diff options
| author | Steven Fackler <[email protected]> | 2017-12-25 20:24:24 -0800 |
|---|---|---|
| committer | GitHub <[email protected]> | 2017-12-25 20:24:24 -0800 |
| commit | 90d8a799fe331d4ec4a9c12e86d1d8f4e32c6f6e (patch) | |
| tree | 2f7496f93e3cb67b09b5cc58d085f3fc5accde3b /openssl/src/x509 | |
| parent | Merge pull request #795 from sfackler/host-overhaul (diff) | |
| parent | Tweak default ssl options (diff) | |
| download | rust-openssl-90d8a799fe331d4ec4a9c12e86d1d8f4e32c6f6e.tar.xz rust-openssl-90d8a799fe331d4ec4a9c12e86d1d8f4e32c6f6e.zip | |
Merge pull request #796 from sfackler/assoc-consts
Associated consts
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/extension.rs | 56 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 58 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 67 |
3 files changed, 82 insertions, 99 deletions
diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index 83a82660..a0b07c85 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -1,8 +1,8 @@ use std::fmt::{self, Write}; use error::ErrorStack; -use nid::{self, Nid}; -use x509::{X509v3Context, X509Extension}; +use nid::Nid; +use x509::{X509Extension, X509v3Context}; /// Type-only version of the `Extension` enum. /// @@ -40,10 +40,10 @@ pub enum Extension { /// /// ``` /// use openssl::x509::extension::Extension::*; - /// use openssl::nid; + /// use openssl::nid::Nid; /// /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_extension(OtherNid(nid::BASIC_CONSTRAINTS,"critical,CA:TRUE".to_owned())); + /// generator.add_extension(OtherNid(Nid::BASIC_CONSTRAINTS,"critical,CA:TRUE".to_owned())); /// ``` OtherNid(Nid, String), /// Arbitrary extensions by OID string. See `man ASN1_generate_nconf` for value syntax. @@ -77,10 +77,10 @@ impl ExtensionType { #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] pub fn get_nid(&self) -> Option<Nid> { match self { - &ExtensionType::KeyUsage => Some(nid::KEY_USAGE), - &ExtensionType::ExtKeyUsage => Some(nid::EXT_KEY_USAGE), - &ExtensionType::SubjectAltName => Some(nid::SUBJECT_ALT_NAME), - &ExtensionType::IssuerAltName => Some(nid::ISSUER_ALT_NAME), + &ExtensionType::KeyUsage => Some(Nid::KEY_USAGE), + &ExtensionType::ExtKeyUsage => Some(Nid::EXT_KEY_USAGE), + &ExtensionType::SubjectAltName => Some(Nid::SUBJECT_ALT_NAME), + &ExtensionType::IssuerAltName => Some(Nid::ISSUER_ALT_NAME), &ExtensionType::OtherNid(nid) => Some(nid), &ExtensionType::OtherStr(_) => None, } @@ -112,22 +112,18 @@ impl ToString for Extension { match self { &Extension::KeyUsage(ref purposes) => join(purposes.iter(), ","), &Extension::ExtKeyUsage(ref purposes) => join(purposes.iter(), ","), - &Extension::SubjectAltName(ref names) => { - join( - names.iter().map(|&(ref opt, ref val)| { - opt.to_string() + ":" + &val - }), - ",", - ) - } - &Extension::IssuerAltName(ref names) => { - join( - names.iter().map(|&(ref opt, ref val)| { - opt.to_string() + ":" + &val - }), - ",", - ) - } + &Extension::SubjectAltName(ref names) => join( + names + .iter() + .map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), + ",", + ), + &Extension::IssuerAltName(ref names) => join( + names + .iter() + .map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), + ",", + ), &Extension::OtherNid(_, ref value) => value.clone(), &Extension::OtherStr(_, ref value) => value.clone(), } @@ -282,7 +278,7 @@ impl BasicConstraints { if let Some(pathlen) = self.pathlen { write!