From 255aedf2ca8468af627a2ba16c8c95211f61a3ef Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Tue, 8 Oct 2024 19:09:47 -0400 Subject: [PATCH 01/18] add new for testing if worked, can add load_cert function --- rcgen/src/certificate.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index dd62a362..b9b9b0b2 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -29,6 +29,19 @@ pub struct Certificate { } impl Certificate { + + /// create a new Certificate with given parameter + pub fn new(params: CertificateParams, + subject_public_key_info: Vec, + der: CertificateDer<'static>, + ) -> Self { + Certificate { + params, + subject_public_key_info, + der, + } + } + /// Returns the certificate parameters pub fn params(&self) -> &CertificateParams { &self.params From e9ebc447bdb41f9f1dab3c1530d544149b6e9ae1 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 09:46:05 -0400 Subject: [PATCH 02/18] certificate from der --- rcgen/src/certificate.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index b9b9b0b2..5cf3ec8f 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -30,6 +30,19 @@ pub struct Certificate { impl Certificate { + /// Create a `Certificate` from a DER encoded certificate. + #[cfg(feature = "x509-parser")] + pub fn from_der(der: &[u8]) -> Result { + let der = der.to_owned().into(); + let params = CertificateParams::from_ca_cert_der(&der)?; + let subj = crate::SubjectPublicKeyInfo::from_der(&der)?; + Ok(Certificate { + params, + subject_public_key_info: subj.subject_public_key, + der, + }) + } + /// create a new Certificate with given parameter pub fn new(params: CertificateParams, subject_public_key_info: Vec, From cfca33dfa8ac13be54a76a0a4ef9bc326923fd02 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 11:38:18 -0400 Subject: [PATCH 03/18] get spki der --- rcgen/src/certificate.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 5cf3ec8f..2316823e 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -35,7 +35,10 @@ impl Certificate { pub fn from_der(der: &[u8]) -> Result { let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; - let subj = crate::SubjectPublicKeyInfo::from_der(&der)?; + let (_, x509_cert) = X509Certificate::from_der(der_certificate).unwrap(); + let x509_spki_der = x509_cert.public_key().raw(); + + let subj = crate::SubjectPublicKeyInfo::from_der(&x509_spki_der)?; Ok(Certificate { params, subject_public_key_info: subj.subject_public_key, From 8e5b9d76619698f4e1dbb522050d279a3a63b9ba Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 11:48:54 -0400 Subject: [PATCH 04/18] add spki der --- rcgen/src/certificate.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 2316823e..02ac9e6f 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -33,12 +33,15 @@ impl Certificate { /// Create a `Certificate` from a DER encoded certificate. #[cfg(feature = "x509-parser")] pub fn from_der(der: &[u8]) -> Result { + use x509_parser::prelude::{FromDer, X509Certificate}; + + let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; - let (_, x509_cert) = X509Certificate::from_der(der_certificate).unwrap(); - let x509_spki_der = x509_cert.public_key().raw(); + let (_, x509_cert) = X509Certificate::from_der(&der).unwrap(); + let x509_spki_der = x509_cert.public_key().raw; - let subj = crate::SubjectPublicKeyInfo::from_der(&x509_spki_der)?; + let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { params, subject_public_key_info: subj.subject_public_key, From c2c08c009343200cd2b9f8f370969fd124d7583a Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:04:51 -0400 Subject: [PATCH 05/18] use subj --- rcgen/src/certificate.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 02ac9e6f..d7cf453e 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -35,7 +35,6 @@ impl Certificate { pub fn from_der(der: &[u8]) -> Result { use x509_parser::prelude::{FromDer, X509Certificate}; - let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; let (_, x509_cert) = X509Certificate::from_der(&der).unwrap(); @@ -44,7 +43,8 @@ impl Certificate { let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { params, - subject_public_key_info: subj.subject_public_key, + // subject_public_key_info: subj.subject_public_key, + subject_public_key_info: subj, der, }) } From d660afcde6728377227dd8139aa160badc66ee42 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:10:42 -0400 Subject: [PATCH 06/18] cmt --- rcgen/src/certificate.