From 1c9d786ad9cad7eee2ac36f481dd15e1affc6b34 Mon Sep 17 00:00:00 2001 From: tbro Date: Tue, 10 Oct 2023 16:14:58 -0500 Subject: [PATCH] Refactor * simplify by removeing Ca and Entity types * cleanup print statements * rename `y_t()` function to `validity_period()` * cleanup --- examples/sign-leaf-with-ca.rs | 118 +++++++++++----------------------- 1 file changed, 39 insertions(+), 79 deletions(-) diff --git a/examples/sign-leaf-with-ca.rs b/examples/sign-leaf-with-ca.rs index 5d93aa00..60795207 100644 --- a/examples/sign-leaf-with-ca.rs +++ b/examples/sign-leaf-with-ca.rs @@ -1,97 +1,57 @@ use rcgen::{ - date_time_ymd, BasicConstraints, Certificate, CertificateParams, CertificateSigningRequest, - DnType, ExtendedKeyUsagePurpose, IsCa, KeyUsagePurpose, + BasicConstraints, Certificate, CertificateParams, DnType, DnValue::PrintableString, + ExtendedKeyUsagePurpose, IsCa, KeyUsagePurpose, }; use time::{Duration, OffsetDateTime}; -use x509_parser::certification_request::X509CertificationRequest; -use x509_parser::prelude::FromDer; /// Example demonstrating signing end-endity certificate with ca fn main() { - let ca = Ca::new(); - let entity = Entity::new(); + let ca = new_ca(); + let end_entity = new_end_entity(); - println!("directly signed end-entity certificate:"); - let direct = entity - .certificate - .serialize_pem_with_signer(&ca.certificate) - .unwrap(); - println!("{direct}"); + let end_entity_pem = end_entity.serialize_pem_with_signer(&ca).unwrap(); + println!("directly signed end-entity certificate: {end_entity_pem}"); - println!("ca certificate:"); - let pem = ca.certificate.serialize_pem().unwrap(); + let ca_cert_pem = ca.serialize_pem().unwrap(); - println!("{}", pem); + println!("ca certificate: {ca_cert_pem}",); } -struct Ca { - certificate: Certificate, +fn new_ca() -> Certificate { + let mut params = CertificateParams::new(Vec::default()); + let (yesterday, tomorrow) = validity_period(); + params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); + params + .distinguished_name + .push(DnType::CountryName, PrintableString("BR".into())); + params + .distinguished_name + .push(DnType::OrganizationName, "Crab widgits SE"); + params.key_usages.push(KeyUsagePurpose::DigitalSignature); + params.key_usages.push(KeyUsagePurpose::KeyCertSign); + params.key_usages.push(KeyUsagePurpose::CrlSign); + + params.not_before = yesterday; + params.not_after = tomorrow; + Certificate::from_params(params).unwrap() } -impl Ca { - fn new() -> Self { - let mut params = CertificateParams::new(vec!["ca.some.host".to_owned()]); - let (yesterday, tomorrow) = y_t(); - params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); - params.distinguished_name.push(DnType::CountryName, "BR"); - params - .distinguished_name - .push(DnType::OrganizationName, "Crab widgits SE"); - params.key_usages.push(KeyUsagePurpose::DigitalSignature); - params.key_usages.push(KeyUsagePurpose::KeyCertSign); - params.key_usages.push(KeyUsagePurpose::CrlSign); - - params.not_before = yesterday; - params.not_after = tomorrow; - Self { - certificate: Certificate::from_params(params).unwrap(), - } - } - - fn create_cert(&self, csr_pem: &str) -> String { - let csr_der = x509_parser::pem::parse_x509_pem(csr_pem.as_bytes()) - .unwrap() - .1; - let csr = X509CertificationRequest::from_der(&csr_der.contents) - .unwrap() - .1; - csr.verify_signature().unwrap(); - let csr = CertificateSigningRequest::from_der(&csr_der.contents).unwrap(); - csr.serialize_pem_with_signer(&self.certificate).unwrap() - } -} - -struct Entity { - certificate: Certificate, -} - -impl Entity { - fn new() -> Self { - let name = "entity.other.host"; - let mut params = CertificateParams::new(vec!["entity.other.host".to_owned()]); - let (yesterday, tomorrow) = y_t(); - params.distinguished_name.push(DnType::CommonName, name); - params.use_authority_key_identifier_extension = true; - params - .subject_alt_names - .push(rcgen::SanType::DnsName(name.into())); - params.key_usages.push(KeyUsagePurpose::DigitalSignature); - params - .extended_key_usages - .push(ExtendedKeyUsagePurpose::ServerAuth); - params.not_before = yesterday; - params.not_after = tomorrow; - Self { - certificate: Certificate::from_params(params).unwrap(), - } - } - - fn create_csr(&self) -> String { - self.certificate.serialize_request_pem().unwrap() - } +fn new_end_entity() -> Certificate { + let name = "entity.other.host"; + let mut params = CertificateParams::new(vec!["entity.other.host".to_owned()]); + let (yesterday, tomorrow) = validity_period(); + params.distinguished_name.push(DnType::CommonName, name); + params.use_authority_key_identifier_extension = true; + params.key_usages.push(KeyUsagePurpose::DigitalSignature); + params + .extended_key_usages + .push(ExtendedKeyUsagePurpose::ServerAuth); + params.not_before = yesterday; + params.not_after = tomorrow; + Certificate::from_params(params).unwrap() } -fn y_t() -> (OffsetDateTime, OffsetDateTime) { +fn validity_period() -> (OffsetDateTime, OffsetDateTime) { let day = Duration::new(86400, 0); let yesterday = OffsetDateTime::now_utc().checked_sub(day).unwrap(); let tomorrow = OffsetDateTime::now_utc().checked_add(day).unwrap();