uselesskey_core_x509_spec/lib.rs
1#![forbid(unsafe_code)]
2
3//! X.509 fixture spec models and stable encoding helpers.
4//!
5//! This crate centralizes reusable X.509 fixture modeling:
6//! - self-signed/chain spec types (`X509Spec`, `ChainSpec`)
7//! - key-usage and not-before offset policy enums
8//! - stable byte encodings used as deterministic derivation inputs
9//!
10//! # Examples
11//!
12//! Create a self-signed leaf spec with SANs via the builder API:
13//!
14//! ```
15//! use uselesskey_core_x509_spec::{X509Spec, NotBeforeOffset};
16//!
17//! let spec = X509Spec::self_signed("myapp.example.com")
18//! .with_validity_days(90)
19//! .with_sans(vec!["myapp.example.com".into(), "api.example.com".into()])
20//! .with_rsa_bits(4096);
21//!
22//! assert_eq!(spec.subject_cn, "myapp.example.com");
23//! assert_eq!(spec.validity_days, 90);
24//! assert!(!spec.is_ca);
25//!
26//! // stable_bytes is used for deterministic derivation — same spec always
27//! // produces the same bytes.
28//! assert_eq!(spec.stable_bytes(), spec.stable_bytes());
29//! ```
30//!
31//! Create a CA certificate spec:
32//!
33//! ```
34//! use uselesskey_core_x509_spec::X509Spec;
35//!
36//! let ca = X509Spec::self_signed_ca("My Test CA");
37//! assert!(ca.is_ca);
38//! assert!(ca.key_usage.key_cert_sign);
39//! ```
40
41mod chain_spec;
42mod spec;
43
44pub use chain_spec::ChainSpec;
45pub use spec::{KeyUsage, NotBeforeOffset, X509Spec};