From 72816377221689ad72b044806d901383f0ff40f7 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sun, 24 Mar 2024 23:54:27 +0800
Subject: [PATCH] feat: notworking

---
 .gitignore   |   1 +
 Cargo.lock   | 236 +++++++++++++++++++++++++++++++++++++++++++++++++--
 Cargo.toml   |   4 +-
 src/main.rs  |   3 +
 src/main2.rs |  64 ++++++++++++++
 5 files changed, 300 insertions(+), 8 deletions(-)
 create mode 100644 src/main2.rs

diff --git a/.gitignore b/.gitignore
index ff2c7ed..ff65090 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+__ignore_*
 .idea/
 # ---> Rust
 # Generated by Cargo
diff --git a/Cargo.lock b/Cargo.lock
index 605f0a3..ac09e94 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -75,6 +75,45 @@ version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
 
+[[package]]
+name = "asn1-rs"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f6fd5ddaf0351dff5b8da21b2fb4ff8e08ddd02857f0bf69c47639106c0fff0"
+dependencies = [
+ "asn1-rs-derive",
+ "asn1-rs-impl",
+ "displaydoc",
+ "nom",
+ "num-traits",
+ "rusticata-macros",
+ "thiserror",
+ "time",
+]
+
+[[package]]
+name = "asn1-rs-derive"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "synstructure",
+]
+
+[[package]]
+name = "asn1-rs-impl"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "async-stream"
 version = "0.3.5"
@@ -354,6 +393,20 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "der-parser"
+version = "8.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e"
+dependencies = [
+ "asn1-rs",
+ "displaydoc",
+ "nom",
+ "num-bigint",
+ "num-traits",
+ "rusticata-macros",
+]
+
 [[package]]
 name = "deranged"
 version = "0.3.11"
@@ -374,6 +427,17 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "displaydoc"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.55",
+]
+
 [[package]]
 name = "encoding_rs"
 version = "0.8.33"
@@ -894,6 +958,12 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
 [[package]]
 name = "miniz_oxide"
 version = "0.7.2"
@@ -926,12 +996,42 @@ dependencies = [
  "memoffset",
 ]
 
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "num-bigint"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-conv"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 
+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
 [[package]]
 name = "num-traits"
 version = "0.2.18"
@@ -960,6 +1060,15 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "oid-registry"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9bedf36ffb6ba96c2eb7144ef6270557b52e54b20c0a8e1eb2ff99a6c6959bff"
+dependencies = [
+ "asn1-rs",
+]
+
 [[package]]
 name = "once_cell"
 version = "1.19.0"
@@ -1049,6 +1158,16 @@ version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c"
 
+[[package]]
+name = "pem"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310"
+dependencies = [
+ "base64 0.21.7",
+ "serde",
+]
+
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -1375,7 +1494,9 @@ dependencies = [
  "log",
  "pingora",
  "pretty_env_logger",
+ "rcgen",
  "structopt",
+ "time",
  "tokio",
 ]
 
@@ -1418,6 +1539,20 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "rcgen"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48406db8ac1f3cbc7dcdb56ec355343817958a356ff430259bb07baf7607e1e1"
+dependencies = [
+ "pem",
+ "ring 0.17.8",
+ "time",
+ "x509-parser",
+ "yasna",
+ "zeroize",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.4.1"
@@ -1497,6 +1632,21 @@ dependencies = [
  "winreg",
 ]
 
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin 0.5.2",
+ "untrusted 0.7.1",
+ "web-sys",
+ "winapi",
+]
+
 [[package]]
 name = "ring"
 version = "0.17.8"
@@ -1507,8 +1657,8 @@ dependencies = [
  "cfg-if",
  "getrandom",
  "libc",
- "spin",
- "untrusted",
+ "spin 0.9.8",
+ "untrusted 0.9.0",
  "windows-sys 0.52.0",
 ]
 
@@ -1559,6 +1709,15 @@ dependencies = [
  "semver",
 ]
 
+[[package]]
+name = "rusticata-macros"
+version = "4.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
+dependencies = [
+ "nom",
+]
+
 [[package]]
 name = "rustls"
 version = "0.21.10"
@@ -1566,7 +1725,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
 dependencies = [
  "log",
- "ring",
+ "ring 0.17.8",
  "rustls-webpki",
  "sct",
 ]
@@ -1586,8 +1745,8 @@ version = "0.101.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
 dependencies = [
- "ring",
- "untrusted",
+ "ring 0.17.8",
+ "untrusted 0.9.0",
 ]
 
 [[package]]
@@ -1635,8 +1794,8 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
 dependencies = [
- "ring",
- "untrusted",
+ "ring 0.17.8",
+ "untrusted 0.9.0",
 ]
 
 [[package]]
@@ -1825,6 +1984,12 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
 [[package]]
 name = "spin"
 version = "0.9.8"
@@ -1895,6 +2060,18 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160"
 
+[[package]]
+name = "synstructure"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "unicode-xid",
+]
+
 [[package]]
 name = "system-configuration"
 version = "0.5.1"
@@ -2226,6 +2403,18 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
 
