trifid_pki/lib.rs
1//! # trifid-pki
2//! trifid-pki is a crate for interacting with the Nebula PKI system. It was created to prevent the need to make constant CLI calls for signing operations in Nebula.
3//! It is designed to be interoperable with the original Go implementation and as such has some oddities with key management to ensure compatability.
4//!
5//! This crate has not received any formal security audits, however the underlying crates used for actual cryptographic operations (ed25519-dalek and curve25519-dalek) have been audited with no major issues.
6//! # Examples
7//! ## Load a certificate from PEM
8//! ```rust
9//! use trifid_pki::cert::deserialize_nebula_certificate_from_pem;
10//! let cert_bytes = b"-----BEGIN NEBULA CERTIFICATE-----
11//! CmUKCGNvcmUtdHdyEgmBhMRQgID4/w8orp+/nAYwlIXEqwY6IDBOYnnYci8P2Nlm
12//! +qcK2u7AjEZJ1IZFe7A4viQ3U6dHSiBWhg3tPRS387d8oqBi7l1oPdBrNfh0RtjW
13//! p+kjtqd4PRJA611raI7aDTbpJSGcCY/yeZ5CIHoJP32bfYdYI8oFsuDTp0ndL8nO
14//! yBHtmihl1xxNU8/f0b9+bVBYvZ7NOI3fDQ==
15//! -----END NEBULA CERTIFICATE-----";
16//! let cert = deserialize_nebula_certificate_from_pem(cert_bytes).unwrap();
17//! println!("{}", cert);
18//! // NebulaCertificate {
19//! // Details {
20//! // Name: core-twr
21//! // Ips: [10.17.2.1/15]
22//! // Subnets: []
23//! // Gruops: []
24//! // Not before: SystemTime { tv_sec: 1670369198, tv_nsec: 0 }
25//! // Not after: SystemTime { tv_sec: 1701905044, tv_nsec: 0 }
26//! // Is CA: false
27//! // Issuer: 56860ded3d14b7f3b77ca2a062ee5d683dd06b35f87446d8d6a7e923b6a7783d
28//! // Public key: 304e6279d8722f0fd8d966faa70adaeec08c4649d486457bb038be243753a747
29//! // }
30//! // Fingerprint: c1a723acf8a1c8a438eb1f8efb756eb9e1a3c529d5b93cd143d282ca87e549b4
31//! // Signature: eb5d6b688eda0d36e925219c098ff2799e42207a093f7d9b7d875823ca05b2e0d3a749dd2fc9cec811ed9a2865d71c4d53cfdfd1bf7e6d5058bd9ecd388ddf0d
32//! // }
33//! ```
34
35#![warn(clippy::pedantic)]
36#![warn(clippy::nursery)]
37#![deny(clippy::unwrap_used)]
38#![deny(clippy::expect_used)]
39#![deny(missing_docs)]
40#![deny(clippy::missing_errors_doc)]
41#![deny(clippy::missing_panics_doc)]
42#![deny(clippy::missing_safety_doc)]
43#![allow(clippy::must_use_candidate)]
44#![allow(clippy::too_many_lines)]
45#![allow(clippy::module_name_repetitions)]
46
47pub use ed25519_dalek;
48pub use rand_core;
49pub use x25519_dalek;
50
51extern crate core;
52
53pub mod ca;
54pub mod cert;
55#[cfg(not(tarpaulin_include))]
56pub(crate) mod cert_codec;
57#[cfg(test)]
58#[macro_use]
59pub mod test;
60
61/// Get the compiled version of trifid-pki.
62pub const TRIFID_PKI_VERSION: &str = env!("CARGO_PKG_VERSION");