diff options
| author | René Richter <[email protected]> | 2018-04-21 09:44:49 +0200 |
|---|---|---|
| committer | René Richter <[email protected]> | 2018-04-21 23:14:48 +0200 |
| commit | 5bb89d7552fd5fd14749769da8e848ee67ef7582 (patch) | |
| tree | 84effaebac73582a6634d49d6c6294d962d10413 | |
| parent | Merge pull request #899 from rohit-lshift/master (diff) | |
| download | rust-openssl-5bb89d7552fd5fd14749769da8e848ee67ef7582.tar.xz rust-openssl-5bb89d7552fd5fd14749769da8e848ee67ef7582.zip | |
Add functions to X509Req to obtain public key and extensions
This allows for basic CSR signing.
| -rw-r--r-- | openssl-sys/src/lib.rs | 2 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 22 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 4 |
3 files changed, 28 insertions, 0 deletions
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 85527f8f..03ab60f4 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -2741,8 +2741,10 @@ extern "C" { pub fn X509_REQ_set_version(req: *mut X509_REQ, version: c_long) -> c_int; pub fn X509_REQ_set_subject_name(req: *mut X509_REQ, name: *mut X509_NAME) -> c_int; pub fn X509_REQ_set_pubkey(req: *mut X509_REQ, pkey: *mut EVP_PKEY) -> c_int; + pub fn X509_REQ_get_pubkey(req: *mut X509_REQ) -> *mut EVP_PKEY; pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int; + pub fn X509_REQ_get_extensions(req: *mut X509_REQ) -> *mut stack_st_X509_EXTENSION; pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int; #[cfg(not(ossl101))] diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 011a2d96..c1ae3b16 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -1069,6 +1069,28 @@ impl X509ReqRef { X509NameRef::from_ptr(name) } } + + /// Returns the public key of the certificate request. + /// + /// This corresponds to [`X509_REQ_get_pubkey"] + /// + /// [`X509_REQ_get_pubkey`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_get_pubkey.html + pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack> { + unsafe { + let key = cvt_p(ffi::X509_REQ_get_pubkey(self.as_ptr()))?; + Ok(PKey::from_ptr(key)) + } + } + + /// Returns the extensions of the certificate request. + /// + /// This corresponds to [`X509_REQ_get_extensions"] + pub fn extensions(&self) -> Result<Stack<X509Extension>, ErrorStack> { + unsafe { + let extensions = cvt_p(ffi::X509_REQ_get_extensions(self.as_ptr()))?; + Ok(Stack::from_ptr(extensions)) + } + } } /// The result of peer certificate verification. diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index fa8056ad..7ef4d160 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -234,6 +234,10 @@ fn x509_req_builder() { builder.add_extensions(&extensions).unwrap(); builder.sign(&pkey, MessageDigest::sha256()).unwrap(); + + let req = builder.build(); + assert!(req.public_key().unwrap().public_eq(&pkey)); + assert_eq!(req.extensions().unwrap().len(), extensions.len()); } #[test] |