Skip to content

refactor(ext)!: improve extension API flexibility and ergonomics #2120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
npmccallum wants to merge 1 commit into
base: master
Choose a base branch
from
Open

refactor(ext)!: improve extension API flexibility and ergonomics #2120

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions x509-cert/src/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ use crate::{
certificate::{self, Certificate, TbsCertificate, Version},
crl::{CertificateList, RevokedCert, TbsCertList},
ext::{
AsExtension, Extensions,
Extensions, ToExtension,
pkix::{AuthorityKeyIdentifier, CrlNumber, SubjectKeyIdentifier},
},
serial_number::SerialNumber,
Expand Down Expand Up @@ -216,12 +216,12 @@ where

/// Add an extension to this certificate
///
/// Extensions need to implement [`AsExtension`], examples may be found in
/// in [`AsExtension` documentation](../ext/trait.AsExtension.html#examples) or
/// [the implementors](../ext/trait.AsExtension.html#implementors).
pub fn add_extension<E: AsExtension>(
/// Extensions need to implement [`ToExtension`], examples may be found in
/// in [`ToExtension` documentation](../ext/trait.ToExtension.html#examples) or
/// [the implementors](../ext/trait.ToExtension.html#implementors).
pub fn add_extension<E: ToExtension>(
&mut self,
extension: &E,
extension: E,
) -> core::result::Result<(), E::Error> {
let ext = extension.to_extension(&self.tbs.subject, &self.extensions)?;
self.extensions.push(ext);
Expand Down
2 changes: 1 addition & 1 deletion x509-cert/src/builder/profile/cabf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use crate::{
builder::{BuilderProfile, Error, Result},
certificate::TbsCertificate,
ext::{
AsExtension, Extension,
Extension, ToExtension,
pkix::{
AuthorityKeyIdentifier, BasicConstraints, KeyUsage, KeyUsages, SubjectKeyIdentifier,
},
Expand Down
2 changes: 1 addition & 1 deletion x509-cert/src/builder/profile/cabf/tls.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ use crate::{
builder::{BuilderProfile, Result},
certificate::TbsCertificate,
ext::{
AsExtension, Extension,
Extension, ToExtension,
pkix::{
AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, KeyUsages,
SubjectKeyIdentifier, name::GeneralNames,
Expand Down
2 changes: 1 addition & 1 deletion x509-cert/src/builder/profile/devid.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ use crate::{
builder::{BuilderProfile, Result},
certificate::TbsCertificate,
ext::{
AsExtension, Extension,
Extension, ToExtension,
pkix::{
AuthorityKeyIdentifier, KeyUsage, KeyUsages, SubjectAltName,
name::{GeneralName, GeneralNames, HardwareModuleName, OtherName},
Expand Down
66 changes: 51 additions & 15 deletions x509-cert/src/ext.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,18 @@ pub struct Extension {
pub extn_value: OctetString,
}

impl ToExtension for Extension {
type Error = der::Error;

fn to_extension(
self,
_subject: &crate::name::Name,
_extensions: &[Extension],
) -> Result<Extension, Self::Error> {
Ok(self)
}
}

/// Extensions as defined in [RFC 5280 Section 4.1.2.9].
///
/// ```text
Expand Down Expand Up @@ -91,44 +103,68 @@ pub trait Criticality {
/// }
/// }
/// ```
pub trait AsExtension {
pub trait ToExtension {
/// The error type returned when encoding the extension.
type Error;

/// Returns the Extension with the content encoded.
fn to_extension(
&self,
self,
Comment on lines +106 to +112
Copy link
Member

@tarcieri tarcieri Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As it were, the convention for methods that consume self is into_*:

https://rust-lang.github.io/api-guidelines/naming.html#ad-hoc-conversions-follow-as_-to_-into_-conventions-c-conv

So how about IntoExtension::into_extension?

subject: &crate::name::Name,
extensions: &[Extension],
) -> Result<Extension, Self::Error>;
}

impl<T: Criticality + AssociatedOid + der::Encode> AsExtension for T {
impl<T: Criticality + AssociatedOid + der::Encode> ToExtension for &T {
type Error = der::Error;

fn to_extension(
&self,
self,
subject: &crate::name::Name,
extensions: &[Extension],
) -> Result<Extension, Self::Error> {
Ok(Extension {
extn_id: <Self as AssociatedOid>::OID,
critical: self.criticality(subject, extensions),
extn_value: OctetString::new(self.to_der()?)?,
})
let criticality = self.criticality(subject, extensions);
(criticality, self).to_extension(subject, extensions)
}
}

