From f6b3dbd652027e07a07c7d8e80675877f3f023d2 Mon Sep 17 00:00:00 2001
From: David Mulder <dmulder@samba.org>
Date: Fri, 27 Oct 2023 12:49:48 -0600
Subject: [PATCH] Provide identity_key_x509_as_der

Signed-off-by: David Mulder <dmulder@samba.org>
---
 src/lib.rs  |  2 ++
 src/soft.rs | 17 +++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/src/lib.rs b/src/lib.rs
index 8ddef7a..00b3a0d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -104,6 +104,7 @@ pub enum HsmError {
     IdentityKeyInvalidForSigning,
     IdentityKeySignature,
     IdentityKeyX509ToPem,
+    IdentityKeyX509ToDer,
     IdentityKeyX509Missing,
     RsaGenerate,
     RsaPrivateToDer,
@@ -214,4 +215,5 @@ trait HsmIdentity: Hsm {
     ) -> Result<Self::LoadableIdentityKey, HsmError>;
 
     fn identity_key_x509_as_pem(&mut self, key: &Self::IdentityKey) -> Result<Vec<u8>, HsmError>;
+    fn identity_key_x509_as_der(&mut self, key: &Self::IdentityKey) -> Result<Vec<u8>, HsmError>;
 }
diff --git a/src/soft.rs b/src/soft.rs
index 12071e5..82375b4 100644
--- a/src/soft.rs
+++ b/src/soft.rs
@@ -416,6 +416,23 @@ impl HsmIdentity for SoftHsm {
         }
     }
 
+    fn identity_key_x509_as_der(&mut self, key: &Self::IdentityKey) -> Result<Vec<u8>, HsmError> {
+        match key {
+            SoftIdentityKey::Ecdsa256 {
+                pkey: _,
+                x509: Some(x509),
+            }
+            | SoftIdentityKey::Rsa2048 {
+                pkey: _,
+                x509: Some(x509),
+            } => x509.to_der().map_err(|ossl_err| {
+                error!(?ossl_err);
+                HsmError::IdentityKeyX509ToDer
+            }),
+            _ => Err(HsmError::IdentityKeyX509Missing),
+        }
+    }
+
     fn identity_key_sign(
         &mut self,
         key: &Self::IdentityKey,