vendor/tokio-rustls/tests/certs/main.rs

//! An ignored-by-default integration test that regenerates vendored certs.
//! Run with `cargo test -- --ignored` when test certificates need updating.
//! Suitable for test certificates only. Not a production CA ;-)

use rcgen::{
    BasicConstraints, CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose, IsCa,
    Issuer, KeyPair, KeyUsagePurpose,
};
use std::fs::File;
use std::io::Write;

#[test]
#[ignore]
fn regenerate_certs() {
    let root = {
        let key = KeyPair::generate().unwrap();
        let params = issuer_params("Rustls Robust Root");
        let cert = params.self_signed(&key).unwrap();
        (Issuer::new(params, key), cert)
    };

    let mut root_file = File::create("tests/certs/root.pem").unwrap();
    root_file.write_all(root.1.pem().as_bytes()).unwrap();

    let intermediate = {
        let key = KeyPair::generate().unwrap();
        let params = issuer_params("Rustls Robust Root - Rung 2");
        let cert = params.signed_by(&key, &root.0).unwrap();
        (Issuer::new(params, key), cert)
    };

    let end_entity_key = KeyPair::generate().unwrap();
    let mut end_entity_params =
        CertificateParams::new(vec![utils::TEST_SERVER_DOMAIN.to_string()]).unwrap();
    end_entity_params.is_ca = IsCa::ExplicitNoCa;
    end_entity_params.extended_key_usages = vec![
        ExtendedKeyUsagePurpose::ServerAuth,
        ExtendedKeyUsagePurpose::ClientAuth,
    ];

    let end_entity = end_entity_params
        .signed_by(&end_entity_key, &intermediate.0)
        .unwrap();

    let mut chain_file = File::create("tests/certs/chain.pem").unwrap();
    chain_file.write_all(end_entity.pem().as_bytes()).unwrap();
    chain_file
        .write_all(intermediate.1.pem().as_bytes())
        .unwrap();

    let mut key_file = File::create("tests/certs/end.key").unwrap();
    key_file
        .write_all(end_entity_key.serialize_pem().as_bytes())
        .unwrap();
}

fn issuer_params(common_name: &str) -> CertificateParams {
    let mut issuer_name = DistinguishedName::new();
    issuer_name.push(DnType::CommonName, common_name);
    let mut issuer_params = CertificateParams::default();
    issuer_params.distinguished_name = issuer_name;
    issuer_params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
    issuer_params.key_usages = vec![
        KeyUsagePurpose::KeyCertSign,
        KeyUsagePurpose::DigitalSignature,
    ];
    issuer_params
}

// For the server name constant.
include!("../utils.rs");
chore: checkpoint before Python removal 2026-03-26 22:33:59 +00:00			`//! An ignored-by-default integration test that regenerates vendored certs.`
			//! Run with `cargo test -- --ignored` when test certificates need updating.
			`//! Suitable for test certificates only. Not a production CA ;-)`

			`use rcgen::{`
			`BasicConstraints, CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose, IsCa,`
			`Issuer, KeyPair, KeyUsagePurpose,`
			`};`
			`use std::fs::File;`
			`use std::io::Write;`

			`#[test]`
			`#[ignore]`
			`fn regenerate_certs() {`
			`let root = {`
			`let key = KeyPair::generate().unwrap();`
			`let params = issuer_params("Rustls Robust Root");`
			`let cert = params.self_signed(&key).unwrap();`
			`(Issuer::new(params, key), cert)`
			`};`

			`let mut root_file = File::create("tests/certs/root.pem").unwrap();`
			`root_file.write_all(root.1.pem().as_bytes()).unwrap();`

			`let intermediate = {`
			`let key = KeyPair::generate().unwrap();`
			`let params = issuer_params("Rustls Robust Root - Rung 2");`
			`let cert = params.signed_by(&key, &root.0).unwrap();`
			`(Issuer::new(params, key), cert)`
			`};`

			`let end_entity_key = KeyPair::generate().unwrap();`
			`let mut end_entity_params =`
			`CertificateParams::new(vec![utils::TEST_SERVER_DOMAIN.to_string()]).unwrap();`
			`end_entity_params.is_ca = IsCa::ExplicitNoCa;`
			`end_entity_params.extended_key_usages = vec![`
			`ExtendedKeyUsagePurpose::ServerAuth,`
			`ExtendedKeyUsagePurpose::ClientAuth,`
			`];`

			`let end_entity = end_entity_params`
			`.signed_by(&end_entity_key, &intermediate.0)`
			`.unwrap();`

			`let mut chain_file = File::create("tests/certs/chain.pem").unwrap();`
			`chain_file.write_all(end_entity.pem().as_bytes()).unwrap();`
			`chain_file`
			`.write_all(intermediate.1.pem().as_bytes())`
			`.unwrap();`

			`let mut key_file = File::create("tests/certs/end.key").unwrap();`
			`key_file`
			`.write_all(end_entity_key.serialize_pem().as_bytes())`
			`.unwrap();`
			`}`

			`fn issuer_params(common_name: &str) -> CertificateParams {`
			`let mut issuer_name = DistinguishedName::new();`
			`issuer_name.push(DnType::CommonName, common_name);`
			`let mut issuer_params = CertificateParams::default();`
			`issuer_params.distinguished_name = issuer_name;`
			`issuer_params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);`
			`issuer_params.key_usages = vec![`
			`KeyUsagePurpose::KeyCertSign,`
			`KeyUsagePurpose::DigitalSignature,`
			`];`
			`issuer_params`
			`}`

			`// For the server name constant.`
			`include!("../utils.rs");`