diff options
| author | Steven Fackler <[email protected]> | 2016-08-02 20:52:07 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-08-02 20:52:07 -0700 |
| commit | c5b2ede2829869915852b30bf9600bc3cb1fbdc9 (patch) | |
| tree | db723196c8a5d63fa569721de26be59ec559f8d9 /openssl/src/x509 | |
| parent | Merge pull request #433 from tmiasko/binop-different-lifetimes (diff) | |
| parent | Restructure PEM input/output methods (diff) | |
| download | rust-openssl-c5b2ede2829869915852b30bf9600bc3cb1fbdc9.tar.xz rust-openssl-c5b2ede2829869915852b30bf9600bc3cb1fbdc9.zip | |
Merge remote-tracking branch 'origin/breaks'
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/mod.rs | 88 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 57 |
2 files changed, 44 insertions, 101 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index c9d1772d..64a61df0 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -1,6 +1,4 @@ use libc::{c_char, c_int, c_long, c_ulong, c_uint, c_void}; -use std::io; -use std::io::prelude::*; use std::cmp::Ordering; use std::ffi::CString; use std::iter::repeat; @@ -14,15 +12,15 @@ use std::collections::HashMap; use std::marker::PhantomData; use asn1::Asn1Time; -use bio::MemBio; +use bio::{MemBio, MemBioSlice}; use crypto::hash; use crypto::hash::Type as HashType; use crypto::pkey::{PKey, Parts}; use crypto::rand::rand_bytes; use ffi; use ffi_extras; -use ssl::error::{SslError, StreamError}; use nid::Nid; +use error::ErrorStack; pub mod extension; @@ -116,13 +114,6 @@ impl X509StoreContext { /// # Example /// /// ``` -/// # #[allow(unstable)] -/// # fn main() { -/// use std::fs; -/// use std::fs::File; -/// use std::io::prelude::*; -/// use std::path::Path; -/// /// use openssl::crypto::hash::Type; /// use openssl::x509::X509Generator; /// use openssl::x509::extension::{Extension, KeyUsageOption}; @@ -135,17 +126,8 @@ impl X509StoreContext { /// .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature])); /// /// let (cert, pkey) = gen.generate().unwrap(); -/// -/// let cert_path = "doc_cert.pem"; -/// let mut file = File::create(cert_path).unwrap(); -/// assert!(cert.write_pem(&mut file).is_ok()); -/// # let _ = fs::remove_file(cert_path); -/// -/// let pkey_path = "doc_key.pem"; -/// let mut file = File::create(pkey_path).unwrap(); -/// assert!(pkey.write_pem(&mut file).is_ok()); -/// # let _ = fs::remove_file(pkey_path); -/// # } +/// let cert_pem = cert.write_pem().unwrap(); +/// let pkey_pem = pkey.write_pem().unwrap(); /// ``` pub struct X509Generator { bits: u32, @@ -256,7 +238,7 @@ impl X509Generator { fn add_extension_internal(x509: *mut ffi::X509, exttype: &extension::ExtensionType, value: &str) - -> Result<(), SslError> { + -> Result<(), ErrorStack> { unsafe { let mut ctx: ffi::X509V3_CTX = mem::zeroed(); ffi::X509V3_set_ctx(&mut ctx, x509, x509, ptr::null_mut(), ptr::null_mut(), 0); @@ -288,7 +270,7 @@ impl X509Generator { fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) - -> Result<(), SslError> { + -> Result<(), ErrorStack> { let value_len = value.len() as c_int; lift_ssl!