A functional rustls-cert-gen with basic parameters.

This is basically #185 minus #188 and #189. The structure also differs
as sub modules have been inlined in `main.rs` and `cert.rs`. `anyhow`
has also been added as a dependency to replace the `Result` alias.

Closes #175

includes review fixes such as:

  * remove top-level rsa dependency
  * inline parse_san
  * Check for presence of EKU before pushing.
  * Replace `struct Signature` struct w/ `enum KeypairAlgorithm`
  * update some doc strings
  * make EndEntity and Ca public so they appear in the docs

Author: tbro

Cargo.lock

@@ -3,7 +3,10 @@ members = ["rcgen", "rustls-cert-gen"]
 resolver = "2"
 
 [workspace.dependencies]
-pem = { version = "3.0.2" }
+pem = "3.0.2"
+rand = "0.8"
+ring = "0.17"
+x509-parser = "0.15.1"
 
 [workspace.package]
 license = "MIT OR Apache-2.0"

Cargo.toml

@@ -23,10 +23,10 @@ required-features = ["pem", "x509-parser"]
 
 [dependencies]
 yasna = { version = "0.5.2", features = ["time", "std"] }
-ring = "0.17"
+ring = { workspace = true }
 pem = { workspace = true, optional = true }
 time = { version = "0.3.6", default-features = false }
-x509-parser = { version = "0.15", features = ["verify"], optional = true }
+x509-parser = { workspace = true, features = ["verify"], optional = true }
 zeroize = { version = "1.2", optional = true }
 
 [features]
@@ -37,8 +37,8 @@ features = ["x509-parser"]
 
 [dev-dependencies]
 openssl = "0.10"
-x509-parser = { version = "0.15", features = ["verify"] }
+x509-parser = { workspace = true, features = ["verify"] }
 rustls-webpki = { version = "0.101.0", features = ["std"] }
 botan = { version = "0.10", features = ["vendored"] }
-rand = "0.8"
-rsa = "0.9"
+rand = { workspace = true }
+rsa = { version = "0.9" }

rcgen/Cargo.toml

@@ -7,5 +7,13 @@ edition.workspace = true
 keywords.workspace = true
 
 [dependencies]
-rcgen = { path = "../rcgen" }
+bpaf = { version = "0.9.5", features = ["derive"] }
 pem = { workspace = true }
+rcgen = { path = "../rcgen" }
+ring = { workspace = true }
+rand = { workspace = true }
+anyhow = "1.0.75"
+
+[dev-dependencies]
+assert_fs = "1.0.13"
+x509-parser = { workspace = true, features = ["verify"] }

rustls-cert-gen/Cargo.toml

@@ -0,0 +1,30 @@
+# rustls-cert-gen
+
+`rustls-cert-gen` is a tool to generate TLS certificates. In its
+current state it will generate a Root CA and an end-entity
+certificate, along with private keys. The end-entity certificate will
+be signed by the Root CA.
+
+## Usage
+Having compiled the binary you can simply pass a path to output
+generated files.
+
+	cargo run -- -o output/dir
+
+In the output directory you will find these files:
+
+  * `cert.pem`  (end-entity's X.509 certificate, signed by `root-ca`'s key)
+  * `cert.key.pem` (end-entity's private key)
+  * `root-ca.pem` (ca's self-signed X.509 certificate)
+
+For a complete list of supported options:
+
+	rustls-cert-gen --help
+
+## FAQ
+
+#### What signature schemes are available?
+
+  * `pkcs_ecdsa_p256_sha256`
+  * `pkcs_ecdsa_p384_sha384`
+  * `pkcs_ed25519`