use rustls::{sign::SigningKey, SignatureAlgorithm, SignatureScheme};
use rustls_cng::{
signer::CngSigningKey,
store::{CertStore, Pkcs12Flags},
};
const PFX: &[u8] = include_bytes!("assets/rustls-ec.p12");
const PASSWORD: &str = "changeit";
const MESSAGE: &str = "Security is our business";
#[test]
fn test_sign() {
let store = CertStore::from_pkcs12(PFX, PASSWORD, Pkcs12Flags::default())
.expect("Cannot open cert store");
let context = store
.find_by_subject_str("rustls")
.expect("No signer certificate")
.into_iter()
.next()
.unwrap();
let offered = vec![
SignatureScheme::RSA_PKCS1_SHA256,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_NISTP384_SHA384,
];
let key = context.acquire_key(true).unwrap();
let signing_key = CngSigningKey::new(key).unwrap();
assert_eq!(signing_key.algorithm(), SignatureAlgorithm::ECDSA);
let signer = signing_key.choose_scheme(&offered).unwrap();
assert_eq!(signer.scheme(), SignatureScheme::ECDSA_NISTP384_SHA384);
let signature = signer.sign(MESSAGE.as_bytes()).unwrap();
assert!(signature.len() >= 102);
}