1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
use std::io::Cursor;
use std::default::Default;
use openssl::crypto::pkey::{PKey, Role};
use ::rr::dnssec::Algorithm;
const ROOT_ANCHOR: &'static str = include_str!("Kjqmt7v.pem");
pub struct TrustAnchor {
pkeys: Vec<Vec<u8>>
}
impl Default for TrustAnchor {
fn default() -> TrustAnchor {
let mut cursor = Cursor::new(ROOT_ANCHOR);
let pkey = PKey::public_key_from_pem(&mut cursor).expect("Error parsing Kjqmt7v.pem");
assert!(pkey.can(Role::Verify));
assert!(pkey.can(Role::Encrypt));
let alg = Algorithm::RSASHA256;
TrustAnchor{ pkeys: vec![alg.public_key_to_vec(&pkey)] }
}
}
impl TrustAnchor {
pub fn new() -> TrustAnchor {
TrustAnchor { pkeys: vec![] }
}
pub fn contains(&self, other_key: &[u8]) -> bool {
self.pkeys.iter().any(|k|other_key == k as &[u8])
}
pub fn insert_trust_anchor(&mut self, public_key: Vec<u8>) {
if !self.contains(&public_key) {
self.pkeys.push(public_key)
}
}
}