Lib.rs

Cryptography
#certificate #private-key #self-signed #pem #server #ca #generate

certgenutil

generating self-signed certificates , creating server certificates signed by a Certificate Authority (CA)

by sujiacong

1 unstable release

0.1.1 Aug 18, 2024
0.1.0 Aug 18, 2024

#1867 in Cryptography

MIT license

32KB
292 lines

certgenutil

generating self-signed certificates , creating server certificates signed by a Certificate Authority (CA)

lib.rs:

Certificate Generation and Handling Library

This Rust library provides functionality for generating self-signed certificates, creating server certificates signed by a Certificate Authority (CA), and handling certificate loading and saving operations. It leverages the rustls_pki_types, rcgen, and pem crates to achieve these tasks.

Features

  • Self-Signed Certificate Generation: Create self-signed certificates with specified parameters.
  • CA-Signed Certificate Generation: Generate server certificates signed by a CA certificate.
  • Certificate Loading: Load certificates and private keys from PEM files or PEM-formatted strings.
  • Certificate Saving: Convert certificates and private keys to PEM format for storage or transmission.

Error Handling

The library defines a CertGenError enumeration to represent various errors that might occur during certificate handling, including I/O errors, generation failures, parse errors, and other miscellaneous errors.

Usage

Generating a Self-Signed CA Certificate

use certgenutil::generate_self_signed_cert;

let (cert, private_key) = generate_self_signed_cert(
    "example.com",
    true,
    365,
    vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();

Generating a Server Certificate Signed by a CA

Using a CA Certificate File

use certgenutil::generate_server_cert_by_ca_file;
use std::path::PathBuf;

let ca_file_path = PathBuf::from("ca.pem");
let (cert, private_key) = generate_server_cert_by_ca_file(
    ca_file_path,
    "example.com",
    365,
    vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();

Using a CA Certificate PEM String

use certgenutil::generate_server_cert_by_ca_pem;

let ca_pem = String::from(r#"-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgIUNcB9KoFex2HVOvNXIZzfN/7QyMUwCgYIKoZIzj0EAwIw
ETEPMA0GA1UEAwwGcm9vdGNhMB4XDTI0MDgxODA0NDEwOFoXDTI1MDgxODA0NDEw
OFowETEPMA0GA1UEAwwGcm9vdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
0kzg73SoZ82snyWboqjKbrlgvavvzduYSWmn2x6NBejWlPLLxdtMxiY0NVfSXq+I
9eBqzr88yV7QC79yH+GxyKNWMFQwEgYDVR0RBAswCYIHYWJjLmNvbTAOBgNVHQ8B
Af8EBAMCAQYwHQYDVR0OBBYEFP/KV01ye89Wwfde0wic7i+StpidMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgfQlSU05caJtz8XxJvA/AmHSQkroy
YUloxc/s1mQKR9ICIQD9twx295ClByM7bjsHsGNnORok3szuCuJiQaX9o5DR1w==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSnXLALeEZnbLdbRT
T4IumE9TztYMJTF97pMQFpF0zByhRANCAATSTODvdKhnzayfJZuiqMpuuWC9q+/N
25hJaafbHo0F6NaU8svF20zGJjQ1V9Jer4j14GrOvzzJXtALv3If4bHI
-----END PRIVATE KEY-----"#);
let (cert, private_key) = generate_server_cert_by_ca_pem(
    ca_pem,
    "example.com",
    365,
    vec!["www.example.com".to_string(), "mail.example.com".to_string()],
).unwrap();

Loading Certificates and Private Keys

From PEM Files

use certgenutil::{load_cert_from_pem_file, load_key_from_pem_file};
use std::path::PathBuf;

let cert_path = PathBuf::from("ca.pem");
let key_path = PathBuf::from("ca.pem");

let cert = load_cert_from_pem_file(cert_path).unwrap();
let key = load_key_from_pem_file(key_path).unwrap();

From PEM Strings

use certgenutil::{load_cert_from_pem_str, load_key_from_pem_str};

let cert_pem = r#"-----BEGIN CERTIFICATE-----
MIIBejCCASCgAwIBAgIUBH8zfLAlg0h8FQUc8wZjJlrPWrgwCgYIKoZIzj0EAwIw
ETEPMA0GA1UEAwwGcm9vdGNhMB4XDTI0MDgxODA0MzMxMFoXDTI1MDgxODA0MzMx
MFowETEPMA0GA1UEAwwGcm9vdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
8GuAphYzDWDsTbuXaQcZt28NAgVJJC2RRj+h76CtfpIH/VonRCEBsRtS6UOWXvi9
QX7bO+evfMFvpyJq7IE9KaNWMFQwEgYDVR0RBAswCYIHYWJjLmNvbTAOBgNVHQ8B
Af8EBAMCAQYwHQYDVR0OBBYEFPK0E8CY4Hv2FQurWHogzHeXWIYWMA8GA1UdEwEB
/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKvhoh2oz+WZ3Ry0du8saLwqAFBz
Kdpn9dwKE0NF3Ju9AiAs2ZO7fDaMxEkeFIqZi1XktTNWOzSMrjuZDknC2tZugQ==
-----END CERTIFICATE-----"#;
let key_pem = r#"-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPY2goeIEayj3JLGR
/eRUTD7CAevRscPGxSWAbcWOpYChRANCAATwa4CmFjMNYOxNu5dpBxm3bw0CBUkk
LZFGP6HvoK1+kgf9WidEIQGxG1LpQ5Ze+L1Bfts75698wW+nImrsgT0p
-----END PRIVATE KEY-----"#;

let cert = load_cert_from_pem_str(cert_pem).unwrap();
let key = load_key_from_pem_str(key_pem).unwrap();

Converting to PEM Format

use certgenutil::{get_cert_pem, get_key_pem,load_cert_from_pem_file,load_key_from_pem_file};
let cert = load_cert_from_pem_file("ca.pem").unwrap();
let key = load_key_from_pem_file("ca.pem").unwrap();
let cert_pem = get_cert_pem(&cert);
let key_pem = get_key_pem(&key).unwrap();

Dependencies

  • rustls_pki_types
  • rcgen
  • pem
  • thiserror

License

This library is licensed under the MIT license. See the LICENSE file for more details.

Contributing

Contributions are welcome! Please open an issue or submit a pull request on the GitHub repository.

Contact

For questions or support, please contact linfengfeiye@qq.com.

Dependencies

~65MB
~1.5M SLoC