From e15beb1d9b4e4457eb8d736ff0b48352881de3ea Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 12 Aug 2023 20:47:13 +0200 Subject: [PATCH 1/3] Switch to using the pki-types crate --- Cargo.toml | 1 + src/lib.rs | 22 +++++++++++++++++----- src/pemfile.rs | 43 ++++++++++++++++++++----------------------- src/tests.rs | 6 +++--- 4 files changed, 41 insertions(+), 31 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index dcda1f0..8f18023 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,7 @@ categories = ["network-programming", "cryptography"] [dependencies] base64 = "0.21" +pki-types = { package = "rustls-pki-types", version = "0.1" } [dev-dependencies] bencher = "0.1.5" diff --git a/src/lib.rs b/src/lib.rs index 9b9edc1..44a98c3 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -47,6 +47,10 @@ mod tests; /// --- Main crate APIs: mod pemfile; pub use pemfile::{read_all, read_one, Item}; +use pki_types::{ + CertificateDer, CertificateRevocationListDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, + PrivateSec1KeyDer, +}; /// --- Legacy APIs: use std::io; @@ -56,7 +60,7 @@ use std::io; /// /// This function does not fail if there are no certificates in the file -- /// it returns an empty vector. -pub fn certs(rd: &mut dyn io::BufRead) -> Result>, io::Error> { +pub fn certs(rd: &mut dyn io::BufRead) -> Result>, io::Error> { let mut certs = Vec::new(); loop { @@ -73,7 +77,9 @@ pub fn certs(rd: &mut dyn io::BufRead) -> Result>, io::Error> { /// /// This function does not fail if there are no CRLs in the file -- /// it returns an empty vector. -pub fn crls(rd: &mut dyn io::BufRead) -> Result>, io::Error> { +pub fn crls( + rd: &mut dyn io::BufRead, +) -> Result>, io::Error> { let mut crls = Vec::new(); loop { @@ -90,7 +96,9 @@ pub fn crls(rd: &mut dyn io::BufRead) -> Result>, io::Error> { /// /// This function does not fail if there are no keys in the file -- it returns an /// empty vector. -pub fn rsa_private_keys(rd: &mut dyn io::BufRead) -> Result>, io::Error> { +pub fn rsa_private_keys( + rd: &mut dyn io::BufRead, +) -> Result>, io::Error> { let mut keys = Vec::new(); loop { @@ -107,7 +115,9 @@ pub fn rsa_private_keys(rd: &mut dyn io::BufRead) -> Result>, io::Er /// /// This function does not fail if there are no keys in the file -- it returns an /// empty vector. -pub fn pkcs8_private_keys(rd: &mut dyn io::BufRead) -> Result>, io::Error> { +pub fn pkcs8_private_keys( + rd: &mut dyn io::BufRead, +) -> Result>, io::Error> { let mut keys = Vec::new(); loop { @@ -124,7 +134,9 @@ pub fn pkcs8_private_keys(rd: &mut dyn io::BufRead) -> Result>, io:: /// /// This function does not fail if there are no keys in the file -- it returns an /// empty vector. -pub fn ec_private_keys(rd: &mut dyn io::BufRead) -> Result>, io::Error> { +pub fn ec_private_keys( + rd: &mut dyn io::BufRead, +) -> Result>, io::Error> { let mut keys = Vec::new(); loop { diff --git a/src/pemfile.rs b/src/pemfile.rs index 32941da..7159c70 100644 --- a/src/pemfile.rs +++ b/src/pemfile.rs @@ -1,36 +1,28 @@ use std::io::{self, ErrorKind}; +use pki_types::{ + CertificateDer, CertificateRevocationListDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, + PrivateSec1KeyDer, +}; + /// The contents of a single recognised block in a PEM file. #[non_exhaustive] #[derive(Debug, PartialEq)] pub enum Item { /// A DER-encoded x509 