Fixes KeyPair Ownership and Removes Need for Issuer Lifetimes #326
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for your work on this! There are indeed some long-standing issues here that I've been wanting to fix but hadn't gotten to yet. I don't think this is quite the right approach but I've made a start in a similar direction in #328. |
|
#328 removes the need for this |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was some previous, but incomplete work to simply the parameters need for signing operations. See previous pull request for Issuer API. This work was stopped due to KeyPair ownership vs borrow issues.
Changes
This PR fixes the KeyPair ownership issue by make KeyPair cheap to clone through the use of a reference-counted inner implementation. I used
std::rc::Rcbut this could be easily swapped forstd::sync::Arcif multi-threading is deemed higher importance than low runtime impact.Fixing the KeyPair ownership question then enables the Issuer type to encapsulate all information needed for signing operations while still allowing the KeyPair to be used by other code.
Versioning
This PR does change the published signature of
rcgenfunctions that sign code, so that needs to be tracked with appropriate semver versioning forrcgenat least. The public API of rustls-cert-gen is not affected.Background
I am working on a library that allows an AzureKeyVault to be used for PKI storage. The RemoteKeyPair works well for this, allowing the private key to never exist anywhere but locked inside the KV.
However signing using
rcgenhas proved impossible due to the signing functions requiring a fullCertificateeven though it was only used as a wrapper for theparamsfield and then only to construct theIssuer. The construction of aCertificatewas also locked inside the library.My first thought was to simply provide public methods of creating a
Certificate, but in reviewing the issues and pull requests, I determined the project wanted an update toIssuer, so I implemented that change instead.This PR resolves the problem of requiring a Certificate that I can't create by making the Issuer the thing that performs signing. The issuer requires access to the KeyPair (which can still reference a remote key) and some of the parameters to the certificate, though it does not require a full Certificate. An
Issuercan be constructed from aKeyPairand eitherCertificateParamsorCertificateDerif thex509-parserfeatures is enabled.