Switch to using the pki-types crate

Cargo.toml

@@ -11,6 +11,7 @@ categories = ["network-programming", "cryptography"]
 
 [dependencies]
 base64 = "0.21"
+pki-types = { package = "rustls-pki-types", version = "0.1" }
 
 [dev-dependencies]
 bencher = "0.1.5"

src/lib.rs

@@ -47,6 +47,10 @@ mod tests;
 /// --- Main crate APIs:
 mod pemfile;
 pub use pemfile::{read_all, read_one, Item};
+use pki_types::{
+    CertificateDer, CertificateRevocationListDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer,
+    PrivateSec1KeyDer,
+};
 
 /// --- Legacy APIs:
 use std::io;
@@ -56,7 +60,7 @@ use std::io;
 ///
 /// This function does not fail if there are no certificates in the file --
 /// it returns an empty vector.
-pub fn certs(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
+pub fn certs(rd: &mut dyn io::BufRead) -> Result<Vec<CertificateDer<'static>>, io::Error> {
     let mut certs = Vec::new();
 
     loop {
@@ -73,7 +77,9 @@ pub fn certs(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
 ///
 /// This function does not fail if there are no CRLs in the file --
 /// it returns an empty vector.
-pub fn crls(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
+pub fn crls(
+    rd: &mut dyn io::BufRead,
+) -> Result<Vec<CertificateRevocationListDer<'static>>, io::Error> {
     let mut crls = Vec::new();
 
     loop {
@@ -90,7 +96,9 @@ pub fn crls(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
 ///
 /// This function does not fail if there are no keys in the file -- it returns an
 /// empty vector.
-pub fn rsa_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
+pub fn rsa_private_keys(
+    rd: &mut dyn io::BufRead,
+) -> Result<Vec<PrivatePkcs1KeyDer<'static>>, io::Error> {
     let mut keys = Vec::new();
 
     loop {
@@ -107,7 +115,9 @@ pub fn rsa_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Er
 ///
 /// This function does not fail if there are no keys in the file -- it returns an
 /// empty vector.
-pub fn pkcs8_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
+pub fn pkcs8_private_keys(
+    rd: &mut dyn io::BufRead,
+) -> Result<Vec<PrivatePkcs8KeyDer<'static>>, io::Error> {
     let mut keys = Vec::new();
 
     loop {
@@ -124,7 +134,9 @@ pub fn pkcs8_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::
 ///
 /// This function does not fail if there are no keys in the file -- it returns an
 /// empty vector.
-pub fn ec_private_keys(rd: &mut dyn io::BufRead) -> Result<Vec<Vec<u8>>, io::Error> {
+pub fn ec_private_keys(
+    rd: &mut dyn io::BufRead,
+) -> Result<Vec<PrivateSec1KeyDer<'static>>, io::Error> {
     let mut keys = Vec::new();
 
     loop {

src/pemfile.rs

@@ -1,36 +1,28 @@
 use std::io::{self, ErrorKind};
 
+use pki_types::{
+    CertificateDer, CertificateRevocationListDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer,
+    PrivateSec1KeyDer,
+};
+
 /// The contents of a single recognised block in a PEM file.
 #[non_exhaustive]
 #[derive(Debug, PartialEq)]
 pub enum Item {
     /// A DER-encoded x509 certificate.
-    X509Certificate(Vec<u8>),
+    X509Certificate(CertificateDer<'static>),
 
     /// A DER-encoded plaintext RSA private key; as specified in PKCS#1/RFC3447
-    RSAKey(Vec<u8>),
+    RSAKey(PrivatePkcs1KeyDer<'static>),
 
     /// A DER-encoded plaintext private key; as specified in PKCS#8/RFC5958
-    PKCS8Key(Vec<u8>),
+    PKCS8Key(PrivatePkcs8KeyDer<'static>),
 
     /// A Sec1-encoded plaintext private key; as specified in RFC5915
-    ECKey(Vec<u8>),
+    ECKey(PrivateSec1KeyDer<'static>),
 
     /// A Certificate Revocation List; as specified in RFC5280
-    Crl(Vec<u8>),
-}
-
-impl Item {
-    fn from_start_line(start_line: &[u8], der: Vec<u8>) -> Option<Item> {
-        match start_line {
-            b"CERTIFICATE" => Some(Item::X509Certificate(der)),
-            b"RSA PRIVATE KEY" => Some(Item::RSAKey(der)),
-            b"PRIVATE KEY" => Some(Item::PKCS8Key(der)),
-            b"EC PRIVATE KEY" => Some(Item::ECKey(der)),
-            b"X509 CRL" => Some(Item::Crl(der)),
-            _ => None,
-        }
-    }
+    Crl(CertificateRevocationListDer<'static>),
 }
 
 /// Extract and decode the next PEM section from `rd`.
@@ -102,11 +94,16 @@ pub fn read_one(rd: &mut dyn io::BufRead) -> Result<Option<Item>, io::Error> {
                     .decode(&b64buf)
                     .map_err(|err| io::Error::new(ErrorKind::InvalidData, err))?;
 
-                if let Some(item) = Item::from_start_line(section_type, der) {
-                    return Ok(Some(item));
-                } else {
-                    section = None;
-                    b64buf.clear();
+                match section_type.as_slice() {
+                    b"CERTIFICATE" => return Ok(Some(Item::X509Certificate(der.into()))),
+                    b"RSA PRIVATE KEY" => return Ok(Some(Item::RSAKey(der.into()))),
+                    b"PRIVATE KEY" => return Ok(Some(Item::PKCS8Key(der.into()))),
+                    b"EC PRIVATE KEY" => return Ok(Some(Item::ECKey(der.into()))),
+                    b"X509 CRL" => return Ok(Some(Item::Crl(der.into()))),
+                    _ => {
+                        section = None;
+                        b64buf.clear();
+                    }
                 }
             }
         }

src/tests.rs

@@ -15,7 +15,7 @@ mod unit {
                     -----END RSA PRIVATE KEY-----\n"
             )
             .unwrap(),
-            vec![crate::Item::RSAKey(vec![0xab])]
+            vec![crate::Item::RSAKey(vec![0xab].into())]
         );
     }
 
@@ -29,7 +29,7 @@ mod unit {
                     junk"
             )
             .unwrap(),
-            vec![crate::Item::RSAKey(vec![0xab])]
+            vec![crate::Item::RSAKey(vec![0xab].into())]
         );
     }
 
@@ -44,7 +44,7 @@ mod unit {
                     \x00\x00"
             )
             .unwrap(),
-            vec![crate::Item::RSAKey(vec![0xab])]
+            vec![crate::Item::RSAKey(vec![0xab].into())]
         );
     }