use std::fs::File; use std::io::Write; use rcgen::{self, BasicConstraints, Certificate, CertificateParams, DnType}; fn server_root_cert() -> Certificate { let subject_alt_names = vec!["hello.world.example".into()]; let mut certparams = CertificateParams::new(subject_alt_names); certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained); let mut distname = rcgen::DistinguishedName::new(); distname.push(DnType::OrganizationName, "Eister Corporation"); distname.push(DnType::CommonName, "Bonknet Server Root Cert CA"); certparams.distinguished_name = distname; Certificate::from_params(certparams).unwrap() } fn server_cert() -> Certificate { let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.server.1".into()]); params.distinguished_name.push(DnType::CommonName, "Server 1"); params.use_authority_key_identifier_extension = true; params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature); params .extended_key_usages .push(rcgen::ExtendedKeyUsagePurpose::ClientAuth); Certificate::from_params(params).unwrap() } fn guestserver_root_cert() -> Certificate { let subject_alt_names = vec!["hello.world.example".into()]; let mut certparams = CertificateParams::new(subject_alt_names); certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained); let mut distname = rcgen::DistinguishedName::new(); distname.push(DnType::OrganizationName, "Eister Corporation"); distname.push(DnType::CommonName, "Bonknet Guest Server Root Cert CA"); certparams.distinguished_name = distname; Certificate::from_params(certparams).unwrap() } fn guestserver_cert() -> Certificate { let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.guestserver.1".into()]); params.distinguished_name.push(DnType::CommonName, "Guest Server 1"); params.use_authority_key_identifier_extension = true; params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature); params .extended_key_usages .push(rcgen::ExtendedKeyUsagePurpose::ClientAuth); Certificate::from_params(params).unwrap() } fn client_root_cert() -> Certificate { let subject_alt_names = vec!["hello.world.example".into()]; let mut certparams = CertificateParams::new(subject_alt_names); certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained); let mut distname = rcgen::DistinguishedName::new(); distname.push(DnType::OrganizationName, "Eister Corporation"); distname.push(DnType::CommonName, "Bonknet Client Root Cert CA"); certparams.distinguished_name = distname; Certificate::from_params(certparams).unwrap() } fn client_cert() -> Certificate { let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.client.1".into()]); params.distinguished_name.push(DnType::CommonName, "Client 1"); params.use_authority_key_identifier_extension = true; params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature); params .extended_key_usages .push(rcgen::ExtendedKeyUsagePurpose::ClientAuth); Certificate::from_params(params).unwrap() } fn broker_root_cert() -> Certificate { let subject_alt_names = vec!["hello.world.example".into()]; let mut certparams = CertificateParams::new(subject_alt_names); certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained); let mut distname = rcgen::DistinguishedName::new(); distname.push(DnType::OrganizationName, "Eister Corporation"); distname.push(DnType::CommonName, "Bonknet Broker Root Cert CA"); certparams.distinguished_name = distname; Certificate::from_params(certparams).unwrap() } fn broker_cert() -> Certificate { let mut params = CertificateParams::new(vec!