Add KeyPair::generate() method

djc · djc · commit 87ca12764e22 · 2024-01-18T22:52:46.000+01:00
diff --git a/rcgen/examples/sign-leaf-with-ca.rs b/rcgen/examples/sign-leaf-with-ca.rs
@@ -33,7 +33,7 @@ fn new_ca() -> Certificate {
 	params.not_before = yesterday;
 	params.not_after = tomorrow;
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	Certificate::generate_self_signed(params, &key_pair).unwrap()
 }
 
@@ -50,7 +50,7 @@ fn new_end_entity() -> Certificate {
 	params.not_before = yesterday;
 	params.not_after = tomorrow;
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	Certificate::generate_self_signed(params, &key_pair).unwrap()
 }
 
diff --git a/rcgen/examples/simple.rs b/rcgen/examples/simple.rs
@@ -19,7 +19,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 		SanType::DnsName("localhost".to_string()),
 	];
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256)?;
+	let key_pair = KeyPair::generate()?;
 	let cert = Certificate::generate_self_signed(params, &key_pair)?;
 
 	let pem_serialized = cert.pem();
diff --git a/rcgen/src/crl.rs b/rcgen/src/crl.rs
@@ -26,7 +26,7 @@ use crate::{Certificate, Error, KeyIdMethod, KeyUsagePurpose, SerialNumber};
 /// let mut issuer_params = CertificateParams::new(vec!["crl.issuer.example.com".to_string()]);
 /// issuer_params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
 /// issuer_params.key_usages = vec![KeyUsagePurpose::KeyCertSign, KeyUsagePurpose::DigitalSignature, KeyUsagePurpose::CrlSign];
-/// let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+/// let key_pair = KeyPair::generate().unwrap();
 /// let issuer = Certificate::generate_self_signed(issuer_params, &key_pair).unwrap();
 /// // Describe a revoked certificate.
 /// let revoked_cert = RevokedCertParams{
diff --git a/rcgen/src/key_pair.rs b/rcgen/src/key_pair.rs
@@ -56,6 +56,11 @@ pub struct KeyPair {
 }
 
 impl KeyPair {
+	/// Generate a new random PKCS_ECDSA_P256_SHA256 key pair
+	pub fn generate() -> Result<Self, Error> {
+		Self::generate_for(&PKCS_ECDSA_P256_SHA256)
+	}
+
 	/// Generate a new random key pair for the specified signature algorithm
 	///
 	/// If you're not sure which algorithm to use, [`PKCS_ECDSA_P256_SHA256`] is a good choice.
diff --git a/rcgen/src/lib.rs b/rcgen/src/lib.rs
@@ -21,7 +21,7 @@ use rcgen::{generate_simple_self_signed, KeyPair};
 let subject_alt_names = vec!["hello.world.example".to_string(),
 	"localhost".to_string()];
 
-let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+let key_pair = KeyPair::generate().unwrap();
 let cert = generate_simple_self_signed(subject_alt_names, &key_pair).unwrap();
 println!("{}", cert.pem());
 println!("{}", key_pair.serialize_pem());
@@ -98,7 +98,7 @@ use rcgen::{generate_simple_self_signed, KeyPair};
 let subject_alt_names = vec!["hello.world.example".to_string(),
 	"localhost".to_string()];
 
-let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+let key_pair = KeyPair::generate().unwrap();
 let cert = generate_simple_self_signed(subject_alt_names, &key_pair).unwrap();
 
 // The certificate is now valid for localhost and the domain "hello.world.example"
@@ -1802,7 +1802,7 @@ mod tests {
 		params.is_ca = IsCa::Ca(BasicConstraints::Constrained(0));
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1840,7 +1840,7 @@ mod tests {
 		params.is_ca = IsCa::Ca(BasicConstraints::Constrained(0));
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1875,7 +1875,7 @@ mod tests {
 		params.extended_key_usages = vec![ExtendedKeyUsagePurpose::Any];
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1901,7 +1901,7 @@ mod tests {
 		];
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1935,12 +1935,12 @@ mod tests {
 
 	#[cfg(feature = "pem")]
 	mod test_pem_serialization {
-		use crate::{Certificate, CertificateParams, KeyPair, PKCS_ECDSA_P256_SHA256};
+		use crate::{Certificate, CertificateParams, KeyPair};
 
