Expand description
§Certificate Generation and Handling Library
This Rust library provides functionality for generating self-signed certificates, creating server certificates signed by a Certificate Authority (CA), and handling certificate loading and saving operations. It leverages the rustls_pki_types, rcgen, and pem crates to achieve these tasks.
§Features
- Self-Signed Certificate Generation: Create self-signed certificates with specified parameters.
- CA-Signed Certificate Generation: Generate server certificates signed by a CA certificate.
- Certificate Loading: Load certificates and private keys from PEM files or PEM-formatted strings.
- Certificate Saving: Convert certificates and private keys to PEM format for storage or transmission.
§Error Handling
The library defines a CertGenError enumeration to represent various errors that might occur during certificate handling, including I/O errors, generation failures, parse errors, and other miscellaneous errors.
§Usage
§Generating a Self-Signed CA Certificate
use certgenutil::generate_self_signed_cert;
let (cert, private_key) = generate_self_signed_cert(
"example.com",
true,
365,
vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();§Generating a Server Certificate Signed by a CA
§Using a CA Certificate File
use certgenutil::generate_server_cert_by_ca_file;
use std::path::PathBuf;
let ca_file_path = PathBuf::from("ca.pem");
let (cert, private_key) = generate_server_cert_by_ca_file(
ca_file_path,
"example.com",
365,
vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();§Using a CA Certificate PEM String
use certgenutil::generate_server_cert_by_ca_pem;
let ca_pem = String::from(r#"-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgIUNcB9KoFex2HVOvNXIZzfN/7QyMUwCgYIKoZIzj0EAwIw
ETEPMA0GA1UEAwwGcm9vdGNhMB4XDTI0MDgxODA0NDEwOFoXDTI1MDgxODA0NDEw
OFowETEPMA0GA1UEAwwGcm9vdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
0kzg73SoZ82snyWboqjKbrlgvavvzduYSWmn2x6NBejWlPLLxdtMxiY0NVfSXq+I
9eBqzr88yV7QC79yH+GxyKNWMFQwEgYDVR0RBAswCYIHYWJjLmNvbTAOBgNVHQ8B
Af8EBAMCAQYwHQYDVR0OBBYEFP/KV01ye89Wwfde0wic7i+StpidMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgfQlSU05caJtz8XxJvA/AmHSQkroy
YUloxc/s1mQKR9ICIQD9twx295ClByM7bjsHsGNnORok3szuCuJiQaX9o5DR1w==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSnXLALeEZnbLdbRT
T4IumE9TztYMJTF97pMQFpF0zByhRANCAATSTODvdKhnzayfJZuiqMpuuWC9q+/N
25hJaafbHo0F6NaU8svF20zGJjQ1V9Jer4j14GrOvzzJXtALv3If4bHI
-----END PRIVATE KEY-----"#);
let (cert, private_key) = generate_server_cert_by_ca_pem(
ca_pem,
"example.com",
365,
vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();§Loading Certificates and Private Keys
§From PEM Files
use certgenutil::{load_cert_from_pem_file, load_key_from_pem_file};
use std::path::PathBuf;
let cert_path = PathBuf::from("ca.pem");
let key_path = PathBuf::from("ca.pem");
let cert = load_cert_from_pem_file(cert_path).unwrap();
let key = load_key_from_pem_file(key_path).unwrap();§From PEM Strings
use certgenutil::{load_cert_from_pem_str, load_key_from_pem_str};
let cert_pem = r#"-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgIUBH8zfLAlg0h8FQUc8wZjJlrPWrgwCgYIKoZIzj0EAwIw
ETEPMA0GA1UEAwwGcm9vdGNhMB4XDTI0MDgxODA0MzMxMFoXDTI1MDgxODA0MzMx
MFowETEPMA0GA1UEAwwGcm9vdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
8GuAphYzDWDsTbuXaQcZt28NAgVJJC2RRj+h76CtfpIH/VonRCEBsRtS6UOWXvi9
QX7bO+evfMFvpyJq7IE9KaNWMFQwEgYDVR0RBAswCYIHYWJjLmNvbTAOBgNVHQ8B
Af8EBAMCAQYwHQYDVR0OBBYEFPK0E8CY4Hv2FQurWHogzHeXWIYWMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKvhoh2oz+WZ3Ry0du8saLwqAFBz
Kdpn9dwKE0NF3Ju9AiAs2ZO7fDaMxEkeFIqZi1XktTNWOzSMrjuZDknC2tZugQ==
-----END CERTIFICATE-----"#;
let key_pem = r#"-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPY2goeIEayj3JLGR
/eRUTD7CAevRscPGxSWAbcWOpYChRANCAATwa4CmFjMNYOxNu5dpBxm3bw0CBUkk
LZFGP6HvoK1+kgf9WidEIQGxG1LpQ5Ze+L1Bfts75698wW+nImrsgT0p
-----END PRIVATE KEY-----"#;
let cert = load_cert_from_pem_str(cert_pem).unwrap();
let key = load_key_from_pem_str(key_pem).unwrap();§Converting to PEM Format
use certgenutil::{get_cert_pem, get_key_pem,load_cert_from_pem_file,load_key_from_pem_file};
let cert = load_cert_from_pem_file("ca.pem").unwrap();
let key = load_key_from_pem_file("ca.pem").unwrap();
let cert_pem = get_cert_pem(&cert);
let key_pem = get_key_pem(&key).unwrap();§Dependencies
rustls_pki_typesrcgenpemthiserror
§License
This library is licensed under the MIT license. See the LICENSE file for more details.
§Contributing
Contributions are welcome! Please open an issue or submit a pull request on the GitHub repository.
§Contact
For questions or support, please contact linfengfeiye@qq.com.
Enums§
Functions§
- generate_
self_ signed_ cert - Generates a self-signed certificate.
- generate_
server_ cert_ by_ ca_ file - Generates a server certificate using a CA certificate file.
- generate_
server_ cert_ by_ ca_ pem - Generates a server certificate signed by a CA based on the provided CA certificate PEM.
- get_
cert_ pem - Converts the given certificate into a PEM formatted string.
- get_
key_ pem - Converts a private key to a PEM formatted string.
- load_
cert_ from_ pem_ file - Loads a certificate from a PEM file.
- load_
cert_ from_ pem_ str - Loads a certificate from a PEM formatted string.
- load_
key_ from_ pem_ file - Loads a private key from a PEM file.
- load_
key_ from_ pem_ str - Loads a private key from a PEM formatted string.