certkit 0.1.2

A pure Rust library for X.509 certificate management, creation, and validation, supporting RSA, ECDSA, and Ed25519 keys, with no OpenSSL or ring dependencies.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

mod util;
#[cfg(feature = "p256")]
mod test {
    use certkit::cert::params;
    use certkit::error::CertKitError;
    use certkit::{
        cert::params::{CertificationRequestInfo, DistinguishedName},
        issuer::Issuer,
        key::KeyPair,
    };
    pub type Result<T> = std::result::Result<T, CertKitError>;
    use crate::util;
    use time::OffsetDateTime;

    /// Generates a Certificate Authority (CA) certificate and saves it as a PEM file.
    /// This test ensures the CA certificate generation process works as expected.
    #[test]
    fn generate_ca_cert() -> Result<()> {
        let ca_cert_with_key = util::generate_ca_cert();

        use std::io::Write;
        std::fs::create_dir_all(".debug_certs").unwrap();
        std::fs::File::create(".debug_certs/ca_cert.pem")
            .unwrap()
            .write_all(ca_cert_with_key.cert.to_pem().unwrap().as_bytes())
            .unwrap();

        eprintln!("CA Certificate: {:?}", ca_cert_with_key.cert);
        Ok(())
    }

    /// Generates a server certificate signed by the CA and saves it as a PEM file.
    /// This test ensures the server certificate generation and signing process works as expected.
    #[test]
    fn generate_server_cert() -> Result<()> {
        let ca_cert_with_key = util::generate_ca_cert();

        let server_key = KeyPair::generate_ecdsa_p256();
        let server_dn = DistinguishedName::builder()
            .common_name("server.myca.local".to_string())
            .build();

        let server_public_key = certkit::key::PublicKey::from_key_pair(&server_key);
        let server_cert_info = CertificationRequestInfo::builder()
            .subject(server_dn)
            .subject_public_key(server_public_key)
            .usages(vec![
                certkit::cert::extensions::ExtendedKeyUsageOption::ServerAuth,
            ])
            .build();

        let validity = params::Validity {
            not_before: OffsetDateTime::now_utc(),
            not_after: OffsetDateTime::now_utc() + time::Duration::days(365),
        };
        let server_cert = ca_cert_with_key.issue(&server_cert_info, validity);

        eprintln!("Server Certificate: {server_cert:?}");
        let server_cert_pem = server_cert.to_pem().unwrap();

        use std::io::Write;
        std::fs::create_dir_all(".debug_certs").unwrap();
        std::fs::File::create(".debug_certs/server_cert.pem")
            .unwrap()
            .write_all(server_cert_pem.as_bytes())
            .unwrap();

        Ok(())
    }

    /// Generates a client certificate signed by the CA and saves it as a PEM file.
    /// This test ensures the client certificate generation and signing process works as expected.
    #[test]
    fn generate_client_cert() -> Result<()> {
        let ca_cert_with_key = util::generate_ca_cert();

        let client_key = KeyPair::generate_ecdsa_p256();
        let client_dn = DistinguishedName::builder()
            .common_name("client.myca.local".to_string())
            .build();

        let client_public_key = certkit::key::PublicKey::from_key_pair(&client_key);
        let client_cert_info = CertificationRequestInfo::builder()
            .subject(client_dn)
            .subject_public_key(client_public_key)
            .usages(vec![
                certkit::cert::extensions::ExtendedKeyUsageOption::ClientAuth,
            ])
            .build();

        let validity = params::Validity {
            not_before: OffsetDateTime::now_utc(),
            not_after: OffsetDateTime::now_utc() + time::Duration::days(365),
        };
        let client_cert = ca_cert_with_key.issue(&client_cert_info, validity);

        eprintln!("Client Certificate: {client_cert:?}");
        let client_cert_pem = client_cert.to_pem().unwrap();

        use std::io::Write;
        std::fs::create_dir_all(".debug_certs").unwrap();
        std::fs::File::create(".debug_certs/client_cert.pem")
            .unwrap()
            .write_all(client_cert_pem.as_bytes())
            .unwrap();

        Ok(())
    }
}