1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
use std::default::Default;
#[cfg(feature = "openssl")]
use openssl::crypto::rsa::RSA;
#[cfg(feature = "openssl")]
use ::rr::dnssec::Algorithm;
#[cfg(feature = "openssl")]
const ROOT_ANCHOR: &'static str = include_str!("Kjqmt7v.pem");
pub struct TrustAnchor {
pkeys: Vec<Vec<u8>>
}
impl Default for TrustAnchor {
#[cfg(feature = "openssl")]
fn default() -> TrustAnchor {
let rsa = RSA::public_key_from_pem(ROOT_ANCHOR.as_bytes()).expect("Error parsing Kjqmt7v.pem");
assert_eq!(rsa.size().unwrap(), 256);
let alg = Algorithm::RSASHA256;
TrustAnchor{ pkeys: vec![alg.public_key_to_vec(&rsa)] }
}
#[cfg(not(feature = "openssl"))]
fn default() -> TrustAnchor {
TrustAnchor{ pkeys: vec![] }
}
}
impl TrustAnchor {
pub fn new() -> TrustAnchor {
TrustAnchor { pkeys: vec![] }
}
pub fn contains(&self, other_key: &[u8]) -> bool {
self.pkeys.iter().any(|k|other_key == k as &[u8])
}
pub fn insert_trust_anchor(&mut self, public_key: Vec<u8>) {
if !self.contains(&public_key) {
self.pkeys.push(public_key)
}
}
}