Split KeyPairAlgorithm, make non-CLI part public

rustls · Apr 8, 2024 · fc13151 · fc13151
1 parent 6432225
commit fc13151
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 22 deletions.
diff --git a/rustls-cert-gen/src/cert.rs b/rustls-cert-gen/src/cert.rs
@@ -1,6 +1,5 @@
-use std::{fmt, fs::File, io, path::Path};
+use std::{fs::File, io, path::Path};
 
-use bpaf::Bpaf;
 use rcgen::{
 	BasicConstraints, Certificate, CertificateParams, DistinguishedName, DnType,
 	DnValue::PrintableString, ExtendedKeyUsagePurpose, IsCa, KeyPair, KeyUsagePurpose, SanType,
@@ -211,30 +210,32 @@ impl EndEntityBuilder {
 }
 
 /// Supported Keypair Algorithms
-#[derive(Clone, Copy, Debug, Default, Bpaf, PartialEq)]
+#[derive(Clone, Copy, Debug, Default, PartialEq)]
 pub enum KeyPairAlgorithm {
+	/// RSA
+	///
+	/// See [`PKCS_RSA_SHA256`](rcgen::PKCS_RSA_SHA256).
 	Rsa,
+	/// Ed25519
+	///
+	/// See [`PKCS_ED25519`](rcgen::PKCS_ED25519).
 	Ed25519,
+	/// ECDSA with the P-256 curve
+	///
+	/// See [`PKCS_ECDSA_P256_SHA256`](rcgen::PKCS_ECDSA_P256_SHA256).
 	#[default]
 	EcdsaP256,
+	/// ECDSA with the P-384 curve
+	///
+	/// See [`PKCS_ECDSA_P384_SHA256`](rcgen::PKCS_ECDSA_P384_SHA256).
 	EcdsaP384,
+	/// ECDSA with the P-521 curve
+	///
+	/// See [`PKCS_ECDSA_P521_SHA256`](rcgen::PKCS_ECDSA_P521_SHA256).
 	#[cfg(feature = "aws_lc_rs")]
 	EcdsaP521,
 }
 
-impl fmt::Display for KeyPairAlgorithm {
-	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-		match self {
-			KeyPairAlgorithm::Rsa => write!(f, "rsa"),
-			KeyPairAlgorithm::Ed25519 => write!(f, "ed25519"),
-			KeyPairAlgorithm::EcdsaP256 => write!(f, "ecdsa-p256"),
-			KeyPairAlgorithm::EcdsaP384 => write!(f, "ecdsa-p384"),
-			#[cfg(feature = "aws_lc_rs")]
-			KeyPairAlgorithm::EcdsaP521 => write!(f, "ecdsa-p521"),
-		}
-	}
-}
-
 impl KeyPairAlgorithm {
 	/// Return an `rcgen::KeyPair` for the given varient
 	fn to_key_pair(self) -> Result<rcgen::KeyPair, rcgen::Error> {

diff --git a/rustls-cert-gen/src/lib.rs b/rustls-cert-gen/src/lib.rs
@@ -5,4 +5,4 @@
 //! whatever purpose you may need a TLS certificate-chain.
 
 mod cert;
-pub use cert::{Ca, CaBuilder, CertificateBuilder, EndEntity, EndEntityBuilder};
+pub use cert::{Ca, CaBuilder, CertificateBuilder, EndEntity, EndEntityBuilder, KeyPairAlgorithm};
diff --git a/rustls-cert-gen/src/main.rs b/rustls-cert-gen/src/main.rs
@@ -1,23 +1,22 @@
-use std::{net::IpAddr, path::PathBuf, str::FromStr};
+use std::{fmt, net::IpAddr, path::PathBuf, str::FromStr};
 
 use bpaf::Bpaf;
 use rcgen::{Error, SanType};
 