certificate. - X509Certificate(Vec), + X509Certificate(CertificateDer<'static>), /// A DER-encoded plaintext RSA private key; as specified in PKCS#1/RFC3447 - RSAKey(Vec), + RSAKey(PrivatePkcs1KeyDer<'static>), /// A DER-encoded plaintext private key; as specified in PKCS#8/RFC5958 - PKCS8Key(Vec), + PKCS8Key(PrivatePkcs8KeyDer<'static>), /// A Sec1-encoded plaintext private key; as specified in RFC5915 - ECKey(Vec), + ECKey(PrivateSec1KeyDer<'static>), /// A Certificate Revocation List; as specified in RFC5280 - Crl(Vec), -} - -impl Item { - fn from_start_line(start_line: &[u8], der: Vec) -> Option { - match start_line { - b"CERTIFICATE" => Some(Item::X509Certificate(der)), - b"RSA PRIVATE KEY" => Some(Item::RSAKey(der)), - b"PRIVATE KEY" => Some(Item::PKCS8Key(der)), - b"EC PRIVATE KEY" => Some(Item::ECKey(der)), - b"X509 CRL" => Some(Item::Crl(der)), - _ => None, - } - } + Crl(CertificateRevocationListDer<'static>), } /// Extract and decode the next PEM section from `rd`. @@ -102,11 +94,16 @@ pub fn read_one(rd: &mut dyn io::BufRead) -> Result, io::Error> { .decode(&b64buf) .map_err(|err| io::Error::new(ErrorKind::InvalidData, err))?; - if let Some(item) = Item::from_start_line(section_type, der) { - return Ok(Some(item)); - } else { - section = None; - b64buf.clear(); + match section_type.as_slice() { + b"CERTIFICATE" => return Ok(Some(Item::X509Certificate(der.into()))), + b"RSA PRIVATE KEY" => return Ok(Some(Item::RSAKey(der.into()))), + b"PRIVATE KEY" => return Ok(Some(Item::PKCS8Key(der.into()))), + b"EC PRIVATE KEY" => return Ok(Some(Item::ECKey(der.into()))), + b"X509 CRL" => return Ok(Some(Item::Crl(der.into()))), + _ => { + section = None; + b64buf.clear(); + } } } } diff --git a/src/tests.rs b/src/tests.rs index f51c1d1..c17246c 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -15,7 +15,7 @@ mod unit { -----END RSA PRIVATE KEY-----\n" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab])] + vec![crate::Item::RSAKey(vec![0xab].into())] ); } @@ -29,7 +29,7 @@ mod unit { junk" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab])] + vec![crate::Item::RSAKey(vec![0xab].into())] ); } @@ -44,7 +44,7 @@ mod unit { \x00\x00" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab])] + vec![crate::Item::RSAKey(vec![0xab].into())] ); } From a7ac4f7f0084a00e3783dfe6c209acb9b2e2bce7 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 12 Aug 2023 20:59:56 +0200 Subject: [PATCH 2/3] Respin helper functions to return an iterator instead of Vec --- benches/benchmark.rs | 8 ++++- src/lib.rs | 83 ++++++++++++++++++-------------------------- src/pemfile.rs | 12 ++----- src/tests.rs | 2 +- tests/integration.rs | 46 +++++++++++++++++++----- 5 files changed, 82 insertions(+), 69 deletions(-) diff --git a/benches/benchmark.rs b/benches/benchmark.rs index 1ebeb64..6f82a15 100644 --- a/benches/benchmark.rs +++ b/benches/benchmark.rs @@ -6,7 +6,13 @@ fn criterion_benchmark(c: &mut Bencher) { c.iter(|| { let data = include_bytes!("../tests/data/certificate.chain.pem"); let mut reader = BufReader::new(&data[..]); - assert_eq!(rustls_pemfile::certs(&mut reader).unwrap().len(), 3); + assert_eq!