From 538187bdcf0578c5d282d59fa97ce8e4c986ff06 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sat, 30 Mar 2024 17:28:22 +0800
Subject: [PATCH] feat: v0.2.0-rc, add generate_self_signed_ca.rs

---
 README.md                           | 12 ++++++++++--
 examples/generate_self_signed_ca.rs | 18 ++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 examples/generate_self_signed_ca.rs

diff --git a/README.md b/README.md
index e0e3b7b..27c36c7 100644
--- a/README.md
+++ b/README.md
@@ -23,8 +23,16 @@
 }
 ```
 
+Generate self signed certificate:
+
+```shell
+$ cargo r --example generate_self_signed_ca
+```
+
 Important
 
-* intermediate certificate only tested ECDSA(P384) with SHA384
+* Intermediate certificate tested:
+    * ECDSA(P384) with SHA384
+    * P256 with SHA256
 * P384 with SHA256 is NOT supported
-* P256 with SHA256 should be supported, but not tested 
+
diff --git a/examples/generate_self_signed_ca.rs b/examples/generate_self_signed_ca.rs
new file mode 100644
index 0000000..b1b673b
--- /dev/null
+++ b/examples/generate_self_signed_ca.rs
@@ -0,0 +1,18 @@
+use rcgen::{BasicConstraints, Certificate, CertificateParams, DistinguishedName, DnType, IsCa, KeyPair, PKCS_ECDSA_P256_SHA256};
+
+fn main() {
+    let key_pair = KeyPair::generate(&PKCS_ECDSA_P256_SHA256).expect("Generate key pair failed");
+    let key_pem = key_pair.serialize_pem();
+    let mut certificate_params = CertificateParams::default();
+    certificate_params.key_pair = Some(key_pair);
+    certificate_params.is_ca = IsCa::Ca(BasicConstraints::Constrained(0));
+    let mut distinguished_name = DistinguishedName::new();
+    distinguished_name.push(DnType::CommonName, "Proxy Inspector Test CA");
+    certificate_params.distinguished_name = distinguished_name;
+
+    let certificate = Certificate::from_params(certificate_params)
+        .unwrap_or_else(|e| panic!("Generate cert failed: {}", e));
+    let certificate_pem = certificate.serialize_pem_with_signer(&certificate).expect("Sign cert failed");
+    println!("CERTIFICATE:\n{}", certificate_pem);
+    println!("KEY:\n{}", key_pem);
+}
\ No newline at end of file