1use native_ossl::pkey::KeygenCtx;
6use native_ossl::x509::{X509Builder, X509NameOwned};
7
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 let mut kgen = KeygenCtx::new(c"ED25519")?;
12 let priv_key = kgen.generate()?;
13 let pub_key = native_ossl::pkey::Pkey::<native_ossl::pkey::Public>::from(priv_key.clone());
14
15 let mut name = X509NameOwned::new()?;
18 name.add_entry_by_txt(c"CN", b"example.com")?;
19 name.add_entry_by_txt(c"O", b"Example Org")?;
20 name.add_entry_by_txt(c"C", b"US")?;
21
22 let cert = X509Builder::new()?
23 .set_version(2)? .set_serial_number(42)?
25 .set_not_before_offset(0)? .set_not_after_offset(365 * 86400)? .set_subject_name(&name)?
28 .set_issuer_name(&name)? .set_public_key(&pub_key)?
30 .sign(&priv_key, None)? .build();
32
33 if let Some(subject) = cert.subject_name().to_string() {
36 println!("Subject: {subject}");
37 }
38 if let Some(issuer) = cert.issuer_name().to_string() {
39 println!("Issuer: {issuer}");
40 }
41 if let Some(serial) = cert.serial_number() {
42 println!("Serial: {serial}");
43 }
44 if let Some(nb) = cert.not_before_str() {
45 println!("NotBefore: {nb}");
46 }
47 if let Some(na) = cert.not_after_str() {
48 println!("NotAfter: {na}");
49 }
50 println!("Valid now: {}", cert.is_valid_now());
51 println!("Self-signed: {}", cert.is_self_signed());
52
53 let der = cert.to_der()?;
56 let reloaded = native_ossl::x509::X509::from_der(&der)?;
57 assert_eq!(cert.to_der()?, reloaded.to_der()?);
58 println!("DER round-trip: OK ({} bytes)", der.len());
59
60 let pem = cert.to_pem()?;
63 println!("\nPEM certificate:\n{}", std::str::from_utf8(&pem)?);
64
65 cert.verify(&pub_key)?;
68 println!("Signature verification: OK");
69
70 Ok(())
71}