]> git.proxmox.com Git - proxmox.git/blobdiff - src/util.rs
projects / proxmox.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
expand helper function by eab credentials
[proxmox.git] / src / util.rs
diff --git a/src/util.rs b/src/util.rs
index 7242b643d9c9b44d86d5e22ed05058338d748338..57acf852065e90d529184086621ebabc38ab6c3d 100644 (file)
--- a/src/util.rs
+++ b/src/util.rs
@@ -6,7 +6,7 @@ use openssl::hash::MessageDigest;
 use openssl::nid::Nid;
 use openssl::pkey::PKey;
 use openssl::rsa::Rsa;
-use openssl::x509::{X509Extension, X509Name, X509Req};
+use openssl::x509::{self, X509Name, X509Req};
 
 use crate::Error;
 
@@ -29,7 +29,7 @@ impl Csr {
         attributes: &HashMap<String, &str>,
     ) -> Result<Self, Error> {
         if identifiers.is_empty() {
-            return Err(Error::Csr(format!("cannot generate empty CSR")));
+            return Err(Error::Csr("cannot generate empty CSR".to_string()));
         }
 
         let private_key = Rsa::generate(4096)
@@ -55,40 +55,24 @@ impl Csr {
 
         let context = csr.x509v3_context(None);
         let mut ext = openssl::stack::Stack::new()?;
-        ext.push(X509Extension::new_nid(
-            None,
-            None,
-            Nid::BASIC_CONSTRAINTS,
-            "CA:FALSE",
-        )?)?;
-        ext.push(X509Extension::new_nid(
-            None,
-            None,
-            Nid::KEY_USAGE,
-            "digitalSignature,keyEncipherment",
-        )?)?;
-        ext.push(X509Extension::new_nid(
-            None,
-            None,
-            Nid::EXT_KEY_USAGE,
-            "serverAuth,clientAuth",
-        )?)?;
-        ext.push(X509Extension::new_nid(
-            None,
-            Some(&context),
-            Nid::SUBJECT_ALT_NAME,
-            &identifiers
-                .into_iter()
-                .try_fold(String::new(), |mut acc, dns| {
-                    if !acc.is_empty() {
-                        acc.push(',');
-                    }
-                    use std::fmt::Write;
-                    write!(acc, "DNS:{}", dns.as_ref())?;
-                    Ok::<_, std::fmt::Error>(acc)
-                })
-                .map_err(|err| Error::Csr(err.to_string()))?,
-        )?)?;
+        ext.push(x509::extension::BasicConstraints::new().build()?)?;
+        ext.push(
+            x509::extension::KeyUsage::new()
+                .digital_signature()
+                .key_encipherment()
+                .build()?,
+        )?;
+        ext.push(
+            x509::extension::ExtendedKeyUsage::new()
+                .server_auth()
+                .client_auth()
+                .build()?,
+        )?;
+        let mut san = x509::extension::SubjectAlternativeName::new();
+        for dns in identifiers {
+            san.dns(dns.as_ref());
+        }
+        ext.push({ san }.build(&context)?)?;
         csr.add_extensions(&ext)?;
 
         csr.sign(&private_key, MessageDigest::sha256())?;
RUST base library for proxmox