diff options
author | Casey Marshall <git@cmars.tech> | 2021-03-01 18:59:59 -0600 |
---|---|---|
committer | Casey Marshall <git@cmars.tech> | 2021-03-01 19:09:19 -0600 |
commit | 14637d1c2fb33bacf7f5d1dcb7ff51440505b7e3 (patch) | |
tree | 7fd6101409deb93a75fc39bb0b046eff54186da0 | |
parent | cfbe5d48a0a43a6282eed7da625387b6b059f086 (diff) | |
download | rust-openssl-14637d1c2fb33bacf7f5d1dcb7ff51440505b7e3.zip |
Authority Information Access x509 extension
Add support for parsing and accessing the [Authority Information Access
extension](https://tools.ietf.org/html/rfc5280#section-4.2.2.1).
-rw-r--r-- | openssl-sys/src/x509v3.rs | 12 | ||||
-rw-r--r-- | openssl/src/x509/mod.rs | 44 | ||||
-rw-r--r-- | openssl/src/x509/tests.rs | 18 | ||||
-rw-r--r-- | openssl/test/aia_test_cert.pem | 22 |
4 files changed, 96 insertions, 0 deletions
diff --git a/openssl-sys/src/x509v3.rs b/openssl-sys/src/x509v3.rs index 8ab6a531..90fc77b8 100644 --- a/openssl-sys/src/x509v3.rs +++ b/openssl-sys/src/x509v3.rs @@ -28,6 +28,18 @@ extern "C" { } #[repr(C)] +pub struct ACCESS_DESCRIPTION { + pub method: *mut ASN1_OBJECT, + pub location: *mut GENERAL_NAME, +} + +stack!(stack_st_ACCESS_DESCRIPTION); + +extern "C" { + pub fn ACCESS_DESCRIPTION_free(ad: *mut ACCESS_DESCRIPTION); +} + +#[repr(C)] pub struct AUTHORITY_KEYID { pub keyid: *mut ASN1_OCTET_STRING, pub issuer: *mut stack_st_GENERAL_NAME, diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 47d91660..8df2818a 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -449,6 +449,24 @@ impl X509Ref { } } + /// Returns this certificate's [`authority information access`] entries, if they exist. + /// + /// This corresponds to [`X509_get_ext_d2i`] called with `NID_info_access`. + /// + /// [`X509_get_ext_d2i`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_get_ext_d2i.html + /// [`authority information access`]: https://tools.ietf.org/html/rfc5280#section-4.2.2.1 + pub fn authority_info(&self) -> Option<Stack<AccessDescription>> { + unsafe { + let stack = ffi::X509_get_ext_d2i( + self.as_ptr(), + ffi::NID_info_access, + ptr::null_mut(), + ptr::null_mut(), + ); + Stack::from_ptr_opt(stack as *mut _) + } + } + pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack> { unsafe { let pkey = cvt_p(ffi::X509_get_pubkey(self.as_ptr()))?; @@ -1418,6 +1436,32 @@ impl Stackable for GeneralName { } foreign_type_and_impl_send_sync! { + type CType = ffi::ACCESS_DESCRIPTION; + fn drop = ffi::ACCESS_DESCRIPTION_free; + + /// `AccessDescription` of certificate authority information. + pub struct AccessDescription; + /// Reference to `AccessDescription`. + pub struct AccessDescriptionRef; +} + +impl AccessDescriptionRef { + /// Returns the access method OID. + pub fn method(&self) -> &Asn1ObjectRef { + unsafe { Asn1ObjectRef::from_ptr((*self.as_ptr()).method) } + } + + // Returns the access location. + pub fn location(&self) -> &GeneralNameRef { + unsafe { GeneralNameRef::from_ptr((*self.as_ptr()).location) } + } +} + +impl Stackable for AccessDescription { + type StackType = ffi::stack_st_ACCESS_DESCRIPTION; +} + +foreign_type_and_impl_send_sync! { type CType = ffi::X509_ALGOR; fn drop = ffi::X509_ALGOR_free; diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index bd4e66a1..731d3f03 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -178,6 +178,24 @@ fn test_subject_alt_name_iter() { } #[test] +fn test_aia_ca_issuer() { + // With AIA + let cert = include_bytes!("../../test/aia_test_cert.pem"); + let cert = X509::from_pem(cert).unwrap(); + let authority_info = cert.authority_info().unwrap(); + assert_eq!(authority_info.len(), 1); + assert_eq!(authority_info[0].method().to_string(), "CA Issuers"); + assert_eq!( + authority_info[0].location().uri(), + Some("http://www.example.com/cert.pem") + ); + // Without AIA + let cert = include_bytes!("../../test/cert.pem"); + let cert = X509::from_pem(cert).unwrap(); + assert!(cert.authority_info().is_none()); +} + +#[test] fn x509_builder() { let pkey = pkey(); diff --git a/openssl/test/aia_test_cert.pem b/openssl/test/aia_test_cert.pem new file mode 100644 index 00000000..6cc522ec --- /dev/null +++ b/openssl/test/aia_test_cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDozCCAougAwIBAgIJAJayG40CARAjMA0GCSqGSIb3DQEBCwUAMA8xDTALBgNV +BAMMBHRlc3QwHhcNMjEwMzAyMDA1NzQ3WhcNNDgwNzE4MDA1NzQ3WjBzMQswCQYD +VQQGEwJYWDELMAkGA1UECAwCWFgxEDAOBgNVBAcMB25vd2hlcmUxEDAOBgNVBAoM +B3Rlc3RvcmcxEjAQBgNVBAsMCXRlc3Rncm91cDEfMB0GA1UEAwwWbWFjaGluZS0w +Lm15aG9zdC5teW5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANKA +3zhwC70hbxFVdC0dYk9BHaNntZ4LPUVwFSG2HBn34oO8zCp4wkH+VIi9vOhWiySK +Gs3gW4qpjMbF82Gqc3dG2KfqUrOtWY+u54zAzqpgiJf08wmREHPoZmjqfCfgM3FO +VMEA8g1BQxXEd+y7UEDoXhPIoeFnqzMu9sg4npnL9U5BLaQJiWnXHClnBrvAAKXW +E8KDNmcavtFvo2xQVC09C6dJG5CrigWcZe4CaUl44rHiPaQd+jOp0HAccl/XLA0/ +QyHvW6ksjco/mb7ia1U9ohaC/3NHmzUA1S3kdq/qgnkPsjmy5v8k5vizowNc5rFO +XsV86BIv44rh1Jut52ECAwEAAaOBnTCBmjAMBgNVHRMEBTADAQH/MAsGA1UdDwQE +AwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIQYDVR0RBBowGIIW +bWFjaGluZS0wLm15aG9zdC5teW5ldDA7BggrBgEFBQcBAQQvMC0wKwYIKwYBBQUH +MAKGH2h0dHA6Ly93d3cuZXhhbXBsZS5jb20vY2VydC5wZW0wDQYJKoZIhvcNAQEL +BQADggEBAH+ayx8qGvxzrG57jgXJudq+z783O6E2xGBJn1cT9Jhrg1VnlU+tHcNd +fFcsp0gdQZCmm3pu3E0m/FsgTpfHUgdCOmZQp45QrxCz2oRdWQM71SSA/x1VfQ9w +670iZOEY15/ss2nRl0woaYO7tBVadpZfymW5+OhsTKn5gL0pVmW3RciHuAmbIvQO +bouUwzuZIJMfca7T1MqZYdrKoJrOBj0LaPTutjfQB7O/02vUCPjTTIH20aqsMe5K +KXCrjiZO2jkxQ49Hz5uwfPx12dSVHNLpsnfOAH+MUToeW+SPx2OPvl/uAHcph2lj +MLA6Wi64rSUxzkcFLFsGpKcK6QKcHUw= +-----END CERTIFICATE----- |