1 unstable release
new 0.1.0 | Mar 26, 2025 |
---|
#37 in #x509
141 downloads per month
99KB
1.5K
SLoC
bhx5chain
This library provides functionality for working with an ordered array of X.509 certificates as defined in RFC 9360 for use in other The Blockhouse Technology Limited (TBTL) projects.
Details
The primary way to use this library is to construct an X5Chain
struct using
the Builder
struct. There is also JwtX5Chain
for working with JWTs.
For additional documentation & examples, take a look at the crate documentation.
Changelog
The changelog can be found here.
License
Licensed under GNU Affero General Public License, Version 3.
lib.rs
:
This crate provides functions and types for working with an ordered array of X.509 certificates
(x5chain
) as defined in RFC 9360.
Details
The primary API this crate offers is the X5Chain
struct.
We also have a JwtX5Chain
type which should be used when working with JSON Web Token (JWT).
This should only be treated as a "wrapper" type around X5Chain
, and as such isn't meant for
any manipulation of the x5chain
itself.
Examples
Simple Use
You can construct the X5Chain
directly if you have openssl::x509::X509
certificates.
The following example assumes that is the case for *_certificate
veriables.
let x5chain = bhx5chain::X5Chain::new(
vec![issuer_certificate, intermediary_certificate],
vec![trusted_root_certificate],
)
.expect("valid x5chain");
Advanced Use
If you need to create multiple Issuer certificates during the runtime but base the x5chain
on
some intermediary certificates & private key, you should use the Builder
.
let intermediary_private_key = std::fs::read_to_string("path-to-intermediary-private-key.pem")
.expect("read intermediary private key");
let intermediary_certificate = std::fs::read_to_string("path-to-intermediary-certificate.pem")
.expect("read intermediary certificate");
let trusted_root_certificate = std::fs::read_to_string("path-to-root-certificate.pem")
.expect("read trusted root certificate");
// Setup the builder for `x5chain`
let x5chain_builder = bhx5chain::Builder::new(
intermediary_private_key.as_bytes(),
intermediary_certificate.as_bytes(),
trusted_root_certificate.as_bytes(),
)
.expect("create x5chain builder");
let issuer_private_key =
std::fs::read_to_string("path-to-issuer-private-key.pem").expect("read issuer private key");
// Optionally set the Issuer Identifier.
let iss = iref::UriBuf::new("https://example.com/issuer".into()).unwrap();
// Complete the `x5chain`
let x5chain = x5chain_builder
.generate_x5chain(issuer_private_key.as_bytes(), Some(&iss))
.expect("generate x5chain");
Conversion Between X5Chain
& JwtX5Chain
// Convert the `x5chain` into `JwtX5Chain` in order to serialize it in a JWT.
let jwt_x5chain: bhx5chain::JwtX5Chain = x5chain.into();
// Alternatively, after deserializing the `JwtX5Chain` out of JWT, convert to `X5Chain` type.
let x5chain: bhx5chain::X5Chain = jwt_x5chain.try_into().expect("valid x5chain");
Dependencies
~7.5MB
~159K SLoC