[pbs-devel] [PATCH v2 backup 05/27] CertInfo: add not_{after, before}_unix
Wolfgang Bumiller
w.bumiller at proxmox.com
Wed Apr 28 13:12:30 CEST 2021
On Wed, Apr 28, 2021 at 01:05:33PM +0200, Dietmar Maurer wrote:
> is it really worth to add another dependency?
openssl uses `foreign-types` to provide access to the underlying data,
it is described as a "framework for rust wrappers over C APIs", so if
more crates use it, their raw data becomes available this way as well.
The alternative would be to explicitly depend on openssl-sys.
I don't mind either way. The function isn't otherwise exposed by the
crate currently.
>
> On 4/22/21 4:01 PM, Wolfgang Bumiller wrote:
> > Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> > ---
> > Cargo.toml | 1 +
> > src/tools/cert.rs | 36 ++++++++++++++++++++++++++++++++++--
> > 2 files changed, 35 insertions(+), 2 deletions(-)
> >
> > diff --git a/Cargo.toml b/Cargo.toml
> > index 3739d3af..74ccf361 100644
> > --- a/Cargo.toml
> > +++ b/Cargo.toml
> > @@ -32,6 +32,7 @@ endian_trait = { version = "0.6", features = ["arrays"] }
> > env_logger = "0.7"
> > flate2 = "1.0"
> > anyhow = "1.0"
> > +foreign-types = "0.3"
> > thiserror = "1.0"
> > futures = "0.3"
> > h2 = { version = "0.3", features = [ "stream" ] }
> > diff --git a/src/tools/cert.rs b/src/tools/cert.rs
> > index 0c7e9e5d..d3c221a4 100644
> > --- a/src/tools/cert.rs
> > +++ b/src/tools/cert.rs
> > @@ -1,12 +1,32 @@
> > use std::path::PathBuf;
> > +use std::mem::MaybeUninit;
> > -use anyhow::Error;
> > +use anyhow::{bail, format_err, Error};
> > +use foreign_types::ForeignTypeRef;
> > use openssl::x509::{X509, GeneralName};
> > use openssl::stack::Stack;
> > use openssl::pkey::{Public, PKey};
> > use crate::configdir;
> > +// C type:
> > +#[allow(non_camel_case_types)]
> > +type ASN1_TIME = <openssl::asn1::Asn1TimeRef as ForeignTypeRef>::CType;
> > +
> > +extern "C" {
> > + fn ASN1_TIME_to_tm(s: *const ASN1_TIME, tm: *mut libc::tm) -> libc::c_int;
> > +}
> > +
> > +fn asn1_time_to_unix(time: &openssl::asn1::Asn1TimeRef) -> Result<i64, Error> {
> > + let mut c_tm = MaybeUninit::<libc::tm>::uninit();
> > + let rc = unsafe { ASN1_TIME_to_tm(time.as_ptr(), c_tm.as_mut_ptr()) };
> > + if rc != 1 {
> > + bail!("failed to parse ASN1 time");
> > + }
> > + let mut c_tm = unsafe { c_tm.assume_init() };
> > + proxmox::tools::time::timegm(&mut c_tm)
> > +}
> > +
> > pub struct CertInfo {
> > x509: X509,
> > }
> > @@ -25,7 +45,11 @@ impl CertInfo {
> > }
> > pub fn from_path(path: PathBuf) -> Result<Self, Error> {
> > - let cert_pem = proxmox::tools::fs::file_get_contents(&path)?;
> > + Self::from_pem(&proxmox::tools::fs::file_get_contents(&path)?)
> > + .map_err(|err| format_err!("failed to load certificate from {:?} - {}", path, err))
> > + }
> > +
> > + pub fn from_pem(cert_pem: &[u8]) -> Result<Self, Error> {
> > let x509 = openssl::x509::X509::from_pem(&cert_pem)?;
> > Ok(Self{
> > x509
> > @@ -64,4 +88,12 @@ impl CertInfo {
> > pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef {
> > self.x509.not_after()
> > }
> > +
> > + pub fn not_before_unix(&self) -> Result<i64, Error> {
> > + asn1_time_to_unix(&self.not_before())
> > + }
> > +
> > + pub fn not_after_unix(&self) -> Result<i64, Error> {
> > + asn1_time_to_unix(&self.not_after())
> > + }
> > }
More information about the pbs-devel
mailing list