mirror of https://github.com/ctz/rustls
OwnedTrustAnchor: subject is a DistinguishedName
Store the subject field as the DistinguishedName type, and also return &DistinguishedName from subject().
This commit is contained in:
parent
a8d763efd5
commit
2df280cae2
|
@ -1,12 +1,12 @@
|
|||
use crate::key;
|
||||
#[cfg(feature = "logging")]
|
||||
use crate::log::{debug, trace};
|
||||
use crate::{key, DistinguishedName};
|
||||
use crate::{CertificateError, Error};
|
||||
|
||||
/// A trust anchor, commonly known as a "Root Certificate."
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct OwnedTrustAnchor {
|
||||
subject: Vec<u8>,
|
||||
subject: DistinguishedName,
|
||||
spki: Vec<u8>,
|
||||
name_constraints: Option<Vec<u8>>,
|
||||
}
|
||||
|
@ -15,7 +15,7 @@ impl OwnedTrustAnchor {
|
|||
/// Get a `webpki::TrustAnchor` by borrowing the owned elements.
|
||||
pub(crate) fn to_trust_anchor(&self) -> webpki::TrustAnchor {
|
||||
webpki::TrustAnchor {
|
||||
subject: &self.subject,
|
||||
subject: self.subject.as_ref(),
|
||||
spki: &self.spki,
|
||||
name_constraints: self.name_constraints.as_deref(),
|
||||
}
|
||||
|
@ -41,7 +41,7 @@ impl OwnedTrustAnchor {
|
|||
name_constraints: Option<impl Into<Vec<u8>>>,
|
||||
) -> Self {
|
||||
Self {
|
||||
subject: subject.into(),
|
||||
subject: DistinguishedName::from(subject.into()),
|
||||
spki: spki.into(),
|
||||
name_constraints: name_constraints.map(|x| x.into()),
|
||||
}
|
||||
|
@ -55,7 +55,7 @@ impl OwnedTrustAnchor {
|
|||
/// use x509_parser::prelude::FromDer;
|
||||
/// println!("{}", x509_parser::x509::X509Name::from_der(anchor.subject())?.1);
|
||||
/// ```
|
||||
pub fn subject(&self) -> &[u8] {
|
||||
pub fn subject(&self) -> &DistinguishedName {
|
||||
&self.subject
|
||||
}
|
||||
}
|
||||
|
|
|
@ -40,8 +40,8 @@ mod client_hello {
|
|||
use crate::msgs::handshake::{ClientExtension, SessionID};
|
||||
use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload};
|
||||
use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload};
|
||||
use crate::sign;
|
||||
use crate::verify::DigitallySignedStruct;
|
||||
use crate::{sign, DistinguishedName};
|
||||
|
||||
use super::*;
|
||||
|
||||
|
@ -450,9 +450,7 @@ mod client_hello {
|
|||
let names = config
|
||||
.verifier
|
||||
.client_auth_root_subjects()
|
||||
.iter()
|
||||
.map(|n| DistinguishedName::from(n.clone()))
|
||||
.collect::<Vec<_>>();
|
||||
.to_vec();
|
||||
|
||||
let cr = CertificateRequestPayload {
|
||||
certtypes: vec![
|
||||
|
|
|
@ -41,6 +41,7 @@ pub(super) use client_hello::CompleteClientHelloHandling;
|
|||
|
||||
mod client_hello {
|
||||
use crate::enums::SignatureScheme;
|
||||
use crate::kx;
|
||||
use crate::msgs::base::{Payload, PayloadU8};
|
||||
use crate::msgs::ccs::ChangeCipherSpecPayload;
|
||||
use crate::msgs::enums::NamedGroup;
|
||||
|
@ -65,7 +66,6 @@ mod client_hello {
|
|||
KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake,
|
||||
};
|
||||
use crate::verify::DigitallySignedStruct;
|
||||
use crate::{kx, DistinguishedName};
|
||||
|
||||
use super::*;
|
||||
|
||||
|
@ -699,9 +699,7 @@ mod client_hello {
|
|||
let names = config
|
||||
.verifier
|
||||
.client_auth_root_subjects()
|
||||
.iter()
|
||||
.map(|n| DistinguishedName::from(n.clone()))
|
||||
.collect::<Vec<_>>();
|
||||
.to_vec();
|
||||
|
||||
if !names.is_empty() {
|
||||
cr.extensions
|
||||
|
|
|
@ -551,7 +551,7 @@ impl AllowAnyAuthenticatedClient {
|
|||
subjects: roots
|
||||
.roots
|
||||
.iter()
|
||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
||||
.map(|r| r.subject().clone())
|
||||
.collect::<Vec<_>>(),
|
||||
roots,
|
||||
}
|
||||
|
@ -615,7 +615,7 @@ impl AllowAnyAnonymousOrAuthenticatedClient {
|
|||
subjects: roots
|
||||
.roots
|
||||
.iter()
|
||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
||||
.map(|r| r.subject().clone())
|
||||
.collect::<Vec<_>>(),
|
||||
roots,
|
||||
},
|
||||
|
|
|
@ -53,7 +53,7 @@ fn client_verifier_works() {
|
|||
subjects: get_client_root_store(*kt)
|
||||
.roots
|
||||
.iter()
|
||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
||||
.map(|r| r.subject().clone())
|
||||
.collect(),
|
||||
mandatory: true,
|
||||
offered_schemes: None,
|
||||
|
@ -81,7 +81,7 @@ fn client_verifier_no_schemes() {
|
|||
subjects: get_client_root_store(*kt)
|
||||
.roots
|
||||
.iter()
|
||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
||||
.map(|r| r.subject().clone())
|
||||
.collect(),
|
||||
mandatory: true,
|
||||
offered_schemes: Some(vec![]),
|
||||
|
@ -114,7 +114,7 @@ fn client_verifier_no_auth_yes_root() {
|
|||
subjects: get_client_root_store(*kt)
|
||||
.roots
|
||||
.iter()
|
||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
||||
.map(|r| r.subject().clone())
|
||||
.collect(),
|
||||
mandatory: true,
|
||||
offered_schemes: None,
|
||||
|
@ -151,7 +151,7 @@ fn client_verifier_fails_properly() {
|
|||
subjects: get_client_root_store(*kt)
|
||||
.roots
|
||||
.iter()
|
||||
.map(|r| DistinguishedName::from(r.subject().to_vec()))
|
||||
.map(|r| r.subject().clone())
|
||||
.collect(),
|
||||
mandatory: true,
|
||||
offered_schemes: None,
|
||||
|
|
Loading…
Reference in New Issue