kanidm_lib_crypto/
serialise.rs

Help
1pub mod pkeyb64 {
2    use base64::{engine::general_purpose, Engine as _};
3    use openssl::pkey::{PKey, Private};
4    use serde::{
5        de::Error as DeError, ser::Error as SerError, Deserialize, Deserializer, Serializer,
6    };
7    use tracing::error;
8
9    pub fn serialize<S>(key: &PKey<Private>, ser: S) -> Result<S::Ok, S::Error>
10    where
11        S: Serializer,
12    {
13        let der = key.private_key_to_der().map_err(|err| {
14            error!(?err, "openssl private_key_to_der");
15            S::Error::custom("openssl private_key_to_der")
16        })?;
17        let s = general_purpose::URL_SAFE_NO_PAD.encode(der);
18
19        ser.serialize_str(&s)
20    }
21
22    pub fn deserialize<'de, D>(des: D) -> Result<PKey<Private>, D::Error>
23    where
24        D: Deserializer<'de>,
25    {
26        let raw = <&str>::deserialize(des)?;
27        let s = general_purpose::URL_SAFE_NO_PAD
28            .decode(raw)
29            .or_else(|_| general_purpose::URL_SAFE.decode(raw))
30            .map_err(|err| {
31                error!(?err, "base64 url-safe invalid");
32                D::Error::custom("base64 url-safe invalid")
33            })?;
34
35        PKey::private_key_from_der(&s).map_err(|err| {
36            error!(?err, "openssl pkey invalid der");
37            D::Error::custom("openssl pkey invalid der")
38        })
39    }
40}
41
42pub mod x509b64 {
43    use crate::CryptoError;
44    use base64::{engine::general_purpose, Engine as _};
45    use openssl::x509::X509;
46    use serde::{
47        de::Error as DeError, ser::Error as SerError, Deserialize, Deserializer, Serializer,
48    };
49    use tracing::error;
50
51    pub fn cert_to_string(cert: &X509) -> Result<String, CryptoError> {
52        cert.to_der()
53            .map_err(|err| {
54                error!(?err, "openssl cert to_der");
55                err.into()
56            })
57            .map(|der| general_purpose::URL_SAFE.encode(der))
58    }
59
60    pub fn serialize<S>(cert: &X509, ser: S) -> Result<S::Ok, S::Error>
61    where
62        S: Serializer,
63    {
64        let der = cert.to_der().map_err(|err| {
65            error!(?err, "openssl cert to_der");
66            S::Error::custom("openssl private_key_to_der")
67        })?;
68        let s = general_purpose::URL_SAFE_NO_PAD.encode(der);
69
70        ser.serialize_str(&s)
71    }
72
73    pub fn deserialize<'de, D>(des: D) -> Result<X509, D::Error>
74    where
75        D: Deserializer<'de>,
76    {
77        let raw = <&str>::deserialize(des)?;
78        let s = general_purpose::URL_SAFE_NO_PAD
79            .decode(raw)
80            .or_else(|_| general_purpose::URL_SAFE.decode(raw))
81            .map_err(|err| {
82                error!(?err, "base64 url-safe invalid");
83                D::Error::custom("base64 url-safe invalid")
84            })?;
85
86        X509::from_der(&s).map_err(|err| {
87            error!(?err, "openssl x509 invalid der");
88            D::Error::custom("openssl x509 invalid der")
89        })
90    }
91}
kanidm_lib_crypto/serialise.rs

kanidm_lib_crypto/
serialise.rs
