diff options
| author | Steven Fackler <[email protected]> | 2016-11-06 21:58:43 -0800 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-11-06 21:58:43 -0800 |
| commit | 5f18ffa4b3cee58053209f20317b0a88eb008e43 (patch) | |
| tree | 8ea77ad77d6b5d49752652e151ea09ceda18bc03 /openssl/src/x509/extension.rs | |
| parent | Add conf module (diff) | |
| download | rust-openssl-5f18ffa4b3cee58053209f20317b0a88eb008e43.tar.xz rust-openssl-5f18ffa4b3cee58053209f20317b0a88eb008e43.zip | |
Start of extension support
Diffstat (limited to 'openssl/src/x509/extension.rs')
| -rw-r--r-- | openssl/src/x509/extension.rs | 160 |
1 files changed, 159 insertions, 1 deletions
diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index 398bbb3e..d16dbea8 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -1,6 +1,8 @@ -use std::fmt; +use std::fmt::{self, Write}; +use error::ErrorStack; use nid::{self, Nid}; +use x509::X509Extension; /// Type-only version of the `Extension` enum. /// @@ -219,3 +221,159 @@ impl fmt::Display for AltNameOption { }) } } + +pub struct BasicConstraints { + critical: bool, + ca: bool, + pathlen: Option<u32>, +} + +impl BasicConstraints { + pub fn new() -> BasicConstraints { + BasicConstraints { + critical: false, + ca: false, + pathlen: None, + } + } + + pub fn critical(&mut self, critical: bool) -> &mut BasicConstraints { + self.critical = critical; + self + } + + pub fn ca(&mut self, ca: bool) -> &mut BasicConstraints { + self.ca = ca; + self + } + + pub fn pathlen(&mut self, pathlen: u32) -> &mut BasicConstraints { + self.pathlen = Some(pathlen); + self + } + + pub fn build(&self) -> Result<X509Extension, ErrorStack> { + let mut value = String::new(); + if self.critical { + value.push_str("critical,"); + } + value.push_str("CA:"); + if self.ca { + value.push_str("TRUE"); + } else { + value.push_str("FALSE"); + } + if let Some(pathlen) = self.pathlen { + write!(value, ",pathlen:{}", pathlen).unwrap(); + } + X509Extension::new_nid(None, None, nid::BASIC_CONSTRAINTS, &value) + } +} + +pub struct KeyUsage { + critical: bool, + digital_signature: bool, + non_repudiation: bool, + key_encipherment: bool, + data_encipherment: bool, + key_agreement: bool, + key_cert_sign: bool, + crl_sign: bool, + encipher_only: bool, + decipher_only: bool, +} + +impl KeyUsage { + pub fn new() -> KeyUsage { + KeyUsage { + critical: false, + digital_signature: false, + non_repudiation: false, + key_encipherment: false, + data_encipherment: false, + key_agreement: false, + key_cert_sign: false, + crl_sign: false, + encipher_only: false, + decipher_only: false, + } + } + + pub fn critical(&mut self, critical: bool) -> &mut KeyUsage { + self.critical = critical; + self + } + + pub fn digital_signature(&mut self, digital_signature: bool) -> &mut KeyUsage { + self.digital_signature = digital_signature; + self + } + + pub fn non_repudiation(&mut self, non_repudiation: bool) -> &mut KeyUsage { + self.non_repudiation = non_repudiation; + self + } + + pub fn key_encipherment(&mut self, key_encipherment: bool) -> &mut KeyUsage { + self.key_encipherment = key_encipherment; + self + } + + pub fn data_encipherment(&mut self, data_encipherment: bool) -> &mut KeyUsage { + self.data_encipherment = data_encipherment; + self + } + + pub fn key_agreement(&mut self, key_agreement: bool) -> &mut KeyUsage { + self.key_agreement = key_agreement; + self + } + + pub fn key_cert_sign(&mut self, key_cert_sign: bool) -> &mut KeyUsage { + self.key_cert_sign = key_cert_sign; + self + } + + pub fn crl_sign(&mut self, crl_sign: bool) -> &mut KeyUsage { + self.crl_sign = crl_sign; + self + } + + pub fn encipher_only(&mut self, encipher_only: bool) -> &mut KeyUsage { + self.encipher_only = encipher_only; + self + } + + pub fn decipher_only(&mut self, decipher_only: bool) -> &mut KeyUsage { + self.decipher_only = decipher_only; + self + } + + pub fn build(&self) -> Result<X509Extension, ErrorStack> { + let mut value = String::new(); + let mut first = true; + append(&mut value, &mut first, self.critical, "critical"); + append(&mut value, &mut first, self.digital_signature, "digitalSignature"); + append(&mut value, &mut first, self.non_repudiation, "nonRepudiation"); + append(&mut value, &mut first, self.key_encipherment, "keyEncipherment"); + append(&mut value, &mut first, self.data_encipherment, "dataEncipherment"); + append(&mut value, &mut first, self.key_agreement, "keyAgreement"); + append(&mut value, &mut first, self.key_cert_sign, "keyCertSign"); + append(&mut value, &mut first, self.crl_sign, "cRLSign"); + append(&mut value, &mut first, self.encipher_only, "encipherOnly"); + append(&mut value, &mut first, self.decipher_only, "decipherOnly"); + X509Extension::new_nid(None, None, nid::KEY_USAGE, &value) + } +} + +fn append(value: &mut String, first: &mut bool, should: bool, element: &str) { + if !should { + return; + } + + if !*first { + value.push(','); + } + *first = false; + value.push_str(element); +} |