diff --git a/src/crypto/pkey.rs b/src/crypto/pkey.rs index ac16f478..a04937b3 100644 --- a/src/crypto/pkey.rs +++ b/src/crypto/pkey.rs @@ -142,7 +142,7 @@ impl PKey { let mut mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_PrivateKey(mem_bio.get_handle(), self.evp, ptr::null(), - ptr::null_mut(), -1, ptr::null_mut(), ptr::null_mut())); + ptr::null_mut(), -1, None, ptr::null_mut())); } let buf = try!(mem_bio.read_to_end().map_err(StreamError)); diff --git a/src/ffi.rs b/src/ffi.rs index 8b2cd467..aa5758f3 100755 --- a/src/ffi.rs +++ b/src/ffi.rs @@ -76,9 +76,9 @@ pub type CRYPTO_EX_dup = extern "C" fn(to: *mut CRYPTO_EX_DATA, pub type CRYPTO_EX_free = extern "C" fn(parent: *mut c_void, ptr: *mut c_void, ad: *mut CRYPTO_EX_DATA, idx: c_int, argl: c_long, argp: *mut c_void); -pub type PrivateKeyWriteCallback = extern "C" fn(buf: *mut c_char, size: c_int, - rwflag: c_int, user_data: *mut c_void) - -> c_int; +pub type PasswordCallback = extern "C" fn(buf: *mut c_char, size: c_int, + rwflag: c_int, user_data: *mut c_void) + -> c_int; pub const BIO_CTRL_EOF: c_int = 2; @@ -356,9 +356,12 @@ extern "C" { pub fn HMAC_Final(ctx: *mut HMAC_CTX, output: *mut u8, len: *mut c_uint); pub fn HMAC_Update(ctx: *mut HMAC_CTX, input: *const u8, len: c_uint); + + pub fn PEM_read_bio_X509(bio: *mut BIO, out: *mut *mut X509, callback: Option, + user_data: *mut c_void) -> *mut X509; pub fn PEM_write_bio_PrivateKey(bio: *mut BIO, pkey: *mut EVP_PKEY, cipher: *const EVP_CIPHER, kstr: *mut c_char, klen: c_int, - callback: *mut c_void, + callback: Option, user_data: *mut c_void) -> c_int; pub fn PEM_write_bio_X509(bio: *mut BIO, x509: *mut X509) -> c_int; diff --git a/src/ssl/tests.rs b/src/ssl/tests.rs index a68d4967..5a47aa5f 100644 --- a/src/ssl/tests.rs +++ b/src/ssl/tests.rs @@ -1,11 +1,11 @@ -use std::io::{File, Open, Write, Writer}; +use serialize::hex::FromHex; +use std::io::{Writer}; use std::io::net::tcp::TcpStream; -use std::num::FromStrRadix; use std::str; use crypto::hash::{SHA256}; -use ssl::{Sslv23, SslContext, SslStream, SslVerifyPeer, SslVerifyNone}; -use x509::{X509Generator, DigitalSignature, KeyEncipherment, ClientAuth, ServerAuth, X509StoreContext}; +use ssl::{Sslv23, SslContext, SslStream, SslVerifyPeer}; +use x509::{X509StoreContext}; #[test] fn test_new_ctx() { @@ -142,19 +142,6 @@ fn test_verify_trusted_get_error_err() { assert!(SslStream::new(&ctx, stream).is_err()); } -fn hash_str_to_vec(s: &str) -> Vec { - let mut res = Vec::new(); - assert!(s.len() % 2 == 0, "Hash str should have len = 2 * n"); - for i in range(0, s.len() / 2) { - let substr = s.slice(i, i + 2); - let t: Option = FromStrRadix::from_str_radix(substr, 16); - assert!(t.is_some(), "Hash str must contain only hex digits, i.e. [0-9a-f]"); - res.push(t.unwrap()); - } - - res -} - #[test] fn test_verify_callback_data() { fn callback(_preverify_ok: bool, x509_ctx: &X509StoreContext, node_id: &Vec) -> bool { @@ -175,8 +162,8 @@ fn test_verify_callback_data() { // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 // Please update if "test/cert.pem" will ever change let node_hash_str = "6204f6617e1af7495394250655f43600cd483e2dfc2005e92d0fe439d0723c34"; - let node_id = hash_str_to_vec(node_hash_str); - ctx.set_verify_with_data(SslVerifyNone, callback, node_id); + let node_id = node_hash_str.from_hex().unwrap(); + ctx.set_verify_with_data(SslVerifyPeer, callback, node_id); ctx.set_verify_depth(1); match SslStream::new(&ctx, stream) { @@ -205,35 +192,3 @@ fn test_read() { let buf = stream.read_to_end().ok().expect("read error"); print!("{}", str::from_utf8(buf.as_slice())); } - -#[test] -fn test_cert_gen() { - let gen = X509Generator::new() - .set_bitlength(2048) - .set_valid_period(365*2) - .set_CN("test_me") - .set_sign_hash(SHA256) - .set_usage([DigitalSignature, KeyEncipherment]) - .set_ext_usage([ClientAuth, ServerAuth]); - - let res = gen.generate(); - assert!