mirror of https://github.com/ctz/rustls
OwnedTrustAnchor: subject is a DistinguishedName
Store the subject field as the DistinguishedName type, and also return &DistinguishedName from subject().
This commit is contained in:
Jacob Hoffman-Andrews
Dirkjan Ochtman
parent
a8d763efd5
commit
2df280cae2
|
|
@ -1,12 +1,12 @@
|
||||||
use crate::key;
|
|
||||||
#[cfg(feature = "logging")]
|
#[cfg(feature = "logging")]
|
||||||
use crate::log::{debug, trace};
|
use crate::log::{debug, trace};
|
||||||
|
use crate::{key, DistinguishedName};
|
||||||
use crate::{CertificateError, Error};
|
use crate::{CertificateError, Error};
|
||||||
|
|
||||||
/// A trust anchor, commonly known as a "Root Certificate."
|
/// A trust anchor, commonly known as a "Root Certificate."
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct OwnedTrustAnchor {
|
pub struct OwnedTrustAnchor {
|
||||||
subject: Vec<u8>,
|
subject: DistinguishedName,
|
||||||
spki: Vec<u8>,
|
spki: Vec<u8>,
|
||||||
name_constraints: Option<Vec<u8>>,
|
name_constraints: Option<Vec<u8>>,
|
||||||
}
|
}
|
||||||
|
|
@ -15,7 +15,7 @@ impl OwnedTrustAnchor {
|
||||||
/// Get a `webpki::TrustAnchor` by borrowing the owned elements.
|
/// Get a `webpki::TrustAnchor` by borrowing the owned elements.
|
||||||
pub(crate) fn to_trust_anchor(&self) -> webpki::TrustAnchor {
|
pub(crate) fn to_trust_anchor(&self) -> webpki::TrustAnchor {
|
||||||
webpki::TrustAnchor {
|
webpki::TrustAnchor {
|
||||||
subject: &self.subject,
|
subject: self.subject.as_ref(),
|
||||||
spki: &self.spki,
|
spki: &self.spki,
|
||||||
name_constraints: self.name_constraints.as_deref(),
|
name_constraints: self.name_constraints.as_deref(),
|
||||||
}
|
}
|
||||||
|
|
@ -41,7 +41,7 @@ impl OwnedTrustAnchor {
|
||||||
name_constraints: Option<impl Into<Vec<u8>>>,
|
name_constraints: Option<impl Into<Vec<u8>>>,
|
||||||
) -> Self {
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
subject: subject.into(),
|
subject: DistinguishedName::from(subject.into()),
|
||||||
spki: spki.into(),
|
spki: spki.into(),
|
||||||
name_constraints: name_constraints.map(|x| x.into()),
|
name_constraints: name_constraints.map(|x| x.into()),
|
||||||
}
|
}
|
||||||
|
|
@ -55,7 +55,7 @@ impl OwnedTrustAnchor {
|
||||||
/// use x509_parser::prelude::FromDer;
|
/// use x509_parser::prelude::FromDer;
|
||||||
/// println!("{}", x509_parser::x509::X509Name::from_der(anchor.subject())?.1);
|
/// println!("{}", x509_parser::x509::X509Name::from_der(anchor.subject())?.1);
|
||||||
/// ```
|
/// ```
|
||||||
pub fn subject(&self) -> &[u8] {
|
pub fn subject(&self) -> &DistinguishedName {
|
||||||
&self.subject
|
&self.subject
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -40,8 +40,8 @@ mod client_hello {
|
||||||
use crate::msgs::handshake::{ClientExtension, SessionID};
|
use crate::msgs::handshake::{ClientExtension, SessionID};
|
||||||
use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload};
|
use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload};
|
||||||
use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload};
|
use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload};
|
||||||
|
use crate::sign;
|
||||||
use crate::verify::DigitallySignedStruct;
|
use crate::verify::DigitallySignedStruct;
|
||||||
use crate::{sign, DistinguishedName};
|
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
|
|
@ -450,9 +450,7 @@ mod client_hello {
|
||||||
let names = config
|
let names = config
|
||||||
.verifier
|
.verifier
|
||||||
.client_auth_root_subjects()
|
.client_auth_root_subjects()
|
||||||
.iter()
|
.to_vec();
|
||||||
.map(|n| DistinguishedName::from(n.clone()))
|
|
||||||
.collect::<Vec<_>>();
|
|
||||||
|
|
||||||
let cr = CertificateRequestPayload {
|
let cr = CertificateRequestPayload {
|
||||||
certtypes: vec![
|
certtypes: vec![