(value, ",pathlen:{}", pathlen).unwrap(); } - X509Extension::new_nid(None, None, nid::BASIC_CONSTRAINTS, &value) + X509Extension::new_nid(None, None, Nid::BASIC_CONSTRAINTS, &value) } } @@ -398,7 +394,7 @@ impl KeyUsage { append(&mut value, &mut first, self.crl_sign, "cRLSign"); append(&mut value, &mut first, self.encipher_only, "encipherOnly"); append(&mut value, &mut first, self.decipher_only, "decipherOnly"); - X509Extension::new_nid(None, None, nid::KEY_USAGE, &value) + X509Extension::new_nid(None, None, Nid::KEY_USAGE, &value) } } @@ -520,7 +516,7 @@ impl ExtendedKeyUsage { for other in &self.other { append(&mut value, &mut first, true, other); } - X509Extension::new_nid(None, None, nid::EXT_KEY_USAGE, &value) + X509Extension::new_nid(None, None, Nid::EXT_KEY_USAGE, &value) } } @@ -543,7 +539,7 @@ impl SubjectKeyIdentifier { let mut first = true; append(&mut value, &mut first, self.critical, "critical"); append(&mut value, &mut first, true, "hash"); - X509Extension::new_nid(None, Some(ctx), nid::SUBJECT_KEY_IDENTIFIER, &value) + X509Extension::new_nid(None, Some(ctx), Nid::SUBJECT_KEY_IDENTIFIER, &value) } } @@ -591,7 +587,7 @@ impl AuthorityKeyIdentifier { Some(false) => append(&mut value, &mut first, true, "issuer"), None => {} } - X509Extension::new_nid(None, Some(ctx), nid::AUTHORITY_KEY_IDENTIFIER, &value) + X509Extension::new_nid(None, Some(ctx), Nid::AUTHORITY_KEY_IDENTIFIER, &value) } } @@ -655,7 +651,7 @@ impl SubjectAlternativeName { for name in &self.names { append(&mut value, &mut first, true, name); } - X509Extension::new_nid(None, Some(ctx), nid::SUBJECT_ALT_NAME, &value) + X509Extension::new_nid(None, Some(ctx), Nid::SUBJECT_ALT_NAME, &value) } } diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index db9d6df5..54e761da 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -13,30 +13,30 @@ use std::ptr; use std::slice; use std::str; -use {cvt, cvt_p, cvt_n}; -use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef, Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef}; +use {cvt, cvt_n, cvt_p}; +use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1Time, Asn1TimeRef}; use bio::MemBioSlice; -use bn::{BigNum, MSB_MAYBE_ZERO}; +use bn::{BigNum, MsbOption}; use conf::ConfRef; use error::ErrorStack; use hash::MessageDigest; -use nid::{self, Nid}; +use nid::Nid; use pkey::{PKey, PKeyRef}; use stack::{Stack, StackRef, Stackable}; use string::OpensslString; use ssl::SslRef; #[cfg(ossl10x)] -use ffi::{X509_set_notBefore, X509_set_notAfter, ASN1_STRING_data, X509_STORE_CTX_get_chain}; +use ffi::{ASN1_STRING_data, X509_STORE_CTX_get_chain, X509_set_notAfter, X509_set_notBefore}; #[cfg(ossl110)] -use ffi::{X509_set1_notBefore as X509_set_notBefore, X509_set1_notAfter as X509_set_notAfter, - ASN1_STRING_get0_data as ASN1_STRING_data, - X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain}; +use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data, + X509_STORE_CTX_get0_chain as X509_STORE_CTX_get_chain, + X509_set1_notAfter as X509_set_notAfter, X509_set1_notBefore as X509_set_notBefore}; #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] pub mod verify; -use x509::extension::{ExtensionType, Extension}; +use