1 unstable release
0.1.1 | Aug 18, 2024 |
---|---|
0.1.0 |
|
#1995 in Cryptography
32KB
292 lines
certgenutil
generating self-signed certificates , creating server certificates signed by a Certificate Authority (CA)
lib.rs
:
Certificate Generation and Handling Library
This Rust library provides functionality for generating self-signed certificates, creating server certificates signed by a Certificate Authority (CA), and handling certificate loading and saving operations. It leverages the rustls_pki_types
, rcgen
, and pem
crates to achieve these tasks.
Features
- Self-Signed Certificate Generation: Create self-signed certificates with specified parameters.
- CA-Signed Certificate Generation: Generate server certificates signed by a CA certificate.
- Certificate Loading: Load certificates and private keys from PEM files or PEM-formatted strings.
- Certificate Saving: Convert certificates and private keys to PEM format for storage or transmission.
Error Handling
The library defines a CertGenError
enumeration to represent various errors that might occur during certificate handling, including I/O errors, generation failures, parse errors, and other miscellaneous errors.
Usage
Generating a Self-Signed CA Certificate
use certgenutil::generate_self_signed_cert;
let (cert, private_key) = generate_self_signed_cert(
"example.com",
true,
365,
vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();
Generating a Server Certificate Signed by a CA
Using a CA Certificate File
use certgenutil::generate_server_cert_by_ca_file;
use std::path::PathBuf;
let ca_file_path = PathBuf::from("ca.pem");
let (cert, private_key) = generate_server_cert_by_ca_file(
ca_file_path,
"example.com",
365,
vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();
Using a CA Certificate PEM String
use certgenutil::generate_server_cert_by_ca_pem;
let ca_pem = String::from(r#"-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgIUNcB9KoFex2HVOvNXIZzfN/7QyMUwCgYIKoZIzj0EAwIw
ETEPMA0GA1UEAwwGcm9vdGNhMB4XDTI0MDgxODA0NDEwOFoXDTI1MDgxODA0NDEw
OFowETEPMA0GA1UEAwwGcm9vdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
0kzg73SoZ82snyWboqjKbrlgvavvzduYSWmn2x6NBejWlPLLxdtMxiY0NVfSXq+I
9eBqzr88yV7QC79yH+GxyKNWMFQwEgYDVR0RBAswCYIHYWJjLmNvbTAOBgNVHQ8B
Af8EBAMCAQYwHQYDVR0OBBYEFP/KV01ye89Wwfde0wic7i+StpidMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgfQlSU05caJtz8XxJvA/AmHSQkroy
YUloxc/s1mQKR9ICIQD9twx295ClByM7bjsHsGNnORok3szuCuJiQaX9o5DR1w==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSnXLALeEZnbLdbRT
T4IumE9TztYMJTF97pMQFpF0zByhRANCAATSTODvdKhnzayfJZuiqMpuuWC9q+/N
25hJaafbHo0F6NaU8svF20zGJjQ1V9Jer4j14GrOvzzJXtALv3If4bHI
-----END PRIVATE KEY-----"#);
let (cert, private_key) = generate_server_cert_by_ca_pem(
ca_pem,
"example.com",
365,
vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();
Loading Certificates and Private Keys
From PEM Files
use certgenutil::{load_cert_from_pem_file, load_key_from_pem_file};
use std::path::PathBuf;
let cert_path = PathBuf::from("ca.pem");
let key_path = PathBuf::from("ca.pem");
let cert = load_cert_from_pem_file(cert_path).unwrap();
let key = load_key_from_pem_file(key_path).unwrap();
From PEM Strings
use certgenutil::{load_cert_from_pem_str, load_key_from_pem_str};
let cert_pem = r#"-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgIUBH8zfLAlg0h8FQUc8wZjJlrPWrgwCgYIKoZIzj0EAwIw
ETEPMA0GA1UEAwwGcm9vdGNhMB4XDTI0MDgxODA0MzMxMFoXDTI1MDgxODA0MzMx
MFowETEPMA0GA1UEAwwGcm9vdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
8GuAphYzDWDsTbuXaQcZt28NAgVJJC2RRj+h76CtfpIH/VonRCEBsRtS6UOWXvi9
QX7bO+evfMFvpyJq7IE9KaNWMFQwEgYDVR0RBAswCYIHYWJjLmNvbTAOBgNVHQ8B
Af8EBAMCAQYwHQYDVR0OBBYEFPK0E8CY4Hv2FQurWHogzHeXWIYWMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKvhoh2oz+WZ3Ry0du8saLwqAFBz
Kdpn9dwKE0NF3Ju9AiAs2ZO7fDaMxEkeFIqZi1XktTNWOzSMrjuZDknC2tZugQ==
-----END CERTIFICATE-----"#;
let key_pem = r#"-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPY2goeIEayj3JLGR
/eRUTD7CAevRscPGxSWAbcWOpYChRANCAATwa4CmFjMNYOxNu5dpBxm3bw0CBUkk
LZFGP6HvoK1+kgf9WidEIQGxG1LpQ5Ze+L1Bfts75698wW+nImrsgT0p
-----END PRIVATE KEY-----"#;
let cert = load_cert_from_pem_str(cert_pem).unwrap();
let key = load_key_from_pem_str(key_pem).unwrap();
Converting to PEM Format
use certgenutil::{get_cert_pem, get_key_pem,load_cert_from_pem_file,load_key_from_pem_file};
let cert = load_cert_from_pem_file("ca.pem").unwrap();
let key = load_key_from_pem_file("ca.pem").unwrap();
let cert_pem = get_cert_pem(&cert);
let key_pem = get_key_pem(&key).unwrap();
Dependencies
rustls_pki_types
rcgen
pem
thiserror
License
This library is licensed under the MIT license. See the LICENSE file for more details.
Contributing
Contributions are welcome! Please open an issue or submit a pull request on the GitHub repository.
Contact
For questions or support, please contact linfengfeiye@qq.com.
Dependencies
~66MB
~1.5M SLoC