Cert loading from PEM & restructuring

- Added cert loading

- Extracted X509 tests

2 files changed, 86 insertions, 0 deletions

diff --git a/src/x509/mod.rs b/src/x509/mod.rs
index e3ececcc..94934b25 100644
--- a/src/x509/mod.rs
+++ b/src/x509/mod.rs
@@ -11,6 +11,9 @@ use ffi;
 use ssl::error::{SslError, StreamError};
 
 
+#[cfg(test)]
+mod tests;
+
 #[repr(i32)]
 pub enum X509FileType {
     PEM = ffi::X509_FILETYPE_PEM,
@@ -322,6 +325,7 @@ impl X509Generator {
     }
 }
 
+
 #[allow(dead_code)]
 /// A public key certificate
 pub struct X509<'ctx> {
@@ -331,6 +335,39 @@ pub struct X509<'ctx> {
 }
 
 impl<'ctx> X509<'ctx> {
+    /// Creates new from handle with desired ownership.
+    pub fn new(handle: *mut ffi::X509, owned: bool) -> X509<'ctx> {
+        X509 {
+            ctx: None,
+            handle: handle,
+            owned: owned,
+        }
+    }
+
+    /// Creates a new certificate from context. Doesn't take ownership
+    /// of handle.
+    pub fn new_in_ctx(handle: *mut ffi::X509, ctx: &'ctx X509StoreContext) -> X509<'ctx> {
+        X509 {
+            ctx: Some(ctx),
+            handle: handle,
+            owned: false
+        }
+    }
+
+    /// Reads certificate from PEM, takes ownership of handle
+    pub fn from_pem(reader: &mut Reader) -> Result<X509<'ctx>, SslError> {
+        let mut mem_bio = try!(MemBio::new());
+        let buf = try!(reader.read_to_end().map_err(StreamError));
+        try!(mem_bio.write(buf.as_slice()).map_err(StreamError));
+
+        unsafe {
+            let handle = try_ssl_null!(ffi::PEM_read_bio_X509(mem_bio.get_handle(),
+                                                              ptr::null_mut(),
+                                                              None, ptr::null_mut()));
+            Ok(X509::new(handle, true))
+        }
+    }
+
     pub fn subject_name<'a>(&'a self) -> X509Name<'a> {
         let name = unsafe { ffi::X509_get_subject_name(self.handle) };
         X509Name { x509: self, name: name }
diff --git a/src/x509/tests.rs b/src/x509/tests.rs
new file mode 100644
index 00000000..e4f7b142
--- /dev/null
+++ b/src/x509/tests.rs
@@ -0,0 +1,49 @@
+use serialize::hex::FromHex;
+use std::io::{File, Open, Read};
+use std::io::util::NullWriter;
+
+use crypto::hash::{SHA256};
+use x509::{X509, X509Generator, DigitalSignature, KeyEncipherment, ClientAuth, ServerAuth};
+
+#[test]
+fn test_cert_gen() {
+    let gen = X509Generator::new()
+        .set_bitlength(2048)
+        .set_valid_period(365*2)
+        .set_CN("test_me")
+        .set_sign_hash(SHA256)
+        .set_usage([DigitalSignature, KeyEncipherment])
+        .set_ext_usage([ClientAuth, ServerAuth]);
+
+    let res = gen.generate();
+    assert!(res.is_ok());
+
+    let (cert, pkey) = res.unwrap();
+
+    let mut writer = NullWriter;
+    assert!(cert.write_pem(&mut writer).is_ok());
+    assert!(pkey.write_pem(&mut writer).is_ok());
+
+    // FIXME: check data in result to be correct, needs implementation
+    // of X509 getters
+}
+
+#[test]
+fn test_cert_loading() {
+    let cert_path = Path::new("test/cert.pem");
+    let mut file = File::open_mode(&cert_path, Open, Read)
+        .ok()
+        .expect("Failed to open `test/cert.pem`");
+
+    let cert = X509::from_pem(&mut file).ok().expect("Failed to load PEM");
+    let fingerprint = cert.fingerprint(SHA256).unwrap();
+
+    // Hash was generated as SHA256 hash of certificate "test/cert.pem"
+    // in DER format.
+    // Command: openssl x509 -in test/cert.pem  -outform DER | openssl dgst -sha256
+    // Please update if "test/cert.pem" will ever change
+    let hash_str = "6204f6617e1af7495394250655f43600cd483e2dfc2005e92d0fe439d0723c34";
+    let hash_vec = hash_str.from_hex().unwrap();
+
+    assert_eq!(fingerprint.as_slice(), hash_vec.as_slice());
+}