Skip to content

Commit

Permalink
csr: support basic constraints -> IsCA from CSR
Browse files Browse the repository at this point in the history
  • Loading branch information
cpu committed Oct 5, 2023
1 parent e491cb0 commit eba80ef
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
17 changes: 15 additions & 2 deletions src/csr.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#[cfg(feature = "x509-parser")]
use crate::{CustomExtension, DistinguishedName, SanType};
use crate::{BasicConstraints, CustomExtension, DistinguishedName, IsCa, SanType};
#[cfg(feature = "pem")]
use pem::Pem;
use std::hash::Hash;
Expand Down Expand Up @@ -100,6 +100,20 @@ impl CertificateSigningRequest {
params.key_identifier = ski.0.to_vec();
true
},
x509_parser::extensions::ParsedExtension::BasicConstraints(bc) => {
params.is_ca = match (bc.ca, bc.path_len_constraint) {
(false, _) => IsCa::ExplicitNoCa,
(true, None) => IsCa::Ca(BasicConstraints::Unconstrained),
(true, Some(len_constraint)) => {
IsCa::Ca(BasicConstraints::Constrained(
len_constraint
.try_into()
.map_err(|_| Error::UnsupportedBasicConstraintsPathLen)?,

Check warning on line 111 in src/csr.rs

View check run for this annotation

Codecov / codecov/patch

src/csr.rs#L103-L111

Added lines #L103 - L111 were not covered by tests
))
},
};
true

Check warning on line 115 in src/csr.rs

View check run for this annotation

Codecov / codecov/patch

src/csr.rs#L115

Added line #L115 was not covered by tests
},
_ => false,
};
if !supported {
Expand All @@ -113,7 +127,6 @@ impl CertificateSigningRequest {
}

// Not yet handled:
// * is_ca
// * extended_key_usages
// * name_constraints
// and any other extensions.
Expand Down
8 changes: 8 additions & 0 deletions src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ pub enum Error {
RingUnspecified,
/// Time conversion related errors
Time,
/// Unsupported basic constraints extension path length in CSR
#[cfg(feature = "x509-parser")]
UnsupportedBasicConstraintsPathLen,
/// Unsupported extension requested in CSR
#[cfg(feature = "x509-parser")]
UnsupportedExtension,
Expand Down Expand Up @@ -96,6 +99,11 @@ impl fmt::Display for Error {
DuplicateExtension(oid) => {
write!(f, "Extension with OID {oid} present multiple times")?

Check warning on line 100 in src/error.rs

View check run for this annotation

Codecov / codecov/patch

src/error.rs#L99-L100

Added lines #L99 - L100 were not covered by tests
},
#[cfg(feature = "x509-parser")]
UnsupportedBasicConstraintsPathLen => write!(
f,
"Unsupported basic constraints extension path length constraint in CSR"
)?,

Check warning on line 106 in src/error.rs

View check run for this annotation

Codecov / codecov/patch

src/error.rs#L103-L106

Added lines #L103 - L106 were not covered by tests
};
Ok(())
}
Expand Down

0 comments on commit eba80ef

Please sign in to comment.