Add builder_with_rsa and builder_with_ecdsa helpers

sbernauer · sbernauer · commit fd19a03359f7 · 2025-05-27T13:39:45.000+02:00
diff --git a/crates/stackable-certs/src/ca/ca_builder.rs b/crates/stackable-certs/src/ca/ca_builder.rs
@@ -81,6 +81,19 @@ where
 ///     .build()
 ///     .expect("failed to build CA");
 /// ```
+///
+/// Instead of using generics to determine the algorithm to use you can also use [`CertificateAuthority::builder_with_rsa`]
+/// or [`CertificateAuthority::builder_with_ecdsa`] instead:
+///
+/// ```no_run
+/// use stackable_certs::{
+///     keys::ecdsa, ca::CertificateAuthority,
+/// };
+///
+/// let ca = CertificateAuthority::builder_with_ecdsa()
+///     .build()
+///     .expect("failed to build CA");
+/// ```
 #[derive(Builder)]
 #[builder(start_fn = start_builder, finish_fn = finish_builder)]
 pub struct CertificateAuthorityBuilder<'a, SKP>
@@ -211,11 +224,11 @@ mod tests {
     use x509_cert::certificate::TbsCertificateInner;
 
     use super::*;
-    use crate::keys::{ecdsa, rsa};
+    use crate::keys::rsa;
 
     #[test]
     fn minimal_ca() {
-        let ca: CertificateAuthority<ecdsa::SigningKey> = CertificateAuthority::builder()
+        let ca = CertificateAuthority::builder_with_ecdsa()
             .build()
             .expect("failed to build CA");
 
diff --git a/crates/stackable-certs/src/ca/mod.rs b/crates/stackable-certs/src/ca/mod.rs
@@ -4,7 +4,10 @@ use std::fmt::Debug;
 
 use x509_cert::{Certificate, name::RdnSequence, spki::EncodePublicKey};
 
-use crate::{CertificatePair, keys::CertificateKeypair};
+use crate::{
+    CertificatePair,
+    keys::{CertificateKeypair, ecdsa, rsa},
+};
 
 mod ca_builder;
 mod consts;
@@ -13,8 +16,10 @@ pub use ca_builder::*;
 pub use consts::*;
 pub use k8s::*;
 
-/// A certificate authority (CA) which is used to generate and sign
-/// intermediate or leaf certificates.
+/// A certificate authority (CA) which is used to generate and sign intermediate or leaf
+/// certificates.
+///
+/// Use [`CertificateAuthorityBuilder`] to create new certificates.
 #[derive(Debug)]
 pub struct CertificateAuthority<SK>
 where
@@ -33,6 +38,7 @@ where
         Self { certificate_pair }
     }
 
+    /// Use this function in combination with [`CertificateAuthorityBuilder`] to create new CAs.
     pub fn builder() -> CertificateAuthorityBuilderBuilder<'static, SK> {
         CertificateAuthorityBuilder::start_builder()
     }
@@ -49,3 +55,17 @@ where
         &self.ca_cert().tbs_certificate.issuer
     }
 }
+
+impl CertificateAuthority<rsa::SigningKey> {
+    /// Same as [`Self::builder`], but enforces the RSA algorithm for key creation.
+    pub fn builder_with_rsa() -> CertificateAuthorityBuilderBuilder<'static, rsa::SigningKey> {
+        Self::builder()
+    }
+}
+
+impl CertificateAuthority<ecdsa::SigningKey> {
+    /// Same as [`Self::builder`], but enforces the ecdsa algorithm for key creation.
+    pub fn builder_with_ecdsa() -> CertificateAuthorityBuilderBuilder<'static, ecdsa::SigningKey> {
+        Self::builder()
+    }
+}
diff --git a/crates/stackable-certs/src/cert_builder.rs b/crates/stackable-certs/src/cert_builder.rs
@@ -267,11 +267,11 @@ mod tests {
     };
 
     use super::*;
-    use crate::keys::{ecdsa, rsa};
+    use crate::keys::rsa;
 
     #[test]
     fn minimal_certificate() {
-        let ca = CertificateAuthority::<ecdsa::SigningKey>::builder()
+        let ca = CertificateAuthority::builder_with_ecdsa()
             .build()
             .expect("failed to build CA");
 
@@ -292,7 +292,7 @@ mod tests {
 
     #[test]
     fn customized_certificate() {
-        let ca = CertificateAuthority::builder()
+        let ca = CertificateAuthority::builder_with_rsa()
             .build()
             .expect("failed to build CA");
 
diff --git a/crates/stackable-certs/src/lib.rs b/crates/stackable-certs/src/lib.rs
@@ -99,6 +99,8 @@ impl<E: snafu::Error + std::cmp::PartialEq> PartialEq for CertificatePairError<E
 /// internally to store the signing key pair which is used to sign the CA
 /// itself (self-signed) and all child leaf certificates. Leaf certificates on
 /// the other hand use this to store the bound keypair.
+///
+/// Use [`CertificateBuilder`] to create new certificates.
 #[derive(Debug)]
 pub struct CertificatePair<S>
 where
@@ -121,6 +123,7 @@ where
         }
     }
 
+    /// Use this function in combination with [`CertificateBuilder`] to create new CAs.
     pub fn builder() -> CertificateBuilderBuilder<'static, S> {
         CertificateBuilder::start_builder()
     }
diff --git a/crates/stackable-webhook/src/tls.rs b/crates/stackable-webhook/src/tls.rs
@@ -109,7 +109,7 @@ impl TlsServer {
         // blocked.
         // See https://docs.rs/tokio/latest/tokio/task/fn.spawn_blocking.html
         let task = tokio::task::spawn_blocking(move || {
-            let ca = CertificateAuthority::<ecdsa::SigningKey>::builder()
+            let ca = CertificateAuthority::builder_with_ecdsa()
                 .build()
                 .context(CreateCertificateAuthoritySnafu)?;
 

Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,8 @@ impl<E: snafu::Error + std::cmp::PartialEq> PartialEq for CertificatePairError<E`
`99`	`99`	`/// internally to store the signing key pair which is used to sign the CA`
`100`	`100`	`/// itself (self-signed) and all child leaf certificates. Leaf certificates on`
`101`	`101`	`/// the other hand use this to store the bound keypair.`
	`102`	`+///`
	`103`	+/// Use [`CertificateBuilder`] to create new certificates.
`102`	`104`	`#[derive(Debug)]`
`103`	`105`	`pub struct CertificatePair<S>`
`104`	`106`	`where`
`@@ -121,6 +123,7 @@ where`
`121`	`123`	`}`
`122`	`124`	`}`
`123`	`125`
	`126`	+ /// Use this function in combination with [`CertificateBuilder`] to create new CAs.
`124`	`127`	`pub fn builder() -> CertificateBuilderBuilder<'static, S> {`
`125`	`128`	`CertificateBuilder::start_builder()`
`126`	`129`	`}`