git2/
cert.rs

1//! Certificate types which are passed to `CertificateCheck` in
2//! `RemoteCallbacks`.
3
4use std::marker;
5use std::mem;
6use std::slice;
7
8use crate::raw;
9use crate::util::Binding;
10
11/// A certificate for a remote connection, viewable as one of `CertHostkey` or
12/// `CertX509` currently.
13pub struct Cert<'a> {
14    raw: *mut raw::git_cert,
15    _marker: marker::PhantomData<&'a raw::git_cert>,
16}
17
18/// Hostkey information taken from libssh2
19pub struct CertHostkey<'a> {
20    raw: *mut raw::git_cert_hostkey,
21    _marker: marker::PhantomData<&'a raw::git_cert>,
22}
23
24/// X.509 certificate information
25pub struct CertX509<'a> {
26    raw: *mut raw::git_cert_x509,
27    _marker: marker::PhantomData<&'a raw::git_cert>,
28}
29
30/// The SSH host key type.
31#[derive(Copy, Clone, Debug)]
32#[non_exhaustive]
33pub enum SshHostKeyType {
34    /// Unknown key type
35    Unknown = raw::GIT_CERT_SSH_RAW_TYPE_UNKNOWN as isize,
36    /// RSA key type
37    Rsa = raw::GIT_CERT_SSH_RAW_TYPE_RSA as isize,
38    /// DSS key type
39    Dss = raw::GIT_CERT_SSH_RAW_TYPE_DSS as isize,
40    /// ECDSA 256 key type
41    Ecdsa256 = raw::GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256 as isize,
42    /// ECDSA 384 key type
43    Ecdsa384 = raw::GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384 as isize,
44    /// ECDSA 521 key type
45    Ecdsa521 = raw::GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521 as isize,
46    /// ED25519 key type
47    Ed255219 = raw::GIT_CERT_SSH_RAW_TYPE_KEY_ED25519 as isize,
48}
49
50impl SshHostKeyType {
51    /// The name of the key type as encoded in the known_hosts file.
52    pub fn name(&self) -> &'static str {
53        match self {
54            SshHostKeyType::Unknown => "unknown",
55            SshHostKeyType::Rsa => "ssh-rsa",
56            SshHostKeyType::Dss => "ssh-dss",
57            SshHostKeyType::Ecdsa256 => "ecdsa-sha2-nistp256",
58            SshHostKeyType::Ecdsa384 => "ecdsa-sha2-nistp384",
59            SshHostKeyType::Ecdsa521 => "ecdsa-sha2-nistp521",
60            SshHostKeyType::Ed255219 => "ssh-ed25519",
61        }
62    }
63
64    /// A short name of the key type, the colloquial form used as a human-readable description.
65    pub fn short_name(&self) -> &'static str {
66        match self {
67            SshHostKeyType::Unknown => "Unknown",
68            SshHostKeyType::Rsa => "RSA",
69            SshHostKeyType::Dss => "DSA",
70            SshHostKeyType::Ecdsa256 => "ECDSA",
71            SshHostKeyType::Ecdsa384 => "ECDSA",
72            SshHostKeyType::Ecdsa521 => "ECDSA",
73            SshHostKeyType::Ed255219 => "ED25519",
74        }
75    }
76}
77
78impl<'a> Cert<'a> {
79    /// Attempt to view this certificate as an SSH hostkey.
80    ///
81    /// Returns `None` if this is not actually an SSH hostkey.
82    pub fn as_hostkey(&self) -> Option<&CertHostkey<'a>> {
83        self.cast(raw::GIT_CERT_HOSTKEY_LIBSSH2)
84    }
85
86    /// Attempt to view this certificate as an X.509 certificate.
87    ///
88    /// Returns `None` if this is not actually an X.509 certificate.
