Merge pull request #436 from dweinstein/asn1_expiration

Add support for getting X509 notBefore, notAfter
author: Steven Fackler <[email protected]> 2016-08-16 22:34:46 -0700
committer: GitHub <[email protected]> 2016-08-16 22:34:46 -0700
commit: 82bda28206144752326f89f431d431baebf2c766 (patch)
tree: b102c7dd4590254aa0831bac1f62e32f8ccb625b /openssl/src
parent: Merge pull request #440 from dweinstein/openssl-mirror (diff)
parent: Get rid of use Asn1TimeRef warning for some builds (diff)
download: rust-openssl-82bda28206144752326f89f431d431baebf2c766.tar.xz
rust-openssl-82bda28206144752326f89f431d431baebf2c766.zip
6 files changed, 90 insertions, 5 deletions
diff --git a/openssl/src/asn1/mod.rs b/openssl/src/asn1/mod.rs
index 7d209775..1eab9f04 100644
--- a/openssl/src/asn1/mod.rs
+++ b/openssl/src/asn1/mod.rs
@@ -1,15 +1,19 @@
 use libc::c_long;
-use std::ptr;
+use std::{ptr, fmt};
+use std::marker::PhantomData;
+use std::ops::Deref;
 
+use bio::MemBio;
 use ffi;
 use error::ErrorStack;
 
-pub struct Asn1Time(*mut ffi::ASN1_TIME);
+/// Corresponds to the ASN.1 structure Time defined in RFC5280
+pub struct Asn1Time(Asn1TimeRef<'static>);
 
 impl Asn1Time {
     /// Wraps existing ASN1_TIME and takes ownership
     pub unsafe fn from_ptr(handle: *mut ffi::ASN1_TIME) -> Asn1Time {
-        Asn1Time(handle)
+        Asn1Time(Asn1TimeRef::from_ptr(handle))
     }
 
     fn from_period(period: c_long) -> Result<Asn1Time, ErrorStack> {
@@ -25,6 +29,24 @@ impl Asn1Time {
     pub fn days_from_now(days: u32) -> Result<Asn1Time, ErrorStack> {
         Asn1Time::from_period(days as c_long * 60 * 60 * 24)
     }
+}
+
+impl Deref for Asn1Time {
+    type Target = Asn1TimeRef<'static>;
+
+    fn deref(&self) -> &Asn1TimeRef<'static> {
+        &self.0
+    }
+}
+
+/// A borrowed Asn1Time
+pub struct Asn1TimeRef<'a>(*mut ffi::ASN1_TIME, PhantomData<&'a ()>);
+
+impl<'a> Asn1TimeRef<'a> {
+    /// Creates a new `Asn1TimeRef` wrapping the provided handle.
+    pub unsafe fn from_ptr(handle: *mut ffi::ASN1_TIME) -> Asn1TimeRef<'a> {
+        Asn1TimeRef(handle, PhantomData)
+    }
 
     /// Returns the raw handle
     pub fn as_ptr(&self) -> *mut ffi::ASN1_TIME {
@@ -32,8 +54,19 @@ impl Asn1Time {
     }
 }
 
+impl<'a> fmt::Display for Asn1TimeRef<'a> {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        let mem_bio = try!(MemBio::new());
+        let as_str = unsafe {
+            try_ssl!(ffi::ASN1_TIME_print(mem_bio.as_ptr(), self.0));
+            String::from_utf8_unchecked(mem_bio.get_buf().to_owned())
+        };
+        write!(f, "{}", as_str)
+    }
+}
+
 impl Drop for Asn1Time {
     fn drop(&mut self) {
-        unsafe { ffi::ASN1_TIME_free(self.0) };
+        unsafe { ffi::ASN1_TIME_free(self.as_ptr()) };
     }
 }
diff --git a/openssl/src/c_helpers.c b/openssl/src/c_helpers.c
index 5d149553..6e6a5021 100644
--- a/openssl/src/c_helpers.c
+++ b/openssl/src/c_helpers.c
@@ -15,6 +15,14 @@ STACK_OF(X509_EXTENSION) *rust_0_8_X509_get_extensions(X509 *x) {
     return x->cert_info ? x->cert_info->extensions : NULL;
 }
 
