diff options
| author | Steven Fackler <[email protected]> | 2017-07-15 21:46:11 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2017-07-15 21:46:11 -0700 |
| commit | bcd0dcafcba31b7239faf1d582871f8fa83d69e9 (patch) | |
| tree | f090be453d289f0f17ca4f6a3f458881e6f7091a /openssl/src/x509 | |
| parent | Init before creating ex indexes (diff) | |
| download | rust-openssl-bcd0dcafcba31b7239faf1d582871f8fa83d69e9.tar.xz rust-openssl-bcd0dcafcba31b7239faf1d582871f8fa83d69e9.zip | |
Rustfmt
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/extension.rs | 59 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 279 | ||||
| -rw-r--r-- | openssl/src/x509/store.rs | 4 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 149 | ||||
| -rw-r--r-- | openssl/src/x509/verify.rs | 2 |
5 files changed, 324 insertions, 169 deletions
diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index c9f60a92..83a82660 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -8,7 +8,7 @@ use x509::{X509v3Context, X509Extension}; /// /// See the `Extension` documentation for more information on the different /// variants. -#[derive(Clone,Hash,PartialEq,Eq)] +#[derive(Clone, Hash, PartialEq, Eq)] #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] pub enum ExtensionType { KeyUsage, @@ -113,12 +113,20 @@ impl ToString for Extension { &Extension::KeyUsage(ref purposes) => join(purposes.iter(), ","), &Extension::ExtKeyUsage(ref purposes) => join(purposes.iter(), ","), &Extension::SubjectAltName(ref names) => { - join(names.iter().map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), - ",") + join( + names.iter().map(|&(ref opt, ref val)| { + opt.to_string() + ":" + &val + }), + ",", + ) } &Extension::IssuerAltName(ref names) => { - join(names.iter().map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), - ",") + join( + names.iter().map(|&(ref opt, ref val)| { + opt.to_string() + ":" + &val + }), + ",", + ) } &Extension::OtherNid(_, ref value) => value.clone(), &Extension::OtherStr(_, ref value) => value.clone(), @@ -126,7 +134,7 @@ impl ToString for Extension { } } -#[derive(Clone,Copy)] +#[derive(Clone, Copy)] #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] pub enum KeyUsageOption { DigitalSignature, @@ -361,10 +369,30 @@ impl KeyUsage { let mut value = String::new(); let mut first = true; append(&mut value, &mut first, self.critical, "critical"); - append(&mut value, &mut first, self.digital_signature, "digitalSignature"); - append(&mut value, &mut first, self.non_repudiation, "nonRepudiation"); - append(&mut value, &mut first, self.key_encipherment, "keyEncipherment"); - append(&mut value, &mut first, self.data_encipherment, "dataEncipherment"); + append( + &mut value, + &mut first, + self.digital_signature, + "digitalSignature", + ); + append( + &mut value, + &mut first, + self.non_repudiation, + "nonRepudiation", + ); + append( + &mut value, + &mut first, + self.key_encipherment, + "keyEncipherment", + ); + append( + &mut value, + &mut first, + self.data_encipherment, + "dataEncipherment", + ); append(&mut value, &mut first, self.key_agreement, "keyAgreement"); append(&mut value, &mut first, self.key_cert_sign, "keyCertSign"); append(&mut value, &mut first, self.crl_sign, "cRLSign"); @@ -476,7 +504,12 @@ impl ExtendedKeyUsage { append(&mut value, &mut first, self.server_auth, "serverAuth"); append(&mut value, &mut first, self.client_auth, "clientAuth"); append(&mut value, &mut