Skip to main content

uselesskey_x509/
lib.rs

1#![forbid(unsafe_code)]
2
3//! X.509 certificate fixtures built on `uselesskey-core`.
4//!
5//! This crate provides self-signed certificate generation and certificate chain
6//! generation for testing TLS and X.509-related functionality without committing
7//! certificate files to version control.
8//!
9//! # Quick Start
10//!
11//! ```
12//! use uselesskey_core::Factory;
13//! use uselesskey_x509::{X509FactoryExt, X509Spec};
14//!
15//! let factory = Factory::random();
16//! let spec = X509Spec::self_signed("test.example.com");
17//! let cert = factory.x509_self_signed("my-service", spec);
18//!
19//! // Access certificate in various formats
20//! let cert_pem = cert.cert_pem();
21//! let key_pem = cert.private_key_pkcs8_pem();
22//!
23//! assert!(cert_pem.contains("-----BEGIN CERTIFICATE-----"));
24//! assert!(key_pem.contains("-----BEGIN PRIVATE KEY-----"));
25//! ```
26//!
27//! # Certificate Chains
28//!
29//! Generate a three-level chain (root CA → intermediate CA → leaf):
30//!
31//! ```
32//! use uselesskey_core::Factory;
33//! use uselesskey_x509::{X509FactoryExt, ChainSpec};
34//!
35//! let factory = Factory::random();
36//! let spec = ChainSpec::new("test.example.com");
37//! let chain = factory.x509_chain("my-service", spec);
38//!
39//! // Standard TLS chain (leaf + intermediate)
40//! let chain_pem = chain.chain_pem();
41//! assert_eq!(chain_pem.matches("-----BEGIN CERTIFICATE-----").count(), 2);
42//!
43//! // Individual certs
44//! let leaf_pem = chain.leaf_cert_pem();
45//! let root_pem = chain.root_cert_pem();
46//! ```
47//!
48//! # Negative Fixtures
49//!
50//! Generate intentionally invalid certificates for testing error handling:
51//!
52//! ```
53//! use uselesskey_core::Factory;
54//! use uselesskey_x509::{X509FactoryExt, X509Spec};
55//!
56//! let factory = Factory::random();
57//! let spec = X509Spec::self_signed("test.example.com");
58//! let cert = factory.x509_self_signed("test", spec);
59//!
60//! // Get an expired certificate
61//! let expired = cert.expired();
62//!
63//! // Get a not-yet-valid certificate
64//! let not_valid = cert.not_yet_valid();
65//!
66//! // Corrupt the PEM encoding
67//! use uselesskey_core::negative::CorruptPem;
68//! let bad_pem = cert.corrupt_cert_pem(CorruptPem::BadHeader);
69//! ```
70
71mod cert;
72mod chain;
73mod chain_negative;
74pub mod negative;
75#[cfg(test)]
76mod testutil;
77
78pub use cert::{DOMAIN_X509_CERT, X509Cert, X509FactoryExt};
79pub use chain::{DOMAIN_X509_CHAIN, X509Chain};
80pub use uselesskey_core_x509::{
81    ChainNegative, ChainSpec, KeyUsage, NotBeforeOffset, X509Negative, X509Spec,
82};