add possibility to define sbgp extensions

nomick · thillux · commit a7dc9935ccc8 · 2023-10-12T15:51:57.000+02:00
diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs
@@ -428,6 +428,137 @@ impl AuthorityKeyIdentifier {
     }
 }
 
+pub struct SbgpAsIdentifier {
+    critical: bool,
+    asn: Vec<(u32, u32)>,
+}
+
+impl Default for SbgpAsIdentifier {
+    fn default() -> SbgpAsIdentifier {
+        SbgpAsIdentifier::new()
+    }
+}
+
+impl SbgpAsIdentifier {
+    /// Construct a new `SbgpAsIdentifier` extension.
+    pub fn new() -> SbgpAsIdentifier {
+        SbgpAsIdentifier {
+            critical: false,
+            asn: Vec::new(),
+        }
+    }
+
+    /// Sets the `critical` flag to `true`. The extension will be critical.
+    pub fn critical(&mut self) -> &mut SbgpAsIdentifier {
+        self.critical = true;
+        self
+    }
+
+    /// Adds an AS number.
+    pub fn add_asn(&mut self, asn: u32) -> &mut SbgpAsIdentifier {
+        self.asn.push((asn, asn));
+        self
+    }
+
+    /// Adds a range of AS numbers.
+    pub fn add_asn_range(&mut self, asn_min: u32, asn_max: u32) -> &mut SbgpAsIdentifier {
+        self.asn.push((asn_min, asn_max));
+        self
+    }
+
+    /// Return a `SbgpAsIdentifier` extension as an `X509Extension`.
+    pub fn build(&self, ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> {
+        let mut value = String::new();
+        let mut first = true;
+        append(&mut value, &mut first, self.critical, "critical");
+        for (asn_min, asn_max) in &self.asn {
+            let asn_format = if asn_min == asn_max {
+                format!("AS:{asn_min}")
+            } else {
+                format!("AS:{asn_min}-{asn_max}")
+            };
+            append(&mut value, &mut first, true, &asn_format);
+        }
+        X509Extension::new_nid(None, Some(ctx), Nid::SBGP_AUTONOMOUSSYSNUM, &value)
+    }
+}
+
+pub struct SbgpIpAddressIdentifier {
+    critical: bool,
+    ip_ranges: Vec<(std::net::IpAddr, std::net::IpAddr)>,
+}
+
+impl Default for SbgpIpAddressIdentifier {
+    fn default() -> SbgpIpAddressIdentifier {
+        SbgpIpAddressIdentifier::new()
+    }
+}
+
+impl SbgpIpAddressIdentifier {
+    /// Construct a new `SbgpIpAddressIdentifier` extension.
+    pub fn new() -> SbgpIpAddressIdentifier {
+        SbgpIpAddressIdentifier {
+            critical: false,
+            ip_ranges: Vec::new(),
+        }
+    }
+
+    /// Sets the `critical` flag to `true`. The extension will be critical.
+    pub fn critical(&mut self) -> &mut SbgpIpAddressIdentifier {
+        self.critical = true;
+        self
+    }
+
+    /// Adds an IP adress.
+    pub fn add_ip_addr(&mut self, ip_addr: std::net::IpAddr) -> &mut SbgpIpAddressIdentifier {
+        self.ip_ranges.push((ip_addr, ip_addr));
+        self
+    }
+
+    /// Adds a range of IPv4 adresses.
+    pub fn add_ipv4_addr_range(
+        &mut self,
+        ip_addr_min: std::net::Ipv4Addr,
+        ip_addr_max: std::net::Ipv4Addr,
+    ) -> &mut SbgpIpAddressIdentifier {
+        self.ip_ranges.push((
+            std::net::IpAddr::V4(ip_addr_min),
+            std::net::IpAddr::V4(ip_addr_max),
+        ));
+        self
+    }
+
+    /// Adds a range of IPv6 adresses.
+    pub fn add_ipv6_addr_range(
+        &mut self,
+        ip_addr_min: std::net::Ipv6Addr,
+        ip_addr_max: std::net::Ipv6Addr,
+    ) -> &mut SbgpIpAddressIdentifier {
+        self.ip_ranges.push((
+            std::net::IpAddr::V6(ip_addr_min),
+            std::net::IpAddr::V6(ip_addr_max),
+        ));
+        self
+    }
+
+    /// Return a `SbgpIpAddressIdentifier` extension as an `X509Extension`.
+    pub fn build(&self, ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> {
+        let mut value = String::new();
+        let mut first = true;
+        append(&mut value, &mut first, self.critical, "critical");
+        for (ip_addr_min, ip_addr_max) in &self.ip_ranges {
+            let version = if ip_addr_min.is_ipv4() { 4 } else { 6 };
+            let ip_addr_format = if ip_addr_min == ip_addr_max {
+                format!("IPv{version}:{ip_addr_min}")
+            } else {
+                format!("IPv{version}:{ip_addr_min}-{ip_addr_max}")
+            };
+            append(&mut value, &mut first, true, &ip_addr_format);
+        }
+        X509Extension::new_nid(None, Some(ctx), Nid::SBGP_IPADDRBLOCK, &value)
+    }
+}
+
 enum RustGeneralName {
     Dns(String),
     Email(String),