first, self.code_signing, "codeSigning"); - append(&mut value, &mut first, self.email_protection, "emailProtection"); + append( + &mut value, + &mut first, + self.email_protection, + "emailProtection", + ); append(&mut value, &mut first, self.time_stamping, "timeStamping"); append(&mut value, &mut first, self.ms_code_ind, "msCodeInd"); append(&mut value, &mut first, self.ms_code_com, "msCodeCom"); @@ -497,9 +530,7 @@ pub struct SubjectKeyIdentifier { impl SubjectKeyIdentifier { pub fn new() -> SubjectKeyIdentifier { - SubjectKeyIdentifier { - critical: false, - } + SubjectKeyIdentifier { critical: false } } pub fn critical(&mut self) -> &mut SubjectKeyIdentifier { diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 2bbadd95..7b83707d 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -165,7 +165,8 @@ impl X509Generator { /// ``` #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] pub fn add_names<I>(mut self, attrs: I) -> X509Generator - where I: IntoIterator<Item = (String, String)> + where + I: IntoIterator<Item = (String, String)>, { self.names.extend(attrs); self @@ -201,7 +202,8 @@ impl X509Generator { /// ``` #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] pub fn add_extensions<I>(mut self, exts: I) -> X509Generator - where I: IntoIterator<Item = extension::Extension> + where + I: IntoIterator<Item = extension::Extension>, { for ext in exts { self.extensions.add(ext); @@ -251,14 +253,21 @@ impl X509Generator { let extension = match exttype.get_nid() { Some(nid) => { let ctx = builder.x509v3_context(None, None); - try!(X509Extension::new_nid(None, Some(&ctx), nid, &ext.to_string())) + try!(X509Extension::new_nid( + None, + Some(&ctx), + nid, + &ext.to_string(), + )) } None => { let ctx = builder.x509v3_context(None, None); - try!(X509Extension::new(None, - Some(&ctx), - &exttype.get_name().unwrap(), - &ext.to_string())) + try!(X509Extension::new( + None, + Some(&ctx), + &exttype.get_name().unwrap(), + &ext.to_string(), + )) } }; try!(builder.append_extension(extension)); @@ -277,18 +286,24 @@ impl X509Generator { }; unsafe { - let req = try!(cvt_p(ffi::X509_to_X509_REQ(cert.as_ptr(), - ptr::null_mut(), - ptr::null()))); + let req = try!(cvt_p(ffi::X509_to_X509_REQ( + cert.as_ptr(), + ptr::null_mut(), + ptr::null(), + ))); let req = X509Req::from_ptr(req); let exts = compat::X509_get0_extensions(cert.as_ptr()); if exts != ptr::null_mut() { - try!(cvt(ffi::X509_REQ_add_extensions(req.as_ptr(), exts as *mut _))); + try!(cvt( + ffi::X509_REQ_add_extensions(req.as_ptr(), exts as *mut _), + )); } let hash_fn = self.hash_type.as_ptr(); - try!(cvt(ffi::X509_REQ_sign(req.as_ptr(), p_key.as_ptr(), hash_fn))); + try!(cvt( + ffi::X509_REQ_sign(req.as_ptr(), p_key.as_ptr(), hash_fn), + )); Ok(req) } @@ -326,17 +341,23 @@ impl X509Builder { } /// Sets the serial number of the certificate. - pub fn set_serial_number(&mut self, - serial_number: &Asn1IntegerRef) - -> Result<(), ErrorStack> { + pub fn set_serial_number(&mut self, serial_number: &Asn1IntegerRef) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::X509_set_serialNumber(self.0.as_ptr(), serial_number.as_ptr())).map(|_| ()) + cvt(ffi::X509_set_serialNumber( + self.0.as_ptr(), + serial_number.as_ptr(), + )).map(|_| ()) } } /// Sets the issuer name of the certificate. pub fn set_issuer_name(&mut self, issuer_name: &X509NameRef) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::X509_set_issuer_name(self.0.as_ptr(), issuer_name.as_ptr())).map(|_| ()) } + unsafe { + cvt(ffi::X509_set_issuer_name( + self.0.as_ptr(), + issuer_name.as_ptr(), + )).map(|_| ()) + } } /// Sets the subject name of the certificate. @@ -359,7 +380,10 @@ impl X509Builder { /// ``` pub fn set_subject_name(&mut self, subject_name: &X509NameRef) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::X509_set_subject_name(self.0.as_ptr(), subject_name.as_ptr())).map(|_| ()) + cvt(ffi::X509_set_subject_name( + self.0.as_ptr(), + subject_name.as_ptr(), + )).map(|_| ()) } } @@ -371,10 +395,11 @@ impl X509Builder { /// Returns a context object which is needed to create certain X509 extension values. /// /// Set `issuer` to `None` if the certificate will be self-signed. - pub fn x509v3_context<'a>(&'a self, - issuer: Option<&'a X509Ref>, - conf: Option<&'a ConfRef>) - -> X509v3Context<'a> { + pub fn x509v3_context<'a>( + &'a self, + issuer: Option<&'a X509Ref>, + conf: Option<&'a ConfRef>, + ) -> X509v3Context<'a> { unsafe { let mut ctx = mem::zeroed(); @@ -383,7 +408,14 @@ impl X509Builder { None => self.0.as_ptr(), }; let subject = self.0.as_ptr(); - ffi::X509V3_set_ctx(&mut ctx, issuer, subject, ptr::null_mut(), ptr::null_mut(), 0); + ffi::X509V3_set_ctx( + &mut ctx, + issuer, + subject, + ptr::null_mut(), + ptr::null_mut(), + 0, + ); // nodb case taken care of since we zeroed ctx above if let Some(conf) = conf { @@ -397,7 +429,9 @@ impl X509Builder { /// Adds an X509 extension value to the certificate. pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> { unsafe { - try!(cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))); + try!(cvt( + ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1), + )); mem::forget(extension); Ok(()) } @@ -433,10 +467,12 @@ impl X509Ref { /// Returns this certificate's SAN entries, if they exist. pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>> { unsafe { - let stack = ffi::X509_get_ext_d2i(self.as_ptr(), - ffi::NID_subject_alt_name, - ptr::null_mut(), - ptr::null_mut()); + let stack = ffi::X509_get_ext_d2i( + self.as_ptr(), + ffi::NID_subject_alt_name, + ptr::null_mut(), + ptr::null_mut(), + ); if stack.is_null() { return None; } @@ -458,7 +494,12 @@ impl X509Ref { let evp = hash_type.as_ptr(); let mut len = ffi::EVP_MAX_MD_SIZE; let mut buf = vec![0u8; len as usize]; - try!(cvt(ffi::X509_digest(self.as_ptr(), evp, buf.as_mut_ptr() as *mut _, &mut len))); + try!(cvt(ffi::X509_digest( + self.as_ptr(), + evp, + buf.as_mut_ptr() as *mut _, + &mut len, + ))); buf.truncate(len as usize); Ok(buf) } @@ -505,9 +546,7 @@ impl X509Ref { /// Returns the list of OCSP responder URLs specified in the certificate's Authority Information /// Access field. pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack> { - unsafe { - cvt_p(ffi::X509_get1_ocsp(self.as_ptr())).map(|p| Stack::from_ptr(p)) - } + unsafe { cvt_p(ffi::X509_get1_ocsp(self.as_ptr())).map(|p| Stack::from_ptr(p)) } } /// Checks that this certificate issued `subject`. @@ -553,14 +592,13 @@ impl X509 { let mut certs = vec![]; loop { - let r = ffi::PEM_read_bio_X509(bio.as_ptr(), - ptr::null_mut(), - None, - ptr::null_mut()); + let r = + ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), None, ptr::null_mut()); if r.is_null() { let err = ffi::ERR_peek_last_error(); - if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM - && ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE { + if ffi::ERR_GET_LIB(err) == ffi::ERR_LIB_PEM && + ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE + { ffi::ERR_clear_error(); break; } @@ -633,11 +671,12 @@ impl X509Extension { /// provided. /// /// See the extension module for builder types which will construct certain common extensions. - pub fn new(conf: Option<&ConfRef>, - context: Option<&X509v3Context>, - name: &str, - value: &str) - -> Result<X509Extension, ErrorStack> { + pub fn new( + conf: Option<&ConfRef>, + context: Option<&X509v3Context>, + name: &str, + value: &str, + ) -> Result<X509Extension, ErrorStack> { let name = CString::new(name).unwrap(); let value = CString::new(value).unwrap(); unsafe { @@ -658,11 +697,12 @@ impl X509Extension { /// be provided. /// /// See the extension module for builder types which will construct certain common extensions. - pub fn new_nid(conf: Option<&ConfRef>, - context: Option<&X509v3Context>, - name: Nid, - value: &str) - -> Result<X509Extension, ErrorStack> { + pub fn new_nid( + conf: Option<&ConfRef>, + context: Option<&X509v3Context>, + name: Nid, + value: &str, + ) -> Result<X509Extension, ErrorStack> { let value = CString::new(value).unwrap(); unsafe { ffi::init(); @@ -690,28 +730,30 @@ impl X509NameBuilder { unsafe { let field = CString::new(field).unwrap(); assert!(value.len() <= c_int::max_value() as usize); - cvt(ffi::X509_NAME_add_entry_by_txt(self.0.as_ptr(), - field.as_ptr() as *mut _, - ffi::MBSTRING_UTF8, - value.as_ptr(), - value.len() as c_int, - -1, - 0)) - .map(|_| ()) + cvt(ffi::X509_NAME_add_entry_by_txt( + self.0.as_ptr(), + field.as_ptr() as *mut _, + ffi::MBSTRING_UTF8, + value.as_ptr(), + value.len() as c_int, + -1, + 0, + )).map(|_| ()) } } pub fn append_entry_by_nid(&mut self, field: Nid, value: &str) -> Result<(), ErrorStack> { unsafe { assert!(value.len() <= c_int::max_value() as usize); - cvt(ffi::X509_NAME_add_entry_by_NID(self.0.as_ptr(), - field.as_raw(), - ffi::MBSTRING_UTF8, - value.as_ptr() as *mut _, - value.len() as c_int, - -1, - 0)) - .map(|_| ()) + cvt(ffi::X509_NAME_add_entry_by_NID( + self.0.as_ptr(), + field.as_raw(), + ffi::MBSTRING_UTF8, + value.as_ptr() as *mut _, + value.len() as c_int, + -1, + 0, + )).map(|_| ()) } } @@ -739,9 +781,7 @@ impl X509Name { /// This is commonly used in conjunction with `SslContextBuilder::set_client_ca_list`. pub fn load_client_ca_file<P: AsRef<Path>>(file: P) -> Result<Stack<X509Name>, ErrorStack> { let file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap(); - unsafe { - cvt_p(ffi::SSL_load_client_CA_file(file.as_ptr())).map(|p| Stack::from_ptr(p)) - } + unsafe { cvt_p(ffi::SSL_load_client_CA_file(file.as_ptr())).map(|p| Stack::from_ptr(p)) } } } @@ -819,7 +859,10 @@ impl X509ReqBuilder { pub fn set_subject_name(&mut self, subject_name: &X509NameRef) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::X509_REQ_set_subject_name(self.0.as_ptr(), subject_name.as_ptr())).map(|_| ()) + cvt(ffi::X509_REQ_set_subject_name( + self.0.as_ptr(), + subject_name.as_ptr(), + )).map(|_| ()) } } @@ -827,18 +870,18 @@ impl X509ReqBuilder { unsafe { cvt(ffi::X509_REQ_set_pubkey(self.0.as_ptr(), key.as_ptr())).map(|_| ()) } } - pub fn x509v3_context<'a>(&'a self, - conf: Option<&'a ConfRef>) - -> X509v3Context<'a> { + pub fn x509v3_context<'a>(&'a self, conf: Option<&'a ConfRef>) -> X509v3Context<'a> { unsafe { let mut ctx = mem::zeroed(); - ffi::X509V3_set_ctx(&mut ctx, - ptr::null_mut(), - ptr::null_mut(), - self.0.as_ptr(), - ptr::null_mut(), - 