89    pub fn as_x509(&self) -> Option<&CertX509<'a>> {
90        self.cast(raw::GIT_CERT_X509)
91    }
92
93    fn cast<T>(&self, kind: raw::git_cert_t) -> Option<&T> {
94        assert_eq!(mem::size_of::<Cert<'a>>(), mem::size_of::<T>());
95        unsafe {
96            if kind == (*self.raw).cert_type {
97                Some(&*(self as *const Cert<'a> as *const T))
98            } else {
99                None
100            }
101        }
102    }
103}
104
105impl<'a> CertHostkey<'a> {
106    /// Returns the md5 hash of the hostkey, if available.
107    pub fn hash_md5(&self) -> Option<&[u8; 16]> {
108        unsafe {
109            if (*self.raw).kind as u32 & raw::GIT_CERT_SSH_MD5 as u32 == 0 {
110                None
111            } else {
112                Some(&(*self.raw).hash_md5)
113            }
114        }
115    }
116
117    /// Returns the SHA-1 hash of the hostkey, if available.
118    pub fn hash_sha1(&self) -> Option<&[u8; 20]> {
119        unsafe {
120            if (*self.raw).kind as u32 & raw::GIT_CERT_SSH_SHA1 as u32 == 0 {
121                None
122            } else {
123                Some(&(*self.raw).hash_sha1)
124            }
125        }
126    }
127
128    /// Returns the SHA-256 hash of the hostkey, if available.
129    pub fn hash_sha256(&self) -> Option<&[u8; 32]> {
130        unsafe {
131            if (*self.raw).kind as u32 & raw::GIT_CERT_SSH_SHA256 as u32 == 0 {
132                None
133            } else {
134                Some(&(*self.raw).hash_sha256)
135            }
136        }
137    }
138
139    /// Returns the raw host key.
140    pub fn hostkey(&self) -> Option<&[u8]> {
141        unsafe {
142            if (*self.raw).kind & raw::GIT_CERT_SSH_RAW == 0 {
143                return None;
144            }
145            Some(slice::from_raw_parts(
146                (*self.raw).hostkey as *const u8,
147                (*self.raw).hostkey_len as usize,
148            ))
149        }
150    }
151
152    /// Returns the type of the host key.
153    pub fn hostkey_type(&self) -> Option<SshHostKeyType> {
154        unsafe {
155            if (*self.raw).kind & raw::GIT_CERT_SSH_RAW == 0 {
156                return None;
157            }
158            let t = match (*self.raw).raw_type {
159                raw::GIT_CERT_SSH_RAW_TYPE_UNKNOWN => SshHostKeyType::Unknown,
160                raw::GIT_CERT_SSH_RAW_TYPE_RSA => SshHostKeyType::Rsa,
161                raw::GIT_CERT_SSH_RAW_TYPE_DSS => SshHostKeyType::Dss,
162                raw::GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256 => SshHostKeyType::Ecdsa256,
163                raw::GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384 => SshHostKeyType::Ecdsa384,
164                raw::GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521 => SshHostKeyType::Ecdsa521,
165                raw::GIT_CERT_SSH_RAW_TYPE_KEY_ED25519 => SshHostKeyType::Ed255219,
166                t => panic!("unexpected host key type {:?}", t),
167            };
168            Some(t)
169        }
170    }
171}
172
173impl<'a> CertX509<'a> {
174    /// Return the X.509 certificate data as a byte slice
175    pub fn data(&self) -> &[u8] {
176        unsafe { slice::from_raw_parts((*self.raw).data as *const u8, (*self.raw).len as usize) }
177    }
178}
179
180impl<'a> Binding for Cert<'a> {
181    type Raw = *mut raw::git_cert;
182    unsafe fn from_raw(raw: *mut raw::git_cert) -> Cert<'a> {
183        Cert {
184            raw,
185            _marker: marker::PhantomData,
186        }
187    }
188    fn raw(&self) -> *mut raw::git_cert {
189        self.raw
190    }
191}
git2/cert.rs

git2/
cert.rs
