Expand description
X.509 certificate fixtures built on uselesskey-core.
This crate provides self-signed certificate generation and certificate chain generation for testing TLS and X.509-related functionality without committing certificate files to version control.
§Quick Start
use uselesskey_core::Factory;
use uselesskey_x509::{X509FactoryExt, X509Spec};
let factory = Factory::random();
let spec = X509Spec::self_signed("test.example.com");
let cert = factory.x509_self_signed("my-service", spec);
// Access certificate in various formats
let cert_pem = cert.cert_pem();
let key_pem = cert.private_key_pkcs8_pem();
assert!(cert_pem.contains("-----BEGIN CERTIFICATE-----"));
assert!(key_pem.contains("-----BEGIN PRIVATE KEY-----"));§Certificate Chains
Generate a three-level chain (root CA → intermediate CA → leaf):
use uselesskey_core::Factory;
use uselesskey_x509::{X509FactoryExt, ChainSpec};
let factory = Factory::random();
let spec = ChainSpec::new("test.example.com");
let chain = factory.x509_chain("my-service", spec);
// Standard TLS chain (leaf + intermediate)
let chain_pem = chain.chain_pem();
assert_eq!(chain_pem.matches("-----BEGIN CERTIFICATE-----").count(), 2);
// Individual certs
let leaf_pem = chain.leaf_cert_pem();
let root_pem = chain.root_cert_pem();§Negative Fixtures
Generate intentionally invalid certificates for testing error handling:
use uselesskey_core::Factory;
use uselesskey_x509::{X509FactoryExt, X509Spec};
let factory = Factory::random();
let spec = X509Spec::self_signed("test.example.com");
let cert = factory.x509_self_signed("test", spec);
// Get an expired certificate
let expired = cert.expired();
// Get a not-yet-valid certificate
let not_valid = cert.not_yet_valid();
// Corrupt the PEM encoding
use uselesskey_core::negative::CorruptPem;
let bad_pem = cert.corrupt_cert_pem(CorruptPem::BadHeader);Modules§
- negative
- X.509 negative-fixture helpers.
Structs§
- Chain
Spec - Specification for generating a three-level X.509 certificate chain (root CA -> intermediate CA -> leaf).
- KeyUsage
- Key usage flags for X.509 certificates.
- X509
Cert - An X.509 certificate fixture.
- X509
Chain - A three-level X.509 certificate chain (root CA → intermediate CA → leaf).
- X509
Spec - Specification for generating an X.509 certificate.
Enums§
- Chain
Negative - Types of invalid certificate chains for negative testing.
- NotBefore
Offset - Offset for the not_before field.
- X509
Negative - Types of invalid X.509 certificates for negative testing.
Constants§
- DOMAIN_
X509_ CERT - Cache domain for X.509 certificate fixtures.
- DOMAIN_
X509_ CHAIN - Cache domain for X.509 certificate chain fixtures.
Traits§
- X509
Factory Ext - Extension trait to add X.509 certificate generation to
Factory.