uselesskey_core_x509/lib.rs
1#![forbid(unsafe_code)]
2
3//! Deterministic X.509 fixture policy helpers.
4//!
5//! This crate centralizes reusable policy used by X.509 fixture producers:
6//! - X.509 negative-policy types used by fixture generators
7//! - re-exports of X.509 spec models from `uselesskey-core-x509-spec`
8//! - re-exports of deterministic derivation helpers from
9//! `uselesskey-core-x509-derive`
10//!
11//! # Examples
12//!
13//! Create an expired certificate spec using [`X509Negative`]:
14//!
15//! ```
16//! use uselesskey_core_x509::{X509Negative, X509Spec, NotBeforeOffset};
17//!
18//! let base = X509Spec::self_signed("example.com");
19//! let expired = X509Negative::Expired.apply_to_spec(&base);
20//!
21//! assert_eq!(expired.not_before_offset, NotBeforeOffset::DaysAgo(395));
22//! assert_eq!(expired.validity_days, 365);
23//! ```
24//!
25//! Build a chain spec and apply a hostname-mismatch negative:
26//!
27//! ```
28//! use uselesskey_core_x509::{ChainNegative, ChainSpec};
29//!
30//! let base = ChainSpec::new("api.example.com");
31//! let neg = ChainNegative::HostnameMismatch {
32//! wrong_hostname: "evil.example.com".to_string(),
33//! };
34//! let modified = neg.apply_to_spec(&base);
35//! assert_eq!(modified.leaf_cn, "evil.example.com");
36//! ```
37
38mod negative;
39
40pub use negative::{ChainNegative, X509Negative};
41pub use uselesskey_core_x509_derive::{
42 BASE_TIME_EPOCH_UNIX, BASE_TIME_WINDOW_DAYS, SERIAL_NUMBER_BYTES, deterministic_base_time,
43 deterministic_base_time_from_parts, deterministic_serial_number, write_len_prefixed,
44};
45pub use uselesskey_core_x509_spec::{ChainSpec, KeyUsage, NotBeforeOffset, X509Spec};