certkit 0.1.1

A pure Rust library for X.509 certificate management, creation, and validation, supporting RSA, ECDSA, and Ed25519 keys, with no OpenSSL or ring dependencies.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

use botan::Certificate as BotanCertificate;

use certkit::cert::Certificate;
use certkit::cert::params::{CertificationRequestInfo, DistinguishedName};
use certkit::key::KeyPair;

fn default_params() -> (CertificationRequestInfo, KeyPair) {
    let key_pair = KeyPair::generate_ecdsa_p256();
    let subject = DistinguishedName::builder()
        .common_name("crabs.crabs".to_string())
        .organization("Crab widgits SE".to_string())
        .build();
    let cert_info = CertificationRequestInfo::builder()
        .subject(subject)
        .subject_public_key(certkit::key::PublicKey::from_key_pair(&key_pair))
        .build();
    (cert_info, key_pair)
}

fn check_cert(cert_der: &[u8]) {
    // Use botan crate to parse the DER and assert it succeeds
    BotanCertificate::load(cert_der).expect("Botan failed to parse certificate");
}

#[test]
#[ignore]
fn test_botan_ecdsa_p256() {
    let (params, key_pair) = default_params();
    let cert = Certificate::new_self_signed(&params, &key_pair);
    check_cert(&cert.to_der().unwrap());
}

#[test]
#[ignore]
fn test_botan_ed25519() {
    let mut params = default_params().0;
    let key_pair = KeyPair::generate_ed25519();
    params.subject_public_key = certkit::key::PublicKey::from_key_pair(&key_pair);
    let cert = Certificate::new_self_signed(&params, &key_pair);
    check_cert(&cert.to_der().unwrap());
}

#[test]
#[ignore]
fn test_botan_ecdsa_p384() {
    let mut params = default_params().0;
    let key_pair = KeyPair::generate_ecdsa_p384();
    params.subject_public_key = certkit::key::PublicKey::from_key_pair(&key_pair);
    let cert = Certificate::new_self_signed(&params, &key_pair);
    check_cert(&cert.to_der().unwrap());
}

#[test]
#[ignore]
fn test_botan_ecdsa_p521() {
    let mut params = default_params().0;
    let key_pair = KeyPair::generate_ecdsa_p521();
    params.subject_public_key = certkit::key::PublicKey::from_key_pair(&key_pair);
    let cert = Certificate::new_self_signed(&params, &key_pair);
    check_cert(&cert.to_der().unwrap());
}

#[test]
#[ignore]
fn test_botan_rsa() {
    let mut params = default_params().0;
    let key_pair = KeyPair::generate_rsa(2048).unwrap();
    params.subject_public_key = certkit::key::PublicKey::from_key_pair(&key_pair);
    let cert = Certificate::new_self_signed(&params, &key_pair);
    check_cert(&cert.to_der().unwrap());
}