use cert_helper::certificate::{CertBuilder, KeyType, UseesBuilderFields, X509Common};
use cert_helper::crl::{CrlReason, X509CrlBuilder, X509CrlWrapper, write_der_crl_as_pem};
use chrono::Utc;
use num_bigint::{BigUint, ToBigUint};
use std::fs;
fn main() {
let ca = CertBuilder::new()
.common_name("My Test Ca")
.is_ca(true)
.key_type(KeyType::P256)
.build_and_self_sign()
.unwrap();
let mut builder = X509CrlBuilder::new(ca);
builder.add_revoked_cert(12345u32.to_biguint().unwrap(), Utc::now());
let wrapper = builder.build_and_sign().unwrap();
let crl_der = wrapper.to_der().unwrap();
std::fs::write("./certs/crl.der", &crl_der).unwrap();
write_der_crl_as_pem(&crl_der, "./certs", "crl_first.pem")
.expect("failed to save crl as pem file");
let ca = CertBuilder::new()
.common_name("My Test Ca")
.is_ca(true)
.key_type(KeyType::P256)
.build_and_self_sign()
.unwrap();
let revocked = CertBuilder::new()
.common_name("My Test")
.build_and_self_sign()
.unwrap();
ca.save("./certs", "crl_signer").unwrap();
let bytes = revocked.x509.serial_number().to_bn().unwrap().to_vec();
let mut builder = if let Ok(existing) = fs::read("./certs/crl.der") {
X509CrlBuilder::from_der(&existing, ca.clone()).expect("failed to get crl from file")
} else {
X509CrlBuilder::new(ca.clone())
};
builder.add_revoked_cert_with_reason(
BigUint::from_bytes_be(&bytes),
Utc::now(),
vec![CrlReason::KeyCompromise],
);
builder.set_update_times(Utc::now(), Utc::now() + chrono::Duration::days(30));
let wrapper = builder.build_and_sign().unwrap();
let crl_der = wrapper.to_der().unwrap();
std::fs::write("./certs/crl_final.der", &crl_der).unwrap();
write_der_crl_as_pem(&crl_der, "./certs", "crl_final.pem")
.expect("failed to save crl as pem file");
println!("Test X509Wrapper");
let wrapper = X509CrlWrapper::read_as_pem("./certs/crl_final.pem").unwrap();
let verify = wrapper.verify_signature(ca.x509.public_key().as_ref().unwrap());
assert!(verify.unwrap());
let is_revoked = wrapper.revoked(revocked.x509.serial_number());
assert!(is_revoked);
println!("Done");
}