Skip to content

Commit aa2caf9

Browse files
tbrocpu
tbro
authored and
cpu
committed
Add example of generating a cert chain
Generate two certificates and sign the second with the first.
1 parent 948c3b5 commit aa2caf9

File tree

2 files changed

+62
-0
lines changed

2 files changed

+62
-0
lines changed

Diff for: Cargo.toml

+4
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,10 @@ required-features = ["pem"]
2626
name = "rsa-irc-openssl"
2727
required-features = ["pem"]
2828

29+
[[example]]
30+
name = "sign-leaf-with-ca"
31+
required-features = ["pem", "x509-parser"]
32+
2933
[dependencies]
3034
yasna = { version = "0.5.2", features = ["time", "std"] }
3135
ring = "0.17"

Diff for: examples/sign-leaf-with-ca.rs

+58
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
use rcgen::{
2+
BasicConstraints, Certificate, CertificateParams, DnType, DnValue::PrintableString,
3+
ExtendedKeyUsagePurpose, IsCa, KeyUsagePurpose,
4+
};
5+
use time::{Duration, OffsetDateTime};
6+
7+
/// Example demonstrating signing end-endity certificate with ca
8+
fn main() {
9+
let ca = new_ca();
10+
let end_entity = new_end_entity();
11+
12+
let end_entity_pem = end_entity.serialize_pem_with_signer(&ca).unwrap();
13+
println!("directly signed end-entity certificate: {end_entity_pem}");
14+
15+
let ca_cert_pem = ca.serialize_pem().unwrap();
16+
println!("ca certificate: {ca_cert_pem}",);
17+
}
18+
19+
fn new_ca() -> Certificate {
20+
let mut params = CertificateParams::new(Vec::default());
21+
let (yesterday, tomorrow) = validity_period();
22+
params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
23+
params
24+
.distinguished_name
25+
.push(DnType::CountryName, PrintableString("BR".into()));
26+
params
27+
.distinguished_name
28+
.push(DnType::OrganizationName, "Crab widgits SE");
29+
params.key_usages.push(KeyUsagePurpose::DigitalSignature);
30+
params.key_usages.push(KeyUsagePurpose::KeyCertSign);
31+
params.key_usages.push(KeyUsagePurpose::CrlSign);
32+
33+
params.not_before = yesterday;
34+
params.not_after = tomorrow;
35+
Certificate::from_params(params).unwrap()
36+
}
37+
38+
fn new_end_entity() -> Certificate {
39+
let name = "entity.other.host";
40+
let mut params = CertificateParams::new(vec![name.into()]);
41+
let (yesterday, tomorrow) = validity_period();
42+
params.distinguished_name.push(DnType::CommonName, name);
43+
params.use_authority_key_identifier_extension = true;
44+
params.key_usages.push(KeyUsagePurpose::DigitalSignature);
45+
params
46+
.extended_key_usages
47+
.push(ExtendedKeyUsagePurpose::ServerAuth);
48+
params.not_before = yesterday;
49+
params.not_after = tomorrow;
50+
Certificate::from_params(params).unwrap()
51+
}
52+
53+
fn validity_period() -> (OffsetDateTime, OffsetDateTime) {
54+
let day = Duration::new(86400, 0);
55+
let yesterday = OffsetDateTime::now_utc().checked_sub(day).unwrap();
56+
let tomorrow = OffsetDateTime::now_utc().checked_add(day).unwrap();
57+
(yesterday, tomorrow)
58+
}

0 commit comments

Comments
 (0)