diff --git a/Cargo.lock b/Cargo.lock
index 23e7230..4907642 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,6 +2,15 @@
 # It is not intended for manual editing.
 version = 3
 
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "autocfg"
 version = "1.1.0"
@@ -14,27 +23,324 @@ version = "0.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a"
 
+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "bumpalo"
+version = "3.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8"
+
 [[package]]
 name = "byteorder"
 version = "1.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
 
+[[package]]
+name = "cc"
+version = "1.0.79"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "chrono"
+version = "0.4.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e3c5919066adf22df73762e50cffcde3a758f2a848b113b586d1f86728b673b"
+dependencies = [
+ "iana-time-zone",
+ "js-sys",
+ "num-integer",
+ "num-traits",
+ "time",
+ "wasm-bindgen",
+ "winapi",
+]
+
+[[package]]
+name = "codespan-reporting"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
+dependencies = [
+ "termcolor",
+ "unicode-width",
+]
+
+[[package]]
+name = "const-oid"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913"
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e4c1eaa2012c47becbbad2ab175484c2a84d1185b566fb2cc5b8707343dfe58"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "4.0.0-rc.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "03d928d978dbec61a1167414f5ec534f24bea0d7a0d24dd9b6233d3d8223e585"
+dependencies = [
+ "cfg-if",
+ "digest",
+ "fiat-crypto",
+ "packed_simd_2",
+ "platforms",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "cxx"
+version = "1.0.94"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f61f1b6389c3fe1c316bf8a4dccc90a38208354b330925bce1f74a6c4756eb93"
+dependencies = [
+ "cc",
+ "cxxbridge-flags",
+ "cxxbridge-macro",
+ "link-cplusplus",
+]
+
+[[package]]
+name = "cxx-build"
+version = "1.0.94"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12cee708e8962df2aeb38f594aae5d827c022b6460ac71a7a3e2c3c2aae5a07b"
+dependencies = [
+ "cc",
+ "codespan-reporting",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "scratch",
+ "syn 2.0.15",
+]
+
+[[package]]
+name = "cxxbridge-flags"
+version = "1.0.94"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7944172ae7e4068c533afbb984114a56c46e9ccddda550499caa222902c7f7bb"
+
+[[package]]
+name = "cxxbridge-macro"
+version = "1.0.94"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2345488264226bf682893e25de0769f3360aac9957980ec49361b083ddaa5bc5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.15",
+]
+
+[[package]]
+name = "der"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05e58dffcdcc8ee7b22f0c1f71a69243d7c2d9ad87b5a14361f2424a1565c219"
+dependencies = [
+ "const-oid",
+ "zeroize",
+]
+
+[[package]]
+name = "digest"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+]
+
+[[package]]
+name = "ed25519"
+version = "2.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5fb04eee5d9d907f29e80ee6b0e78f7e2c82342c63e3580d8c4f69d9d5aad963"
+dependencies = [
+ "pkcs8",
+ "signature",
+]
+
+[[package]]
+name = "ed25519-dalek"
+version = "2.0.0-rc.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "798f704d128510932661a3489b08e3f4c934a01d61c5def59ae7b8e48f19665a"
+dependencies = [
+ "curve25519-dalek",
+ "ed25519",
+ "rand_core",
+ "serde",
+ "sha2",
+ "zeroize",
+]
+
+[[package]]
+name = "fiat-crypto"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77"
+
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
 [[package]]
 name = "hex"
 version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
+[[package]]
+name = "iana-time-zone"
+version = "0.1.56"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0722cd7114b7de04316e7ea5456a0bbb20e4adb46fd27a3697adb812cff0f37c"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "wasm-bindgen",
+ "windows",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
+dependencies = [
+ "cxx",
+ "cxx-build",
+]
+
+[[package]]
+name = "js-sys"
+version = "0.3.61"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+dependencies = [
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.142"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317"
+
 [[package]]
 name = "libepf"
 version = "0.1.0"
 dependencies = [
+ "chrono",
+ "ed25519-dalek",
  "hex",
  "pem",
+ "rand",
  "rmp-serde",
  "serde",
  "serde_arrays",
+ "sha2",
+ "x25519-dalek",
+]
+
+[[package]]
+name = "libm"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a"
+
+[[package]]
+name = "link-cplusplus"
+version = "1.0.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "log"
+version = "0.4.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "num-integer"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
+dependencies = [
+ "autocfg",
+ "num-traits",
 ]
 
 [[package]]
@@ -46,6 +352,22 @@ dependencies = [
  "autocfg",
 ]
 
