Refactor

* simplify by removeing Ca and Entity types * cleanup print statements * rename `y_t()` function to `validity_period()` * cleanup
rustls · Oct 10, 2023 · 1c9d786 · 1c9d786
1 parent ccc9983
commit 1c9d786
Showing 1 changed file with 39 additions and 79 deletions.
diff --git a/examples/sign-leaf-with-ca.rs b/examples/sign-leaf-with-ca.rs
@@ -1,97 +1,57 @@
 use rcgen::{
-	date_time_ymd, BasicConstraints, Certificate, CertificateParams, CertificateSigningRequest,
-	DnType, ExtendedKeyUsagePurpose, IsCa, KeyUsagePurpose,
+	BasicConstraints, Certificate, CertificateParams, DnType, DnValue::PrintableString,
+	ExtendedKeyUsagePurpose, IsCa, KeyUsagePurpose,
 };
 use time::{Duration, OffsetDateTime};
-use x509_parser::certification_request::X509CertificationRequest;
-use x509_parser::prelude::FromDer;
 
 /// Example demonstrating signing end-endity certificate with ca
 fn main() {
-	let ca = Ca::new();
-	let entity = Entity::new();
+	let ca = new_ca();
+	let end_entity = new_end_entity();
 
-	println!("directly signed end-entity certificate:");
-	let direct = entity
-		.certificate
-		.serialize_pem_with_signer(&ca.certificate)
-		.unwrap();
-	println!("{direct}");
+	let end_entity_pem = end_entity.serialize_pem_with_signer(&ca).unwrap();
+	println!("directly signed end-entity certificate: {end_entity_pem}");
 
-	println!("ca certificate:");
-	let pem = ca.certificate.serialize_pem().unwrap();
+	let ca_cert_pem = ca.serialize_pem().unwrap();
 
-	println!("{}", pem);
+	println!("ca certificate: {ca_cert_pem}",);
 }
 
-struct Ca {
-	certificate: Certificate,
+fn new_ca() -> Certificate {
+	let mut params = CertificateParams::new(Vec::default());
+	let (yesterday, tomorrow) = validity_period();
+	params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
+	params
+		.distinguished_name
+		.push(DnType::CountryName, PrintableString("BR".into()));
+	params
+		.distinguished_name
+		.push(DnType::OrganizationName, "Crab widgits SE");
+	params.key_usages.push(KeyUsagePurpose::DigitalSignature);
+	params.key_usages.push(KeyUsagePurpose::KeyCertSign);
+	params.key_usages.push(KeyUsagePurpose::CrlSign);
+
+	params.not_before = yesterday;
+	params.not_after = tomorrow;
+	Certificate::from_params(params).unwrap()
 }
 
-impl Ca {
-	fn new() -> Self {
-		let mut params = CertificateParams::new(vec!["ca.some.host".to_owned()]);
-		let (yesterday, tomorrow) = y_t();
-		params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
-		params.distinguished_name.push(DnType::CountryName, "BR");
-		params
-			.distinguished_name
-			.push(DnType::OrganizationName, "Crab widgits SE");
-		params.key_usages.push(KeyUsagePurpose::DigitalSignature);
-		params.key_usages.push(KeyUsagePurpose::KeyCertSign);
-		params.key_usages.push(KeyUsagePurpose::CrlSign);
-
-		params.not_before = yesterday;
-		params.not_after = tomorrow;
-		Self {
-			certificate: Certificate::from_params(params).unwrap(),
-		}
-	}
-
-	fn create_cert(&self, csr_pem: &str) -> String {
-		let csr_der = x509_parser::pem::parse_x509_pem(csr_pem.as_bytes())
-			.unwrap()
-			.1;
-		let csr = X509CertificationRequest::from_der(&csr_der.contents)
-			.unwrap()
-			.1;
-		csr.verify_signature().unwrap();
-		let csr = CertificateSigningRequest::from_der(&csr_der.contents).unwrap();
-		csr.serialize_pem_with_signer(&self.certificate).unwrap()
-	}
-}
-
-struct Entity {
-	certificate: Certificate,
-}
-
-impl Entity {
-	fn new() -> Self {
-		let name = "entity.other.host";
-		let mut params = CertificateParams::new(vec!["entity.other.host".to_owned()]);
-		let (yesterday, tomorrow) = y_t();
-		params.distinguished_name.push(DnType::CommonName, name);
-		params.use_authority_key_identifier_extension = true;
-		params
-			.subject_alt_names
-			.push(rcgen::SanType::DnsName(name.into()));
-		params.key_usages.push(KeyUsagePurpose::DigitalSignature);
-		params
-			.extended_key_usages
-			.push(ExtendedKeyUsagePurpose::ServerAuth);
-		params.not_before = yesterday;
-		params.not_after = tomorrow;
-		Self {
-			certificate: Certificate::from_params(params).unwrap(),
-		}
-	}
-
-	fn create_csr(&self) -> String {
-		self.certificate.serialize_request_pem().unwrap()
-	}
+fn new_end_entity() -> Certificate {
+	let name = "entity.other.host";
+	let mut params = CertificateParams::new(vec!["entity.other.host".to_owned()]);
+	let (yesterday, tomorrow) = validity_period();
+	params.distinguished_name.push(DnType::CommonName, name);
+	params.use_authority_key_identifier_extension = true;
+	params.key_usages.push(KeyUsagePurpose::DigitalSignature);
+	params
+		.extended_key_usages
+		.push(ExtendedKeyUsagePurpose::ServerAuth);
+	params.not_before = yesterday;
+	params.not_after = tomorrow;
+	Certificate::from_params(params).unwrap()
 }
 
-fn y_t() -> (OffsetDateTime, OffsetDateTime) {
+fn validity_period() -> (OffsetDateTime, OffsetDateTime) {
 	let day = Duration::new(86400, 0);
 	let yesterday = OffsetDateTime::now_utc().checked_sub(day).unwrap();
 	let tomorrow = OffsetDateTime::now_utc().checked_add(day).unwrap();