-mod cert;
-use cert::{key_pair_algorithm, CertificateBuilder, KeyPairAlgorithm};
+use rustls_cert_gen::CertificateBuilder;
 
 fn main() -> anyhow::Result<()> {
 	let opts = options().run();
 
 	let ca = CertificateBuilder::new()
-		.signature_algorithm(opts.keypair_algorithm)?
+		.signature_algorithm(opts.keypair_algorithm.into())?
 		.certificate_authority()
 		.country_name(&opts.country_name)?
 		.organization_name(&opts.organization_name)
 		.build()?;
 
 	let mut entity = CertificateBuilder::new()
-		.signature_algorithm(opts.keypair_algorithm)?
+		.signature_algorithm(opts.keypair_algorithm.into())?
 		.end_entity()
 		.common_name(&opts.common_name)
 		.subject_alternative_names(opts.san);
@@ -95,6 +94,57 @@ fn parse_sans(hosts: Vec<String>) -> Result<Vec<SanType>, Error> {
 		.collect()
 }
 
+/// Supported Keypair Algorithms
+#[derive(Clone, Copy, Debug, Default, Bpaf, PartialEq)]
+pub enum KeyPairAlgorithm {
+	Rsa,
+	Ed25519,
+	#[default]
+	EcdsaP256,
+	EcdsaP384,
+	#[cfg(feature = "aws_lc_rs")]
+	EcdsaP521,
+}
+
+impl From<KeyPairAlgorithm> for rustls_cert_gen::KeyPairAlgorithm {
+	fn from(value: KeyPairAlgorithm) -> Self {
+		match value {
+			KeyPairAlgorithm::Rsa => rustls_cert_gen::KeyPairAlgorithm::Rsa,
+			KeyPairAlgorithm::Ed25519 => rustls_cert_gen::KeyPairAlgorithm::Ed25519,
+			KeyPairAlgorithm::EcdsaP256 => rustls_cert_gen::KeyPairAlgorithm::EcdsaP256,
+			KeyPairAlgorithm::EcdsaP384 => rustls_cert_gen::KeyPairAlgorithm::EcdsaP384,
+			#[cfg(feature = "aws_lc_rs")]
+			KeyPairAlgorithm::EcdsaP521 => rustls_cert_gen::KeyPairAlgorithm::EcdsaP521,
+		}
+	}
+}
+
+impl From<rustls_cert_gen::KeyPairAlgorithm> for KeyPairAlgorithm {
+	fn from(value: rustls_cert_gen::KeyPairAlgorithm) -> Self {
+		match value {
+			rustls_cert_gen::KeyPairAlgorithm::Rsa => KeyPairAlgorithm::Rsa,
+			rustls_cert_gen::KeyPairAlgorithm::Ed25519 => KeyPairAlgorithm::Ed25519,
+			rustls_cert_gen::KeyPairAlgorithm::EcdsaP256 => KeyPairAlgorithm::EcdsaP256,
+			rustls_cert_gen::KeyPairAlgorithm::EcdsaP384 => KeyPairAlgorithm::EcdsaP384,
+			#[cfg(feature = "aws_lc_rs")]
+			rustls_cert_gen::KeyPairAlgorithm::EcdsaP521 => KeyPairAlgorithm::EcdsaP521,
+		}
+	}
+}
+
+impl fmt::Display for KeyPairAlgorithm {
+	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+		match self {
+			KeyPairAlgorithm::Rsa => write!(f, "rsa"),
+			KeyPairAlgorithm::Ed25519 => write!(f, "ed25519"),
+			KeyPairAlgorithm::EcdsaP256 => write!(f, "ecdsa-p256"),
+			KeyPairAlgorithm::EcdsaP384 => write!(f, "ecdsa-p384"),
+			#[cfg(feature = "aws_lc_rs")]
+			KeyPairAlgorithm::EcdsaP521 => write!(f, "ecdsa-p521"),
+		}
+	}
+}
+
 #[cfg(test)]
 mod tests {
 	use super::*;