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index d7cf453e..15208342 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -40,11 +40,11 @@ impl Certificate { let (_, x509_cert) = X509Certificate::from_der(&der).unwrap(); let x509_spki_der = x509_cert.public_key().raw; - let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; + // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { params, // subject_public_key_info: subj.subject_public_key, - subject_public_key_info: subj, + subject_public_key_info: x509_spki_der, der, }) } From f2838763c60c3e8f4d65f133f03b29faee954701 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:13:26 -0400 Subject: [PATCH 07/18] commit --- rcgen/src/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 15208342..555f7c72 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -38,7 +38,7 @@ impl Certificate { let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; let (_, x509_cert) = X509Certificate::from_der(&der).unwrap(); - let x509_spki_der = x509_cert.public_key().raw; + let x509_spki_der = x509_cert.public_key().raw.to_vec(); // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { From 6b07bb5078001cccb766e77944a121601c93f077 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:19:50 -0400 Subject: [PATCH 08/18] commit --- rcgen/src/certificate.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 555f7c72..bb19f52a 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -38,6 +38,8 @@ impl Certificate { let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; let (_, x509_cert) = X509Certificate::from_der(&der).unwrap(); + + println!("spki : {:?}", x509_cert.public_key()); let x509_spki_der = x509_cert.public_key().raw.to_vec(); // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; From 73b51906526fbe786e98abfebec37fdb5585700f Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:54:18 -0400 Subject: [PATCH 09/18] c --- rcgen/src/certificate.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index bb19f52a..877ab2ef 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -41,12 +41,14 @@ impl Certificate { println!("spki : {:?}", x509_cert.public_key()); let x509_spki_der = x509_cert.public_key().raw.to_vec(); + let spki_base64 = STANDARD.encode(&spki_der); + println!("spki_base64: {:?}", spki_base64); // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { params, // subject_public_key_info: subj.subject_public_key, - subject_public_key_info: x509_spki_der, + subject_public_key_info: spki_base64, der, }) } From d138313981a4e79957a3cf837980f42008ffdd41 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:55:38 -0400 Subject: [PATCH 10/18] c --- rcgen/src/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 877ab2ef..c0624877 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -41,7 +41,7 @@ impl Certificate { println!("spki : {:?}", x509_cert.public_key()); let x509_spki_der = x509_cert.public_key().raw.to_vec(); - let spki_base64 = STANDARD.encode(&spki_der); + let spki_base64 = STANDARD.encode(&x509_spki_der); println!("spki_base64: {:?}", spki_base64); // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; From b369c6920f1d1584a5f775b296b9f0977c04865f Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 15:56:52 -0400 Subject: [PATCH 11/18] c --- rcgen/src/certificate.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index c0624877..ea5f253b 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -34,6 +34,7 @@ impl Certificate { #[cfg(feature = "x509-parser")] pub fn from_der(der: &[u8]) -> Result { use x509_parser::prelude::{FromDer, X509Certificate}; + use base64::{engine::general_purpose::STANDARD, Engine}; let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; From 974f0956a58b54beaef3277a07ebbb83e5e2d3a4 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 16:00:03 -0400 Subject: [PATCH 12/18] c --- Cargo.lock | 1 + rcgen/Cargo.toml | 1 + 2 files changed, 2 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 0d1cd72e..48796b2f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -882,6 +882,7 @@ name = "rcgen" version = "0.13.1" dependencies = [ "aws-lc-rs", + "base64", "botan", "openssl", "pem", diff --git a/rcgen/Cargo.toml b/rcgen/Cargo.toml index 43b17a2a..c6c66898 100644 --- a/rcgen/Cargo.toml +++ b/rcgen/Cargo.toml @@ -34,6 +34,7 @@ pki-types = { workspace = true } time = { version = "0.3.6", default-features = false } x509-parser = { workspace = true, features = ["verify"], optional = true } zeroize = { version = "1.2", optional = true } +base64 = "0.22.1" [features] default = ["crypto", "pem", "ring"] From e6a67c63657467c7594db86fb4bde0d5f0967ada Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 16:01:53 -0400 Subject: [PATCH 13/18] c --- rcgen/src/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index ea5f253b..63d524e8 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -49,7 +49,7 @@ impl Certificate { Ok(Certificate { params, // subject_public_key_info: subj.subject_public_key, - subject_public_key_info: spki_base64, + subject_public_key_info: x509_spki_der, der, }) } From 3883442e5fa2f0b288cf714532d94fa451b75cfa Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 16:05:35 -0400 Subject: [PATCH 14/18] c --- rcgen/src/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 63d524e8..e068ad1c 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -43,7 +43,7 @@ impl Certificate { println!("spki : {:?}", x509_cert.public_key()); let x509_spki_der = x509_cert.public_key().raw.to_vec(); let spki_base64 = STANDARD.encode(&x509_spki_der); - println!