in cert/aziot-certd-config/src/lib.rs [655:802]
fn serialize_config() {
let configuration = Config {
homedir_path: "/var/lib/aziot/certd".into(),
max_requests: 50,
cert_issuance: CertIssuance {
est: Some(Est {
trusted_certs: vec!["est-ca".to_owned()],
identity_auto_renew: cert_renewal::AutoRenewConfig::default(),
auth: Some(EstAuth {
basic: None,
x509: Some(EstAuthX509 {
identity: CertificateWithPrivateKey {
cert: "est-id".to_owned(),
pk: "est-id".to_owned(),
},
bootstrap_identity: Some(CertificateWithPrivateKey {
cert: "bootstrap".to_owned(),
pk: "bootstrap".to_owned(),
}),
}),
}),
urls: vec![
(
"default".to_owned(),
"https://estendpoint.com/.well-known/est/".parse().unwrap(),
),
(
"device-ca".to_owned(),
"https://estendpoint.com/.well-known/est/device-ca/"
.parse()
.unwrap(),
),
]
.into_iter()
.collect(),
}),
local_ca: None,
certs: [
(
"device-ca",
CertIssuanceOptions {
method: CertIssuanceMethod::Est {
url: None,
auth: None,
},
expiry_days: None,
subject: Some(CertSubject::Subject(
vec![
("L".to_owned(), "AQ".to_owned()),
("ST".to_owned(), "Antarctica".to_owned()),
("CN".to_owned(), "test-device".to_owned()),
]
.into_iter()
.collect(),
)),
},
),
(
"device-id",
CertIssuanceOptions {
method: CertIssuanceMethod::Est {
url: Some(
"https://estendpoint.com/.well-known/est/device-id/"
.parse()
.unwrap(),
),
auth: Some(EstAuth {
basic: Some(EstAuthBasic {
username: "username".to_owned(),
password: "password".to_owned(),
}),
x509: Some(EstAuthX509 {
identity: CertificateWithPrivateKey {
cert: "device-id".to_owned(),
pk: "device-id".to_owned(),
},
bootstrap_identity: Some(CertificateWithPrivateKey {
cert: "bootstrap".to_owned(),
pk: "bootstrap".to_owned(),
}),
}),
}),
},
expiry_days: Some(365),
subject: Some(CertSubject::CommonName("test-device".to_owned())),
},
),
(
"module-id",
CertIssuanceOptions {
method: CertIssuanceMethod::SelfSigned,
expiry_days: Some(90),
subject: Some(CertSubject::CommonName("custom-name".to_owned())),
},
),
(
"module-server",
CertIssuanceOptions {
method: CertIssuanceMethod::LocalCa,
expiry_days: None,
subject: None,
},
),
]
.iter()
.map(|(id, options)| ((*id).to_owned(), options.clone()))
.collect(),
},
preloaded_certs: vec![
(
"bootstrap".to_owned(),
PreloadedCert::Uri("file:///var/secrets/bootstrap.cer".parse().unwrap()),
),
(
"est-ca".to_owned(),
PreloadedCert::Uri("file:///var/secrets/est-ca.cer".parse().unwrap()),
),
(
"trust-bundle".to_owned(),
PreloadedCert::Ids(vec!["est-ca".to_owned()]),
),
]
.into_iter()
.collect(),
endpoints: Endpoints {
aziot_certd: Connector::Unix {
socket_path: Path::new(concat!(env!("SOCKET_DIR"), "/certd.sock")).into(),
},
aziot_keyd: Connector::Unix {
socket_path: Path::new(concat!(env!("SOCKET_DIR"), "/keyd.sock")).into(),
},
},
principal: vec![Principal {
uid: 1000,
certs: vec!["test".to_string()],
}],
};
let serialized = toml::to_string(&configuration).unwrap();
assert_eq!(configuration, toml::from_str(&serialized).unwrap());
}