Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip: refactoring extension handling #164

Closed
wants to merge 29 commits into from
Closed

wip: refactoring extension handling #164

wants to merge 29 commits into from
+1,934 −697

Commits on Dec 10, 2023

  1. error: alpha-sort Error variants

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    e5bb524 View commit details
    Browse the repository at this point in the history

  2. ext: introduce module for X.509 extension handling 

    This commit creates a new crate-internal module, `ext`, for managing
X.509 extensions. In this commit we wire up emitting extensions managed
by this module, but do not yet convert any existing extensions to the
new arrangement. This will begin in subsequent commits.

This adds a dedicated `Extensions` struct and `Extension` trait that handle:

* tracking extensions maintaining insertion order.
* ensuring the invariant that we never add more than one instance of the
  same extension OID.
* writing the DER encoded SEQUENCE of extensions.
* writing each DER encoded extension SEQUENCE - including the OID,
  criticality, and value.

The `Extension` trait allows common operations across all extensions
like:

* getting the ext OID.
* getting the criticality (using a new `Criticality` enum).
* getting the raw DER value.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    e8f2721 View commit details
    Browse the repository at this point in the history

  3. ext: implement authority key identifier. 

    This commit lifts the authority key identifier extension into the `ext`
module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    1948f6a View commit details
    Browse the repository at this point in the history

  4. ext: implement subject alternative name. 

    This commit lifts the subject alternative name extension into the `ext`
module.

It additionally ensures we never write an empty SAN extension, if the
`CertificateParams` contain an empty vec of SAN names.

For the time being SAN extensions are always written as non-criticial,
but the required plumbing to handle the RFC5280 guidance on SAN ext
criticality is added for follow-up adjustment.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    6a3359d View commit details
    Browse the repository at this point in the history

  5. ext: implement key usage 

    This commit lifts the key usage extension into the `ext` module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    063482e View commit details
    Browse the repository at this point in the history

  6. wip: extended key usage (and some CSR fixes) 

    TODO: Split out the non-eku related bits.

This commit lifts the extended key usage extension into the `ext`
module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    fecc1ed View commit details
    Browse the repository at this point in the history

  7. wip: non x509-feature fixes

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    33c1977 View commit details
    Browse the repository at this point in the history

  8. ext: implement name constraints 

    This commit lifts the name constraints extension into the `ext` module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    559dc09 View commit details
    Browse the repository at this point in the history

  9. wip: fixup with name constraints

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    56e3c3c View commit details
    Browse the repository at this point in the history

  10. wip: and again...

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    e5bcd11 View commit details
    Browse the repository at this point in the history

  11. ext: implement CRL distribution points 

    This commit lifts the CRL distribution points extension into the `ext` module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    5ab3d94 View commit details
    Browse the repository at this point in the history

  12. wip: fixup with crldps

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    2841368 View commit details
    Browse the repository at this point in the history

  13. wip: add a TODO

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    6b9e715 View commit details
    Browse the repository at this point in the history

  14. ext: implement subject key ID, specifying SKI 

    This commit lifts the subject key identifier extension into the `ext`
module.

Diverging from the existing code we now adhere to the RFC 5280 advice
and always emit the SKI extension when generating a certificate.
Previously this was only done if the basic constraints specified
`IsCa::Ca` or `IsCa::ExplicitNoCa`, but not when using `IsCa::NoCa`.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    a447dc6 View commit details
    Browse the repository at this point in the history

  15. ext: implement basic constraints 

    This commit lifts the basic constraints extension into the `ext` module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    d310765 View commit details
    Browse the repository at this point in the history

  16. ext: implement custom extensions 

    This commit lifts the custom extension handling into the `ext`
module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    9e9caf6 View commit details
    Browse the repository at this point in the history

  17. ext: use Extensions to write DER as needed

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    0369073 View commit details
    Browse the repository at this point in the history

  18. wip: fixup with last commit

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    2d0b890 View commit details
    Browse the repository at this point in the history

  19. ext: implement crl number extension 

    This commit lifts the CRL number extension handling into the `ext`
module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    dbc3d36 View commit details
    Browse the repository at this point in the history

  20. ext: implement issuing distribution point extension 

    This commit lifts the CRL issuing distribution point extension handling
into the `ext` module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    f0548fa View commit details
    Browse the repository at this point in the history

  21. crl: unconditionally emit AKI

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    0c96153 View commit details
    Browse the repository at this point in the history

  22. wip: fixup with CRL IDP ext

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    a50d976 View commit details
    Browse the repository at this point in the history

  23. crl: write DER with Extensions

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    5d95594 View commit details
    Browse the repository at this point in the history

  24. ext: implement reason code extension 

    This commit lifts the CRL entry reason code extension handling
into the `ext` module.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    199d604 View commit details
    Browse the repository at this point in the history

  25. ext: implement invalidity date extension 

    This commit lifts the CRL entry invalidity date extension into the `ext` module.

There are no longer any references to the lib.rs `write_x509_extension`
helper, so it is also removed.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    0287f54 View commit details
    Browse the repository at this point in the history

  26. crl: use Extensions to write DER 

    Now that all of the CRL entry extensions have been migrated to
`Extensions` we can let that type write the `SEQUENCE` and extension
values.

There are no longer any callers to `Extensions.iter()` so we remove that
fn.
    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    006bf28 View commit details
    Browse the repository at this point in the history

  27. wip: tidy up write_request

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    98c020f View commit details
    Browse the repository at this point in the history

  28. ext: fix type leak in custom extension

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    973271c View commit details
    Browse the repository at this point in the history

  29. ext: mark new constructor as test-only

    @cpu
    cpu committed Dec 10, 2023
    Configuration menu
    Copy the full SHA
    0225a26 View commit details
    Browse the repository at this point in the history