["entity.other.host".into(), "localhost".into()]); params.distinguished_name.push(DnType::CommonName, "localhost"); params.use_authority_key_identifier_extension = true; params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature); params .extended_key_usages .push(rcgen::ExtendedKeyUsagePurpose::ServerAuth); Certificate::from_params(params).unwrap() } fn main() -> std::io::Result<()> { // Generate Root CA Certificates let server_root_cert = server_root_cert(); let guestserver_root_cert = guestserver_root_cert(); let client_root_cert = client_root_cert(); let broker_root_cert = broker_root_cert(); // Generate Leafs let server_leaf_cert = server_cert(); let guestserver_leaf_cert = guestserver_cert(); let client_leaf_cert = client_cert(); let broker_leaf_cert = broker_cert(); // Generate PEMs // every time you generate one, a new random number is taken, so different cert hashes! // and we need this PEMs to appear in multiple files // We don't need this for the pvkey because we generate them only one time for each cert // IF YOU NEED TO WRITE PVKEY IN MULTIPLE FILES, PLEASE DO IT LIKE THESE LINES FOR THE x509!!! let server_root_cert_pem = server_root_cert.serialize_pem().unwrap(); let guestserver_root_cert_pem = guestserver_root_cert.serialize_pem().unwrap(); let client_root_cert_pem = client_root_cert.serialize_pem().unwrap(); let broker_root_cert_pem = broker_root_cert.serialize_pem().unwrap(); let server_leaf_cert_pem = server_leaf_cert.serialize_pem_with_signer(&server_root_cert).unwrap(); let guestserver_leaf_cert_pem = guestserver_leaf_cert.serialize_pem_with_signer(&guestserver_root_cert).unwrap(); let client_leaf_cert_pem = client_leaf_cert.serialize_pem_with_signer(&client_root_cert).unwrap(); let broker_leaf_cert_pem = broker_leaf_cert.serialize_pem_with_signer(&broker_root_cert).unwrap(); // Root CA PEMs /* 1 - CA Cert 2 - CA Prkey */ // Generate Server Root CA PEM { let mut pemfile = File::create("certs_pem/server_root_ca.pem")?; pemfile.write_all(server_root_cert_pem.as_bytes())?; pemfile.write_all(server_root_cert.serialize_private_key_pem().as_bytes())?; } // Generate GuestServer Root CA PEM { let mut pemfile = File::create("certs_pem/guestserver_root_ca.pem")?; pemfile.write_all(guestserver_root_cert_pem.as_bytes())?; pemfile.write_all(guestserver_root_cert.serialize_private_key_pem().as_bytes())?; } // Generate Client Root CA PEM { let mut pemfile = File::create("certs_pem/client_root_ca.pem")?; pemfile.write_all(client_root_cert_pem.as_bytes())?; pemfile.write_all(client_root_cert.serialize_private_key_pem().as_bytes())?; } // Generate Broker Root CA PEM { let mut pemfile = File::create("certs_pem/broker_root_ca.pem")?; pemfile.write_all(broker_root_cert_pem.as_bytes())?; pemfile.write_all(broker_root_cert.serialize_private_key_pem().as_bytes())?; } // Generate Broker CA Cert PEM for Server Authentication { let mut pemfile = File::create("certs_pem/broker_root_ca_cert.pem")?; pemfile.write_all(broker_root_cert_pem.as_bytes())?; } // Generate Server Leaf PEM /* 1 - Server Leaf Cert 2 - Server CA Cert chain 3 - Server Leaf Prkey */ { let mut pemfile = File::create("certs_pem/server.pem")?; pemfile.write_all(server_leaf_cert_pem.as_bytes())?; pemfile.write_all(server_root_cert_pem.as_bytes())?; pemfile.write_all(server_leaf_cert.serialize_private_key_pem().as_bytes())?; } // Generate GuestServer Leaf PEM /* 1 - GuestServer Leaf Cert 2 - GuestServer CA Cert chain 3 - GuestServer Leaf Prkey */ { let mut pemfile = File::create("certs_pem/guestserver.pem")?; pemfile.write_all(guestserver_leaf_cert_pem.as_bytes())?; pemfile.write_all(guestserver_root_cert_pem.as_bytes())?; pemfile.write_all(guestserver_leaf_cert.serialize_private_key_pem().as_bytes())?; } // Generate Client Leaf PEM /* 1 - Client Leaf Cert 2 - Client CA Cert chain 3 - Client Leaf Prkey */ { let mut pemfile = File::create("certs_pem/client.pem")?; pemfile.write_all(client_leaf_cert_pem.as_bytes())?; pemfile.write_all(client_root_cert_pem.as_bytes())?; pemfile.write_all(client_leaf_cert.serialize_private_key_pem().as_bytes())?; } // Generate Broker Leaf PEM /* 1 - Broker Leaf Cert 2 - Broker CA Cert 3 - Broker Leaf Prkey */ { let mut pemfile = File::create("certs_pem/broker.pem")?; pemfile.write_all(broker_leaf_cert_pem.as_bytes())?; pemfile.write_all(broker_root_cert_pem.as_bytes())?; pemfile.write_all(broker_leaf_cert.serialize_private_key_pem().as_bytes())?; } println!("Certificates created"); Ok(()) }