 		#[test]
 		#[cfg(windows)]
 		fn test_windows_line_endings() {
-			let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+			let key_pair = KeyPair::generate().unwrap();
 			let cert =
 				Certificate::generate_self_signed(CertificateParams::default(), &key_pair).unwrap();
 			assert!(cert.pem().contains("\r\n"));
@@ -1949,7 +1949,7 @@ mod tests {
 		#[test]
 		#[cfg(not(windows))]
 		fn test_not_windows_line_endings() {
-			let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+			let key_pair = KeyPair::generate().unwrap();
 			let cert =
 				Certificate::generate_self_signed(CertificateParams::default(), &key_pair).unwrap();
 			assert!(!cert.pem().contains('\r'));
diff --git a/rcgen/tests/botan.rs b/rcgen/tests/botan.rs
@@ -132,7 +132,7 @@ fn test_botan_separate_ca() {
 	// Botan has a sanity check that enforces a maximum expiration date
 	params.not_after = rcgen::date_time_ymd(3016, 1, 1);
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &key_pair, &ca_cert, &ca_key).unwrap();
 	check_cert_ca(cert.der(), &cert, ca_cert.der());
 }
@@ -160,7 +160,7 @@ fn test_botan_imported_ca() {
 	// Botan has a sanity check that enforces a maximum expiration date
 	params.not_after = rcgen::date_time_ymd(3016, 1, 1);
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &key_pair, &imported_ca_cert, &ca_key).unwrap();
 	check_cert_ca(cert.der(), &cert, ca_cert_der);
 }
@@ -191,7 +191,7 @@ fn test_botan_imported_ca_with_printable_string() {
 		.push(DnType::CommonName, "Dev domain");
 	// Botan has a sanity check that enforces a maximum expiration date
 	params.not_after = rcgen::date_time_ymd(3016, 1, 1);
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert =
 		Certificate::generate(params, &key_pair, &imported_ca_cert, &imported_ca_key).unwrap();
 
diff --git a/rcgen/tests/openssl.rs b/rcgen/tests/openssl.rs
@@ -302,7 +302,7 @@ fn test_openssl_separate_ca() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &ca_cert, &ca_key).unwrap();
 	let key = cert_key.serialize_der();
 
@@ -326,7 +326,7 @@ fn test_openssl_separate_ca_with_printable_string() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &ca_cert, &ca_key).unwrap();
 	let key = cert_key.serialize_der();
 
@@ -377,7 +377,7 @@ fn test_openssl_separate_ca_name_constraints() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &ca_cert, &ca_key).unwrap();
 	let key = cert_key.serialize_der();
 
diff --git a/rcgen/tests/util.rs b/rcgen/tests/util.rs
@@ -3,9 +3,7 @@ use rcgen::{
 	CertificateRevocationList, CrlDistributionPoint, CrlIssuingDistributionPoint, CrlScope,
 };
 use rcgen::{CertificateRevocationListParams, DnType, IsCa, KeyIdMethod};
-use rcgen::{
-	KeyUsagePurpose, RevocationReason, RevokedCertParams, SerialNumber, PKCS_ECDSA_P256_SHA256,
-};
+use rcgen::{KeyUsagePurpose, RevocationReason, RevokedCertParams, SerialNumber};
 use time::{Duration, OffsetDateTime};
 
 // Generated by adding `println!("{}", cert.serialize_private_key_pem());`
@@ -78,7 +76,7 @@ pub fn default_params() -> (CertificateParams, KeyPair) {
 		.distinguished_name
 		.push(DnType::CommonName, "Master CA");
 
-	let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	(params, key_pair)
 }
 
diff --git a/rcgen/tests/webpki.rs b/rcgen/tests/webpki.rs
@@ -272,7 +272,7 @@ fn test_webpki_separate_ca() {
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &key_pair, &ca_cert, &ca_key).unwrap();
 	let sign_fn = |cert, msg| sign_msg_ecdsa(cert, msg, &signature::ECDSA_P256_SHA256_ASN1_SIGNING);
 	check_cert_ca(
@@ -426,7 +426,7 @@ fn test_webpki_imported_ca() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &imported_ca_cert, &ca_key).unwrap();
 
 	let sign_fn = |cert, msg| sign_msg_ecdsa(cert, msg, &signature::ECDSA_P256_SHA256_ASN1_SIGNING);
@@ -464,7 +464,7 @@ fn test_webpki_imported_ca_with_printable_string() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &imported_ca_cert, &ca_key).unwrap();
 
 	let sign_fn = |cert, msg| sign_msg_ecdsa(cert, msg, &signature::ECDSA_P256_SHA256_ASN1_SIGNING);
@@ -488,7 +488,7 @@ fn test_certificate_from_csr() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate_self_signed(params, &cert_key).unwrap();
 	let csr_der = cert.serialize_request_der(&cert_key).unwrap();
 	let csr = CertificateSigningRequestParams::from_der(&csr_der).unwrap();

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ fn new_ca() -> Certificate {`
`33`	`33`	`params.not_before = yesterday;`
`34`	`34`	`params.not_after = tomorrow;`
`35`	`35`
`36`		`- let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();`
	`36`	`+ let key_pair = KeyPair::generate().unwrap();`
`37`	`37`	`Certificate::generate_self_signed(params, &key_pair).unwrap()`
`38`	`38`	`}`
`39`	`39`
`@@ -50,7 +50,7 @@ fn new_end_entity() -> Certificate {`
`50`	`50`	`params.not_before = yesterday;`
`51`	`51`	`params.not_after = tomorrow;`
`52`	`52`
`53`		`- let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();`
	`53`	`+ let key_pair = KeyPair::generate().unwrap();`
`54`	`54`	`Certificate::generate_self_signed(params, &key_pair).unwrap()`
`55`	`55`	`}`
`56`	`56`