Overview
This is a simple library for creating and parsing X509 certificates.
A Library featuring:
- Build X509 certificates
- Encode certificates to DER format
- Signing with external crypto function
- Decoding of X509 certificates from DER format
- Verifying with external crypto function
- Encoding/decoding operations for frequently using extensions
Usage
Create and verify self-signed CA certificate
use simple_x509::*;
fn sign_fn(data: &Vec<u8>, sign_key: &Vec<u8>) -> Option<Vec<u8>> {
}
fn verify_fn(pub_key: &Vec<u8>, data: &Vec<u8>, sign: &Vec<u8>) -> Option<bool> {
}
fn main() {
let country = "AU";
let state = "Some-State";
let organization = "Internet Widgits Pty Ltd";
let pub_key = std::fs::read("rsa_pub.der").unwrap();
let x = X509Builder::new(vec![0xf2, 0xf9, 0xd8, 0x03])
.version(2)
.issuer_prstr(vec![2, 5, 4, 6], country)
.issuer_utf8(vec![2, 5, 4, 8], state)
.issuer_utf8(vec![2, 5, 4, 10], organization)
.subject_prstr(vec![2, 5, 4, 6], country)
.subject_utf8(vec![2, 5, 4, 8], state)
.subject_utf8(vec![2, 5, 4, 10], organization)
.not_before_utc(1_619_014_703)
.not_after_utc(1_650_550_703)
.pub_key_der(&pub_key)
.sign_oid(vec![1, 2, 840, 113549, 1, 1, 11])
.build();
let sign_key = std::fs::read("rsa.pkcs8").unwrap();
let cert = x.sign(sign_fn, &sign_key).unwrap());
let der = cert.x509_enc().unwrap());
let x2 = der.x509_dec().unwrap());
let pub_key2 = x2.pub_key().unwrap();
let res = x2.verify(verify_fn, &pub_key2);
}