Clean up x509 name entries

4 files changed, 87 insertions, 54 deletions

diff --git a/openssl/src/asn1.rs b/openssl/src/asn1.rs
index a089b41b..d0704693 100644
--- a/openssl/src/asn1.rs
+++ b/openssl/src/asn1.rs
@@ -1,9 +1,11 @@
 use libc::c_long;
 use std::{ptr, fmt};
+use std::slice;
 use ffi;
 
 use {cvt, cvt_p};
 use bio::MemBio;
+use crypto::CryptoString;
 use error::ErrorStack;
 use types::{OpenSslType, Ref};
 
@@ -35,3 +37,29 @@ impl Asn1Time {
         Asn1Time::from_period(days as c_long * 60 * 60 * 24)
     }
 }
+
+type_!(Asn1String, ffi::ASN1_STRING, ffi::ASN1_STRING_free);
+
+impl Ref<Asn1String> {
+    pub fn as_utf8(&self) -> Result<CryptoString, ErrorStack> {
+        unsafe {
+            let mut ptr = ptr::null_mut();
+            let len = ffi::ASN1_STRING_to_UTF8(&mut ptr, self.as_ptr());
+            if len < 0 {
+                return Err(ErrorStack::get());
+            }
+
+            Ok(CryptoString::from_raw_parts(ptr, len as usize))
+        }
+    }
+
+    pub fn as_slice(&self) -> &[u8] {
+        unsafe { slice::from_raw_parts(ffi::ASN1_STRING_data(self.as_ptr()), self.len()) }
+    }
+
+    pub fn len(&self) -> usize {
+        unsafe {
+            ffi::ASN1_STRING_length(self.as_ptr()) as usize
+        }
+    }
+}
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index a1bcfa77..5520e578 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -253,6 +253,7 @@ fn setup_verify(ssl: &mut Ssl, domain: &str) -> Result<(), ErrorStack> {
 #[cfg(not(any(ossl102, ossl110)))]
 mod verify {
     use std::net::IpAddr;
+    use std::str;
 
     use nid;
     use x509::{X509StoreContext, X509, GeneralNames, X509Name};
@@ -305,7 +306,12 @@ mod verify {
     }
 
     fn verify_subject_name(domain: &str, subject_name: &Ref<X509Name>) -> bool {
-        if let Some(pattern) = subject_name.text_by_nid(nid::COMMONNAME) {
+        if let Some(pattern) = subject_name.entries_by_nid(nid::COMMONNAME).next() {
+            let pattern = match str::from_utf8(pattern.data().as_slice()) {
+                Ok(pattern) => pattern,
+                Err(_) => return false,
+            };
+
             // Unlike with SANs, IP addresses in the subject name don't have a
             // different encoding. We need to pass this down to matches_dns to
             // disallow wildcard matches with bogus patterns like *.0.0.1
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index bb2c7544..28f2542f 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -12,9 +12,8 @@ use std::slice;
 use std::str;
 
 use {cvt, cvt_p};
-use asn1::Asn1Time;
+use asn1::{Asn1String, Asn1Time};
 use bio::{MemBio, MemBioSlice};
-use crypto::CryptoString;
 use hash::MessageDigest;
 use pkey::PKey;
 use rand::rand_bytes;
@@ -473,33 +472,49 @@ impl Borrow<Ref<X509>> for X509 {
 type_!(X509Name, ffi::X509_NAME, ffi::X509_NAME_free);
 
 impl Ref<X509Name> {
-    pub fn text_by_nid(&self, nid: Nid) -> Option<CryptoString> {
-        unsafe {
-            let loc = ffi::X509_NAME_get_index_by_NID(self.as_ptr(), nid.as_raw(), -1);
-            if loc == -1 {
-                return None;
-            }
+    pub fn entries_by_nid<'a>(&'a self, nid: Nid) -> X509NameEntries<'a> {
+        X509NameEntries {
+            name: self,
+            nid: nid,
+            loc: -1,
+        }
+    }
+}
 
-            let ne = ffi::X509_NAME_get_entry(self.as_ptr(), loc);
-            if ne.is_null() {
-                return None;
-            }
+pub struct X509NameEntries<'a> {
+    name: &'a Ref<X509Name>,
+    nid: Nid,
+    loc: c_int,
+}
 