0); + ffi::X509V3_set_ctx( + &mut ctx, + ptr::null_mut(), + ptr::null_mut(), + self.0.as_ptr(), + ptr::null_mut(), + 0, + ); // nodb case taken care of since we zeroed ctx above if let Some(conf) = conf { @@ -849,16 +892,26 @@ impl X509ReqBuilder { } } - pub fn add_extensions(&mut self, - extensions: &StackRef<X509Extension>) - -> Result<(), ErrorStack> { + pub fn add_extensions( + &mut self, + extensions: &StackRef<X509Extension>, + ) -> Result<(), ErrorStack> { unsafe { - cvt(ffi::X509_REQ_add_extensions(self.0.as_ptr(), extensions.as_ptr())).map(|_| ()) + cvt(ffi::X509_REQ_add_extensions( + self.0.as_ptr(), + extensions.as_ptr(), + )).map(|_| ()) } } pub fn sign(&mut self, key: &PKeyRef, hash: MessageDigest) -> Result<(), ErrorStack> { - unsafe { cvt(ffi::X509_REQ_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) } + unsafe { + cvt(ffi::X509_REQ_sign( + self.0.as_ptr(), + key.as_ptr(), + hash.as_ptr(), + )).map(|_| ()) + } } pub fn build(self) -> X509Req { @@ -883,10 +936,12 @@ impl X509Req { pub fn from_pem(buf: &[u8]) -> Result<X509Req, ErrorStack> { let mem_bio = try!(MemBioSlice::new(buf)); unsafe { - let handle = try!(cvt_p(ffi::PEM_read_bio_X509_REQ(mem_bio.as_ptr(), - ptr::null_mut(), - None, - ptr::null_mut()))); + let handle = try!(cvt_p(ffi::PEM_read_bio_X509_REQ( + mem_bio.as_ptr(), + ptr::null_mut(), + None, + ptr::null_mut(), + ))); Ok(X509Req::from_ptr(handle)) } } @@ -898,11 +953,8 @@ impl X509ReqRef { to_pem!(ffi::PEM_write_bio_X509_REQ); to_der!(ffi::i2d_X509_REQ); - pub fn version(&self) -> i32 - { - unsafe { - compat::X509_REQ_get_version(self.as_ptr()) as i32 - } + pub fn version(&self) -> i32 { + unsafe { compat::X509_REQ_get_version(self.as_ptr()) as i32 } } pub fn subject_name(&self) -> &X509NameRef { @@ -1130,15 +1182,18 @@ mod compat { } pub unsafe fn X509_up_ref(x: *mut ffi::X509) { - ffi::CRYPTO_add_lock(&mut (*x).references, - 1, - ffi::CRYPTO_LOCK_X509, - "mod.rs\0".as_ptr() as *const _, - line!() as c_int); - } - - pub unsafe fn X509_get0_extensions(cert: *const ffi::X509) - -> *const ffi::stack_st_X509_EXTENSION { + ffi::CRYPTO_add_lock( + &mut (*x).references, + 1, + ffi::CRYPTO_LOCK_X509, + "mod.rs\0".as_ptr() as *const _, + line!() as c_int, + ); + } + + pub unsafe fn X509_get0_extensions( + cert: *const ffi::X509, + ) -> *const ffi::stack_st_X509_EXTENSION { let info = (*cert).cert_info; if info.is_null() { 0 as *mut _ @@ -1147,19 +1202,19 @@ mod compat { } } - pub unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long - { + pub unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long { ::ffi::ASN1_INTEGER_get((*(*x).req_info).version) } - pub unsafe fn X509_REQ_get_subject_name(x: *mut ffi::X509_REQ) -> *mut ::ffi::X509_NAME - { + pub unsafe fn X509_REQ_get_subject_name(x: *mut ffi::X509_REQ) -> *mut ::ffi::X509_NAME { (*(*x).req_info).subject } - pub unsafe fn X509_get0_signature(psig: *mut *const ffi::ASN1_BIT_STRING, - palg: *mut *const ffi::X509_ALGOR, - x: *const ffi::X509) { + pub unsafe fn X509_get0_signature( + psig: *mut *const ffi::ASN1_BIT_STRING, + palg: *mut *const ffi::X509_ALGOR, + x: *const ffi::X509, + ) { if !psig.is_null() { *psig = (*x).signature; } @@ -1168,10 +1223,12 @@ mod compat { } } - pub unsafe fn X509_ALGOR_get0(paobj: *mut *const ffi::ASN1_OBJECT, - pptype: *mut c_int, - pval: *mut *mut c_void, - alg: *const ffi::X509_ALGOR) { + pub unsafe fn X509_ALGOR_get0( + paobj: *mut *const ffi::ASN1_OBJECT, + pptype: *mut