impl<T: Criticality + der::Encode> ToExtension for (ObjectIdentifier, &T) {
type Error = der::Error;

fn to_extension(
self,
subject: &crate::name::Name,
extensions: &[Extension],
) -> Result<Extension, Self::Error> {
let criticality = self.1.criticality(subject, extensions);
(self.0, criticality, self.1).to_extension(subject, extensions)
}
}

impl<T: AsExtension> AsExtension for (bool, T) {
type Error = T::Error;
impl<T: AssociatedOid + der::Encode> ToExtension for (bool, &T) {
type Error = der::Error;

fn to_extension(
&self,
self,
subject: &crate::name::Name,
extensions: &[Extension],
) -> Result<Extension, Self::Error> {
let mut extension = self.1.to_extension(subject, extensions)?;
extension.critical = self.0;
Ok(extension)
(T::OID, self.0, self.1).to_extension(subject, extensions)
}
}

impl<T: der::Encode> ToExtension for (ObjectIdentifier, bool, &T) {
type Error = der::Error;

fn to_extension(
self,
_subject: &crate::name::Name,
_extensions: &[Extension],
) -> Result<Extension, Self::Error> {
Ok(Extension {
extn_id: self.0,
critical: self.1,
extn_value: OctetString::new(self.2.to_der()?)?,
})
}
}
12 changes: 6 additions & 6 deletions x509-cert/src/request/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use spki::{

use crate::{
builder::{Builder, Error, NULL_OID, Result},
ext::AsExtension,
ext::ToExtension,
name::Name,
request::{CertReq, CertReqInfo, ExtensionReq, attributes::AsAttribute},
};
Expand Down Expand Up @@ -77,12 +77,12 @@ impl RequestBuilder {

/// Add an extension to this certificate request
///
/// Extensions need to implement [`AsExtension`], examples may be found in
/// in [`AsExtension` documentation](../ext/trait.AsExtension.html#examples) or
/// [the implementors](../ext/trait.AsExtension.html#implementors).
pub fn add_extension<E: AsExtension>(
/// Extensions need to implement [`ToExtension`], examples may be found in
/// in [`ToExtension` documentation](../ext/trait.ToExtension.html#examples) or
/// [the implementors](../ext/trait.ToExtension.html#implementors).
pub fn add_extension<E: ToExtension>(
&mut self,
extension: &E,
extension: E,
) -> core::result::Result<(), E::Error> {
let ext = extension.to_extension(&self.info.subject, &self.extension_req.0)?;

Expand Down
2 changes: 1 addition & 1 deletion x509-cert/tests/builder_crl.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ use x509_cert::{
certificate::Rfc5280,
crl::RevokedCert,
ext::{
AsExtension,
ToExtension,
pkix::{CrlNumber, CrlReason, name::GeneralName},
},
name::Name,
Expand Down
4 changes: 2 additions & 2 deletions x509-ocsp/src/basic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ mod builder {
use const_oid::AssociatedOid;
use digest::Digest;
use x509_cert::{
Certificate, crl::CertificateList, ext::AsExtension, name::Name,
Certificate, crl::CertificateList, ext::ToExtension, name::Name,
serial_number::SerialNumber,
};

Expand Down Expand Up @@ -171,7 +171,7 @@ mod builder {
/// extension encoding fails.
///
/// [RFC 6960 Section 4.4]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.4
pub fn with_extension<E: AsExtension>(mut self, ext: E) -> Result<Self, E::Error> {
pub fn with_extension<E: ToExtension>(mut self, ext: E) -> Result<Self, E::Error> {
let ext = ext.to_extension(&Name::default(), &[])?;
match self.single_extensions {
Some(ref mut exts) => exts.push(ext),
Expand Down
8 changes: 4 additions & 4 deletions x509-ocsp/src/builder/request.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use spki::{DynSignatureAlgorithmIdentifier, SignatureBitStringEncoding};
use x509_cert::{
Certificate,
certificate::Rfc5280,
ext::{AsExtension, pkix::name::GeneralName},
ext::{ToExtension, pkix::name::GeneralName},
name::Name,
};

