uselesskey-x509 0.9.0

X.509 self-signed and chain certificate fixtures with negative variants for tests.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

#![forbid(unsafe_code)]

//! X.509 certificate fixtures built on `uselesskey-core`.
//!
//! This crate provides self-signed certificate generation and certificate chain
//! generation for testing TLS and X.509-related functionality without committing
//! certificate files to version control.
//!
//! # Quick Start
//!
//! ```
//! use uselesskey_core::Factory;
//! use uselesskey_x509::{X509FactoryExt, X509Spec};
//!
//! let factory = Factory::random();
//! let spec = X509Spec::self_signed("test.example.com");
//! let cert = factory.x509_self_signed("my-service", spec);
//!
//! // Access certificate in various formats
//! let cert_pem = cert.cert_pem();
//! let key_pem = cert.private_key_pkcs8_pem();
//!
//! assert!(cert_pem.contains("-----BEGIN CERTIFICATE-----"));
//! assert!(key_pem.contains("-----BEGIN PRIVATE KEY-----"));
//! ```
//!
//! # Certificate Chains
//!
//! Generate a three-level chain (root CA → intermediate CA → leaf):
//!
//! ```
//! use uselesskey_core::Factory;
//! use uselesskey_x509::{X509FactoryExt, ChainSpec};
//!
//! let factory = Factory::random();
//! let spec = ChainSpec::new("test.example.com");
//! let chain = factory.x509_chain("my-service", spec);
//!
//! // Standard TLS chain (leaf + intermediate)
//! let chain_pem = chain.chain_pem();
//! assert_eq!(chain_pem.matches("-----BEGIN CERTIFICATE-----").count(), 2);
//!
//! // Individual certs
//! let leaf_pem = chain.leaf_cert_pem();
//! let root_pem = chain.root_cert_pem();
//! ```
//!
//! # Negative Fixtures
//!
//! Generate intentionally invalid certificates for testing error handling:
//!
//! ```
//! use uselesskey_core::Factory;
//! use uselesskey_x509::{X509FactoryExt, X509Spec};
//!
//! let factory = Factory::random();
//! let spec = X509Spec::self_signed("test.example.com");
//! let cert = factory.x509_self_signed("test", spec);
//!
//! // Get an expired certificate
//! let expired = cert.expired();
//!
//! // Get a not-yet-valid certificate
//! let not_valid = cert.not_yet_valid();
//!
//! // Corrupt the PEM encoding
//! use uselesskey_core::negative::CorruptPem;
//! let bad_pem = cert.corrupt_cert_pem(CorruptPem::BadHeader);
//! ```

mod cert;
mod chain;
mod chain_negative;
pub mod negative;
#[doc(hidden)]
pub mod srp;
#[cfg(test)]
mod testutil;

pub use cert::{DOMAIN_X509_CERT, X509Cert, X509FactoryExt};
pub use chain::{DOMAIN_X509_CHAIN, X509Chain};
pub use srp::chain_negative::ChainNegative;
pub use srp::negative::X509Negative;
pub use srp::spec::{ChainSpec, KeyUsage, NotBeforeOffset, X509Spec};