Add X509::get_ext_by_obj

This function allows retrieving extensions from X509 certificates using ASN1 Object IDs.
sfackler · Aug 30, 2023 · 29c0984 · 29c0984
1 parent a96cdf7
commit 29c0984
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
@@ -454,6 +454,38 @@ impl X509Ref {
         }
     }
 
+    /// Returns this certificate's extensions for the given [Asn1Object].
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use openssl::asn1::Asn1Object;
+    /// use openssl::x509::X509;
+    ///
+    /// let cert = X509::from_pem(include_bytes!("../../test/extensions.pem")).unwrap();
+    /// let obj = Asn1Object::from_str(&"1.3.6.1.4.1.41482.5.3").unwrap();
+    /// let extension = cert.get_ext_by_obj(&obj).unwrap().unwrap();
+    /// let value = extension.data().as_slice();
+    /// assert_eq!(value, [4, 3, 5, 2, 7]);
+    /// ```
+    #[corresponds(X509_get_ext_by_OBJ)]
+    pub fn get_ext_by_obj(
+        &self,
+        obj: &Asn1ObjectRef,
+    ) -> Result<Option<&X509ExtensionRef>, ErrorStack> {
+        unsafe {
+            let loc = ffi::X509_get_ext_by_OBJ(self.as_ptr(), obj.as_ptr(), -1);
+            Ok(if loc >= 0 {
+                Some(X509ExtensionRef::from_ptr(cvt_p(ffi::X509_get_ext(
+                    self.as_ptr(),
+                    loc,
+                ))?))
+            } else {
+                None
+            })
+        }
+    }
+
     /// Returns this certificate's subject alternative name entries, if they exist.
     #[corresponds(X509_get_ext_d2i)]
     pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>> {