x509::extension::{Extension, ExtensionType}; pub mod extension; pub mod store; @@ -44,17 +44,17 @@ pub mod store; #[cfg(test)] mod tests; -pub struct X509FileType(c_int); +pub struct X509Filetype(c_int); -impl X509FileType { +impl X509Filetype { pub fn as_raw(&self) -> c_int { self.0 } -} -pub const X509_FILETYPE_PEM: X509FileType = X509FileType(ffi::X509_FILETYPE_PEM); -pub const X509_FILETYPE_ASN1: X509FileType = X509FileType(ffi::X509_FILETYPE_ASN1); -pub const X509_FILETYPE_DEFAULT: X509FileType = X509FileType(ffi::X509_FILETYPE_DEFAULT); + pub const PEM: X509Filetype = X509Filetype(ffi::X509_FILETYPE_PEM); + pub const ASN1: X509Filetype = X509Filetype(ffi::X509_FILETYPE_ASN1); + pub const DEFAULT: X509Filetype = X509Filetype(ffi::X509_FILETYPE_DEFAULT); +} foreign_type_and_impl_send_sync! { type CType = ffi::X509_STORE_CTX; @@ -224,7 +224,7 @@ impl X509Generator { builder.set_version(2)?; let mut serial = BigNum::new()?; - serial.rand(128, MSB_MAYBE_ZERO, false)?; + serial.rand(128, MsbOption::MAYBE_ZERO, false)?; let serial = serial.to_asn1_integer()?; builder.set_serial_number(&serial)?; @@ -237,7 +237,7 @@ impl X509Generator { let mut name = X509Name::builder()?; if self.names.is_empty() { - name.append_entry_by_nid(nid::COMMONNAME, "rust-openssl")?; + name.append_entry_by_nid(Nid::COMMONNAME, "rust-openssl")?; } else { for &(ref key, ref value) in &self.names { name.append_entry_by_text(key, value)?; @@ -252,12 +252,7 @@ impl X509Generator { let extension = match exttype.get_nid() { Some(nid) => { let ctx = builder.x509v3_context(None, None); - X509Extension::new_nid( - None, - Some(&ctx), - nid, - &ext.to_string(), - )? + X509Extension::new_nid(None, Some(&ctx), nid, &ext.to_string())? } None => { let ctx = builder.x509v3_context(None, None); @@ -294,15 +289,11 @@ impl X509Generator { let exts = compat::X509_get0_extensions(cert.as_ptr()); if exts != ptr::null_mut() { - cvt( - ffi::X509_REQ_add_extensions(req.as_ptr(), exts as *mut _), - )?; + cvt(ffi::X509_REQ_add_extensions(req.as_ptr(), exts as *mut _))?; } let hash_fn = self.hash_type.as_ptr(); - cvt( - ffi::X509_REQ_sign(req.as_ptr(), p_key.as_ptr(), hash_fn), - )?; + cvt(ffi::X509_REQ_sign(req.as_ptr(), p_key.as_ptr(), hash_fn))?; Ok(req) } @@ -428,9 +419,7 @@ impl X509Builder { /// Adds an X509 extension value to the certificate. pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> { unsafe { - cvt( - ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1), - )?; + cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))?; mem::forget(extension); Ok(()) } @@ -595,8 +584,8 @@ impl X509 { ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); if r.is_null() { let err = ffi::ERR_peek_last_error(); - if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM && - ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE + if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM + && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE { ffi::ERR_clear_error(); break; @@ -837,7 +826,6 @@ impl X509ReqBuilder { ffi::init(); cvt_p(ffi::X509_REQ_new()).map(|p| X509ReqBuilder(X509Req(p))) } - } pub fn set_version(&mut self, version: i32) -> Result<(), ErrorStack> { diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 76eeba3f..1ad0218c 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -1,21 +1,20 @@ use hex::{FromHex, ToHex}; use asn1::Asn1Time; -use bn::{BigNum, MSB_MAYBE_ZERO}; -use ec::{NAMED_CURVE, EcGroup, EcKey}; +use bn::{BigNum, MsbOption}; +use ec::{Asn1Flag, EcGroup, EcKey}; use hash::MessageDigest; -use nid::X9_62_PRIME256V1; +use nid::Nid; use pkey::PKey; use rsa::Rsa; use stack::Stack; use x509::{X509, X509Generator, X509Name, X509Req}; -use x509::extension::{Extension, BasicConstraints, KeyUsage, ExtendedKeyUsage, - SubjectKeyIdentifier, AuthorityKeyIdentifier, SubjectAlternativeName}; -use ssl::{SslMethod, SslContextBuilder}; +use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, Extension, + KeyUsage, SubjectAlternativeName, SubjectKeyIdentifier}; +use ssl::{SslContextBuilder, SslMethod}; use x509::extension::AltNameOption as SAN; use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment}; use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth}; -use nid; fn get_generator() -> X509Generator { X509Generator::new() @@ -28,11 +27,11 @@ fn get_generator() -> X509Generator { ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned()), ])) - .add_extension(Extension::SubjectAltName( - vec![(SAN::DNS, "example.com".to_owned())], - )) + .add_extension(Extension::SubjectAltName(vec![ + (SAN::DNS, "example.com".to_owned()), + ])) .add_extension(Extension::OtherNid( - nid::BASIC_CONSTRAINTS, + Nid::BASIC_CONSTRAINTS, "critical,CA:TRUE".to_owned(), )) .add_extension(Extension::OtherStr( @@ -68,11 +67,11 @@ fn test_cert_gen_extension_ordering() { let pkey = pkey(); get_generator() .add_extension(Extension::OtherNid( - nid::SUBJECT_KEY_IDENTIFIER, + Nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned(), )) .add_extension(Extension::OtherNid( - nid::AUTHORITY_KEY_IDENTIFIER, + Nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned(), )) .sign(&pkey) @@ -86,11 +85,11 @@ fn test_cert_gen_extension_bad_ordering() { let pkey = pkey(); let result = get_generator() .add_extension(Extension::OtherNid( - nid::AUTHORITY_KEY_IDENTIFIER, + Nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned(), )) .add_extension(Extension::OtherNid( - nid::SUBJECT_KEY_IDENTIFIER, + Nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned(), )) .sign(&pkey); @@ -108,7 +107,7 @@ fn test_req_gen() { let req = X509Req::from_pem(&reqpem).ok().expect("Failed to load PEM"); let cn = (*req) .subject_name() - .entries_by_nid(nid::COMMONNAME) + .entries_by_nid(Nid::COMMONNAME) .next() .unwrap(); assert_eq!(0, (*req).version()); @@ -155,7 +154,7 @@ fn test_subject_read_cn() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let subject = cert.subject_name(); - let cn = subject.entries_by_nid(nid::COMMONNAME).next().unwrap(); + let cn = subject.entries_by_nid(Nid::COMMONNAME).next().unwrap(); assert_eq!(cn.data().as_slice(), b"foobar.com") } @@ -165,16 +164,16 @@ fn test_nid_values() { let cert = X509::from_pem(cert).unwrap(); let subject = cert.subject_name(); - let cn = subject.entries_by_nid(nid::COMMONNAME).next().unwrap(); + let cn = subject.entries_by_nid(Nid::COMMONNAME).next().unwrap(); assert_eq!(cn.data().as_slice(), b"example.com"); let email = subject - .entries_by_nid(nid::PKCS9_EMAILADDRESS) + .entries_by_nid(Nid::PKCS9_EMAILADDRESS) .next() .unwrap(); assert_eq!