Improve certificates issuance

central_backend/src/crypto/crl_extension.rs

@@ -0,0 +1,43 @@
+use asn1::Tag;
+use openssl::asn1::{Asn1Object, Asn1OctetString};
+use openssl::x509::X509Extension;
+
+pub struct CRLDistributionPointExt {
+    pub url: String,
+}
+
+impl CRLDistributionPointExt {
+    pub fn as_extension(&self) -> anyhow::Result<X509Extension> {
+        let crl_obj = Asn1Object::from_str("2.5.29.31")?;
+
+        let tag_a0 = Tag::from_bytes(&[0xa0]).unwrap().0;
+        let tag_86 = Tag::from_bytes(&[0x86]).unwrap().0;
+
+        let crl_bytes = asn1::write(|w| {
+            w.write_element(&asn1::SequenceWriter::new(&|w| {
+                w.write_element(&asn1::SequenceWriter::new(&|w| {
+                    w.write_tlv(tag_a0, |w| {
+                        w.push_slice(&asn1::write(|w| {
+                            w.write_tlv(tag_a0, |w| {
+                                w.push_slice(&asn1::write(|w| {
+                                    w.write_tlv(tag_86, |b| b.push_slice(self.url.as_bytes()))?;
+                                    Ok(())
+                                })?)
+                            })?;
+
+                            Ok(())
+                        })?)
+                    })?;
+                    Ok(())
+                }))?;
+                Ok(())
+            }))
+        })?;
+
+        Ok(X509Extension::new_from_der(
+            crl_obj.as_ref(),
+            false,
+            Asn1OctetString::new_from_bytes(&crl_bytes)?.as_ref(),
+        )?)
+    }
+}