201 lines
8.7 KiB
Rust
201 lines
8.7 KiB
Rust
use std::fs::File;
|
|
use std::io::Write;
|
|
use rcgen::{self, BasicConstraints, Certificate, CertificateParams, DnType};
|
|
|
|
fn server_root_cert() -> Certificate {
|
|
let subject_alt_names = vec!["hello.world.example".into()];
|
|
let mut certparams = CertificateParams::new(subject_alt_names);
|
|
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
|
let mut distname = rcgen::DistinguishedName::new();
|
|
distname.push(DnType::OrganizationName, "Eister Corporation");
|
|
distname.push(DnType::CommonName, "Bonknet Server Root Cert CA");
|
|
certparams.distinguished_name = distname;
|
|
Certificate::from_params(certparams).unwrap()
|
|
}
|
|
|
|
fn server_cert() -> Certificate {
|
|
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.server.1".into()]);
|
|
params.distinguished_name.push(DnType::CommonName, "Server 1");
|
|
params.use_authority_key_identifier_extension = true;
|
|
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
|
params
|
|
.extended_key_usages
|
|
.push(rcgen::ExtendedKeyUsagePurpose::ClientAuth);
|
|
Certificate::from_params(params).unwrap()
|
|
}
|
|
|
|
fn guestserver_root_cert() -> Certificate {
|
|
let subject_alt_names = vec!["hello.world.example".into()];
|
|
let mut certparams = CertificateParams::new(subject_alt_names);
|
|
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
|
let mut distname = rcgen::DistinguishedName::new();
|
|
distname.push(DnType::OrganizationName, "Eister Corporation");
|
|
distname.push(DnType::CommonName, "Bonknet Guest Server Root Cert CA");
|
|
certparams.distinguished_name = distname;
|
|
Certificate::from_params(certparams).unwrap()
|
|
}
|
|
|
|
fn guestserver_cert() -> Certificate {
|
|
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.guestserver.1".into()]);
|
|
params.distinguished_name.push(DnType::CommonName, "Guest Server 1");
|
|
params.use_authority_key_identifier_extension = true;
|
|
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
|
params
|
|
.extended_key_usages
|
|
.push(rcgen::ExtendedKeyUsagePurpose::ClientAuth);
|
|
Certificate::from_params(params).unwrap()
|
|
}
|
|
|
|
fn client_root_cert() -> Certificate {
|
|
let subject_alt_names = vec!["hello.world.example".into()];
|
|
let mut certparams = CertificateParams::new(subject_alt_names);
|
|
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
|
let mut distname = rcgen::DistinguishedName::new();
|
|
distname.push(DnType::OrganizationName, "Eister Corporation");
|
|
distname.push(DnType::CommonName, "Bonknet Client Root Cert CA");
|
|
certparams.distinguished_name = distname;
|
|
Certificate::from_params(certparams).unwrap()
|
|
}
|
|
|
|
fn client_cert() -> Certificate {
|
|
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.client.1".into()]);
|
|
params.distinguished_name.push(DnType::CommonName, "Client 1");
|
|
params.use_authority_key_identifier_extension = true;
|
|
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
|
params
|
|
.extended_key_usages
|
|
.push(rcgen::ExtendedKeyUsagePurpose::ClientAuth);
|
|
Certificate::from_params(params).unwrap()
|
|
}
|
|
|
|
fn broker_root_cert() -> Certificate {
|
|
let subject_alt_names = vec!["hello.world.example".into()];
|
|
let mut certparams = CertificateParams::new(subject_alt_names);
|
|
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
|
let mut distname = rcgen::DistinguishedName::new();
|
|
distname.push(DnType::OrganizationName, "Eister Corporation");
|
|
distname.push(DnType::CommonName, "Bonknet Broker Root Cert CA");
|
|
certparams.distinguished_name = distname;
|
|
Certificate::from_params(certparams).unwrap()
|
|
}
|
|
|
|
fn broker_cert() -> Certificate {
|
|
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "localhost".into()]);
|
|
params.distinguished_name.push(DnType::CommonName, "localhost");
|
|
params.use_authority_key_identifier_extension = true;
|
|
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
|
params
|
|
.extended_key_usages
|
|
.push(rcgen::ExtendedKeyUsagePurpose::ServerAuth);
|
|
Certificate::from_params(params).unwrap()
|
|
}
|
|
|
|
fn main() -> std::io::Result<()> {
|
|
// Generate Root CA Certificates
|
|
let server_root_cert = server_root_cert();
|
|
let guestserver_root_cert = guestserver_root_cert();
|
|
let client_root_cert = client_root_cert();
|
|
let broker_root_cert = broker_root_cert();
|
|
// Generate Leafs
|
|
let server_leaf_cert = server_cert();
|
|
let guestserver_leaf_cert = guestserver_cert();
|
|
let client_leaf_cert = client_cert();
|
|
let broker_leaf_cert = broker_cert();
|
|
// Generate PEMs
|
|
// every time you generate one, a new random number is taken, so different cert hashes!
