WIP cert authorities

2024-06-28 01:34:15 +02:00 · 2024-06-28 01:34:15 +02:00 · ffb8cbb6eb
commit ffb8cbb6eb
parent f4e2bb69b6
1 changed files with 17 additions and 13 deletions
--- a/central_backend/src/pki.rs
+++ b/central_backend/src/pki.rs
@ -1,6 +1,6 @@
 use crate::app_config::AppConfig;
 use asn1::{
-    parse_single, Asn1Readable, Asn1Writable, Implicit, OctetStringEncoded, ParseResult,
+    parse_single, Asn1Readable, Asn1Writable, Explicit, Implicit, OctetStringEncoded, ParseResult,
    SimpleAsn1Readable, SimpleAsn1Writable, Tag, WriteBuf, WriteResult, Writer,
 };
 use openssl::asn1::{Asn1Object, Asn1OctetString, Asn1OctetStringRef, Asn1Time};
@ -47,14 +47,6 @@ fn load_certificate_from_file<P: AsRef<Path>>(path: P) -> anyhow::Result<X509> {
    Ok(X509::from_pem(&std::fs::read(path)?)?)
 }

-struct CustomOctetStringEncoded<T>(OctetStringEncoded<T>);
-impl<T: Asn1Writable> SimpleAsn1Writable for CustomOctetStringEncoded<T> {
-    const TAG: Tag = Tag::primitive(0x86);
-    fn write_data(&self, dest: &mut WriteBuf) -> WriteResult {
-        self.0.write(&mut Writer::new(dest))
-    }
-}
-
 /// Generate intermediate or root CA
 fn gen_intermediate_or_root_ca(
    cn: &str,
@ -96,16 +88,28 @@ fn gen_intermediate_or_root_ca(
            "FIXME_TODO"
        );

+        let crl_url = "http://crl.identrust.com/DSTROOTCAX3CRL.crl".to_string();
+
        let crl_obj = Asn1Object::from_str("2.5.29.31")?;

-        let content: Implicit<CustomOctetStringEncoded<&[u8]>, 0xa0> = asn1::Implicit::new(
-            CustomOctetStringEncoded(OctetStringEncoded::new(crl_url.as_bytes())),
-        );
+        let TAG_A0 = Tag::from_bytes(&[0xa0]).unwrap().0;
+        let TAG_86 = Tag::from_bytes(&[0x86]).unwrap().0;

        let crl_bytes = asn1::write(|w| {
            w.write_element(&asn1::SequenceWriter::new(&|w| {
                w.write_element(&asn1::SequenceWriter::new(&|w| {
-                    w.write_implicit_element(&content, 0xa0)?;
+                    w.write_tlv(TAG_A0, |w| {
+                        w.push_slice(&asn1::write(|w| {
+                            w.write_tlv(TAG_A0, |w| {
+                                w.push_slice(&asn1::write(|w| {
+                                    w.write_tlv(TAG_86, |b| b.push_slice(crl_url.as_bytes()))?;
+                                    Ok(())
+                                })?)
+                            })?;
+
+                            Ok(())
+                        })?)
+                    })?;
                    Ok(())
                }))?;
                Ok(())