Expand description
§TLS Certificate Management Module
This module provides a comprehensive certificate management system for HTTPS services. It manages a root CA certificate and generates server certificates signed by the CA.
§Certificate Hierarchy
Root CA (stored in keyring)
└── Server Certificates (cached, per hostname)
├── code.editor.land
├── api.editor.land
└── ...other services§Trust Model
- The webview must trust the CA certificate to validate server certificates
- CA certificate is stored in OS keyring for persistence
- Server certificates are automatically generated and renewed
§Usage Example
use Binary::Build::CertificateManager::{CertificateInfo, CertificateManager};
async fn setup_tls() -> anyhow::Result<()> {
let mut cert_manager = CertificateManager::new("myapp").await?;
// Initialize or load CA certificate
cert_manager.initialize_ca().await?;
// Get server configuration for a service
let server_config = cert_manager.get_server_cert("code.editor.land").await?;
// Get CA certificate PEM for webview installation
let ca_cert = cert_manager.get_ca_cert_pem().unwrap();
Ok(())
}§Security Considerations
- All certificates use ECDSA P-256 curve (matching DNSSEC algorithm)
- CA private key is stored securely in OS keyring
- Private keys are never logged or exposed
- Certificates have automatic renewal before expiry
Structs§
- Cert
Validity 🔒Result - Certificate validity check result
- Certificate
Info - Certificate information for display and validation
- Certificate
Manager - Main certificate manager for TLS infrastructure
- Server
Cert 🔒Data - Server certificate data including PEM formats and rustls configuration