c_int, + pval: *mut *mut c_void, + alg: *const ffi::X509_ALGOR, + ) { if !paobj.is_null() { *paobj = (*alg).algorithm; } diff --git a/openssl/src/x509/store.rs b/openssl/src/x509/store.rs index 8b7a084b..198679b5 100644 --- a/openssl/src/x509/store.rs +++ b/openssl/src/x509/store.rs @@ -50,9 +50,7 @@ impl X509StoreBuilderRef { /// environment variables if present, or defaults specified at OpenSSL /// build time otherwise. pub fn set_default_paths(&mut self) -> Result<(), ErrorStack> { - unsafe { - cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ()) - } + unsafe { cvt(ffi::X509_STORE_set_default_paths(self.as_ptr())).map(|_| ()) } } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 2632eade..e2d74735 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -23,12 +23,22 @@ fn get_generator() -> X509Generator { .add_name("CN".to_string(), "test_me".to_string()) .set_sign_hash(MessageDigest::sha1()) .add_extension(Extension::KeyUsage(vec![DigitalSignature, KeyEncipherment])) - .add_extension(Extension::ExtKeyUsage(vec![ClientAuth, - ServerAuth, - ExtKeyUsageOption::Other("2.999.1".to_owned())])) - .add_extension(Extension::SubjectAltName(vec![(SAN::DNS, "example.com".to_owned())])) - .add_extension(Extension::OtherNid(nid::BASIC_CONSTRAINTS, "critical,CA:TRUE".to_owned())) - .add_extension(Extension::OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned())) + .add_extension(Extension::ExtKeyUsage(vec![ + ClientAuth, + ServerAuth, + ExtKeyUsageOption::Other("2.999.1".to_owned()), + ])) + .add_extension(Extension::SubjectAltName( + vec![(SAN::DNS, "example.com".to_owned())], + )) + .add_extension(Extension::OtherNid( + nid::BASIC_CONSTRAINTS, + "critical,CA:TRUE".to_owned(), + )) + .add_extension(Extension::OtherStr( + "2.999.2".to_owned(), + "ASN1:UTF8:example value".to_owned(), + )) } fn pkey() -> PKey { @@ -44,8 +54,10 @@ fn test_cert_gen() { // FIXME: check data in result to be correct, needs implementation // of X509 getters - assert_eq!(pkey.public_key_to_pem().unwrap(), - cert.public_key().unwrap().public_key_to_pem().unwrap()); + assert_eq!( + pkey.public_key_to_pem().unwrap(), + cert.public_key().unwrap().public_key_to_pem().unwrap() + ); } /// SubjectKeyIdentifier must be added before AuthorityKeyIdentifier or OpenSSL @@ -55,8 +67,14 @@ fn test_cert_gen() { fn test_cert_gen_extension_ordering() { let pkey = pkey(); get_generator() - .add_extension(Extension::OtherNid(nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned())) - .add_extension(Extension::OtherNid(nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned())) + .add_extension(Extension::OtherNid( + nid::SUBJECT_KEY_IDENTIFIER, + "hash".to_owned(), + )) + .add_extension(Extension::OtherNid( + nid::AUTHORITY_KEY_IDENTIFIER, + "keyid:always".to_owned(), + )) .sign(&pkey) .expect("Failed to generate cert with order-dependent extensions"); } @@ -67,8 +85,14 @@ fn test_cert_gen_extension_ordering() { fn test_cert_gen_extension_bad_ordering() { let pkey = pkey(); let result = get_generator() - .add_extension(Extension::OtherNid(nid::AUTHORITY_KEY_IDENTIFIER, "keyid:always".to_owned())) - .add_extension(Extension::OtherNid(nid::SUBJECT_KEY_IDENTIFIER, "hash".to_owned())) + .add_extension(Extension::OtherNid( + nid::AUTHORITY_KEY_IDENTIFIER, + "keyid:always".to_owned(), + )) + .add_extension(Extension::OtherNid( + nid::SUBJECT_KEY_IDENTIFIER, + "hash".to_owned(), + )) .sign(&pkey); assert!