Skip to main content

uselesskey_rsa/
lib.rs

1#![forbid(unsafe_code)]
2
3//! RSA fixtures built on `uselesskey-core`.
4//!
5//! This crate is used by the `uselesskey` facade crate.
6//!
7//! # Usage
8//!
9//! The main entry point is the [`RsaFactoryExt`] trait, which adds the `.rsa()` method
10//! to [`Factory`](uselesskey_core::Factory).
11//!
12//! ```
13//! use uselesskey_core::Factory;
14//! use uselesskey_rsa::{RsaFactoryExt, RsaSpec};
15//!
16//! let fx = Factory::random();
17//! let keypair = fx.rsa("my-service", RsaSpec::rs256());
18//!
19//! // Access key material in various formats
20//! let private_pem = keypair.private_key_pkcs8_pem();
21//! let private_der = keypair.private_key_pkcs8_der();
22//! let public_pem = keypair.public_key_spki_pem();
23//! let public_der = keypair.public_key_spki_der();
24//!
25//! assert!(private_pem.contains("BEGIN PRIVATE KEY"));
26//! ```
27//!
28//! # Deterministic Mode
29//!
30//! Use deterministic mode for reproducible test fixtures:
31//!
32//! ```
33//! use uselesskey_core::{Factory, Seed};
34//! use uselesskey_rsa::{RsaFactoryExt, RsaSpec};
35//!
36//! let seed = Seed::from_env_value("test-seed").unwrap();
37//! let fx = Factory::deterministic(seed);
38//!
39//! // Same seed + label + spec = same key
40//! let key1 = fx.rsa("issuer", RsaSpec::rs256());
41//! let key2 = fx.rsa("issuer", RsaSpec::rs256());
42//! assert_eq!(key1.private_key_pkcs8_pem(), key2.private_key_pkcs8_pem());
43//!
44//! // Different labels produce different keys
45//! let key3 = fx.rsa("other", RsaSpec::rs256());
46//! assert_ne!(key1.private_key_pkcs8_pem(), key3.private_key_pkcs8_pem());
47//! ```
48//!
49//! # Negative Fixtures
50//!
51//! Generate intentionally broken keys for testing error handling:
52//!
53//! ```
54//! use uselesskey_core::Factory;
55//! use uselesskey_core::negative::CorruptPem;
56//! use uselesskey_rsa::{RsaFactoryExt, RsaSpec};
57//!
58//! let fx = Factory::random();
59//! let keypair = fx.rsa("test", RsaSpec::rs256());
60//!
61//! // Corrupted PEM
62//! let bad_pem = keypair.private_key_pkcs8_pem_corrupt(CorruptPem::BadHeader);
63//!
64//! // Truncated DER
65//! let truncated = keypair.private_key_pkcs8_der_truncated(10);
66//!
67//! // Mismatched public key (valid but from a different keypair)
68//! let wrong_pub = keypair.mismatched_public_key_spki_der();
69//! ```
70
71mod keypair;
72mod spec;
73
74pub use keypair::{DOMAIN_RSA_KEYPAIR, RsaFactoryExt, RsaKeyPair};
75pub use spec::RsaSpec;