diff options
| author | Steven Fackler <[email protected]> | 2017-02-10 19:59:11 -0800 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2017-02-10 19:59:11 -0800 |
| commit | 8e5735d84c43cfc2a18c1178893eedf9b8373e8e (patch) | |
| tree | a5c60ad57b8ac2f3c7fbfcd34ef90e175ba9a110 /openssl/src | |
| parent | Add Asn1BitString (diff) | |
| download | rust-openssl-8e5735d84c43cfc2a18c1178893eedf9b8373e8e.tar.xz rust-openssl-8e5735d84c43cfc2a18c1178893eedf9b8373e8e.zip | |
X509 signature access
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/x509/mod.rs | 32 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 15 |
2 files changed, 42 insertions, 5 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index a0b76fef..5829b8e4 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -13,7 +13,7 @@ use std::slice; use std::str; use {cvt, cvt_p}; -use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef}; +use asn1::{Asn1StringRef, Asn1Time, Asn1TimeRef, Asn1BitStringRef}; use bio::MemBioSlice; use hash::MessageDigest; use pkey::{PKey, PKeyRef}; @@ -410,8 +410,8 @@ impl X509Ref { } } - /// Returns certificate Not After validity period. - pub fn not_after<'a>(&'a self) -> &'a Asn1TimeRef { + /// Returns the certificate's Not After validity period. + pub fn not_after(&self) -> &Asn1TimeRef { unsafe { let date = compat::X509_get_notAfter(self.as_ptr()); assert!(!date.is_null()); @@ -419,8 +419,8 @@ impl X509Ref { } } - /// Returns certificate Not Before validity period. - pub fn not_before<'a>(&'a self) -> &'a Asn1TimeRef { + /// Returns the certificate's Not Before validity period. + pub fn not_before(&self) -> &Asn1TimeRef { unsafe { let date = compat::X509_get_notBefore(self.as_ptr()); assert!(!date.is_null()); @@ -428,6 +428,16 @@ impl X509Ref { } } + /// Returns the certificate's signature + pub fn signature(&self) -> &Asn1BitStringRef { + unsafe { + let mut signature = ptr::null(); + compat::X509_get0_signature(&mut signature, ptr::null_mut(), self.as_ptr()); + assert!(!signature.is_null()); + Asn1BitStringRef::from_ptr(signature as *mut _) + } + } + /// Returns the list of OCSP responder URLs specified in the certificate's Authority Information /// Access field. pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack> { @@ -815,6 +825,7 @@ mod compat { pub use ffi::X509_getm_notBefore as X509_get_notBefore; pub use ffi::X509_up_ref; pub use ffi::X509_get0_extensions; + pub use ffi::X509_get0_signature; } #[cfg(ossl10x)] @@ -848,4 +859,15 @@ mod compat { (*info).extensions } } + + pub unsafe fn X509_get0_signature(psig: *mut *const ffi::ASN1_BIT_STRING, + palg: *mut *const ffi::X509_ALGOR, + x: *const ffi::X509) { + if !psig.is_null() { + *psig = (*x).signature; + } + if !palg.is_null() { + *palg = (*x).sig_alg; + } + } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 01cbf2ec..abd83ec1 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -220,3 +220,18 @@ fn ecdsa_cert() { ctx.set_private_key(&key).unwrap(); ctx.check_private_key().unwrap(); } + +#[test] +fn signature() { + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).unwrap(); + let signature = cert.signature(); + assert_eq!(signature.as_slice().to_hex(), + "4af607b889790b43470442cfa551cdb8b6d0b0340d2958f76b9e3ef6ad4992230cead6842587f0ecad5\ + 78e6e11a221521e940187e3d6652de14e84e82f6671f097cc47932e022add3c0cb54a26bf27fa84c107\ + 4971caa6bee2e42d34a5b066c427f2d452038082b8073993399548088429de034fdd589dcfb0dd33be7\ + ebdfdf698a28d628a89568881d658151276bde333600969502c4e62e1d3470a683364dfb241f78d310a\ + 89c119297df093eb36b7fd7540224f488806780305d1e79ffc938fe2275441726522ab36d88348e6c51\ + f13dcc46b5e1cdac23c974fd5ef86aa41e91c9311655090a52333bc79687c748d833595d4c5f987508f\ + e121997410d37c"); +} |