-            let asn1_str = ffi::X509_NAME_ENTRY_get_data(ne);
-            if asn1_str.is_null() {
-                return None;
-            }
+impl<'a> Iterator for X509NameEntries<'a> {
+    type Item = &'a Ref<X509NameEntry>;
 
-            let mut str_from_asn1: *mut u8 = ptr::null_mut();
-            let len = ffi::ASN1_STRING_to_UTF8(&mut str_from_asn1, asn1_str);
+    fn next(&mut self) -> Option<&'a Ref<X509NameEntry>> {
+        unsafe {
+            self.loc = ffi::X509_NAME_get_index_by_NID(self.name.as_ptr(),
+                                                       self.nid.as_raw(),
+                                                       self.loc);
 
-            if len < 0 {
+            if self.loc == -1 {
                 return None;
             }
 
-            assert!(!str_from_asn1.is_null());
+            let entry = ffi::X509_NAME_get_entry(self.name.as_ptr(), self.loc);
+            assert!(!entry.is_null());
 
-            Some(CryptoString::from_raw_parts(str_from_asn1, len as usize))
+            Some(Ref::from_ptr(entry))
+        }
+    }
+}
+
+type_!(X509NameEntry, ffi::X509_NAME_ENTRY, ffi::X509_NAME_ENTRY_free);
+
+impl Ref<X509NameEntry> {
+    pub fn data(&self) -> &Ref<Asn1String> {
+        unsafe {
+            let data = ffi::X509_NAME_ENTRY_get_data(self.as_ptr());
+            Ref::from_ptr(data)
         }
     }
 }
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 1c248ba2..db93c3a8 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -113,58 +113,42 @@ fn test_save_der() {
 #[test]
 fn test_subject_read_cn() {
     let cert = include_bytes!("../../test/cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
     let subject = cert.subject_name();
-    let cn = match subject.text_by_nid(nid::COMMONNAME) {
-        Some(x) => x,
-        None => panic!("Failed to read CN from cert"),
-    };
-
-    assert_eq!(&cn as &str, "foobar.com")
+    let cn = subject.entries_by_nid(nid::COMMONNAME).next().unwrap();
+    assert_eq!(cn.data().as_slice(), b"foobar.com")
 }
 
 #[test]
 fn test_nid_values() {
     let cert = include_bytes!("../../test/nid_test_cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
     let subject = cert.subject_name();
 
-    let cn = match subject.text_by_nid(nid::COMMONNAME) {
-        Some(x) => x,
-        None => panic!("Failed to read CN from cert"),
-    };
-    assert_eq!(&cn as &str, "example.com");
-
-    let email = match subject.text_by_nid(nid::PKCS9_EMAILADDRESS) {
-        Some(x) => x,
-        None => panic!("Failed to read subject email address from cert"),
-    };
-    assert_eq!(&email as &str, "test@example.com");
-
-    let friendly = match subject.text_by_nid(nid::FRIENDLYNAME) {
-        Some(x) => x,
-        None => panic!("Failed to read subject friendly name from cert"),
-    };
-    assert_eq!(&friendly as &str, "Example");
+    let cn = subject.entries_by_nid(nid::COMMONNAME).next().unwrap();
+    assert_eq!(cn.data().as_slice(), b"example.com");
+
+    let email = subject.entries_by_nid(nid::PKCS9_EMAILADDRESS).next().unwrap();
+    assert_eq!(email.data().as_slice(), b"test@example.com");
+
+    let friendly = subject.entries_by_nid(nid::FRIENDLYNAME).next().unwrap();
+    assert_eq!(&*friendly.data().as_utf8().unwrap(), "Example");
 }
 
 #[test]
 fn test_nid_uid_value() {
     let cert = include_bytes!("../../test/nid_uid_test_cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
     let subject = cert.subject_name();
 
-    let cn = match subject.text_by_nid(nid::USERID) {
-        Some(x) => x,
-        None => panic!("Failed to read UID from cert"),
-    };
-    assert_eq!(&cn as &str, "this is the userId");
+    let cn = subject.entries_by_nid(nid::USERID).next().unwrap();
+    assert_eq!(cn.data().as_slice(), b"this is the userId");
 }
 
 #[test]
 fn test_subject_alt_name() {
     let cert = include_bytes!("../../test/alt_name_cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
 
     let subject_alt_names = cert.subject_alt_names().unwrap();
     assert_eq!(3, subject_alt_names.len());