From 8258f2e7747c63a71b9ee3d96ea6c4287dd41a2e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 6 Oct 2023 17:14:59 -0400 Subject: [PATCH] csr: support reading key usage from CSR --- src/csr.rs | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/src/csr.rs b/src/csr.rs index e18da300..ba9fb27f 100644 --- a/src/csr.rs +++ b/src/csr.rs @@ -1,7 +1,7 @@ #[cfg(feature = "x509-parser")] use crate::{ BasicConstraints, CustomExtension, DistinguishedName, ExtendedKeyUsagePurpose, GeneralSubtree, - IsCa, NameConstraints, SanType, + IsCa, KeyUsagePurpose, NameConstraints, SanType, }; #[cfg(feature = "pem")] use pem::Pem; @@ -117,6 +117,41 @@ impl CertificateSigningRequest { }; true }, + x509_parser::extensions::ParsedExtension::KeyUsage(ku) => { + let mut usages = Vec::default(); + if ku.digital_signature() { + usages.push(KeyUsagePurpose::DigitalSignature); + } + // NOTE: x509-parser uses the older "non repudiation" name. + // 5280 says "recent editions of X.509 have renamed this bit to + // contentCommitment" + if ku.non_repudiation() { + usages.push(KeyUsagePurpose::ContentCommitment) + } + if ku.key_encipherment() { + usages.push(KeyUsagePurpose::KeyEncipherment) + } + if ku.data_encipherment() { + usages.push(KeyUsagePurpose::DataEncipherment) + } + if ku.key_agreement() { + usages.push(KeyUsagePurpose::KeyAgreement) + } + if ku.key_cert_sign() { + usages.push(KeyUsagePurpose::KeyCertSign) + } + if ku.crl_sign() { + usages.push(KeyUsagePurpose::CrlSign) + } + if ku.encipher_only() { + usages.push(KeyUsagePurpose::EncipherOnly) + } + if ku.decipher_only() { + usages.push(KeyUsagePurpose::DecipherOnly) + } + params.key_usages = usages; + true + }, x509_parser::extensions::ParsedExtension::ExtendedKeyUsage(eku) => { let mut usages = Vec::default(); if eku.any {