From 6089be48f8110fd4b24ec070f425f7054e07b5f7 Mon Sep 17 00:00:00 2001 From: tbro Date: Mon, 9 Oct 2023 18:26:29 -0500 Subject: [PATCH] Add example of generating a cert chain Generate two certficates and sign the second with the first. Addresses --- Cargo.toml | 4 ++++ examples/sign-leaf-with-ca.rs | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 examples/sign-leaf-with-ca.rs diff --git a/Cargo.toml b/Cargo.toml index 04877fd4..654a91ff 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,6 +26,10 @@ required-features = ["pem"] name = "rsa-irc-openssl" required-features = ["pem"] +[[example]] +name = "sign-leaf-with-ca" +required-features = ["x509-parser"] + [dependencies] yasna = { version = "0.5.2", features = ["time", "std"] } ring = "0.16" diff --git a/examples/sign-leaf-with-ca.rs b/examples/sign-leaf-with-ca.rs new file mode 100644 index 00000000..c725daa5 --- /dev/null +++ b/examples/sign-leaf-with-ca.rs @@ -0,0 +1,33 @@ +use rcgen::{BasicConstraints, Certificate, CertificateParams, IsCa}; +use std::fs; + +fn main() -> Result<(), Box> { + let mut ca_params: CertificateParams = Default::default(); + let mut leaf_params: CertificateParams = Default::default(); + ca_params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); + leaf_params.is_ca = IsCa::NoCa; + let ca_cert = Certificate::from_params(ca_params)?; + let leaf_cert = Certificate::from_params(leaf_params)?; + + // in order to sign leaf certificate we pass the ca cert in when + // serializing + let leaf_serialized = leaf_cert.serialize_pem_with_signer(&ca_cert)?; + let ca_serialized = ca_cert.serialize_pem()?; + + println!("{ca_serialized}"); + println!("{leaf_serialized}"); + println!("{}", leaf_cert.serialize_private_key_pem()); + std::fs::create_dir_all("certs/")?; + fs::write("certs/root-ca.pem", &ca_serialized.as_bytes())?; + fs::write( + "certs/root-ca.key.pem", + &ca_cert.serialize_private_key_pem(), + )?; + fs::write("certs/cert.pem", &leaf_serialized.as_bytes())?; + fs::write( + "certs/key.pem", + &leaf_cert.serialize_private_key_pem().as_bytes(), + )?; + fs::write("certs/key.der", &leaf_cert.serialize_private_key_der())?; + Ok(()) +}