+[[package]]
+name = "once_cell"
+version = "1.17.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
+
+[[package]]
+name = "packed_simd_2"
+version = "0.3.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1914cd452d8fccd6f9db48147b29fd4ae05bea9dc5d9ad578509f72415de282"
+dependencies = [
+ "cfg-if",
+ "libm",
+]
+
 [[package]]
 name = "paste"
 version = "1.0.12"
@@ -62,6 +384,28 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
+[[package]]
+name = "platforms"
+version = "3.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3d7ddaed09e0eb771a79ab0fd64609ba0afb0a8366421957936ad14cbd13630"
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.56"
@@ -80,6 +424,36 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "rand"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+dependencies = [
+ "libc",
+ "rand_chacha",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom",
+]
+
 [[package]]
 name = "rmp"
 version = "0.8.11"
@@ -102,6 +476,12 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "scratch"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1"
+
 [[package]]
 name = "serde"
 version = "1.0.160"
@@ -128,7 +508,51 @@ checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.15",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "signature"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500"
+
+[[package]]
+name = "spki"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "37a5be806ab6f127c3da44b7378837ebf01dadca8510a0e572460216b228bd0e"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
+[[package]]
+name = "subtle"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
 ]
 
 [[package]]
@@ -142,8 +566,241 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "termcolor"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
+dependencies = [
+ "winapi-util",
+]
+
+[[package]]
+name = "time"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a"
+dependencies = [
+ "libc",
+ "wasi 0.10.0+wasi-snapshot-preview1",
+ "winapi",
+]
+
+[[package]]
+name = "typenum"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+
+[[package]]
+name = "unicode-width"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
+
+[[package]]
+name = "version_check"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+
+[[package]]
+name = "wasi"
+version = "0.10.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
+dependencies = [
+ "cfg-if",
+ "wasm-bindgen-macro",
+]
+
+[[package]]
+name = "wasm-bindgen-backend"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
+dependencies = [
+ "bumpalo",
+ "log",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "wasm-bindgen-backend",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-util"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "windows"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f"
+dependencies = [
+ "windows-targets",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b1eb6f0cd7c80c79759c929114ef071b87354ce476d9d94271031c0497adfd5"
+dependencies = [
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
+
+[[package]]
+name = "x25519-dalek"
+version = "2.0.0-rc.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fabd6e16dd08033932fc3265ad4510cc2eab24656058a6dcb107ffe274abcc95"
+dependencies = [
+ "curve25519-dalek",
+ "rand_core",
+ "serde",
+ "zeroize",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"
+dependencies = [
+ "zeroize_derive",
+]
+
+[[package]]
+name = "zeroize_derive"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.15",
+]
diff --git a/libepf/Cargo.toml b/libepf/Cargo.toml
index 2aa1016..d8d0b79 100644
--- a/libepf/Cargo.toml
+++ b/libepf/Cargo.toml
@@ -10,4 +10,9 @@ serde = { version = "1", features = ["derive"] }
 serde_arrays = "0.1" # TODO: Remove. Pending on serde supporting const generics
 rmp-serde = "1"
 pem = "2"
-hex = "0.4"
\ No newline at end of file
+hex = "0.4"
+sha2 = "0.10"
+ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core"] }
+rand = "0.8"
+x25519-dalek = "2.0.0-rc.2"
+chrono = "0.4"
\ No newline at end of file
diff --git a/libepf/src/ca_pool.rs b/libepf/src/ca_pool.rs
new file mode 100644
index 0000000..dcd7002
--- /dev/null
+++ b/libepf/src/ca_pool.rs
@@ -0,0 +1,28 @@
+use std::collections::HashMap;
+use crate::pki::{EPFCertificate, EpfPublicKey};
+
+pub struct EpfCaPool {
+    pub ca_lookup_table: HashMap<EpfPublicKey, EPFCertificate>
+}
+
+pub trait EpfCaPoolOps {
+    fn new() -> Self;
+    fn get_ca(&self, public_key: &EpfPublicKey) -> Option<&EPFCertificate>;
+    fn insert(&mut self, cert: &EPFCertificate);
+}
+
+impl EpfCaPoolOps for EpfCaPool {
+    fn new() -> Self {
+        Self {
+            ca_lookup_table: HashMap::new()
+        }
+    }
+
+    fn get_ca(&self, public_key: &EpfPublicKey) -> Option<&EPFCertificate> {
+        self.ca_lookup_table.get(public_key)
+    }
+
+    fn insert(&mut self, cert: &EPFCertificate) {
+        self.ca_lookup_table.insert(cert.details.public_key, cert.clone());
+    }
+}
\ No newline at end of file
diff --git a/libepf/src/lib.rs b/libepf/src/lib.rs
index aa1c855..cf2a922 100644
--- a/libepf/src/lib.rs
+++ b/libepf/src/lib.rs
@@ -1 +1,3 @@
-pub mod pki;
\ No newline at end of file
+pub mod pki;
+pub mod util;
+pub mod ca_pool;
\ No newline at end of file
diff --git a/libepf/src/pki.rs b/libepf/src/pki.rs
index c967d50..fa45715 100644
--- a/libepf/src/pki.rs
+++ b/libepf/src/pki.rs
@@ -1,16 +1,23 @@
 use std::collections::HashMap;
 use std::error::Error;
 use std::fmt::{Display, Formatter};
+use std::time::{SystemTime};
+use ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};
 use pem::Pem;
 use serde::{Deserialize, Serialize};
+use sha2::{Digest, Sha256};
+use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};
+use crate::util::{pretty_print_date, u64_to_st};
 
 pub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;
 pub const EPFPKI_SIGNATURE_LENGTH: usize = 64;
 
