Skip to content

Commit

Permalink
rsa
Browse files Browse the repository at this point in the history
  • Loading branch information
@sigoden
sigoden committed Mar 29, 2024
1 parent e1ab1f7 commit b69a7d7
Show file tree
Hide file tree
Showing 3 changed files with 157 additions and 16 deletions.
153 changes: 142 additions & 11 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ moka = { version = "0.12.5", features = ["future"] }
pin-project-lite = "0.2.13"
pretty-hex = "0.4.1"
rand = "0.8.5"
rcgen = { version = "0.13.0", features = ["x509-parser", "aws_lc_rs"] }
rcgen = { version = "0.13.0", features = ["x509-parser"] }
rsa = "0.9.6"
rustls-pemfile = "2.0.0"
serde = { version = "1.0.197", features = ["derive"] }
serde_json = { version = "1.0.114", features = ["preserve_order"] }
Expand Down
17 changes: 13 additions & 4 deletions src/cert.rs
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
use anyhow::{anyhow, Context, Result};
use http::uri::Authority;
use moka::future::Cache;
use rand::{thread_rng, Rng};
use rand::{rngs::OsRng, thread_rng, Rng};
use rcgen::{
BasicConstraints, Certificate, CertificateParams, DnType, ExtendedKeyUsagePurpose, Ia5String,
IsCa, KeyPair, KeyUsagePurpose, RsaKeySize, SanType, PKCS_RSA_SHA256,
IsCa, KeyPair, KeyUsagePurpose, SanType,
};
use rsa::{pkcs8::EncodePrivateKey, RsaPrivateKey};
use std::{fs, io::Cursor, path::Path, sync::Arc};
use time::{Duration, OffsetDateTime};
use tokio_rustls::rustls::{
Expand All @@ -24,8 +25,7 @@ pub fn init_ca<T: AsRef<Path>>(
let ca_cert_file = ca_cert_file.as_ref();
let private_key_file = private_key_file.as_ref();
let (private_key, ca_cert, ca_data) = if !ca_cert_file.exists() {
let private_key = rcgen::KeyPair::generate_rsa_for(&PKCS_RSA_SHA256, RsaKeySize::_2048)
.with_context(|| "Failed to generate private key")?;
let private_key = gen_private_key().with_context(|| "Failed to generate private key")?;
let ca_cert =
gen_ca_cert(&private_key).with_context(|| "Failed to generate CA certificate")?;
fs::write(ca_cert_file, ca_cert.pem()).with_context(|| {
Expand Down Expand Up @@ -155,6 +155,15 @@ impl CertificateAuthority {
}
}

fn gen_private_key() -> Result<KeyPair> {
let mut rng = OsRng;
let bits = 2048;
let private_key = RsaPrivateKey::new(&mut rng, bits)?;
let private_key_der = private_key.to_pkcs8_der()?;
let private_key = KeyPair::try_from(private_key_der.as_bytes())?;
Ok(private_key)
}

fn gen_ca_cert(key: &KeyPair) -> Result<Certificate> {
let mut params = CertificateParams::default();
let (yesterday, tomorrow) = validity_period();
Expand Down

0 comments on commit b69a7d7

Please sign in to comment.