(res.is_ok()); - - let (cert, pkey) = res.unwrap(); - - #[cfg(unix)] - static NULL_PATH: &'static str = "/dev/null"; - #[cfg(windows)] - static NULL_PATH: &'static str = "nul"; - - let cert_path = Path::new(NULL_PATH); - let mut file = File::open_mode(&cert_path, Open, Write).unwrap(); - assert!(cert.write_pem(&mut file).is_ok()); - - let key_path = Path::new(NULL_PATH); - let mut file = File::open_mode(&key_path, Open, Write).unwrap(); - assert!(pkey.write_pem(&mut file).is_ok()); - - // FIXME: check data in result to be correct, needs implementation - // of X509 getters -} diff --git a/src/x509/mod.rs b/src/x509/mod.rs index e3ececcc..94934b25 100644 --- a/src/x509/mod.rs +++ b/src/x509/mod.rs @@ -11,6 +11,9 @@ use ffi; use ssl::error::{SslError, StreamError}; +#[cfg(test)] +mod tests; + #[repr(i32)] pub enum X509FileType { PEM = ffi::X509_FILETYPE_PEM, @@ -322,6 +325,7 @@ impl X509Generator { } } + #[allow(dead_code)] /// A public key certificate pub struct X509<'ctx> { @@ -331,6 +335,39 @@ pub struct X509<'ctx> { } impl<'ctx> X509<'ctx> { + /// Creates new from handle with desired ownership. + pub fn new(handle: *mut ffi::X509, owned: bool) -> X509<'ctx> { + X509 { + ctx: None, + handle: handle, + owned: owned, + } + } + + /// Creates a new certificate from context. Doesn't take ownership + /// of handle. + pub fn new_in_ctx(handle: *mut ffi::X509, ctx: &'ctx X509StoreContext) -> X509<'ctx> { + X509 { + ctx: Some(ctx), + handle: handle, + owned: false + } + } + + /// Reads certificate from PEM, takes ownership of handle + pub fn from_pem(reader: &mut Reader) -> Result, SslError> { + let mut mem_bio = try!(MemBio::new()); + let buf = try!(reader.read_to_end().map_err(StreamError)); + try!(mem_bio.write(buf.as_slice()).map_err(StreamError)); + + unsafe { + let handle = try_ssl_null!(ffi::PEM_read_bio_X509(mem_bio.get_handle(), + ptr::null_mut(), + None, ptr::null_mut())); + Ok(X509::new(handle, true)) + } + } + pub fn subject_name<'a>(&'a self) -> X509Name<'a> { let name = unsafe { ffi::X509_get_subject_name(self.handle) }; X509Name { x509: self, name: name } diff --git a/src/x509/tests.rs b/src/x509/tests.rs new file mode 100644 index 00000000..e4f7b142 --- /dev/null +++ b/src/x509/tests.rs @@ -0,0 +1,49 @@ +use serialize::hex::FromHex; +use std::io::{File, Open, Read}; +use std::io::util::NullWriter; + +use crypto::hash::{SHA256}; +use x509::{X509, X509Generator, DigitalSignature, KeyEncipherment, ClientAuth, ServerAuth}; + +#[test] +fn test_cert_gen() { + let gen = X509Generator::new() + .set_bitlength(2048) + .set_valid_period(365*2) + .set_CN("test_me") + .set_sign_hash(SHA256) + .set_usage([DigitalSignature, KeyEncipherment]) + .set_ext_usage([ClientAuth, ServerAuth]); + + let res = gen.generate(); + assert!(res.is_ok()); + + let (cert, pkey) = res.unwrap(); + + let mut writer = NullWriter; + assert!(cert.write_pem(&mut writer).is_ok()); + assert!(pkey.write_pem(&mut writer).is_ok()); + + // FIXME: check data in result to be correct, needs implementation + // of X509 getters +} + +#[test] +fn test_cert_loading() { + let cert_path = Path::new("test/cert.pem"); + let mut file = File::open_mode(&cert_path, Open, Read) + .ok() + .expect("Failed to open `test/cert.pem`"); + + let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let fingerprint = cert.fingerprint(SHA256).unwrap(); + + // Hash was generated as SHA256 hash of certificate "test/cert.pem" + // in DER format. + // Command: openssl x509 -in test/cert.pem -outform DER | openssl dgst -sha256 + // Please update if "test/cert.pem" will ever change + let hash_str = "6204f6617e1af7495394250655f43600cd483e2dfc2005e92d0fe439d0723c34"; + let hash_vec = hash_str.from_hex().unwrap(); + + assert_eq!(fingerprint.as_slice(), hash_vec.as_slice()); +}