Store issuer items as vec and not map

There can be multiple of the same entry, e.g. DC (domain component) entries in an issuer. Using a HashMap is too restrictive.

Author: da-kami

rcgen/src/certificate.rs

@@ -601,7 +601,7 @@ impl CertificateParams {
 		let der = subject_key.sign_der(|writer| {
 			// Write version
 			writer.next().write_u8(0);
-			write_distinguished_name(writer.next(), distinguished_name);
+			write_distinguished_name(writer.next(), distinguished_name.clone());
 			serialize_public_key_der(subject_key, writer.next());
 
 			// According to the spec in RFC 2986, even if attributes are empty we need the empty attribute tag
@@ -663,7 +663,7 @@ impl CertificateParams {
 			// Write signature algorithm
 			issuer.key_pair.alg.write_alg_ident(writer.next());
 			// Write issuer name
-			write_distinguished_name(writer.next(), &issuer.distinguished_name);
+			write_distinguished_name(writer.next(), issuer.distinguished_name.clone());
 			// Write validity
 			writer.next().write_sequence(|writer| {
 				// Not before
@@ -673,7 +673,7 @@ impl CertificateParams {
 				Ok::<(), Error>(())
 			})?;
 			// Write subject
-			write_distinguished_name(writer.next(), &self.distinguished_name);
+			write_distinguished_name(writer.next(), self.distinguished_name.clone());
 			// Write subjectPublicKeyInfo
 			serialize_public_key_der(pub_key, writer.next());
 			// write extensions
@@ -856,7 +856,7 @@ fn write_general_subtrees(writer: DERWriter, tag: u64, general_subtrees: &[Gener
 								GeneralSubtree::Rfc822Name(name)
 								| GeneralSubtree::DnsName(name) => writer.write_ia5_string(name),
 								GeneralSubtree::DirectoryName(name) => {
-									write_distinguished_name(writer, name)
+									write_distinguished_name(writer, name.clone())
 								},
 								GeneralSubtree::IpAddress(subnet) => {
 									writer.write_bytes(&subnet.to_bytes())

rcgen/src/crl.rs

@@ -234,7 +234,7 @@ impl CertificateRevocationListParams {
 			// Write issuer.
 			// RFC 5280 §5.1.2.3:
 			//   The issuer field MUST contain a non-empty X.500 distinguished name (DN).
-			write_distinguished_name(writer.next(), &issuer.distinguished_name);
+			write_distinguished_name(writer.next(), issuer.distinguished_name.clone());
 
 			// Write thisUpdate date.
 			// RFC 5280 §5.1.2.4:

rcgen/src/lib.rs

@@ -33,7 +33,6 @@ println!("{}", key_pair.serialize_pem());
 #![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))]
 #![warn(unreachable_pub)]
 
-use std::collections::HashMap;
 use std::fmt;
 use std::hash::Hash;
 use std::net::IpAddr;
@@ -299,8 +298,7 @@ See also the RFC 5280 sections on the [issuer](https://tools.ietf.org/html/rfc52
 and [subject](https://tools.ietf.org/html/rfc5280#section-4.1.2.6) fields.
 */
 pub struct DistinguishedName {
-	entries: HashMap<DnType, DnValue>,
-	order: Vec<DnType>,
+	entries: Vec<(DnType, DnValue)>,
 }
 
