Skip to content

Commit

Permalink
csr: support reading key usage from CSR
Browse files Browse the repository at this point in the history
  • Loading branch information
cpu committed Oct 6, 2023
1 parent d8d040a commit 8258f2e
Showing 1 changed file with 36 additions and 1 deletion.
37 changes: 36 additions & 1 deletion src/csr.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#[cfg(feature = "x509-parser")]
use crate::{
BasicConstraints, CustomExtension, DistinguishedName, ExtendedKeyUsagePurpose, GeneralSubtree,
IsCa, NameConstraints, SanType,
IsCa, KeyUsagePurpose, NameConstraints, SanType,
};
#[cfg(feature = "pem")]
use pem::Pem;
Expand Down Expand Up @@ -117,6 +117,41 @@ impl CertificateSigningRequest {
};
true
},
x509_parser::extensions::ParsedExtension::KeyUsage(ku) => {
let mut usages = Vec::default();
if ku.digital_signature() {
usages.push(KeyUsagePurpose::DigitalSignature);
}
// NOTE: x509-parser uses the older "non repudiation" name.
// 5280 says "recent editions of X.509 have renamed this bit to
// contentCommitment"
if ku.non_repudiation() {
usages.push(KeyUsagePurpose::ContentCommitment)
}
if ku.key_encipherment() {
usages.push(KeyUsagePurpose::KeyEncipherment)
}
if ku.data_encipherment() {
usages.push(KeyUsagePurpose::DataEncipherment)
}
if ku.key_agreement() {
usages.push(KeyUsagePurpose::KeyAgreement)
}
if ku.key_cert_sign() {
usages.push(KeyUsagePurpose::KeyCertSign)
}
if ku.crl_sign() {
usages.push(KeyUsagePurpose::CrlSign)
}
if ku.encipher_only() {
usages.push(KeyUsagePurpose::EncipherOnly)
}
if ku.decipher_only() {
usages.push(KeyUsagePurpose::DecipherOnly)
}
params.key_usages = usages;
true
},
x509_parser::extensions::ParsedExtension::ExtendedKeyUsage(eku) => {
let mut usages = Vec::default();
if eku.any {
Expand Down

0 comments on commit 8258f2e

Please sign in to comment.