diff options
Diffstat (limited to 'src/macros.rs')
-rw-r--r-- | src/macros.rs | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/src/macros.rs b/src/macros.rs index 638d516..0333ef7 100644 --- a/src/macros.rs +++ b/src/macros.rs @@ -61,7 +61,7 @@ macro_rules! impl_newtype { #[allow(unused_lifetimes)] impl<'a> ::der::EncodeValue for $newtype { - fn encode_value(&self, encoder: &mut dyn ::der::Writer) -> ::der::Result<()> { + fn encode_value(&self, encoder: &mut impl ::der::Writer) -> ::der::Result<()> { self.0.encode_value(encoder) } @@ -78,3 +78,61 @@ macro_rules! impl_newtype { } }; } + +/// Implements the AsExtension traits for every defined Extension paylooad +macro_rules! impl_extension { + ($newtype:ty) => { + impl_extension!($newtype, critical = false); + }; + ($newtype:ty, critical = $critical:expr) => { + impl crate::ext::AsExtension for $newtype { + fn critical( + &self, + _subject: &crate::name::Name, + _extensions: &[crate::ext::Extension], + ) -> bool { + $critical + } + } + }; +} + +/// Implements conversions between [`spki::SubjectPublicKeyInfo`] and [`SubjectKeyIdentifier`] or [`AuthorityKeyIdentifier`] +macro_rules! impl_key_identifier { + ($newtype:ty, $out:expr) => { + #[cfg(feature = "builder")] + mod builder_key_identifier { + use super::*; + use der::asn1::OctetString; + use sha1::{Digest, Sha1}; + use spki::SubjectPublicKeyInfoRef; + + impl<'a> TryFrom<SubjectPublicKeyInfoRef<'a>> for $newtype { + type Error = der::Error; + + fn try_from(issuer: SubjectPublicKeyInfoRef<'a>) -> Result<Self, Self::Error> { + // https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2 + // + // For CA certificates, subject key identifiers SHOULD be derived from + // the public key or a method that generates unique values. Two common + // methods for generating key identifiers from the public key are: + + // (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the + // value of the BIT STRING subjectPublicKey (excluding the tag, + // length, and number of unused bits). + + // (2) The keyIdentifier is composed of a four-bit type field with + // the value 0100 followed by the least significant 60 bits of + // the SHA-1 hash of the value of the BIT STRING + // subjectPublicKey (excluding the tag, length, and number of + // unused bits). + + // Here we're using the first method + + let result = Sha1::digest(issuer.subject_public_key.raw_bytes()); + $out(result.as_slice()) + } + } + } + }; +} |