+[[package]]
+name = "unicode-xid"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
+
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
 [[package]]
 name = "untrusted"
 version = "0.9.0"
@@ -2542,6 +2731,24 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "x509-parser"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7069fba5b66b9193bd2c5d3d4ff12b839118f6bcbef5328efafafb5395cf63da"
+dependencies = [
+ "asn1-rs",
+ "data-encoding",
+ "der-parser",
+ "lazy_static",
+ "nom",
+ "oid-registry",
+ "ring 0.16.20",
+ "rusticata-macros",
+ "thiserror",
+ "time",
+]
+
 [[package]]
 name = "yaml-rust"
 version = "0.4.5"
@@ -2551,6 +2758,15 @@ dependencies = [
  "linked-hash-map",
 ]
 
+[[package]]
+name = "yasna"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
+dependencies = [
+ "time",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.32"
@@ -2571,6 +2787,12 @@ dependencies = [
  "syn 2.0.55",
 ]
 
+[[package]]
+name = "zeroize"
+version = "1.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+
 [[package]]
 name = "zstd"
 version = "0.9.2+zstd.1.5.1"
diff --git a/Cargo.toml b/Cargo.toml
index b7491b8..32798a6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,4 +13,6 @@ async-trait = "0.1"
 log = "0.4"
 http = "1.1"
 structopt = "0.3"
-base64 = "0.22.0"
+base64 = "0.22"
+rcgen = { version = "0.12", features = ["zeroize", "x509-parser"] }
+time = "0.3"
diff --git a/src/main.rs b/src/main.rs
index 9c4e00d..e257375 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -8,9 +8,12 @@ use structopt::StructOpt;
 
 mod app;
 mod service;
+mod main2;
 
 pub fn main() {
     init_logger();
+    main2::test_main();
+    panic!("END");
 
     let opt = Some(Opt::from_args());
     let mut my_server = Server::new(opt).unwrap();
diff --git a/src/main2.rs b/src/main2.rs
new file mode 100644
index 0000000..7face26
--- /dev/null
+++ b/src/main2.rs
@@ -0,0 +1,64 @@
+use std::fs;
+
+use rcgen::{BasicConstraints, Certificate, CertificateParams, DnType, DnValue::PrintableString, ExtendedKeyUsagePurpose, IsCa, KeyPair, KeyUsagePurpose};
+use time::{Duration, OffsetDateTime};
+
+/// Example demonstrating signing end-endity certificate with ca
+pub fn test_main() {
+    let ca_pem = fs::read_to_string("__ignore_intermediate_cert.pem").unwrap();
+    let key_pem = fs::read_to_string("__ignore_intermediate_pri_key.pem").unwrap();
+    let k = KeyPair::from_pem(&key_pem).unwrap();
+
+    // let k = KeyPair::from_pem_and_sign_algo(&key_pem, &PKCS_ECDSA_P384_SHA384).unwrap();
+
+    let certificate_params = CertificateParams::from_ca_cert_pem(&ca_pem, k).unwrap();
+    let ca = Certificate::from_params(certificate_params).unwrap();
+
+    // let ca = new_ca();
+    let end_entity = new_end_entity();
+
+    let end_entity_pem = end_entity.serialize_pem_with_signer(&ca).unwrap();
+    println!("directly signed end-entity certificate: {end_entity_pem}");
+    let end_entity_key_pem = end_entity.serialize_private_key_pem();
+    println!("directly signed end-entity key: {end_entity_key_pem}");
+
+    let ca_cert_pem = ca.serialize_pem().unwrap();
+    println!("ca certificate: {ca_cert_pem}", );
+}
+
+fn new_ca() -> Certificate {
+    let mut params = CertificateParams::new(Vec::default());
+    let (start, end) = validity_period();
+    params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
+    params.distinguished_name.get(&DnType::CommonName);
+    params.distinguished_name.push(DnType::CommonName, "Hatter Test CA");
+    params.distinguished_name.push(DnType::CountryName, PrintableString("CN".into()));
+    params.distinguished_name.push(DnType::OrganizationName, "Hatter Ink");
+    params.key_usages.push(KeyUsagePurpose::DigitalSignature);
+    params.key_usages.push(KeyUsagePurpose::KeyCertSign);
+    params.key_usages.push(KeyUsagePurpose::CrlSign);
+    params.not_before = start;
+    params.not_after = end;
+    Certificate::from_params(params).unwrap()
+}
+
+fn new_end_entity() -> Certificate {
+    let name = "demo.example.com";
+    let mut params = CertificateParams::new(vec![name.into()]);
+    let (start, end) = validity_period();
+    params.distinguished_name.push(DnType::CommonName, name);
+    params.use_authority_key_identifier_extension = true;
+    params.key_usages.push(KeyUsagePurpose::DigitalSignature);
+    params.is_ca = IsCa::NoCa;
+    params.extended_key_usages.push(ExtendedKeyUsagePurpose::ServerAuth);
+    params.extended_key_usages.push(ExtendedKeyUsagePurpose::ClientAuth);
+    params.not_before = start;
+    params.not_after = end;
+    Certificate::from_params(params).unwrap()
+}
+
+fn validity_period() -> (OffsetDateTime, OffsetDateTime) {
+    let start = OffsetDateTime::now_utc().checked_sub(Duration::hours(1)).unwrap();
+    let end = OffsetDateTime::now_utc().checked_add(Duration::days(90)).unwrap();
+    (start, end)
+}