(result.is_err()); @@ -82,7 +106,11 @@ fn test_req_gen() { let reqpem = req.to_pem().unwrap(); let req = X509Req::from_pem(&reqpem).ok().expect("Failed to load PEM"); - let cn = (*req).subject_name().entries_by_nid(nid::COMMONNAME).next().unwrap(); + let cn = (*req) + .subject_name() + .entries_by_nid(nid::COMMONNAME) + .next() + .unwrap(); assert_eq!(0, (*req).version()); assert_eq!(cn.data().as_slice(), b"test_me"); @@ -140,7 +168,10 @@ fn test_nid_values() { let cn = subject.entries_by_nid(nid::COMMONNAME).next().unwrap(); assert_eq!(cn.data().as_slice(), b"example.com"); - let email = subject.entries_by_nid(nid::PKCS9_EMAILADDRESS).next().unwrap(); + let email = subject + .entries_by_nid(nid::PKCS9_EMAILADDRESS) + .next() + .unwrap(); assert_eq!(email.data().as_slice(), b"[email protected]"); let friendly = subject.entries_by_nid(nid::FRIENDLYNAME).next().unwrap(); @@ -165,10 +196,11 @@ fn test_subject_alt_name() { let subject_alt_names = cert.subject_alt_names().unwrap(); assert_eq!(3, subject_alt_names.len()); assert_eq!(Some("foobar.com"), subject_alt_names[0].dnsname()); - assert_eq!(subject_alt_names[1].ipaddress(), - Some(&[127, 0, 0, 1][..])); - assert_eq!(subject_alt_names[2].ipaddress(), - Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); + assert_eq!(subject_alt_names[1].ipaddress(), Some(&[127, 0, 0, 1][..])); + assert_eq!( + subject_alt_names[2].ipaddress(), + Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..]) + ); } #[test] @@ -178,12 +210,18 @@ fn test_subject_alt_name_iter() { let subject_alt_names = cert.subject_alt_names().unwrap(); let mut subject_alt_names_iter = subject_alt_names.iter(); - assert_eq!(subject_alt_names_iter.next().unwrap().dnsname(), - Some("foobar.com")); - assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), - Some(&[127, 0, 0, 1][..])); - assert_eq!(subject_alt_names_iter.next().unwrap().ipaddress(), - Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..])); + assert_eq!( + subject_alt_names_iter.next().unwrap().dnsname(), + Some("foobar.com") + ); + assert_eq!( + subject_alt_names_iter.next().unwrap().ipaddress(), + Some(&[127, 0, 0, 1][..]) + ); + assert_eq!( + subject_alt_names_iter.next().unwrap().ipaddress(), + Some(&b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01"[..]) + ); assert!(subject_alt_names_iter.next().is_none()); } @@ -192,24 +230,35 @@ fn x509_builder() { let pkey = pkey(); let mut name = X509Name::builder().unwrap(); - name.append_entry_by_nid(nid::COMMONNAME, "foobar.com").unwrap(); + name.append_entry_by_nid(nid::COMMONNAME, "foobar.com") + .unwrap(); let name = name.build(); let mut builder = X509::builder().unwrap(); builder.set_version(2).unwrap(); builder.set_subject_name(&name).unwrap(); builder.set_issuer_name(&name).unwrap(); - builder.set_not_before(&Asn1Time::days_from_now(0).unwrap()).unwrap(); - builder.set_not_after(&Asn1Time::days_from_now(365).unwrap()).unwrap(); + builder + .set_not_before(&Asn1Time::days_from_now(0).unwrap()) + .unwrap(); + builder + .set_not_after(&Asn1Time::days_from_now(365).unwrap()) + .unwrap(); builder.set_pubkey(&pkey).unwrap(); - let mut serial = BigNum::new().unwrap();; + let mut serial = BigNum::new().unwrap(); serial.rand(128, MSB_MAYBE_ZERO, false).unwrap(); - builder.set_serial_number(&serial.to_asn1_integer().unwrap()).unwrap(); + builder + .set_serial_number(&serial.to_asn1_integer().unwrap()) + .unwrap(); let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap(); builder.append_extension(basic_constraints).unwrap(); - let key_usage = KeyUsage::new().digital_signature().key_encipherment().build().unwrap(); + let key_usage = KeyUsage::new() + .digital_signature() + .key_encipherment() + .build() + .unwrap(); builder.append_extension(key_usage).unwrap(); let ext_key_usage = ExtendedKeyUsage::new() .client_auth() @@ -239,7 +288,10 @@ fn x509_builder() { assert!