( + rustls_pemfile::certs(&mut reader) + .collect::, _>>() + .unwrap() + .len(), + 3 + ); }); } diff --git a/src/lib.rs b/src/lib.rs index 44a98c3..6fddb7e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -54,22 +54,21 @@ use pki_types::{ /// --- Legacy APIs: use std::io; +use std::iter; /// Extract all the certificates from `rd`, and return a vec of byte vecs /// containing the der-format contents. /// /// This function does not fail if there are no certificates in the file -- /// it returns an empty vector. -pub fn certs(rd: &mut dyn io::BufRead) -> Result>, io::Error> { - let mut certs = Vec::new(); - - loop { - match read_one(rd)? { - None => return Ok(certs), - Some(Item::X509Certificate(cert)) => certs.push(cert), - _ => {} - }; - } +pub fn certs( + rd: &mut dyn io::BufRead, +) -> impl Iterator, io::Error>> + '_ { + iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { + Ok(Item::X509Certificate(cert)) => Some(Ok(cert)), + Err(err) => Some(Err(err)), + _ => None, + }) } /// Extract all the certificate revocation lists (CRLs) from `rd`, and return a vec of byte vecs @@ -79,16 +78,12 @@ pub fn certs(rd: &mut dyn io::BufRead) -> Result>, i /// it returns an empty vector. pub fn crls( rd: &mut dyn io::BufRead, -) -> Result>, io::Error> { - let mut crls = Vec::new(); - - loop { - match read_one(rd)? { - None => return Ok(crls), - Some(Item::Crl(crl)) => crls.push(crl), - _ => {} - }; - } +) -> impl Iterator, io::Error>> + '_ { + iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { + Ok(Item::Crl(crl)) => Some(Ok(crl)), + Err(err) => Some(Err(err)), + _ => None, + }) } /// Extract all RSA private keys from `rd`, and return a vec of byte vecs @@ -98,16 +93,12 @@ pub fn crls( /// empty vector. pub fn rsa_private_keys( rd: &mut dyn io::BufRead, -) -> Result>, io::Error> { - let mut keys = Vec::new(); - - loop { - match read_one(rd)? { - None => return Ok(keys), - Some(Item::RSAKey(key)) => keys.push(key), - _ => {} - }; - } +) -> impl Iterator, io::Error>> + '_ { + iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { + Ok(Item::RSAKey(key)) => Some(Ok(key)), + Err(err) => Some(Err(err)), + _ => None, + }) } /// Extract all PKCS8-encoded private keys from `rd`, and return a vec of @@ -117,16 +108,12 @@ pub fn rsa_private_keys( /// empty vector. pub fn pkcs8_private_keys( rd: &mut dyn io::BufRead, -) -> Result>, io::Error> { - let mut keys = Vec::new(); - - loop { - match read_one(rd)? { - None => return Ok(keys), - Some(Item::PKCS8Key(key)) => keys.push(key), - _ => {} - }; - } +) -> impl Iterator, io::Error>> + '_ { + iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { + Ok(Item::PKCS8Key(key)) => Some(Ok(key)), + Err(err) => Some(Err(err)), + _ => None, + }) } /// Extract all SEC1-encoded EC private keys from `rd`, and return a vec of @@ -136,14 +123,10 @@ pub fn pkcs8_private_keys( /// empty vector. pub fn ec_private_keys( rd: &mut dyn io::BufRead, -) -> Result>, io::Error> { - let mut keys = Vec::new(); - - loop { - match read_one(rd)? { - None => return Ok(keys), - Some(Item::ECKey(key)) => keys.push(key), - _ => {} - }; - } +) -> impl Iterator, io::Error>> + '_ { + iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { + Ok(Item::ECKey(key)) => Some(Ok(key)), + Err(err) => Some(Err(err)), + _ => None, + }) } diff --git a/src/pemfile.rs b/src/pemfile.rs index 7159c70..398752c 100644 --- a/src/pemfile.rs +++ b/src/pemfile.rs @@ -1,4 +1,5 @@ use std::io::{self, ErrorKind}; +use std::iter; use pki_types::{ CertificateDer, CertificateRevocationListDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, @@ -122,15 +123,8 @@ pub fn read_one(rd: &mut dyn io::BufRead) -> Result, io::Error> { } /// Extract