(unsafe { let key = CString::new(key.as_bytes()).unwrap(); @@ -319,7 +301,7 @@ impl X509Generator { } /// Generates a private key and a self-signed certificate and returns them - pub fn generate<'a>(&self) -> Result<(X509<'a>, PKey), SslError> { + pub fn generate<'a>(&self) -> Result<(X509<'a>, PKey), ErrorStack> { ffi::init(); let mut p_key = PKey::new(); @@ -331,7 +313,7 @@ impl X509Generator { /// Sets the certificate public-key, then self-sign and return it /// Note: That the bit-length of the private key is used (set_bitlength is ignored) - pub fn sign<'a>(&self, p_key: &PKey) -> Result<X509<'a>, SslError> { + pub fn sign<'a>(&self, p_key: &PKey) -> Result<X509<'a>, ErrorStack> { ffi::init(); unsafe { @@ -391,7 +373,7 @@ impl X509Generator { } /// Obtain a certificate signing request (CSR) - pub fn request(&self, p_key: &PKey) -> Result<X509Req, SslError> { + pub fn request(&self, p_key: &PKey) -> Result<X509Req, ErrorStack> { let cert = match self.sign(p_key) { Ok(c) => c, Err(x) => return Err(x), @@ -444,12 +426,8 @@ impl<'ctx> X509<'ctx> { } /// Reads certificate from PEM, takes ownership of handle - pub fn from_pem<R>(reader: &mut R) -> Result<X509<'ctx>, SslError> - where R: Read - { - let mut mem_bio = try!(MemBio::new()); - try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); - + pub fn from_pem(buf: &[u8]) -> Result<X509<'ctx>, ErrorStack> { + let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let handle = try_ssl_null!(ffi::PEM_read_bio_X509(mem_bio.get_handle(), ptr::null_mut(), @@ -523,25 +501,21 @@ impl<'ctx> X509<'ctx> { } /// Writes certificate as PEM - pub fn write_pem<W>(&self, writer: &mut W) -> Result<(), SslError> - where W: Write - { - let mut mem_bio = try!(MemBio::new()); + pub fn write_pem(&self) -> Result<Vec<u8>, ErrorStack> { + let mem_bio = try!(MemBio::new()); unsafe { try_ssl!(ffi::PEM_write_bio_X509(mem_bio.get_handle(), self.handle)); } - io::copy(&mut mem_bio, writer).map_err(StreamError).map(|_| ()) + Ok(mem_bio.get_buf().to_owned()) } /// Returns a DER serialized form of the certificate - pub fn save_der(&self) -> Result<Vec<u8>, SslError> { - let mut mem_bio = try!(MemBio::new()); + pub fn save_der(&self) -> Result<Vec<u8>, ErrorStack> { + let mem_bio = try!(MemBio::new()); unsafe { ffi::i2d_X509_bio(mem_bio.get_handle(), self.handle); } - let mut v = Vec::new(); - try!(io::copy(&mut mem_bio, &mut v).map_err(StreamError)); - Ok(v) + Ok(mem_bio.get_buf().to_owned()) } } @@ -627,12 +601,8 @@ impl X509Req { } /// Reads CSR from PEM - pub fn from_pem<R>(reader: &mut R) -> Result<X509Req, SslError> - where R: Read - { - let mut mem_bio = try!(MemBio::new()); - try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); - + pub fn from_pem(buf: &[u8]) -> Result<X509Req, ErrorStack> { + let mem_bio = try!(MemBioSlice::new(buf)); unsafe { let handle = try_ssl_null!(ffi::PEM_read_bio_X509_REQ(mem_bio.get_handle(), ptr::null_mut(), @@ -643,25 +613,21 @@ impl X509Req { } /// Writes CSR as PEM - pub fn write_pem<W>(&self, writer: &mut W) -> Result<(), SslError> - where W: Write - { - let mut mem_bio = try!(MemBio::new()); - unsafe { - try_ssl!(ffi::PEM_write_bio_X509_REQ(mem_bio.get_handle(), self.handle)); + pub fn write_pem(&self) -> Result<Vec<u8>, ErrorStack> { + let mem_bio = try!(MemBio::new()); + if unsafe { ffi::PEM_write_bio_X509_REQ(mem_bio.get_handle(), self.handle) } != 1 { + return Err(ErrorStack::get()); } - io::copy(&mut mem_bio, writer).map_err(StreamError).map(|_| ()) + Ok(mem_bio.get_buf().to_owned()) } /// Returns a DER serialized form of the CSR - pub fn save_der(&self) -> Result<Vec<u8>, SslError> { - let mut mem_bio = try!(MemBio::new()); + pub fn save_der(&self) -> Result<Vec<u8>, ErrorStack> { + let mem_bio = try!