Merge pull request #240 from jethrogb/topic/x509_req_extension

pub type X509_NAME_ENTRY = c_void;

pub type X509_REQ = c_void;

pub type X509_STORE_CTX = c_void;

pub type stack_st_X509_EXTENSION = c_void;

#[repr(C)]

pub struct EVP_MD_CTX {

    pub fn X509V3_EXT_conf(conf: *mut c_void, ctx: *mut X509V3_CTX, name: *mut c_char, value: *mut c_char) -> *mut X509_EXTENSION;

    pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int);

    pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int;

    pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;

    pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *const *mut u8) -> c_int;

    pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA;

    pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int;

    pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long;

    #[link_name = "SSL_set_tlsext_host_name_shim"]

    pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long;

    #[link_name = "X509_get_extensions_shim"]

    pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION;

}

pub mod probe;

long SSL_set_tlsext_host_name_shim(SSL *s, char *name) {

    return SSL_set_tlsext_host_name(s, name);

}

STACK_OF(X509_EXTENSION) *X509_get_extensions_shim(X509 *x) {

    return x->cert_info ? x->cert_info->extensions : NULL;

}

            Err(x) => return Err(x)

        };

        let hash_fn = self.hash_type.evp_md();

        let req = unsafe { ffi::X509_to_X509_REQ(cert.handle, p_key.get_handle(), hash_fn) };

        unsafe {

            let req = ffi::X509_to_X509_REQ(cert.handle, ptr::null_mut(), ptr::null());

            try_ssl_null!(req);

            let exts = ffi::X509_get_extensions(cert.handle);

            if exts != ptr::null_mut() {

                try_ssl!(ffi::X509_REQ_add_extensions(req,exts));

            }

            let hash_fn = self.hash_type.evp_md();

            try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn));

            Ok(X509Req::new(req))

        }

    }

}

#[allow(dead_code)]

use std::fs::File;

use crypto::hash::Type::{SHA256};

use crypto::pkey::PKey;

use x509::{X509, X509Generator};

use x509::extension::Extension::{KeyUsage,ExtKeyUsage,SubjectAltName,OtherNid,OtherStr};

use x509::extension::AltNameOption as SAN;

use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth};

use nid::Nid;

#[test]

fn test_cert_gen() {

    let gen = X509Generator::new()

fn get_generator() -> X509Generator {

    X509Generator::new()

        .set_bitlength(2048)

        .set_valid_period(365*2)

        .add_name("CN".to_string(),"test_me".to_string())

        .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())]))

        .add_extension(SubjectAltName(vec![(SAN::DNS,"example.com".to_owned())]))

        .add_extension(OtherNid(Nid::BasicConstraints,"critical,CA:TRUE".to_owned()))

        .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned()));

        .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned()))

}

    let (cert, pkey) = gen.generate().unwrap();

#[test]

fn test_cert_gen() {

    let (cert, pkey) = get_generator().generate().unwrap();

    cert.write_pem(&mut io::sink()).unwrap();

    pkey.write_pem(&mut io::sink()).unwrap();

    assert_eq!(pkey.save_pub(), cert.public_key().save_pub());

}

#[test]

fn test_req_gen() {

    let mut pkey = PKey::new();

    pkey.gen(512);

    let req = get_generator().request(&pkey).unwrap();

    req.write_pem(&mut io::sink()).unwrap();

    // FIXME: check data in result to be correct, needs implementation

    // of X509_REQ getters

}

#[test]

fn test_cert_loading() {

    let cert_path = Path::new("test/cert.pem");