|
|
// and we need this PEMs to appear in multiple files
|
|
// We don't need this for the pvkey because we generate them only one time for each cert
|
|
// IF YOU NEED TO WRITE PVKEY IN MULTIPLE FILES, PLEASE DO IT LIKE THESE LINES FOR THE x509!!!
|
|
let server_root_cert_pem = server_root_cert.serialize_pem().unwrap();
|
|
let guestserver_root_cert_pem = guestserver_root_cert.serialize_pem().unwrap();
|
|
let client_root_cert_pem = client_root_cert.serialize_pem().unwrap();
|
|
let broker_root_cert_pem = broker_root_cert.serialize_pem().unwrap();
|
|
let server_leaf_cert_pem = server_leaf_cert.serialize_pem_with_signer(&server_root_cert).unwrap();
|
|
let guestserver_leaf_cert_pem = guestserver_leaf_cert.serialize_pem_with_signer(&guestserver_root_cert).unwrap();
|
|
let client_leaf_cert_pem = client_leaf_cert.serialize_pem_with_signer(&client_root_cert).unwrap();
|
|
let broker_leaf_cert_pem = broker_leaf_cert.serialize_pem_with_signer(&broker_root_cert).unwrap();
|
|
// Root CA PEMs
|
|
/*
|
|
1 - CA Cert
|
|
2 - CA Prkey
|
|
*/
|
|
// Generate Server Root CA PEM
|
|
{
|
|
let mut pemfile = File::create("certs_pem/server_root_ca.pem")?;
|
|
pemfile.write_all(server_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(server_root_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate GuestServer Root CA PEM
|
|
{
|
|
let mut pemfile = File::create("certs_pem/guestserver_root_ca.pem")?;
|
|
pemfile.write_all(guestserver_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(guestserver_root_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate Client Root CA PEM
|
|
{
|
|
let mut pemfile = File::create("certs_pem/client_root_ca.pem")?;
|
|
pemfile.write_all(client_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(client_root_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate Broker Root CA PEM
|
|
{
|
|
let mut pemfile = File::create("certs_pem/broker_root_ca.pem")?;
|
|
pemfile.write_all(broker_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(broker_root_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate Broker CA Cert PEM for Server Authentication
|
|
{
|
|
let mut pemfile = File::create("certs_pem/broker_root_ca_cert.pem")?;
|
|
pemfile.write_all(broker_root_cert_pem.as_bytes())?;
|
|
}
|
|
// Generate Server Leaf PEM
|
|
/*
|
|
1 - Server Leaf Cert
|
|
2 - Server CA Cert chain
|
|
3 - Server Leaf Prkey
|
|
*/
|
|
{
|
|
let mut pemfile = File::create("certs_pem/server.pem")?;
|
|
pemfile.write_all(server_leaf_cert_pem.as_bytes())?;
|
|
pemfile.write_all(server_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(server_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate GuestServer Leaf PEM
|
|
/*
|
|
1 - GuestServer Leaf Cert
|
|
2 - GuestServer CA Cert chain
|
|
3 - GuestServer Leaf Prkey
|
|
*/
|
|
{
|
|
let mut pemfile = File::create("certs_pem/guestserver.pem")?;
|
|
pemfile.write_all(guestserver_leaf_cert_pem.as_bytes())?;
|
|
pemfile.write_all(guestserver_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(guestserver_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate Client Leaf PEM
|
|
/*
|
|
1 - Client Leaf Cert
|
|
2 - Client CA Cert chain
|
|
3 - Client Leaf Prkey
|
|
*/
|
|
{
|
|
let mut pemfile = File::create("certs_pem/client.pem")?;
|
|
pemfile.write_all(client_leaf_cert_pem.as_bytes())?;
|
|
pemfile.write_all(client_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(client_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
// Generate Broker Leaf PEM
|
|
/*
|
|
1 - Broker Leaf Cert
|
|
2 - Broker CA Cert
|
|
3 - Broker Leaf Prkey
|
|
*/
|
|
{
|
|
let mut pemfile = File::create("certs_pem/broker.pem")?;
|
|
pemfile.write_all(broker_leaf_cert_pem.as_bytes())?;
|
|
pemfile.write_all(broker_root_cert_pem.as_bytes())?;
|
|
pemfile.write_all(broker_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
|
}
|
|
println!("Certificates created");
|
|
Ok(())
|
|
} |