+ASN1_TIME* rust_0_8_X509_get_notAfter(X509 *x) {
+  return X509_get_notAfter(x);
+}
+
+ASN1_TIME* rust_0_8_X509_get_notBefore(X509 *x) {
+  return X509_get_notBefore(x);
+}
+
 DH *rust_0_8_DH_new_from_params(BIGNUM *p, BIGNUM *g, BIGNUM *q) {
     DH *dh;
 
diff --git a/openssl/src/c_helpers.rs b/openssl/src/c_helpers.rs
index 74ddb9ac..d16c3125 100644
--- a/openssl/src/c_helpers.rs
+++ b/openssl/src/c_helpers.rs
@@ -6,7 +6,8 @@ extern "C" {
     pub fn rust_0_8_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
     pub fn rust_0_8_X509_clone(x509: *mut ffi::X509);
     pub fn rust_0_8_X509_get_extensions(x: *mut ffi::X509) -> *mut ffi::stack_st_X509_EXTENSION;
-
+    pub fn rust_0_8_X509_get_notAfter(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME;
+    pub fn rust_0_8_X509_get_notBefore(x: *mut ffi::X509) -> *mut ffi::ASN1_TIME;
     pub fn rust_0_8_HMAC_Init_ex(ctx: *mut ffi::HMAC_CTX, key: *const c_void, keylen: c_int, md: *const ffi::EVP_MD, impl_: *mut ffi::ENGINE) -> c_int;
     pub fn rust_0_8_HMAC_Final(ctx: *mut ffi::HMAC_CTX, output: *mut c_uchar, len: *mut c_uint) -> c_int;
     pub fn rust_0_8_HMAC_Update(ctx: *mut ffi::HMAC_CTX, input: *const c_uchar, len: c_uint) -> c_int;
diff --git a/openssl/src/error.rs b/openssl/src/error.rs
index 5fa542c2..cc89b5db 100644
--- a/openssl/src/error.rs
+++ b/openssl/src/error.rs
@@ -54,6 +54,12 @@ impl From<ErrorStack> for io::Error {
     }
 }
 
+impl From<ErrorStack> for fmt::Error {
+    fn from(_: ErrorStack) -> fmt::Error {
+        fmt::Error
+    }
+}
+
 /// An error reported from OpenSSL.
 pub struct Error(c_ulong);
 
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 0cc0eca7..1319b75c 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -11,6 +11,9 @@ use std::marker::PhantomData;
 
 use HashTypeInternals;
 use asn1::Asn1Time;
+#[cfg(feature = "x509_expiry")]
+use asn1::Asn1TimeRef;
+
 use bio::{MemBio, MemBioSlice};
 use crypto::hash;
 use crypto::hash::Type as HashType;
@@ -433,6 +436,28 @@ impl<'a> X509Ref<'a> {
         }
     }
 
+    /// Returns certificate Not After validity period.
+    /// Requires the `x509_expiry` feature.
+    #[cfg(feature = "x509_expiry")]
+    pub fn not_after<'b>(&'b self) -> Asn1TimeRef<'b> {
+        unsafe {
+            let date = ::c_helpers::rust_0_8_X509_get_notAfter(self.0);
+            assert!(!date.is_null());
+            Asn1TimeRef::from_ptr(date)
+        }
+    }
+
+    /// Returns certificate Not Before validity period.
+    /// Requires the `x509_expiry` feature.
+    #[cfg(feature = "x509_expiry")]
+    pub fn not_before<'b>(&'b self) -> Asn1TimeRef<'b> {
+        unsafe {
+            let date = ::c_helpers::rust_0_8_X509_get_notBefore(self.0);
+            assert!(!date.is_null());
+            Asn1TimeRef::from_ptr(date)
+        }
+    }
+
     /// Writes certificate as PEM
     pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack> {
         let mem_bio = try!(MemBio::new());
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 43add896..eac08941 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -93,6 +93,18 @@ fn test_cert_loading() {
 }
 
 #[test]
+#[cfg(feature = "x509_expiry")]
+fn test_cert_issue_validity() {
+    let cert = include_bytes!("../../test/cert.pem");
+    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let not_before = cert.not_before().to_string();
+    let not_after = cert.not_after().to_string();
+
+    assert_eq!(not_before, "Aug 14 17:00:03 2016 GMT");
+    assert_eq!(not_after, "Aug 12 17:00:03 2026 GMT");
+}
+
+#[test]
 fn test_save_der() {
     let cert = include_bytes!("../../test/cert.pem");
     let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
author	Steven Fackler <[email protected]>	2016-08-16 22:34:46 -0700
committer	GitHub <[email protected]>	2016-08-16 22:34:46 -0700
commit	82bda28206144752326f89f431d431baebf2c766 (patch)
tree	b102c7dd4590254aa0831bac1f62e32f8ccb625b /openssl/src
parent	Merge pull request #440 from dweinstein/openssl-mirror (diff)
parent	Get rid of use Asn1TimeRef warning for some builds (diff)
download	rust-openssl-82bda28206144752326f89f431d431baebf2c766.tar.xz rust-openssl-82bda28206144752326f89f431d431baebf2c766.zip