and return all PEM sections by reading `rd`. -pub fn read_all(rd: &mut dyn io::BufRead) -> Result, io::Error> { - let mut v = Vec::::new(); - - loop { - match read_one(rd)? { - None => return Ok(v), - Some(item) => v.push(item), - } - } +pub fn read_all(rd: &mut dyn io::BufRead) -> impl Iterator> + '_ { + iter::from_fn(move || read_one(rd).transpose()) } mod base64 { diff --git a/src/tests.rs b/src/tests.rs index c17246c..d8dac65 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -2,7 +2,7 @@ mod unit { fn check(data: &[u8]) -> Result, std::io::Error> { let mut reader = std::io::BufReader::new(data); - crate::read_all(&mut reader) + crate::read_all(&mut reader).collect() } #[test] diff --git a/tests/integration.rs b/tests/integration.rs index 71c7345..e27335a 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -7,7 +7,10 @@ fn test_rsa_private_keys() { let mut reader = BufReader::new(&data[..]); assert_eq!( - rustls_pemfile::rsa_private_keys(&mut reader).unwrap().len(), + rustls_pemfile::rsa_private_keys(&mut reader) + .collect::, _>>() + .unwrap() + .len(), 2 ); } @@ -17,21 +20,39 @@ fn test_certs() { let data = include_bytes!("data/certificate.chain.pem"); let mut reader = BufReader::new(&data[..]); - assert_eq!(rustls_pemfile::certs(&mut reader).unwrap().len(), 3); + assert_eq!( + rustls_pemfile::certs(&mut reader) + .collect::, _>>() + .unwrap() + .len(), + 3 + ); } #[test] fn test_certs_with_binary() { let data = include_bytes!("data/gunk.pem"); let mut reader = BufReader::new(&data[..]); - assert_eq!(rustls_pemfile::certs(&mut reader).unwrap().len(), 2); + assert_eq!( + rustls_pemfile::certs(&mut reader) + .collect::, _>>() + .unwrap() + .len(), + 2 + ); } #[test] fn test_crls() { let data = include_bytes!("data/crl.pem"); let mut reader = BufReader::new(&data[..]); - assert_eq!(rustls_pemfile::crls(&mut reader).unwrap().len(), 1); + assert_eq!( + rustls_pemfile::crls(&mut reader) + .collect::, _>>() + .unwrap() + .len(), + 1 + ); } #[test] @@ -41,6 +62,7 @@ fn test_pkcs8() { assert_eq!( rustls_pemfile::pkcs8_private_keys(&mut reader) + .collect::, _>>() .unwrap() .len(), 2 @@ -52,7 +74,9 @@ fn test_sec1() { let data = include_bytes!("data/nistp256key.pem"); let mut reader = BufReader::new(&data[..]); - let items = rustls_pemfile::read_all(&mut reader).unwrap(); + let items = rustls_pemfile::read_all(&mut reader) + .collect::, _>>() + .unwrap(); assert_eq!(items.len(), 1); assert!(matches!(items[0], rustls_pemfile::Item::ECKey(_))); } @@ -78,7 +102,9 @@ fn test_sec1_vs_pkcs8() { let data = include_bytes!("data/nistp256key.pem"); let mut reader = BufReader::new(&data[..]); - let items = rustls_pemfile::read_all(&mut reader).unwrap(); + let items = rustls_pemfile::read_all(&mut reader) + .collect::, _>>() + .unwrap(); assert!(matches!(items[0], rustls_pemfile::Item::ECKey(_))); println!("sec1 {:?}", items); } @@ -86,7 +112,9 @@ fn test_sec1_vs_pkcs8() { let data = include_bytes!("data/nistp256key.pkcs8.pem"); let mut reader = BufReader::new(&data[..]); - let items = rustls_pemfile::read_all(&mut reader).unwrap(); + let items = rustls_pemfile::read_all(&mut reader) + .collect::, _>>() + .unwrap(); assert!(matches!(items[0], rustls_pemfile::Item::PKCS8Key(_))); println!("p8 {:?}", items); } @@ -97,7 +125,9 @@ fn parse_in_order() { let data = include_bytes!