(email.data().as_slice(), b"[email protected]"); - let friendly = subject.entries_by_nid(nid::FRIENDLYNAME).next().unwrap(); + let friendly = subject.entries_by_nid(Nid::FRIENDLYNAME).next().unwrap(); assert_eq!(&**friendly.data().as_utf8().unwrap(), "Example"); } @@ -184,7 +183,7 @@ fn test_nid_uid_value() { let cert = X509::from_pem(cert).unwrap(); let subject = cert.subject_name(); - let cn = subject.entries_by_nid(nid::USERID).next().unwrap(); + let cn = subject.entries_by_nid(Nid::USERID).next().unwrap(); assert_eq!(cn.data().as_slice(), b"this is the userId"); } @@ -230,7 +229,7 @@ fn x509_builder() { let pkey = pkey(); let mut name = X509Name::builder().unwrap(); - name.append_entry_by_nid(nid::COMMONNAME, "foobar.com") + name.append_entry_by_nid(Nid::COMMONNAME, "foobar.com") .unwrap(); let name = name.build(); @@ -247,7 +246,7 @@ fn x509_builder() { builder.set_pubkey(&pkey).unwrap(); let mut serial = BigNum::new().unwrap(); - serial.rand(128, MSB_MAYBE_ZERO, false).unwrap(); + serial.rand(128, MsbOption::MAYBE_ZERO, false).unwrap(); builder .set_serial_number(&serial.to_asn1_integer().unwrap()) .unwrap(); @@ -289,7 +288,7 @@ fn x509_builder() { assert!(pkey.public_eq(&x509.public_key().unwrap())); let cn = x509.subject_name() - .entries_by_nid(nid::COMMONNAME) + .entries_by_nid(Nid::COMMONNAME) .next() .unwrap(); assert_eq!("foobar.com".as_bytes(), cn.data().as_slice()); @@ -300,7 +299,7 @@ fn x509_req_builder() { let pkey = pkey(); let mut name = X509Name::builder().unwrap(); - name.append_entry_by_nid(nid::COMMONNAME, "foobar.com") + name.append_entry_by_nid(Nid::COMMONNAME, "foobar.com") .unwrap(); let name = name.build(); @@ -361,8 +360,8 @@ fn issued() { #[test] fn ecdsa_cert() { - let mut group = EcGroup::from_curve_name(X9_62_PRIME256V1).unwrap(); - group.set_asn1_flag(NAMED_CURVE); + let mut group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); + group.set_asn1_flag(Asn1Flag::NAMED_CURVE); let key = EcKey::generate(&group).unwrap(); let key = PKey::from_ec_key(key).unwrap(); @@ -387,15 +386,15 @@ fn signature() { assert_eq!( signature.as_slice().to_hex(), "4af607b889790b43470442cfa551cdb8b6d0b0340d2958f76b9e3ef6ad4992230cead6842587f0ecad5\ - 78e6e11a221521e940187e3d6652de14e84e82f6671f097cc47932e022add3c0cb54a26bf27fa84c107\ - 4971caa6bee2e42d34a5b066c427f2d452038082b8073993399548088429de034fdd589dcfb0dd33be7\ - ebdfdf698a28d628a89568881d658151276bde333600969502c4e62e1d3470a683364dfb241f78d310a\ - 89c119297df093eb36b7fd7540224f488806780305d1e79ffc938fe2275441726522ab36d88348e6c51\ - f13dcc46b5e1cdac23c974fd5ef86aa41e91c9311655090a52333bc79687c748d833595d4c5f987508f\ - e121997410d37c" + 78e6e11a221521e940187e3d6652de14e84e82f6671f097cc47932e022add3c0cb54a26bf27fa84c107\ + 4971caa6bee2e42d34a5b066c427f2d452038082b8073993399548088429de034fdd589dcfb0dd33be7\ + ebdfdf698a28d628a89568881d658151276bde333600969502c4e62e1d3470a683364dfb241f78d310a\ + 89c119297df093eb36b7fd7540224f488806780305d1e79ffc938fe2275441726522ab36d88348e6c51\ + f13dcc46b5e1cdac23c974fd5ef86aa41e91c9311655090a52333bc79687c748d833595d4c5f987508f\ + e121997410d37c" ); let algorithm = cert.signature_algorithm(); - assert_eq!(algorithm.object().nid(), nid::SHA256WITHRSAENCRYPTION); + assert_eq!(algorithm.object().nid(), Nid::SHA256WITHRSAENCRYPTION); assert_eq!(algorithm.object().to_string(), "sha256WithRSAEncryption"); } |