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@ pub(super) use client_hello::CompleteClientHelloHandling;
|
||||||
|
|
||||||
mod client_hello {
|
mod client_hello {
|
||||||
use crate::enums::SignatureScheme;
|
use crate::enums::SignatureScheme;
|
||||||
|
use crate::kx;
|
||||||
use crate::msgs::base::{Payload, PayloadU8};
|
use crate::msgs::base::{Payload, PayloadU8};
|
||||||
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||||
use crate::msgs::enums::NamedGroup;
|
use crate::msgs::enums::NamedGroup;
|
||||||
|
|
@ -65,7 +66,6 @@ mod client_hello {
|
||||||
KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake,
|
KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake,
|
||||||
};
|
};
|
||||||
use crate::verify::DigitallySignedStruct;
|
use crate::verify::DigitallySignedStruct;
|
||||||
use crate::{kx, DistinguishedName};
|
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
|
|
@ -699,9 +699,7 @@ mod client_hello {
|
||||||
let names = config
|
let names = config
|
||||||
.verifier
|
.verifier
|
||||||
.client_auth_root_subjects()
|
.client_auth_root_subjects()
|
||||||
.iter()
|
.to_vec();
|
||||||
.map(|n| DistinguishedName::from(n.clone()))
|
|
||||||
.collect::<Vec<_>>();
|
|
||||||
|
|
||||||
if !names.is_empty() {
|
if !names.is_empty() {
|
||||||
cr.extensions
|
cr.extensions
|
||||||
|
|
|
||||||
|
|
@ -551,7 +551,7 @@ impl AllowAnyAuthenticatedClient {
|
||||||
subjects: roots
|
subjects: roots
|
||||||
.roots
|
.roots
|
||||||
.iter()
|
.iter()
|
||||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
.map(|r| r.subject().clone())
|
||||||
.collect::<Vec<_>>(),
|
.collect::<Vec<_>>(),
|
||||||
roots,
|
roots,
|
||||||
}
|
}
|
||||||
|
|
@ -615,7 +615,7 @@ impl AllowAnyAnonymousOrAuthenticatedClient {
|
||||||
subjects: roots
|
subjects: roots
|
||||||
.roots
|
.roots
|
||||||
.iter()
|
.iter()
|
||||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
.map(|r| r.subject().clone())
|
||||||
.collect::<Vec<_>>(),
|
.collect::<Vec<_>>(),
|
||||||
roots,
|
roots,
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ fn client_verifier_works() {
|
||||||
subjects: get_client_root_store(*kt)
|
subjects: get_client_root_store(*kt)
|
||||||
.roots
|
.roots
|
||||||
.iter()
|
.iter()
|
||||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
.map(|r| r.subject().clone())
|
||||||
.collect(),
|
.collect(),
|
||||||
mandatory: true,
|
mandatory: true,
|
||||||
offered_schemes: None,
|
offered_schemes: None,
|
||||||
|
|
@ -81,7 +81,7 @@ fn client_verifier_no_schemes() {
|
||||||
subjects: get_client_root_store(*kt)
|
subjects: get_client_root_store(*kt)
|
||||||
.roots
|
.roots
|
||||||
.iter()
|
.iter()
|
||||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
.map(|r| r.subject().clone())
|
||||||
.collect(),
|
.collect(),
|
||||||
mandatory: true,
|
mandatory: true,
|
||||||
offered_schemes: Some(vec![]),
|
offered_schemes: Some(vec![]),
|
||||||
|
|
@ -114,7 +114,7 @@ fn client_verifier_no_auth_yes_root() {
|
||||||
subjects: get_client_root_store(*kt)
|
subjects: get_client_root_store(*kt)
|
||||||
.roots
|
.roots
|
||||||
.iter()
|
.iter()
|
||||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
.map(|r| r.subject().clone())
|
||||||
.collect(),
|
.collect(),
|
||||||
mandatory: true,
|
mandatory: true,
|
||||||
offered_schemes: None,
|
offered_schemes: None,
|
||||||
|
|
@ -151,7 +151,7 @@ fn client_verifier_fails_properly() {
|
||||||
subjects: get_client_root_store(*kt)
|
subjects: get_client_root_store(*kt)
|
||||||
.roots
|
.roots
|
||||||
.iter()
|
.iter()
|
||||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
.map(|r| r.subject().clone())
|
||||||
.collect(),
|
.collect(),
|
||||||
mandatory: true,
|
mandatory: true,
|
||||||
offered_schemes: None,
|
offered_schemes: None,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue