Add KeyPair::generate() method

rcgen/examples/sign-leaf-with-ca.rs

@@ -33,7 +33,7 @@ fn new_ca() -> Certificate {
 	params.not_before = yesterday;
 	params.not_after = tomorrow;
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	Certificate::generate_self_signed(params, &key_pair).unwrap()
 }
 
@@ -50,7 +50,7 @@ fn new_end_entity() -> Certificate {
 	params.not_before = yesterday;
 	params.not_after = tomorrow;
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	Certificate::generate_self_signed(params, &key_pair).unwrap()
 }
 

rcgen/examples/simple.rs

@@ -19,7 +19,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 		SanType::DnsName("localhost".to_string()),
 	];
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256)?;
+	let key_pair = KeyPair::generate()?;
 	let cert = Certificate::generate_self_signed(params, &key_pair)?;
 
 	let pem_serialized = cert.pem();

rcgen/src/crl.rs

@@ -26,7 +26,7 @@ use crate::{Certificate, Error, KeyIdMethod, KeyUsagePurpose, SerialNumber};
 /// let mut issuer_params = CertificateParams::new(vec!["crl.issuer.example.com".to_string()]);
 /// issuer_params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
 /// issuer_params.key_usages = vec![KeyUsagePurpose::KeyCertSign, KeyUsagePurpose::DigitalSignature, KeyUsagePurpose::CrlSign];
-/// let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+/// let key_pair = KeyPair::generate().unwrap();
 /// let issuer = Certificate::generate_self_signed(issuer_params, &key_pair).unwrap();
 /// // Describe a revoked certificate.
 /// let revoked_cert = RevokedCertParams{

rcgen/src/key_pair.rs

@@ -56,6 +56,11 @@ pub struct KeyPair {
 }
 
 impl KeyPair {
+	/// Generate a new random PKCS_ECDSA_P256_SHA256 key pair
+	pub fn generate() -> Result<Self, Error> {
+		Self::generate_for(&PKCS_ECDSA_P256_SHA256)
+	}
+
 	/// Generate a new random key pair for the specified signature algorithm
 	///
 	/// If you're not sure which algorithm to use, [`PKCS_ECDSA_P256_SHA256`] is a good choice.

rcgen/src/lib.rs

@@ -21,7 +21,7 @@ use rcgen::{generate_simple_self_signed, KeyPair};
 let subject_alt_names = vec!["hello.world.example".to_string(),
 	"localhost".to_string()];
 
-let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+let key_pair = KeyPair::generate().unwrap();
 let cert = generate_simple_self_signed(subject_alt_names, &key_pair).unwrap();
 println!("{}", cert.pem());
 println!("{}", key_pair.serialize_pem());
@@ -98,7 +98,7 @@ use rcgen::{generate_simple_self_signed, KeyPair};
 let subject_alt_names = vec!["hello.world.example".to_string(),
 	"localhost".to_string()];
 
-let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+let key_pair = KeyPair::generate().unwrap();
 let cert = generate_simple_self_signed(subject_alt_names, &key_pair).unwrap();
 
 // The certificate is now valid for localhost and the domain "hello.world.example"
@@ -1802,7 +1802,7 @@ mod tests {
 		params.is_ca = IsCa::Ca(BasicConstraints::Constrained(0));
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1840,7 +1840,7 @@ mod tests {
 		params.is_ca = IsCa::Ca(BasicConstraints::Constrained(0));
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1875,7 +1875,7 @@ mod tests {
 		params.extended_key_usages = vec![ExtendedKeyUsagePurpose::Any];
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1901,7 +1901,7 @@ mod tests {
 		];
 
 		// Make the cert
-		let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+		let key_pair = KeyPair::generate().unwrap();
 		let cert = Certificate::generate_self_signed(params, &key_pair).unwrap();
 
 		// Parse it
@@ -1935,12 +1935,12 @@ mod tests {
 
 	#[cfg(feature = "pem")]
 	mod test_pem_serialization {
-		use crate::{Certificate, CertificateParams, KeyPair, PKCS_ECDSA_P256_SHA256};
+		use crate::{Certificate, CertificateParams, KeyPair};
 
 		#[test]
 		#[cfg(windows)]
 		fn test_windows_line_endings() {
-			let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+			let key_pair = KeyPair::generate().unwrap();
 			let cert =
 				Certificate::generate_self_signed(CertificateParams::default(), &key_pair).unwrap();
 			assert!(cert.pem().contains("\r\n"));
@@ -1949,7 +1949,7 @@ mod tests {
 		#[test]
 		#[cfg(not(windows))]
 		fn test_not_windows_line_endings() {
-			let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+			let key_pair = KeyPair::generate().unwrap();
 			let cert =
 				Certificate::generate_self_signed(CertificateParams::default(), &key_pair).unwrap();
 			assert!(!cert.pem().contains('\r'));

rcgen/tests/botan.rs

@@ -132,7 +132,7 @@ fn test_botan_separate_ca() {
 	// Botan has a sanity check that enforces a maximum expiration date
 	params.not_after = rcgen::date_time_ymd(3016, 1, 1);
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &key_pair, &ca_cert, &ca_key).unwrap();
 	check_cert_ca(cert.der(), &cert, ca_cert.der());
 }
@@ -160,7 +160,7 @@ fn test_botan_imported_ca() {
 	// Botan has a sanity check that enforces a maximum expiration date
 	params.not_after = rcgen::date_time_ymd(3016, 1, 1);
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &key_pair, &imported_ca_cert, &ca_key).unwrap();
 	check_cert_ca(cert.der(), &cert, ca_cert_der);
 }
@@ -191,7 +191,7 @@ fn test_botan_imported_ca_with_printable_string() {
 		.push(DnType::CommonName, "Dev domain");
 	// Botan has a sanity check that enforces a maximum expiration date
 	params.not_after = rcgen::date_time_ymd(3016, 1, 1);
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert =
 		Certificate::generate(params, &key_pair, &imported_ca_cert, &imported_ca_key).unwrap();
 

rcgen/tests/openssl.rs

@@ -302,7 +302,7 @@ fn test_openssl_separate_ca() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &ca_cert, &ca_key).unwrap();
 	let key = cert_key.serialize_der();
 
@@ -326,7 +326,7 @@ fn test_openssl_separate_ca_with_printable_string() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &ca_cert, &ca_key).unwrap();
 	let key = cert_key.serialize_der();
 
@@ -377,7 +377,7 @@ fn test_openssl_separate_ca_name_constraints() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &ca_cert, &ca_key).unwrap();
 	let key = cert_key.serialize_der();
 

rcgen/tests/util.rs

@@ -4,7 +4,7 @@ use rcgen::{
 };
 use rcgen::{CertificateRevocationListParams, DnType, IsCa, KeyIdMethod};
 use rcgen::{
-	KeyUsagePurpose, RevocationReason, RevokedCertParams, SerialNumber, PKCS_ECDSA_P256_SHA256,
+	KeyUsagePurpose, RevocationReason, RevokedCertParams, SerialNumber,
 };
 use time::{Duration, OffsetDateTime};
 
@@ -78,7 +78,7 @@ pub fn default_params() -> (CertificateParams, KeyPair) {
 		.distinguished_name
 		.push(DnType::CommonName, "Master CA");
 
-	let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	(params, key_pair)
 }
 

rcgen/tests/webpki.rs

@@ -272,7 +272,7 @@ fn test_webpki_separate_ca() {
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
 
-	let key_pair = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let key_pair = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &key_pair, &ca_cert, &ca_key).unwrap();
 	let sign_fn = |cert, msg| sign_msg_ecdsa(cert, msg, &signature::ECDSA_P256_SHA256_ASN1_SIGNING);
 	check_cert_ca(
@@ -426,7 +426,7 @@ fn test_webpki_imported_ca() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &imported_ca_cert, &ca_key).unwrap();
 
 	let sign_fn = |cert, msg| sign_msg_ecdsa(cert, msg, &signature::ECDSA_P256_SHA256_ASN1_SIGNING);
@@ -464,7 +464,7 @@ fn test_webpki_imported_ca_with_printable_string() {
 	params
 		.distinguished_name
 		.push(DnType::CommonName, "Dev domain");
-	let cert_key = KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256).unwrap();
+	let cert_key = KeyPair::generate().unwrap();
 	let cert = Certificate::generate(params, &cert_key, &imported_ca_cert, &ca_key).unwrap();
 
 	let sign_fn = |cert, msg| sign_msg_ecdsa(cert, msg, &signature::ECDSA_P256_SHA256_ASN1_SIGNING);