 impl DistinguishedName {
@@ -309,20 +307,32 @@ impl DistinguishedName {
 		Self::default()
 	}
 	/// Obtains the attribute value for the given attribute type
-	pub fn get(&self, ty: &DnType) -> Option<&DnValue> {
-		self.entries.get(ty)
+	pub fn get(&self, ty: &DnType) -> Vec<&DnValue> {
+		self.entries
+			.iter()
+			.filter_map(|(dn_type, dn_value)| if ty == dn_type { Some(dn_value) } else { None })
+			.collect()
 	}
 	/// Removes the attribute with the specified DnType
 	///
 	/// Returns true when an actual removal happened, false
 	/// when no attribute with the specified DnType was
 	/// found.
 	pub fn remove(&mut self, ty: DnType) -> bool {
-		let removed = self.entries.remove(&ty).is_some();
-		if removed {
-			self.order.retain(|ty_o| &ty != ty_o);
+		let mut remove_indices = vec![];
+		for (index, (dn_type, _dn_val)) in self.entries.iter().enumerate() {
+			if dn_type == &ty {
+				remove_indices.push(index);
+			}
+		}
+
+		let is_remove_indices = !remove_indices.is_empty();
+
+		for index in remove_indices {
+			self.entries.remove(index);
 		}
-		removed
+
+		is_remove_indices
 	}
 	/// Inserts or updates an attribute that consists of type and name
 	///
@@ -331,21 +341,11 @@ impl DistinguishedName {
 	/// let mut dn = DistinguishedName::new();
 	/// dn.push(DnType::OrganizationName, "Crab widgits SE");
 	/// dn.push(DnType::CommonName, DnValue::PrintableString("Master Cert".try_into().unwrap()));
-	/// assert_eq!(dn.get(&DnType::OrganizationName), Some(&DnValue::Utf8String("Crab widgits SE".to_string())));
-	/// assert_eq!(dn.get(&DnType::CommonName), Some(&DnValue::PrintableString("Master Cert".try_into().unwrap())));
+	/// assert_eq!(dn.get(&DnType::OrganizationName).get(0), Some(&DnValue::Utf8String("Crab widgits SE".to_string())).as_ref());
+	/// assert_eq!(dn.get(&DnType::CommonName).get(0), Some(&DnValue::PrintableString("Master Cert".try_into().unwrap())).as_ref());
 	/// ```
 	pub fn push(&mut self, ty: DnType, s: impl Into<DnValue>) {
-		if !self.entries.contains_key(&ty) {
-			self.order.push(ty.clone());
-		}
-		self.entries.insert(ty, s.into());
-	}
-	/// Iterate over the entries
-	pub fn iter(&self) -> DistinguishedNameIterator<'_> {
-		DistinguishedNameIterator {
-			distinguished_name: self,
-			iter: self.order.iter(),
-		}
+		self.entries.push((ty, s.into()));
 	}
 
 	#[cfg(feature = "x509-parser")]
@@ -393,21 +393,15 @@ impl DistinguishedName {
 	}
 }
 
-/**
-Iterator over [`DistinguishedName`] entries
-*/
-pub struct DistinguishedNameIterator<'a> {
-	distinguished_name: &'a DistinguishedName,
-	iter: std::slice::Iter<'a, DnType>,
-}
-
-impl<'a> Iterator for DistinguishedNameIterator<'a> {
-	type Item = (&'a DnType, &'a DnValue);
+impl Iterator for DistinguishedName {
+	type Item = (DnType, DnValue);
 
 	fn next(&mut self) -> Option<Self::Item> {
-		self.iter
-			.next()
-			.and_then(|ty| self.distinguished_name.entries.get(ty).map(|v| (ty, v)))
+		self.entries.pop()
+	}
+
+	fn size_hint(&self) -> (usize, Option<usize>) {
+		self.entries.iter().size_hint()
 	}
 }
 
@@ -568,9 +562,9 @@ fn write_dt_utc_or_generalized(writer: DERWriter, dt: OffsetDateTime) {
 	}
 }
 
-fn write_distinguished_name(writer: DERWriter, dn: &DistinguishedName) {
+fn write_distinguished_name(writer: DERWriter, dn: DistinguishedName) {
 	writer.write_sequence(|writer| {
-		for (ty, content) in dn.iter() {
+		for (ty, content) in dn.into_iter() {
 			writer.next().write_set(|writer| {
 				writer.next().write_sequence(|writer| {
 					writer.next().write_oid(&ty.to_oid());
@@ -596,7 +590,7 @@ fn write_distinguished_name(writer: DERWriter, dn: &DistinguishedName) {
 							.write_tagged_implicit(TAG_UNIVERSALSTRING, |writer| {
 								writer.write_bytes(s.as_bytes())
 							}),
-						DnValue::Utf8String(s) => writer.next().write_utf8_string(s),
+						DnValue::Utf8String(s) => writer.next().write_utf8_string(s.as_str()),
 					}
 				});
 			});