Start on PKCS #12 support

4 files changed, 45 insertions, 5 deletions

diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs
index 93aba9eb..b8b109a2 100644
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@@ -18,6 +18,7 @@ pub mod hash;
 #[cfg(feature = "hmac")]
 pub mod hmac;
 pub mod pkcs5;
+pub mod pkcs12;
 pub mod pkey;
 pub mod rand;
 pub mod symm;
diff --git a/openssl/src/crypto/pkcs12.rs b/openssl/src/crypto/pkcs12.rs
new file mode 100644
index 00000000..dfe30a6c
--- /dev/null
+++ b/openssl/src/crypto/pkcs12.rs
@@ -0,0 +1,39 @@
+//! PKCS #12 archives.
+
+use ffi;
+use libc::{c_long, c_uchar};
+use std::cmp;
+use std::ptr;
+
+use error::ErrorStack;
+
+/// A PKCS #12 archive.
+pub struct Pkcs12(*mut ffi::PKCS12);
+
+impl Drop for Pkcs12 {
+    fn drop(&mut self) {
+        unsafe { ffi::PKCS12_free(self.0); }
+    }
+}
+
+impl Pkcs12 {
+    pub fn from_der(der: &[u8]) -> Result<Pkcs12, ErrorStack> {
+        unsafe {
+            let mut ptr = der.as_ptr() as *const c_uchar;
+            let length = cmp::min(der.len(), c_long::max_value() as usize) as c_long;
+            let p12 = try_ssl_null!(ffi::d2i_PKCS12(ptr::null_mut(), &mut ptr, length));
+            Ok(Pkcs12(p12))
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn from_der() {
+        let der = include_bytes!("../../test/identity.p12");
+        Pkcs12::from_der(der).unwrap();
+    }
+}
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index bfcaa5e4..dea315ae 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -245,7 +245,7 @@ run_test!(verify_trusted, |method, stream| {
     let mut ctx = SslContext::new(method).unwrap();
     ctx.set_verify(SSL_VERIFY_PEER);
 
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
         Ok(_) => {}
         Err(err) => panic!("Unexpected error {:?}", err),
     }
@@ -314,7 +314,7 @@ run_test!(verify_trusted_get_error_ok, |method, stream| {
         true
     });
 
-    match ctx.set_CA_file(&Path::new("test/cert.pem")) {
+    match ctx.set_CA_file(&Path::new("test/root-ca.pem")) {
         Ok(_) => {}
         Err(err) => panic!("Unexpected error {:?}", err),
     }
@@ -338,7 +338,7 @@ run_test!(verify_callback_data, |method, stream| {
     // in DER format.
     // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
     // Please update if "test/cert.pem" will ever change
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
     let node_id = node_hash_str.from_hex().unwrap();
     ctx.set_verify_callback(SSL_VERIFY_PEER, move |_preverify_ok, x509_ctx| {
         let cert = x509_ctx.current_cert();
@@ -367,7 +367,7 @@ run_test!(ssl_verify_callback, |method, stream| {
     let ctx = SslContext::new(method).unwrap();
     let mut ssl = ctx.into_ssl().unwrap();
 
-    let node_hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let node_hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
     let node_id = node_hash_str.from_hex().unwrap();
     ssl.set_verify_callback(SSL_VERIFY_PEER, move |_, x509| {
         CHECKED.store(1, Ordering::SeqCst);
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index c09b31cd..43add896 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -86,7 +86,7 @@ fn test_cert_loading() {
     let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
     let fingerprint = cert.fingerprint(SHA1).unwrap();
 
-    let hash_str = "E19427DAC79FBE758394945276A6E4F15F0BEBE6";
+    let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
     let hash_vec = hash_str.from_hex().unwrap();
 
     assert_eq!(fingerprint, hash_vec);