("spki_base64: {:?}", spki_base64); + println!("spki_base64: {:?}", spki_base64.into_bytes()); // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { From 37276e3c322321cc1d5206e0ba55def5a5e83867 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 16:38:03 -0400 Subject: [PATCH 15/18] c --- Cargo.lock | 1 - rcgen/Cargo.toml | 1 - rcgen/src/certificate.rs | 4 ---- 3 files changed, 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 48796b2f..0d1cd72e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -882,7 +882,6 @@ name = "rcgen" version = "0.13.1" dependencies = [ "aws-lc-rs", - "base64", "botan", "openssl", "pem", diff --git a/rcgen/Cargo.toml b/rcgen/Cargo.toml index c6c66898..43b17a2a 100644 --- a/rcgen/Cargo.toml +++ b/rcgen/Cargo.toml @@ -34,7 +34,6 @@ pki-types = { workspace = true } time = { version = "0.3.6", default-features = false } x509-parser = { workspace = true, features = ["verify"], optional = true } zeroize = { version = "1.2", optional = true } -base64 = "0.22.1" [features] default = ["crypto", "pem", "ring"] diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index e068ad1c..3e0b67fa 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -34,16 +34,12 @@ impl Certificate { #[cfg(feature = "x509-parser")] pub fn from_der(der: &[u8]) -> Result { use x509_parser::prelude::{FromDer, X509Certificate}; - use base64::{engine::general_purpose::STANDARD, Engine}; let der = der.to_owned().into(); let params = CertificateParams::from_ca_cert_der(&der)?; let (_, x509_cert) = X509Certificate::from_der(&der).unwrap(); - println!("spki : {:?}", x509_cert.public_key()); let x509_spki_der = x509_cert.public_key().raw.to_vec(); - let spki_base64 = STANDARD.encode(&x509_spki_der); - println!("spki_base64: {:?}", spki_base64.into_bytes()); // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { From 604db163bda55bf454c18e6bcbbb8e96207b12d2 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 17:25:52 -0400 Subject: [PATCH 16/18] c --- rcgen/src/certificate.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 3e0b67fa..7121c734 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -259,6 +259,8 @@ impl CertificateParams { let (_remainder, x509) = x509_parser::parse_x509_certificate(ca_cert) .or(Err(Error::CouldNotParseCertificate))?; + println!("x509 info: {:?}", x509); + let dn = DistinguishedName::from_name(&x509.tbs_certificate.subject)?; let is_ca = Self::convert_x509_is_ca(&x509)?; let validity = x509.validity(); From 7d388afe36ba95921d1907e04dc06a2d9d43c43f Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Wed, 9 Oct 2024 17:55:59 -0400 Subject: [PATCH 17/18] good to work --- rcgen/src/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 7121c734..866438a1 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -259,7 +259,7 @@ impl CertificateParams { let (_remainder, x509) = x509_parser::parse_x509_certificate(ca_cert) .or(Err(Error::CouldNotParseCertificate))?; - println!("x509 info: {:?}", x509); + // println!("x509 info: {:?}", x509); let dn = DistinguishedName::from_name(&x509.tbs_certificate.subject)?; let is_ca = Self::convert_x509_is_ca(&x509)?; From e2386bb656f8986f2a66847ab8a500529a76ee26 Mon Sep 17 00:00:00 2001 From: jiangshaoqi Date: Thu, 24 Oct 2024 10:38:07 -0400 Subject: [PATCH 18/18] create Certificate from DER --- rcgen/src/certificate.rs | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs index 866438a1..400db88a 100644 --- a/rcgen/src/certificate.rs +++ b/rcgen/src/certificate.rs @@ -31,6 +31,9 @@ pub struct Certificate { impl Certificate { /// Create a `Certificate` from a DER encoded certificate. + /// Make sure the certificate match the format of x509-parser in rcgen, + /// or the generated `Certificate` will be different. + /// A safe way is to load the DER certificate generated from rcgen. #[cfg(feature = "x509-parser")] pub fn from_der(der: &[u8]) -> Result { use x509_parser::prelude::{FromDer, X509Certificate}; @@ -41,27 +44,13 @@ impl Certificate { let x509_spki_der = x509_cert.public_key().raw.to_vec(); - // let subj = crate::SubjectPublicKeyInfo::from_der(x509_spki_der)?; Ok(Certificate { params, - // subject_public_key_info: subj.subject_public_key, subject_public_key_info: x509_spki_der, der, }) } - /// create a new Certificate with given parameter - pub fn new(params: CertificateParams, - subject_public_key_info: Vec, - der: CertificateDer<'static>, - ) -> Self { - Certificate { - params, - subject_public_key_info, - der, - } - } - /// Returns the certificate parameters pub fn params(&self) -> &CertificateParams { &self.params @@ -259,8 +248,6 @@ impl CertificateParams { let (_remainder, x509) = x509_parser::parse_x509_certificate(ca_cert) .or(Err(Error::CouldNotParseCertificate))?; - // println!("x509 info: {:?}", x509); - let dn = DistinguishedName::from_name(&x509.tbs_certificate.subject)?; let is_ca = Self::convert_x509_is_ca(&x509)?; let validity = x509.validity();