(pkey.public_eq(&x509.public_key().unwrap())); - let cn = x509.subject_name().entries_by_nid(nid::COMMONNAME).next().unwrap(); + let cn = x509.subject_name() + .entries_by_nid(nid::COMMONNAME) + .next() + .unwrap(); assert_eq!("foobar.com".as_bytes(), cn.data().as_slice()); } @@ -248,7 +300,8 @@ fn x509_req_builder() { let pkey = pkey(); let mut name = X509Name::builder().unwrap(); - name.append_entry_by_nid(nid::COMMONNAME, "foobar.com").unwrap(); + name.append_entry_by_nid(nid::COMMONNAME, "foobar.com") + .unwrap(); let name = name.build(); let mut builder = X509Req::builder().unwrap(); @@ -257,7 +310,11 @@ fn x509_req_builder() { builder.set_pubkey(&pkey).unwrap(); let mut extensions = Stack::new().unwrap(); - let key_usage = KeyUsage::new().digital_signature().key_encipherment().build().unwrap(); + let key_usage = KeyUsage::new() + .digital_signature() + .key_encipherment() + .build() + .unwrap(); extensions.push(key_usage).unwrap(); let subject_alternative_name = SubjectAlternativeName::new() .dns("example.com") @@ -275,10 +332,20 @@ fn test_stack_from_pem() { let certs = X509::stack_from_pem(certs).unwrap(); assert_eq!(certs.len(), 2); - assert_eq!(certs[0].fingerprint(MessageDigest::sha1()).unwrap().to_hex(), - "59172d9313e84459bcff27f967e79e6e9217e584"); - assert_eq!(certs[1].fingerprint(MessageDigest::sha1()).unwrap().to_hex(), - "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875"); + assert_eq!( + certs[0] + .fingerprint(MessageDigest::sha1()) + .unwrap() + .to_hex(), + "59172d9313e84459bcff27f967e79e6e9217e584" + ); + assert_eq!( + certs[1] + .fingerprint(MessageDigest::sha1()) + .unwrap() + .to_hex(), + "c0cbdf7cdd03c9773e5468e1f6d2da7d5cbb1875" + ); } #[test] @@ -317,14 +384,16 @@ fn signature() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); let signature = cert.signature(); - assert_eq!(signature.as_slice().to_hex(), - "4af607b889790b43470442cfa551cdb8b6d0b0340d2958f76b9e3ef6ad4992230cead6842587f0ecad5\ + assert_eq!( + signature.as_slice().to_hex(), + "4af607b889790b43470442cfa551cdb8b6d0b0340d2958f76b9e3ef6ad4992230cead6842587f0ecad5\ 78e6e11a221521e940187e3d6652de14e84e82f6671f097cc47932e022add3c0cb54a26bf27fa84c107\ 4971caa6bee2e42d34a5b066c427f2d452038082b8073993399548088429de034fdd589dcfb0dd33be7\ ebdfdf698a28d628a89568881d658151276bde333600969502c4e62e1d3470a683364dfb241f78d310a\ 89c119297df093eb36b7fd7540224f488806780305d1e79ffc938fe2275441726522ab36d88348e6c51\ f13dcc46b5e1cdac23c974fd5ef86aa41e91c9311655090a52333bc79687c748d833595d4c5f987508f\ - e121997410d37c"); + e121997410d37c" + ); let algorithm = cert.signature_algorithm(); assert_eq!(algorithm.object().nid(), nid::SHA256WITHRSAENCRYPTION); assert_eq!(algorithm.object().to_string(), "sha256WithRSAEncryption"); diff --git a/openssl/src/x509/verify.rs b/openssl/src/x509/verify.rs index 8cb123e6..c062125f 100644 --- a/openssl/src/x509/verify.rs +++ b/openssl/src/x509/verify.rs @@ -2,4 +2,4 @@ //! //! Requires the `v102` or `v110` features and OpenSSL 1.0.2 or 1.1.0. -pub use ::verify::*; +pub use verify::*; |