From f4168b1161081523705657adc4a324e533483ca3 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 23:11:42 -0700 Subject: [PATCH] Add Subject Alternate Name extension --- openssl/src/x509/extension.rs | 32 ++++++++++++++++++++++++++++++++ openssl/src/x509/tests.rs | 4 +++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index 78058b72..8091d058 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -5,6 +5,7 @@ use nid::Nid; pub enum ExtensionType { KeyUsage, ExtKeyUsage, + SubjectAltName, OtherNid(Nid), OtherStr(String), } @@ -13,6 +14,7 @@ pub enum ExtensionType { pub enum Extension { KeyUsage(Vec), ExtKeyUsage(Vec), + SubjectAltName(Vec<(AltNameOption,String)>), OtherNid(Nid,String), OtherStr(String,String), } @@ -22,6 +24,7 @@ impl Extension { match self { &Extension::KeyUsage(_) => ExtensionType::KeyUsage, &Extension::ExtKeyUsage(_) => ExtensionType::ExtKeyUsage, + &Extension::SubjectAltName(_) => ExtensionType::SubjectAltName, &Extension::OtherNid(nid,_) => ExtensionType::OtherNid(nid), &Extension::OtherStr(ref s,_) => ExtensionType::OtherStr(s.clone()), } @@ -33,6 +36,7 @@ impl ExtensionType { match self { &ExtensionType::KeyUsage => Some(Nid::KeyUsage), &ExtensionType::ExtKeyUsage => Some(Nid::ExtendedKeyUsage), + &ExtensionType::SubjectAltName => Some(Nid::SubjectAltName), &ExtensionType::OtherNid(nid) => Some(nid), &ExtensionType::OtherStr(_) => None, } @@ -61,6 +65,7 @@ impl ToString for Extension { match self { &Extension::KeyUsage(ref purposes) => join(purposes.iter(),","), &Extension::ExtKeyUsage(ref purposes) => join(purposes.iter(),","), + &Extension::SubjectAltName(ref names) => join(names.iter().map(|&(ref opt,ref val)|opt.to_string()+":"+&val),","), &Extension::OtherNid(_,ref value) => value.clone(), &Extension::OtherStr(_,ref value) => value.clone(), } @@ -131,3 +136,30 @@ impl fmt::Display for ExtKeyUsageOption { }) } } + +#[derive(Clone, Copy)] +pub enum AltNameOption { + Other, + Email, + DNS, + //X400, // Not supported by OpenSSL + Directory, + //EDIParty, // Not supported by OpenSSL + URI, + IPAddress, + RegisteredID, +} + +impl fmt::Display for AltNameOption { + fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> { + f.pad(match self { + &AltNameOption::Other => "otherName", + &AltNameOption::Email => "email", + &AltNameOption::DNS => "DNS", + &AltNameOption::Directory => "dirName", + &AltNameOption::URI => "URI", + &AltNameOption::IPAddress => "IP", + &AltNameOption::RegisteredID => "RID", + }) + } +} diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index ff7d1173..8417ee5c 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -5,7 +5,8 @@ use std::fs::File; use crypto::hash::Type::{SHA256}; use x509::{X509, X509Generator}; -use x509::extension::Extension::{KeyUsage,ExtKeyUsage,OtherNid,OtherStr}; +use x509::extension::Extension::{KeyUsage,ExtKeyUsage,SubjectAltName,OtherNid,OtherStr}; +use x509::extension::AltNameOption as SAN; use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment}; use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth}; use nid::Nid; @@ -19,6 +20,7 @@ fn test_cert_gen() { .set_sign_hash(SHA256) .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())])) + .add_extension(SubjectAltName(vec![(SAN::DNS,"example.com".to_owned())])) .add_extension(OtherNid(Nid::BasicConstraints,"critical,CA:TRUE".to_owned())) .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned()));