("data/zen.pem"); let mut reader = BufReader::new(&data[..]); - let items = rustls_pemfile::read_all(&mut reader).unwrap(); + let items = rustls_pemfile::read_all(&mut reader) + .collect::, _>>() + .unwrap(); assert_eq!(items.len(), 9); assert!(matches!(items[0], rustls_pemfile::Item::X509Certificate(_))); assert!(matches!(items[1], rustls_pemfile::Item::X509Certificate(_))); From 047db9b453706587f90c939f82033b9c24e61aa6 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 12 Aug 2023 21:02:42 +0200 Subject: [PATCH 3/3] Rename item variant names to match inner type names --- src/lib.rs | 12 ++++++------ src/pemfile.rs | 30 ++++++++++++++++++++---------- src/tests.rs | 6 +++--- tests/integration.rs | 14 +++++++------- 4 files changed, 36 insertions(+), 26 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 6fddb7e..b60f204 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -22,9 +22,9 @@ //! match item.unwrap() { //! Item::X509Certificate(cert) => println!("certificate {:?}", cert), //! Item::Crl(crl) => println!("certificate revocation list: {:?}", crl), -//! Item::RSAKey(key) => println!("rsa pkcs1 key {:?}", key), -//! Item::PKCS8Key(key) => println!("pkcs8 key {:?}", key), -//! Item::ECKey(key) => println!("sec1 ec key {:?}", key), +//! Item::Pkcs1Key(key) => println!("rsa pkcs1 key {:?}", key), +//! Item::Pkcs8Key(key) => println!("pkcs8 key {:?}", key), +//! Item::Sec1Key(key) => println!("sec1 ec key {:?}", key), //! _ => println!("unhandled item"), //! } //! } @@ -95,7 +95,7 @@ pub fn rsa_private_keys( rd: &mut dyn io::BufRead, ) -> impl Iterator, io::Error>> + '_ { iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { - Ok(Item::RSAKey(key)) => Some(Ok(key)), + Ok(Item::Pkcs1Key(key)) => Some(Ok(key)), Err(err) => Some(Err(err)), _ => None, }) @@ -110,7 +110,7 @@ pub fn pkcs8_private_keys( rd: &mut dyn io::BufRead, ) -> impl Iterator, io::Error>> + '_ { iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { - Ok(Item::PKCS8Key(key)) => Some(Ok(key)), + Ok(Item::Pkcs8Key(key)) => Some(Ok(key)), Err(err) => Some(Err(err)), _ => None, }) @@ -125,7 +125,7 @@ pub fn ec_private_keys( rd: &mut dyn io::BufRead, ) -> impl Iterator, io::Error>> + '_ { iter::from_fn(move || read_one(rd).transpose()).filter_map(|item| match item { - Ok(Item::ECKey(key)) => Some(Ok(key)), + Ok(Item::Sec1Key(key)) => Some(Ok(key)), Err(err) => Some(Err(err)), _ => None, }) diff --git a/src/pemfile.rs b/src/pemfile.rs index 398752c..10e5deb 100644 --- a/src/pemfile.rs +++ b/src/pemfile.rs @@ -11,18 +11,28 @@ use pki_types::{ #[derive(Debug, PartialEq)] pub enum Item { /// A DER-encoded x509 certificate. + /// + /// Appears as "CERTIFICATE" in PEM files. X509Certificate(CertificateDer<'static>), - /// A DER-encoded plaintext RSA private key; as specified in PKCS#1/RFC3447 - RSAKey(PrivatePkcs1KeyDer<'static>), + /// A DER-encoded plaintext RSA private key; as specified in PKCS #1/RFC 3447 + /// + /// Appears as "RSA PRIVATE KEY" in PEM files. + Pkcs1Key(PrivatePkcs1KeyDer<'static>), - /// A DER-encoded plaintext private key; as specified in PKCS#8/RFC5958 - PKCS8Key(PrivatePkcs8KeyDer<'static>), + /// A DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958 + /// + /// Appears as "PRIVATE KEY" in PEM files. + Pkcs8Key(PrivatePkcs8KeyDer<'static>), - /// A Sec1-encoded plaintext private key; as specified in RFC5915 - ECKey(PrivateSec1KeyDer<'static>), + /// A Sec1-encoded plaintext