Expand Down Expand Up @@ -45,15 +45,15 @@ use x509_cert::{
/// .with_request(Request::from_issuer::<Sha1>(&issuer, SerialNumber::from(2usize)).unwrap())
/// .with_request(Request::from_issuer::<Sha1>(&issuer, SerialNumber::from(3usize)).unwrap())
/// .with_request(Request::from_issuer::<Sha1>(&issuer, SerialNumber::from(4usize)).unwrap())
/// .with_extension(Nonce::generate(&mut rng, 32).unwrap())
/// .with_extension(&Nonce::generate(&mut rng, 32).unwrap())
/// .unwrap()
/// .build();
///
/// let mut signer = rsa_signer();
/// let signer_cert_chain = vec![cert.clone()];
/// let req = OcspRequestBuilder::default()
/// .with_request(Request::from_cert::<Sha1>(&issuer, &cert).unwrap())
/// .with_extension(Nonce::generate(&mut rng, 32).unwrap())
/// .with_extension(&Nonce::generate(&mut rng, 32).unwrap())
/// .unwrap()
/// .sign(&mut signer, Some(signer_cert_chain))
/// .unwrap();
Expand Down Expand Up @@ -96,7 +96,7 @@ impl OcspRequestBuilder {
/// extension encoding fails.
///
/// [RFC 6960 Section 4.4]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.4
pub fn with_extension<E: AsExtension>(mut self, ext: E) -> Result<Self, E::Error> {
pub fn with_extension<E: ToExtension>(mut self, ext: E) -> Result<Self, E::Error> {
let ext = ext.to_extension(&Name::default(), &[])?;
match self.tbs.request_extensions {
Some(ref mut exts) => exts.push(ext),
Expand Down
6 changes: 3 additions & 3 deletions x509-ocsp/src/builder/response.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ use signature::{RandomizedSigner, Signer};
use spki::{DynSignatureAlgorithmIdentifier, SignatureBitStringEncoding};
use x509_cert::{
Certificate,
ext::{AsExtension, Extensions},
ext::{Extensions, ToExtension},
name::Name,
};

Expand Down Expand Up @@ -53,7 +53,7 @@ use x509_cert::{
/// );
///
/// if let Some(nonce) = req.nonce() {
/// builder = builder.with_extension(nonce).unwrap();
/// builder = builder.with_extension(&nonce).unwrap();
/// }
///
/// #[cfg(feature = "std")]
Expand Down Expand Up @@ -101,7 +101,7 @@ impl OcspResponseBuilder {
/// extension encoding fails.
///
/// [RFC 6960 Section 4.4]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.4
pub fn with_extension<E: AsExtension>(mut self, ext: E) -> Result<Self, E::Error> {
pub fn with_extension<E: ToExtension>(mut self, ext: E) -> Result<Self, E::Error> {
let ext = ext.to_extension(&Name::default(), &[])?;
match self.response_extensions {
Some(ref mut exts) => exts.push(ext),
Expand Down
4 changes: 2 additions & 2 deletions x509-ocsp/src/request.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ mod builder {
use crate::{CertId, Request, builder::Error};
use const_oid::AssociatedOid;
use digest::Digest;
use x509_cert::{Certificate, ext::AsExtension, name::Name, serial_number::SerialNumber};
use x509_cert::{Certificate, ext::ToExtension, name::Name, serial_number::SerialNumber};

impl Request {
/// Returns a new `Request` with the specified `CertID`
Expand Down Expand Up @@ -172,7 +172,7 @@ mod builder {
/// extension encoding fails.
///
/// [RFC 6960 Section 4.4]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.4
pub fn with_extension<E: AsExtension>(mut self, ext: E) -> Result<Self, E::Error> {
pub fn with_extension<E: ToExtension>(mut self, ext: E) -> Result<Self, E::Error> {
let ext = ext.to_extension(&Name::default(), &[])?;
match self.single_request_extensions {
Some(ref mut exts) => exts.push(ext),
Expand Down
12 changes: 6 additions & 6 deletions x509-ocsp/tests/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,12 +126,12 @@ fn encode_ocsp_req_multiple_extensions() {
.with_request(
Request::from_issuer::<Sha1>(&ISSUER, SerialNumber::from(0x10001usize))
.unwrap()
.with_extension(single_ext1)
.with_extension(&single_ext1)
.unwrap(),
)
.with_extension(ext1)
.with_extension(&ext1)
.unwrap()
.with_extension(ext2)
.with_extension(&ext2)
.unwrap()
.build();
assert_eq!(&req.to_der().unwrap(), &req_der);
Expand Down Expand Up @@ -296,12 +296,12 @@ fn encode_ocsp_resp_multiple_extensions() {
.with_next_update(OcspGeneralizedTime::from(
DateTime::new(2020, 1, 1, 0, 0, 0).unwrap(),
))
.with_extension(single_ext1)
.with_extension(&single_ext1)
.unwrap()
.with_extension(single_ext2)
.with_extension(&single_ext2)
.unwrap(),
)
.with_extension(ext1)
.with_extension(&ext1)
.unwrap()
.sign(
&mut signer,
Expand Down