(MemBio::new()); unsafe { ffi::i2d_X509_REQ_bio(mem_bio.get_handle(), self.handle); } - let mut v = Vec::new(); - try!(io::copy(&mut mem_bio, &mut v).map_err(StreamError)); - Ok(v) + Ok(mem_bio.get_buf().to_owned()) } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 5d9b30ab..167ca8cf 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -1,7 +1,4 @@ use serialize::hex::FromHex; -use std::io; -use std::path::Path; -use std::fs::File; use crypto::hash::Type::SHA1; use crypto::pkey::PKey; @@ -30,8 +27,8 @@ fn get_generator() -> X509Generator { #[test] fn test_cert_gen() { let (cert, pkey) = get_generator().generate().unwrap(); - cert.write_pem(&mut io::sink()).unwrap(); - pkey.write_pem(&mut io::sink()).unwrap(); + cert.write_pem().unwrap(); + pkey.write_pem().unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509 getters @@ -70,7 +67,7 @@ fn test_req_gen() { pkey.gen(512); let req = get_generator().request(&pkey).unwrap(); - req.write_pem(&mut io::sink()).unwrap(); + req.write_pem().unwrap(); // FIXME: check data in result to be correct, needs implementation // of X509_REQ getters @@ -78,12 +75,8 @@ fn test_req_gen() { #[test] fn test_cert_loading() { - let cert_path = Path::new("test/cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let fingerprint = cert.fingerprint(SHA1).unwrap(); let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6"; @@ -94,12 +87,8 @@ fn test_cert_loading() { #[test] fn test_save_der() { - let cert_path = Path::new("test/cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let der = cert.save_der().unwrap(); assert!(!der.is_empty()); @@ -107,12 +96,8 @@ fn test_save_der() { #[test] fn test_subject_read_cn() { - let cert_path = Path::new("test/cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::CN) { Some(x) => x, @@ -124,12 +109,8 @@ fn test_subject_read_cn() { #[test] fn test_nid_values() { - let cert_path = Path::new("test/nid_test_cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/nid_test_cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/nid_test_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::CN) { @@ -153,12 +134,8 @@ fn test_nid_values() { #[test] fn test_nid_uid_value() { - let cert_path = Path::new("test/nid_uid_test_cert.pem"); - let mut file = File::open(&cert_path) - .ok() - .expect("Failed to open `test/nid_uid_test_cert.pem`"); - - let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM"); + let cert = include_bytes!("../../test/nid_uid_test_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject = cert.subject_name(); let cn = match subject.text_by_nid(Nid::UserId) { @@ -170,8 +147,8 @@ fn test_nid_uid_value() { #[test] fn test_subject_alt_name() { - let mut file = File::open("test/alt_name_cert.pem").unwrap(); - let cert = X509::from_pem(&mut file).unwrap(); + let cert = include_bytes!("../../test/alt_name_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject_alt_names = cert.subject_alt_names().unwrap(); assert_eq!(3, subject_alt_names.len()); @@ -184,8 +161,8 @@ fn test_subject_alt_name() { #[test] fn test_subject_alt_name_iter() { - let mut file = File::open("test/alt_name_cert.pem").unwrap(); - let cert = X509::from_pem(&mut file).unwrap(); + let cert = include_bytes!("../../test/alt_name_cert.pem"); + let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); let subject_alt_names = cert.subject_alt_names().unwrap(); let mut subject_alt_names_iter = subject_alt_names.iter(); |