From 0e3528baf8f2904d47e3fcc3acc8c690b888dc95 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BE=90=E6=B6=9B?= <midnite@outlook.com>
Date: Tue, 2 Apr 2024 12:29:58 +0800
Subject: [PATCH] =?UTF-8?q?fix(generate):=E4=BF=AE=E5=A4=8D=E5=85=AC?=
 =?UTF-8?q?=E9=92=A5=E8=AF=81=E4=B9=A6=E6=97=A0=E6=B3=95=E7=94=9F=E6=88=90?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cert_lib/src/lib.rs | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/cert_lib/src/lib.rs b/cert_lib/src/lib.rs
index 0e3039f..d7f76ed 100644
--- a/cert_lib/src/lib.rs
+++ b/cert_lib/src/lib.rs
@@ -4,7 +4,8 @@ use std::path::PathBuf;
 use std::{io, path::Path};
 
 use openssl::bn::BigNumContext;
-use openssl::x509::X509;
+use openssl::hash::MessageDigest;
+use openssl::x509::{X509NameBuilder, X509};
 use openssl::{
     asn1::{Asn1Integer, Asn1Time},
     bn::BigNum,
@@ -33,11 +34,21 @@ pub fn generate_certificate(
 ) -> anyhow::Result<()> {
     let rsa = Rsa::generate(key_length)?;
     let private_key = rsa.private_key_to_pem()?;
-    let mut builder = X509Builder::new()?;
-    builder.set_version(version)?;
     let pkey = PKey::from_rsa(rsa)?;
+    let mut builder = X509Builder::new()?;
     builder.set_pubkey(&pkey)?;
 
+    let mut x509_name = X509NameBuilder::new()?;
+    x509_name.append_entry_by_text("CN", certificate_name)?;
+    x509_name.append_entry_by_text("C", "CN")?;
+    x509_name.append_entry_by_text("ST", "Hebei")?;
+    x509_name.append_entry_by_text("L", "Shi Jiazhuang")?;
+    x509_name.append_entry_by_text("O", "archgrid.xyz")?;
+    let x509_name = x509_name.build();
+    builder.set_subject_name(&x509_name)?;
+    builder.set_issuer_name(&x509_name)?;
+    builder.set_version(version)?;
+
     let not_before = Asn1Time::days_from_now(0)?;
     let not_after = Asn1Time::days_from_now(available_days)?;
     builder.set_not_before(&not_before)?;
@@ -46,6 +57,8 @@ pub fn generate_certificate(
     let sn = Asn1Integer::from_bn(&serial_number)?;
     builder.set_serial_number(&sn)?;
 
+    builder.sign(&pkey, MessageDigest::sha256())?;
+
     let certificate = builder.build();
 
     let store_path = PathBuf::from(storage_path);
@@ -54,7 +67,8 @@ pub fn generate_certificate(
     let cert_path = store_path.clone().join(format!("{}.pem", certificate_name));
     let cert_file = File::create(cert_path)?;
     let mut writer = BufWriter::new(cert_file);
-    writer.write_all(&certificate.to_pem()?)?;
+    let cert_data = certificate.to_pem()?;
+    writer.write_all(&cert_data)?;
     writer.flush()?;
 
     let private_key_path = store_path.join(format!("{}.key", certificate_name));