diff --git a/src/lib.rs b/src/lib.rs index 6fddb7e..b60f204 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -22,9 +22,9 @@ //! match item.unwrap() { //! Item::X509Certificate(cert) => println!("certificate {:?}", cert), //! Item::Crl(crl) => println!("certificate revocation list: {:?}", crl), -//! Item::RSAKey(key) => println!("rsa pkcs1 key {:?}", key), -//! Item::PKCS8Key(key) => println!("pkcs8 key {:?}", key), -//! Item::ECKey(key) => println!("sec1 ec key {:?}", key), +//! Item::Pkcs1Key(key) => println!("rsa pkcs1 key {:?}", key), +//! Item::Pkcs8Key(key) => println!("pkcs8 key {:?}", key), +//! Item::Sec1Key(key) => println!("sec1 ec key {:?}", key), //! _ => println!("unhandled item"), //! } //! } @@ -95,7 +95,7 @@ pub fn rsa_private_keys( rd: &mut dyn io::BufRead, ) -> impl Iterator, io::Error>> + '_ { iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { - Ok(Item::RSAKey(key)) => Some(Ok(key)), + Ok(Item::Pkcs1Key(key)) => Some(Ok(key)), Err(err) => Some(Err(err)), _ => None, }) @@ -110,7 +110,7 @@ pub fn pkcs8_private_keys( rd: &mut dyn io::BufRead, ) -> impl Iterator, io::Error>> + '_ { iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { - Ok(Item::PKCS8Key(key)) => Some(Ok(key)), + Ok(Item::Pkcs8Key(key)) => Some(Ok(key)), Err(err) => Some(Err(err)), _ => None, }) @@ -125,7 +125,7 @@ pub fn ec_private_keys( rd: &mut dyn io::BufRead, ) -> impl Iterator, io::Error>> + '_ { iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { - Ok(Item::ECKey(key)) => Some(Ok(key)), + Ok(Item::Sec1Key(key)) => Some(Ok(key)), Err(err) => Some(Err(err)), _ => None, }) diff --git a/src/pemfile.rs b/src/pemfile.rs index 398752c..10e5deb 100644 --- a/src/pemfile.rs +++ b/src/pemfile.rs @@ -11,18 +11,28 @@ use pki_types::{ #[derive(Debug, PartialEq)] pub enum Item { /// A DER-encoded x509 certificate. + /// + /// Appears as "CERTIFICATE" in PEM files. X509Certificate(CertificateDer<'static>), - /// A DER-encoded plaintext RSA private key; as specified in PKCS#1/RFC3447 - RSAKey(PrivatePkcs1KeyDer<'static>), + /// A DER-encoded plaintext RSA private key; as specified in PKCS #1/RFC 3447 + /// + /// Appears as "RSA PRIVATE KEY" in PEM files. + Pkcs1Key(PrivatePkcs1KeyDer<'static>), - /// A DER-encoded plaintext private key; as specified in PKCS#8/RFC5958 - PKCS8Key(PrivatePkcs8KeyDer<'static>), + /// A DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958 + /// + /// Appears as "PRIVATE KEY" in PEM files. + Pkcs8Key(PrivatePkcs8KeyDer<'static>), - /// A Sec1-encoded plaintext private key; as specified in RFC5915 - ECKey(PrivateSec1KeyDer<'static>), + /// A Sec1-encoded plaintext private key; as specified in RFC 5915 + /// + /// Appears as "EC PRIVATE KEY" in PEM files. + Sec1Key(PrivateSec1KeyDer<'static>), - /// A Certificate Revocation List; as specified in RFC5280 + /// A Certificate Revocation List; as specified in RFC 5280 + /// + /// Appears as "X509 CRL" in PEM files. Crl(CertificateRevocationListDer<'static>), } @@ -97,9 +107,9 @@ pub fn read_one(rd: &mut dyn io::BufRead) -> Result, io::Error> { match section_type.as_slice() { b"CERTIFICATE" => return Ok(Some(Item::X509Certificate(der.into()))), - b"RSA PRIVATE KEY" => return Ok(Some(Item::RSAKey(der.into()))), - b"PRIVATE KEY" => return Ok(Some(Item::PKCS8Key(der.into()))), - b"EC PRIVATE KEY" => return Ok(Some(Item::ECKey(der.into()))), + b"RSA PRIVATE KEY" => return Ok(Some(Item::Pkcs1Key(der.into()))), + b"PRIVATE KEY" => return Ok(Some(Item::Pkcs8Key(der.into()))), + b"EC PRIVATE KEY" => return Ok(Some(Item::Sec1Key(der.into()))), b"X509 CRL" => return Ok(Some(Item::Crl(der.into()))), _ => { section = None; diff --git a/src/tests.rs b/src/tests.rs index d8dac65..63bf2ce 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -15,7 +15,7 @@ mod unit { -----END RSA PRIVATE KEY-----\n" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab].into())] + vec![crate::Item::Pkcs1Key(vec![0xab].into())] ); } @@ -29,7 +29,7 @@ mod unit { junk" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab].into())] + vec![crate::Item::Pkcs1Key(vec![0xab].into())] ); } @@ -44,7 +44,7 @@ mod unit { \x00\x00" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab].into())] + vec![crate::Item::Pkcs1Key(vec![0xab].into())] ); } diff --git a/tests/integration.rs b/tests/integration.rs index e27335a..a7ee87a 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -78,7 +78,7 @@ fn test_sec1() { .collect::, _>>() .unwrap(); assert_eq!(items.len(), 1); - assert!(matches!(items[0], rustls_pemfile::Item::ECKey(_))); + assert!(matches!(items[0], rustls_pemfile::Item::Sec1Key(_))); } #[test] @@ -105,7 +105,7 @@ fn test_sec1_vs_pkcs8() { let items = rustls_pemfile::read_all(&mut reader) .collect::, _>>() .unwrap(); - assert!(matches!(items[0], rustls_pemfile::Item::ECKey(_))); + assert!(matches!(items[0], rustls_pemfile::Item::Sec1Key(_))); println!("sec1 {:?}", items); } { @@ -115,7 +115,7 @@ fn test_sec1_vs_pkcs8() { let items = rustls_pemfile::read_all(&mut reader) .collect::, _>>() .unwrap(); - assert!(matches!(items[0], rustls_pemfile::Item::PKCS8Key(_))); + assert!(matches!(items[0], rustls_pemfile::Item::Pkcs8Key(_))); println!("p8 {:?}", items); } } @@ -133,9 +133,9 @@ fn parse_in_order() { assert!(matches!(items[1], rustls_pemfile::Item::X509Certificate(_))); assert!(matches!(items[2], rustls_pemfile::Item::X509Certificate(_))); assert!(matches!(items[3], rustls_pemfile::Item::X509Certificate(_))); - assert!(matches!(items[4], rustls_pemfile::Item::ECKey(_))); - assert!(matches!(items[5], rustls_pemfile::Item::PKCS8Key(_))); - assert!(matches!(items[6], rustls_pemfile::Item::RSAKey(_))); - assert!(matches!(items[7], rustls_pemfile::Item::PKCS8Key(_))); + assert!(matches!(items[4], rustls_pemfile::Item::Sec1Key(_))); + assert!(matches!(items[5], rustls_pemfile::Item::Pkcs8Key(_))); + assert!(matches!(items[6], rustls_pemfile::Item::Pkcs1Key(_))); + assert!(matches!(items[7], rustls_pemfile::Item::Pkcs8Key(_))); assert!(matches!(items[8], rustls_pemfile::Item::Crl(_))); }