||
{
|
||||
|
|
@ -179,6 +161,7 @@ impl X509Generator {
|
|||
/// # let generator = openssl::x509::X509Generator::new();
|
||||
/// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));
|
||||
/// ```
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator {
|
||||
self.extensions.add(ext);
|
||||
self
|
||||
|
|
@ -195,6 +178,7 @@ impl X509Generator {
|
|||
/// # let generator = openssl::x509::X509Generator::new();
|
||||
/// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);
|
||||
/// ```
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn add_extensions<I>(mut self, exts: I) -> X509Generator
|
||||
where I: IntoIterator<Item = extension::Extension>
|
||||
{
|
||||
|
|
@ -205,12 +189,14 @@ impl X509Generator {
|
|||
self
|
||||
}
|
||||
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator {
|
||||
self.hash_type = hash_type;
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets the certificate public-key, then self-sign and return it
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn sign(&self, p_key: &PKeyRef) -> Result<X509, ErrorStack> {
|
||||
let mut builder = try!(X509::builder());
|
||||
try!(builder.set_version(2));
|
||||
|
|
@ -262,6 +248,7 @@ impl X509Generator {
|
|||
}
|
||||
|
||||
/// Obtain a certificate signing request (CSR)
|
||||
#[deprecated(since = "0.9.1", note = "use X509Builder and X509ReqBuilder instead")]
|
||||
pub fn request(&self, p_key: &PKeyRef) -> Result<X509Req, ErrorStack> {
|
||||
let cert = match self.sign(p_key) {
|
||||
Ok(c) => c,
|
||||
|
|
|
|||
Loading…
Reference in New Issue