chore: update partial ssl.rs to rcgen

__test__/manifest.spec.ts

@@ -75,7 +75,7 @@ test("single large file", async (t) => {
   const writeStream = fs.createWriteStream(testFile);
   randomReadStream.pipe(writeStream);
 
-  await new Promise((r) => randomReadStream.on("end", r));
+  await new Promise<void>((r) => randomReadStream.on("end", r));
 
   const manifest: {
     [key: string]: { lengths: number[] };

__test__/trust.spec.ts

@@ -4,7 +4,10 @@ import {
   generateRootCa,
   generateClientCertificate,
   verifyClientCertificate,
+  signNonce,
+  verifyNonce,
 } from "../index.js";
+import { randomUUID, sign } from "crypto";
 
 test("generate ca", (t) => {
   const [pub, priv] = generateRootCa();
@@ -36,7 +39,48 @@ test("trust chain", (t) => {
     priv
   );
 
+  const [invalidPub, invalidPriv] = generateRootCa();
+
   const valid = verifyClientCertificate(clientPub, pub);
   if (valid) return t.pass();
+
+  const invalid = verifyClientCertificate(invalidPub, pub);
+  if (!invalid) return t.pass();
+
   return t.fail();
 });
+
+test("nonce signing", (t) => {
+  const [pub, priv] = generateRootCa();
+  const [clientPub, clientPriv] = generateClientCertificate(
+    "test",
+    "test",
+    pub,
+    priv
+  );
+
+  const nonce = randomUUID();
+
+  const signature = signNonce(clientPriv, nonce);
+
+  return t.pass();
+});
+
+test("nonce signing, and verification", (t) => {
+  const [pub, priv] = generateRootCa();
+  const [clientPub, clientPriv] = generateClientCertificate(
+    "test",
+    "test",
+    pub,
+    priv
+  );
+
+  const nonce = randomUUID();
+
+  const signature = signNonce(clientPriv, nonce);
+  const valid = verifyNonce(clientPub, nonce, signature);
+
+  if (!valid) return t.fail();
+
+  return t.pass();
+});