private key; as specified in RFC 5915 + /// + /// Appears as "EC PRIVATE KEY" in PEM files. + Sec1Key(PrivateSec1KeyDer<'static>), - /// A Certificate Revocation List; as specified in RFC5280 + /// A Certificate Revocation List; as specified in RFC 5280 + /// + /// Appears as "X509 CRL" in PEM files. Crl(CertificateRevocationListDer<'static>), } @@ -97,9 +107,9 @@ pub fn read_one(rd: &mut dyn io::BufRead) -> Result, io::Error> { match section_type.as_slice() { b"CERTIFICATE" => return Ok(Some(Item::X509Certificate(der.into()))), - b"RSA PRIVATE KEY" => return Ok(Some(Item::RSAKey(der.into()))), - b"PRIVATE KEY" => return Ok(Some(Item::PKCS8Key(der.into()))), - b"EC PRIVATE KEY" => return Ok(Some(Item::ECKey(der.into()))), + b"RSA PRIVATE KEY" => return Ok(Some(Item::Pkcs1Key(der.into()))), + b"PRIVATE KEY" => return Ok(Some(Item::Pkcs8Key(der.into()))), + b"EC PRIVATE KEY" => return Ok(Some(Item::Sec1Key(der.into()))), b"X509 CRL" => return Ok(Some(Item::Crl(der.into()))), _ => { section = None; diff --git a/src/tests.rs b/src/tests.rs index d8dac65..63bf2ce 100644 --- a/src/tests.rs +++ b/src/tests.rs @@ -15,7 +15,7 @@ mod unit { -----END RSA PRIVATE KEY-----\n" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab].into())] + vec![crate::Item::Pkcs1Key(vec![0xab].into())] ); } @@ -29,7 +29,7 @@ mod unit { junk" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab].into())] + vec![crate::Item::Pkcs1Key(vec![0xab].into())] ); } @@ -44,7 +44,7 @@ mod unit { \x00\x00" ) .unwrap(), - vec![crate::Item::RSAKey(vec![0xab].into())] + vec![crate::Item::Pkcs1Key(vec![0xab].into())] ); } diff --git a/tests/integration.rs b/tests/integration.rs index e27335a..a7ee87a 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -78,7 +78,7 @@ fn test_sec1() { .collect::, _>>() .unwrap(); assert_eq!(items.len(), 1); - assert!(matches!(items[0], rustls_pemfile::Item::ECKey(_))); + assert!(matches!(items[0], rustls_pemfile::Item::Sec1Key(_))); } #[test] @@ -105,7 +105,7 @@ fn test_sec1_vs_pkcs8() { let items = rustls_pemfile::read_all(&mut reader) .collect::, _>>() .unwrap(); - assert!(matches!(items[0], rustls_pemfile::Item::ECKey(_))); + assert!(matches!(items[0], rustls_pemfile::Item::Sec1Key(_))); println!("sec1 {:?}", items); } { @@ -115,7 +115,7 @@ fn test_sec1_vs_pkcs8() { let items = rustls_pemfile::read_all(&mut reader) .collect::, _>>() .unwrap(); - assert!(matches!(items[0], rustls_pemfile::Item::PKCS8Key(_))); + assert!(matches!(items[0], rustls_pemfile::Item::Pkcs8Key(_))); println!("p8 {:?}", items); } } @@ -133,9 +133,9 @@ fn parse_in_order() { assert!(matches!(items[1], rustls_pemfile::Item::X509Certificate(_))); assert!(matches!(items[2], rustls_pemfile::Item::X509Certificate(_))); assert!(matches!(items[3], rustls_pemfile::Item::X509Certificate(_))); - assert!(matches!(items[4], rustls_pemfile::Item::ECKey(_))); - assert!(matches!(items[5], rustls_pemfile::Item::PKCS8Key(_))); - assert!(matches!(items[6], rustls_pemfile::Item::RSAKey(_))); - assert!(matches!(items[7], rustls_pemfile::Item::PKCS8Key(_))); + assert!(matches!(items[4], rustls_pemfile::Item::Sec1Key(_))); + assert!(matches!(items[5], rustls_pemfile::Item::Pkcs8Key(_))); + assert!(matches!(items[6], rustls_pemfile::Item::Pkcs1Key(_))); + assert!(matches!(items[7], rustls_pemfile::Item::Pkcs8Key(_))); assert!(matches!(items[8], rustls_pemfile::Item::Crl(_))); }