|
| 1 | +//! An ignored-by-default integration test that regenerates vendored certs. |
| 2 | +//! Run with `cargo test -- --ignored` when test certificates need updating. |
| 3 | +//! Suitable for test certificates only. Not a production CA ;-) |
| 4 | +
|
| 5 | +use rcgen::{ |
| 6 | + BasicConstraints, CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose, IsCa, |
| 7 | + KeyPair, KeyUsagePurpose, |
| 8 | +}; |
| 9 | +use std::fs::File; |
| 10 | +use std::io::Write; |
| 11 | + |
| 12 | +#[test] |
| 13 | +#[ignore] |
| 14 | +fn regenerate_certs() { |
| 15 | + let root_key = KeyPair::generate().unwrap(); |
| 16 | + let root_ca = issuer_params("Rustls Robust Root") |
| 17 | + .self_signed(&root_key) |
| 18 | + .unwrap(); |
| 19 | + |
| 20 | + let mut root_file = File::create("tests/certs/root.pem").unwrap(); |
| 21 | + root_file.write_all(root_ca.pem().as_bytes()).unwrap(); |
| 22 | + |
| 23 | + let intermediate_key = KeyPair::generate().unwrap(); |
| 24 | + let intermediate_ca = issuer_params("Rustls Robust Root - Rung 2") |
| 25 | + .signed_by(&intermediate_key, &root_ca, &root_key) |
| 26 | + .unwrap(); |
| 27 | + |
| 28 | + let end_entity_key = KeyPair::generate().unwrap(); |
| 29 | + let mut end_entity_params = |
| 30 | + CertificateParams::new(vec![utils::TEST_SERVER_DOMAIN.to_string()]).unwrap(); |
| 31 | + end_entity_params.is_ca = IsCa::ExplicitNoCa; |
| 32 | + end_entity_params.extended_key_usages = vec![ |
| 33 | + ExtendedKeyUsagePurpose::ServerAuth, |
| 34 | + ExtendedKeyUsagePurpose::ClientAuth, |
| 35 | + ]; |
| 36 | + let end_entity = end_entity_params |
| 37 | + .signed_by(&end_entity_key, &intermediate_ca, &intermediate_key) |
| 38 | + .unwrap(); |
| 39 | + |
| 40 | + let mut chain_file = File::create("tests/certs/chain.pem").unwrap(); |
| 41 | + chain_file.write_all(end_entity.pem().as_bytes()).unwrap(); |
| 42 | + chain_file |
| 43 | + .write_all(intermediate_ca.pem().as_bytes()) |
| 44 | + .unwrap(); |
| 45 | + |
| 46 | + let mut key_file = File::create("tests/certs/end.key").unwrap(); |
| 47 | + key_file |
| 48 | + .write_all(end_entity_key.serialize_pem().as_bytes()) |
| 49 | + .unwrap(); |
| 50 | +} |
| 51 | + |
| 52 | +fn issuer_params(common_name: &str) -> CertificateParams { |
| 53 | + let mut issuer_name = DistinguishedName::new(); |
| 54 | + issuer_name.push(DnType::CommonName, common_name); |
| 55 | + let mut issuer_params = CertificateParams::default(); |
| 56 | + issuer_params.distinguished_name = issuer_name; |
| 57 | + issuer_params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); |
| 58 | + issuer_params.key_usages = vec![ |
| 59 | + KeyUsagePurpose::KeyCertSign, |
| 60 | + KeyUsagePurpose::DigitalSignature, |
| 61 | + ]; |
| 62 | + issuer_params |
| 63 | +} |
| 64 | + |
| 65 | +// For the server name constant. |
| 66 | +include!("../utils.rs"); |
0 commit comments