diff options
| author | Steven Fackler <sfackler@palantir.com> | 2017-01-25 11:13:59 +0000 |
|---|---|---|
| committer | Steven Fackler <sfackler@palantir.com> | 2017-01-25 11:37:26 +0000 |
| commit | 15b1b348b29590ec9221f1dfdb164651c2e21b29 (patch) | |
| tree | f555f71c7e44e9f0fdb3aa3477b0c060056878e9 /openssl/src/pkcs12.rs | |
| parent | f8e4e7935d3396b62a262950f3412752b15a6a45 (diff) | |
| download | rust-openssl-15b1b348b29590ec9221f1dfdb164651c2e21b29.zip | |
Pkcs12Builder tweaks
Diffstat (limited to 'openssl/src/pkcs12.rs')
| -rw-r--r-- | openssl/src/pkcs12.rs | 61 |
1 files changed, 34 insertions, 27 deletions
diff --git a/openssl/src/pkcs12.rs b/openssl/src/pkcs12.rs index 1b847bb6..44a67af0 100644 --- a/openssl/src/pkcs12.rs +++ b/openssl/src/pkcs12.rs @@ -5,7 +5,7 @@ use libc::c_int; use std::ptr; use std::ffi::CString; -use cvt; +use {cvt, cvt_p}; use pkey::{PKey, PKeyRef}; use error::ErrorStack; use x509::X509; @@ -64,8 +64,9 @@ impl Pkcs12 { Pkcs12Builder { nid_key: nid::UNDEF, //nid::PBE_WITHSHA1AND3_KEY_TRIPLEDES_CBC, nid_cert: nid::UNDEF, //nid::PBE_WITHSHA1AND40BITRC2_CBC, - iter: ffi::PKCS12_DEFAULT_ITER as usize, // 2048 - mac_iter: ffi::PKCS12_DEFAULT_ITER as usize, // 2048 + iter: ffi::PKCS12_DEFAULT_ITER, + mac_iter: ffi::PKCS12_DEFAULT_ITER, + ca: None, } } } @@ -76,39 +77,50 @@ pub struct ParsedPkcs12 { pub chain: Stack<X509>, } -// TODO: add ca chain pub struct Pkcs12Builder { nid_key: nid::Nid, nid_cert: nid::Nid, - iter: usize, - mac_iter: usize, + iter: c_int, + mac_iter: c_int, + ca: Option<Stack<X509>>, } impl Pkcs12Builder { /// The encryption algorithm that should be used for the key - pub fn nid_key(&mut self, nid: nid::Nid) { + pub fn key_algorithm(&mut self, nid: nid::Nid) -> &mut Self { self.nid_key = nid; + self } /// The encryption algorithm that should be used for the cert - pub fn nid_cert(&mut self, nid: nid::Nid) { + pub fn cert_algorithm(&mut self, nid: nid::Nid) -> &mut Self { self.nid_cert = nid; + self } /// Key iteration count, default is 2048 as of this writing - pub fn iter(&mut self, iter: usize) { - self.iter = iter; + pub fn key_iter(&mut self, iter: u32) -> &mut Self { + self.iter = iter as c_int; + self } - /// Mac iteration count, default is the same as key_iter default. + /// MAC iteration count, default is the same as key_iter. /// - /// Old implementation don't understand mac iterations greater than 1, (pre 1.0.1?), if such - /// compatibility is required this should be set to 1 - pub fn mac_iter(&mut self, mac_iter: usize) { - self.mac_iter = mac_iter; + /// Old implementations don't understand MAC iterations greater than 1, (pre 1.0.1?), if such + /// compatibility is required this should be set to 1. + pub fn mac_iter(&mut self, mac_iter: u32) -> &mut Self { + self.mac_iter = mac_iter as c_int; + self } - /// Builds the pkcs12 object + /// An additional set of certificates to include in the archive beyond the one provided to + /// `build`. + pub fn ca(&mut self, ca: Stack<X509>) -> &mut Self { + self.ca = Some(ca); + self + } + + /// Builds the PKCS #12 object /// /// # Arguments /// @@ -126,7 +138,7 @@ impl Pkcs12Builder { let friendly_name = CString::new(friendly_name).unwrap(); let pkey = pkey.as_ptr(); let cert = cert.as_ptr(); - let ca = ptr::null_mut(); // TODO: should allow for a chain to be set in the builder + let ca = self.ca.as_ref().map(|ca| ca.as_ptr()).unwrap_or(ptr::null_mut()); let nid_key = self.nid_key.as_raw(); let nid_cert = self.nid_cert.as_raw(); @@ -135,22 +147,17 @@ impl Pkcs12Builder { // https://www.openssl.org/docs/man1.0.2/crypto/PKCS12_create.html let keytype = 0; - let pkcs12_ptr = ffi::PKCS12_create(pass.as_ptr() as *const _ as *mut _, + cvt_p(ffi::PKCS12_create(pass.as_ptr() as *const _ as *mut _, friendly_name.as_ptr() as *const _ as *mut _, pkey, cert, ca, nid_key, nid_cert, - self.iter as c_int, - self.mac_iter as c_int, - keytype); - - if pkcs12_ptr.is_null() { - Err(ErrorStack::get()) - } else { - Ok(Pkcs12::from_ptr(pkcs12_ptr)) - } + self.iter, + self.mac_iter, + keytype)) + .map(Pkcs12) } } } |