Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wip: refactoring extension handling #164

Closed
wants to merge 29 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
e5bb524
error: alpha-sort Error variants
cpu Dec 10, 2023
e8f2721
ext: introduce module for X.509 extension handling
cpu Sep 10, 2023
1948f6a
ext: implement authority key identifier.
cpu Dec 10, 2023
6a3359d
ext: implement subject alternative name.
cpu Dec 10, 2023
063482e
ext: implement key usage
cpu Dec 10, 2023
fecc1ed
wip: extended key usage (and some CSR fixes)
cpu Dec 10, 2023
33c1977
wip: non x509-feature fixes
cpu Dec 10, 2023
559dc09
ext: implement name constraints
cpu Dec 10, 2023
56e3c3c
wip: fixup with name constraints
cpu Dec 10, 2023
e5bcd11
wip: and again...
cpu Dec 10, 2023
5ab3d94
ext: implement CRL distribution points
cpu Dec 10, 2023
2841368
wip: fixup with crldps
cpu Dec 10, 2023
6b9e715
wip: add a TODO
cpu Dec 10, 2023
a447dc6
ext: implement subject key ID, specifying SKI
cpu Dec 10, 2023
d310765
ext: implement basic constraints
cpu Dec 10, 2023
9e9caf6
ext: implement custom extensions
cpu Dec 10, 2023
0369073
ext: use Extensions to write DER as needed
cpu Dec 10, 2023
2d0b890
wip: fixup with last commit
cpu Dec 10, 2023
dbc3d36
ext: implement crl number extension
cpu Dec 10, 2023
f0548fa
ext: implement issuing distribution point extension
cpu Dec 10, 2023
0c96153
crl: unconditionally emit AKI
cpu Dec 10, 2023
a50d976
wip: fixup with CRL IDP ext
cpu Dec 10, 2023
5d95594
crl: write DER with Extensions
cpu Dec 10, 2023
199d604
ext: implement reason code extension
cpu Dec 10, 2023
0287f54
ext: implement invalidity date extension
cpu Dec 10, 2023
006bf28
crl: use Extensions to write DER
cpu Dec 10, 2023
98c020f
wip: tidy up write_request
cpu Dec 10, 2023
973271c
ext: fix type leak in custom extension
cpu Dec 10, 2023
0225a26
ext: mark new constructor as test-only
cpu Dec 10, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
wip: tidy up write_request
cpu committed Dec 10, 2023
commit 98c020fe5ce091741a88f35577bdb5c2c263ea2c
33 changes: 2 additions & 31 deletions rcgen/src/lib.rs
Original file line number Diff line number Diff line change
@@ -676,43 +676,14 @@ impl CertificateParams {
Ok(params)
}
fn write_request<K: PublicKeyData>(&self, pub_key: &K, writer: DERWriter) -> Result<(), Error> {
// No .. pattern, we use this to ensure every field is used
#[deny(unused)]
let Self {
alg,
not_before,
not_after,
serial_number,
subject_alt_names: _,
distinguished_name,
is_ca,
key_usages: _,
extended_key_usages: _,
name_constraints: _,
crl_distribution_points: _,
custom_extensions: _,
key_pair,
use_authority_key_identifier_extension,
key_identifier_method,
} = self;
// - alg and key_pair will be used by the caller
// - not_before and not_after cannot be put in a CSR
// - There might be a use case for specifying the key identifier
// in the CSR, but in the current API it can't be distinguished
// from the defaults so this is left for a later version if
// needed.
let _ = (alg, key_pair, not_before, not_after, key_identifier_method);
if serial_number.is_some()
|| *is_ca != IsCa::NoCa
|| *use_authority_key_identifier_extension
{
if self.serial_number.is_some() || self.use_authority_key_identifier_extension {
return Err(Error::UnsupportedInCsr);
}
writer.write_sequence(|writer| {
// Write version
writer.next().write_u8(0);
// Write issuer
write_distinguished_name(writer.next(), &distinguished_name);
write_distinguished_name(writer.next(), &self.distinguished_name);
// Write subjectPublicKeyInfo
pub_key.serialize_public_key_der(writer.next());
// Write extensions