Merge pull request #227 from jethrogb/topic/x509_name

Allow setting of arbitrary X509 names
author: Steven Fackler <[email protected]> 2015-07-08 10:21:19 -0700
committer: Steven Fackler <[email protected]> 2015-07-08 10:21:19 -0700
commit: 3351d5b807fbfdc6aede8e46b9dac816d1d68e31 (patch)
tree: 84746d1770c401d8669f7d40a2a48f27588ad23b
parent: Merge pull request #221 from jethrogb/topic/ssl_options (diff)
parent: Fix/add more X509generator tests (diff)
download: rust-openssl-3351d5b807fbfdc6aede8e46b9dac816d1d68e31.tar.xz
rust-openssl-3351d5b807fbfdc6aede8e46b9dac816d1d68e31.zip
2 files changed, 47 insertions, 7 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 423a258f..67258da5 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -145,7 +145,7 @@ pub use self::extension::ExtKeyUsageOption as ExtKeyUsage;
 pub struct X509Generator {
     bits: u32,
     days: u32,
-    CN: String,
+    names: Vec<(String,String)>,
     // RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension.
     extensions: HashMap<ExtensionType,Extension>,
     hash_type: HashType,
@@ -165,7 +165,7 @@ impl X509Generator {
         X509Generator {
             bits: 1024,
             days: 365,
-            CN: "rust-openssl".to_string(),
+            names: vec![],
             extensions: HashMap::new(),
             hash_type: HashType::SHA1
         }
@@ -184,9 +184,41 @@ impl X509Generator {
     }
 
     #[allow(non_snake_case)]
-    /// Sets Common Name of certificate
+    /// (deprecated) Sets Common Name of certificate
+    ///
+    /// This function is deprecated, use `X509Generator.add_name` instead.
+    /// Don't use this function AND the `add_name` method
     pub fn set_CN(mut self, CN: &str) -> X509Generator {
-        self.CN = CN.to_string();
+        match self.names.get_mut(0) {
+            Some(&mut(_,ref mut val)) => *val=CN.to_string(),
+            _ => {} /* would move push here, but borrow checker won't let me */
+        }
+        if self.names.len()==0 {
+            self.names.push(("CN".to_string(),CN.to_string()));
+        }
+        self
+    }
+
+    /// Add attribute to the name of the certificate
+    ///
+    /// ```
+    /// # let generator = openssl::x509::X509Generator::new();
+    /// generator.add_name("CN".to_string(),"example.com".to_string());
+    /// ```
+    pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
+        self.names.push((attr_type,attr_value));
+        self
+    }
+
+    /// Add multiple attributes to the name of the certificate
+    ///
+    /// ```
+    /// # let generator = openssl::x509::X509Generator::new();
+    /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
+    /// ```
+    pub fn add_names<I>(mut self, attrs: I) -> X509Generator
+        where I: IntoIterator<Item=(String,String)> {
+        self.names.extend(attrs);
         self
     }
 
@@ -267,7 +299,7 @@ impl X509Generator {
         }
     }
 
-    fn add_name(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> {
+    fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> {
         let value_len = value.len() as c_int;
         lift_ssl!(unsafe {
             let key = CString::new(key.as_bytes()).unwrap();
@@ -333,7 +365,15 @@ impl X509Generator {
             let name = ffi::X509_get_subject_name(x509.handle);
             try_ssl_null!(name);
 
-            try!(X509Generator::add_name(name, "CN", &self.CN));
+            let default=[("CN","rust-openssl")];
+            let default_iter=&mut default.iter().map(|&(k,v)|(k,v));
+            let arg_iter=&mut self.names.iter().map(|&(ref k,ref v)|(&k[..],&v[..]));
+            let iter: &mut Iterator<Item=(&str,&str)> =
+                if self.names.len()==0 { default_iter } else { arg_iter };
+
+            for (key,val) in iter {
+                try!(X509Generator::add_name_internal(name, &key, &val));
+            }
             ffi::X509_set_issuer_name(x509.handle, name);
 
             for (exttype,ext) in self.extensions.iter() {
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 8417ee5c..0aed364b 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -16,7 +16,7 @@ fn test_cert_gen() {
     let gen = X509Generator::new()
         .set_bitlength(2048)
         .set_valid_period(365*2)
-        .set_CN("test_me")
+        .add_name("CN".to_string(),"test_me".to_string())
         .set_sign_hash(SHA256)
         .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
         .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())]))
author	Steven Fackler <[email protected]>	2015-07-08 10:21:19 -0700
committer	Steven Fackler <[email protected]>	2015-07-08 10:21:19 -0700
commit	3351d5b807fbfdc6aede8e46b9dac816d1d68e31 (patch)
tree	84746d1770c401d8669f7d40a2a48f27588ad23b
parent	Merge pull request #221 from jethrogb/topic/ssl_options (diff)
parent	Fix/add more X509generator tests (diff)
download	rust-openssl-3351d5b807fbfdc6aede8e46b9dac816d1d68e31.tar.xz rust-openssl-3351d5b807fbfdc6aede8e46b9dac816d1d68e31.zip