(args: GenCaCertArgs)
| 334 | } |
| 335 | |
| 336 | fn cmd_gen_ca_cert(args: GenCaCertArgs) -> Result<()> { |
| 337 | use ra_tls::cert::CertRequest; |
| 338 | use ra_tls::rcgen::{KeyPair, PKCS_ECDSA_P256_SHA256}; |
| 339 | |
| 340 | let key = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256)?; |
| 341 | let pubkey = key.public_key_der(); |
| 342 | let report_data = QuoteContentType::KmsRootCa.to_report_data(&pubkey); |
| 343 | let attestation = Attestation::quote(&report_data) |
| 344 | .context("Failed to get attestation")? |
| 345 | .into_versioned(); |
| 346 | |
| 347 | let req = CertRequest::builder() |
| 348 | .subject("App Root CA") |
| 349 | .attestation(&attestation) |
| 350 | .key(&key) |
| 351 | .ca_level(args.ca_level) |
| 352 | .build(); |
| 353 | |
| 354 | let cert = req |
| 355 | .self_signed() |
| 356 | .context("Failed to self-sign certificate")?; |
| 357 | fs::write(&args.cert, cert.pem()).context("Failed to write certificate")?; |
| 358 | fs::write(&args.key, key.serialize_pem()).context("Failed to write private key")?; |
| 359 | Ok(()) |
| 360 | } |
| 361 | |
| 362 | fn cmd_gen_app_keys(args: GenAppKeysArgs) -> Result<()> { |
| 363 | use ra_tls::rcgen::{KeyPair, PKCS_ECDSA_P256_SHA256}; |
no test coverage detected