certkit 0.1.2

A pure Rust library for X.509 certificate management, creation, and validation, supporting RSA, ECDSA, and Ed25519 keys, with no OpenSSL or ring dependencies.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

#[cfg(feature = "p256")]
mod impl_p256 {
    use certkit::cert::extensions::ExtendedKeyUsageOption;
    use certkit::cert::params::{CertificationRequestInfo, DistinguishedName};
    use certkit::cert::{Certificate, CertificateWithPrivateKey};
    use certkit::key::{KeyPair, PublicKey};

    pub fn generate_ca_cert() -> CertificateWithPrivateKey {
        let ca_key = KeyPair::generate_ecdsa_p256();

        let subject_dn = DistinguishedName::builder()
            .common_name("myca.local".to_string())
            .build();

        let subject_public_key = PublicKey::from_key_pair(&ca_key);

        let ca_cert_info = CertificationRequestInfo::builder()
            .subject(subject_dn.clone())
            .subject_public_key(subject_public_key)
            .usages(vec![
                ExtendedKeyUsageOption::ServerAuth,
                ExtendedKeyUsageOption::ClientAuth,
            ])
            .extensions(vec![])
            .build();

        CertificateWithPrivateKey {
            cert: Certificate::new_self_signed(&ca_cert_info, &ca_key),
            key: ca_key,
        }
    }
}

#[cfg(feature = "p256")]
pub use impl_p256::generate_ca_cert;