@@ -427,6 +427,33 @@ impl CertificateParams {
427
427
Ok ( result)
428
428
}
429
429
430
+ /// Write a CSR extension request attribute as defined in [RFC 2985].
431
+ ///
432
+ /// [RFC 2985]: <https://datatracker.ietf.org/doc/html/rfc2985>
433
+ fn write_extension_request_attribute ( & self , writer : DERWriter ) {
434
+ writer. write_sequence ( |writer| {
435
+ writer. next ( ) . write_oid ( & ObjectIdentifier :: from_slice (
436
+ oid:: PKCS_9_AT_EXTENSION_REQUEST ,
437
+ ) ) ;
438
+ writer. next ( ) . write_set ( |writer| {
439
+ writer. next ( ) . write_sequence ( |writer| {
440
+ // Write key_usage
441
+ self . write_key_usage ( writer. next ( ) ) ;
442
+ // Write subject_alt_names
443
+ self . write_subject_alt_names ( writer. next ( ) ) ;
444
+ self . write_extended_key_usage ( writer. next ( ) ) ;
445
+
446
+ // Write custom extensions
447
+ for ext in & self . custom_extensions {
448
+ write_x509_extension ( writer. next ( ) , & ext. oid , ext. critical , |writer| {
449
+ writer. write_der ( ext. content ( ) )
450
+ } ) ;
451
+ }
452
+ } ) ;
453
+ } ) ;
454
+ } ) ;
455
+ }
456
+
430
457
/// Write a certificate's KeyUsage as defined in RFC 5280.
431
458
fn write_key_usage ( & self , writer : DERWriter ) {
432
459
// RFC 5280 defines 9 key usages, which we detail in our key usage enum
@@ -567,30 +594,7 @@ impl CertificateParams {
567
594
// RFC 2986 specifies that attributes are a SET OF Attribute
568
595
writer. write_set_of ( |writer| {
569
596
if write_extension_request {
570
- writer. next ( ) . write_sequence ( |writer| {
571
- let oid =
572
- ObjectIdentifier :: from_slice ( oid:: PKCS_9_AT_EXTENSION_REQUEST ) ;
573
- writer. next ( ) . write_oid ( & oid) ;
574
- writer. next ( ) . write_set ( |writer| {
575
- writer. next ( ) . write_sequence ( |writer| {
576
- // Write key_usage
577
- self . write_key_usage ( writer. next ( ) ) ;
578
- // Write subject_alt_names
579
- self . write_subject_alt_names ( writer. next ( ) ) ;
580
- self . write_extended_key_usage ( writer. next ( ) ) ;
581
-
582
- // Write custom extensions
583
- for ext in custom_extensions {
584
- write_x509_extension (
585
- writer. next ( ) ,
586
- & ext. oid ,
587
- ext. critical ,
588
- |writer| writer. write_der ( ext. content ( ) ) ,
589
- ) ;
590
- }
591
- } ) ;
592
- } ) ;
593
- } ) ;
597
+ self . write_extension_request_attribute ( writer. next ( ) ) ;
594
598
}
595
599
} ) ;
596
600
} ) ;
0 commit comments