+pub const EPFPKI_SELF_SIGNED_CERTIFICATE: &str = "0000000000000000000000000000000000000000000000000000000000000000";
+
 pub type EpfPublicKey = [u8; 32];
 pub type EpfPrivateKey = [u8; 64];
 
-#[derive(Serialize, Deserialize, PartialEq, Debug, Eq)]
+#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]
 pub struct EPFCertificate {
     pub details: EPFCertificateDetails,
     pub fingerprint: String,
@@ -18,7 +25,7 @@ pub struct EPFCertificate {
     pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]
 }
 
-#[derive(Serialize, Deserialize, PartialEq, Debug, Eq)]
+#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]
 pub struct EPFCertificateDetails {
     pub name: String,
 
@@ -27,8 +34,7 @@ pub struct EPFCertificateDetails {
 
     pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],
 
-    pub issuer_name: String,
-    pub issuer_fingerprint: String,
+    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],
 
     pub claims: HashMap<String, String>
 }
@@ -43,19 +49,155 @@ pub trait EpfPkiSerializable {
     fn from_pem(bytes: &[u8]) -> Result<Self, Box<dyn Error>> where Self: Sized;
 }
 
+pub fn fingerprint(cert: &EPFCertificateDetails) -> Result<String, rmp_serde::encode::Error> {
+    let cert_bytes = rmp_serde::to_vec(cert)?;
+    let mut hasher = Sha256::new();
+    hasher.update(cert_bytes);
+    let hash = hasher.finalize();
+    Ok(hex::encode(hash))
+}
+
+fn load_signing_key(b: &[u8; 64]) -> Result<SigningKey, SignatureError> {
+    SigningKey::from_keypair_bytes(b)
+}
+
+#[derive(Debug)]
+pub enum EpfPkiCertificateValidationError {
+    NoLongerValid { expired_at: SystemTime },
+    NotValidYet { valid_at: SystemTime },
+    InvalidCertificateData { e: rmp_serde::encode::Error },
+    FingerprintDoesNotMatch { expected: String, got: String },
+    InvalidSignature { e: SignatureError },
+    ExpiresAfterSigner,
+    ValidAfterSigner
+}
+
+impl Display for EpfPkiCertificateValidationError {
+    #[cfg_attr(tarpaulin, ignore)]
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        match self {
+            EpfPkiCertificateValidationError::NoLongerValid { expired_at } => write!(f, "Certificate no longer valid (expired at {})", pretty_print_date(expired_at)),
+            EpfPkiCertificateValidationError::NotValidYet { valid_at } => write!(f, "Certificate not valid yet (valid at {})", pretty_print_date(valid_at)),
+            EpfPkiCertificateValidationError::InvalidCertificateData { e } => write!(f, "Unable to serialize cert data: {}", e),
+            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } => write!(f, "Fingerprint mismatch (expected {}, got {})", expected, got),
+            EpfPkiCertificateValidationError::InvalidSignature { e } => write!(f, "Certificate validation error: {}", e),
+            EpfPkiCertificateValidationError::ExpiresAfterSigner => write!(f, "Certificate expires after it's signing certificate"),
+            EpfPkiCertificateValidationError::ValidAfterSigner => write!(f, "Certificate is valid longer than it's signing certificate")
+        }
+    }
+}
+
+pub trait EpfPkiCertificateOps {
+    fn recalculate_fingerprint(&mut self) -> Result<(), rmp_serde::encode::Error>;
+    fn sign(&mut self, private_key: &EpfPrivateKey) -> Result<(), Box<dyn Error>>;
+    fn verify_with_time(&self, time: SystemTime, ca_pool: &EpfCaPool) -> Result<bool, EpfPkiCertificateValidationError>;
+    fn verify(&self, ca_pool: &EpfCaPool) -> Result<bool, EpfPkiCertificateValidationError>;
+}
+impl EpfPkiCertificateOps for EPFCertificate {
+    fn recalculate_fingerprint(&mut self) -> Result<(), rmp_serde::encode::Error> {
+        self.fingerprint = fingerprint(&self.details)?;
+        Ok(())
+    }
+
+    fn sign(&mut self, private_key: &EpfPrivateKey) -> Result<(), Box<dyn Error>> {
+        self.recalculate_fingerprint()?;
+
+        let signing_key = load_signing_key(private_key)?;
+        self.details.issuer_public_key = *signing_key.verifying_key().as_bytes();
+
+        let cert_data_bytes = rmp_serde::to_vec(&self.details)?;
+
+        let signature = signing_key.sign(&cert_data_bytes).to_vec();
+
+        self.signature = signature.try_into().unwrap();
+
+        self.recalculate_fingerprint()?;
+
+        Ok(())
+    }
+
+    fn verify_with_time(&self, time: SystemTime, ca_pool: &EpfCaPool) -> Result<bool, EpfPkiCertificateValidationError> {
+        // Is it expired
+        if u64_to_st(self.details.not_after) < time {
+            return Err(EpfPkiCertificateValidationError::NoLongerValid {expired_at: u64_to_st(self.details.not_after)})
+        }
+
+        // Is it valid yet
+        if u64_to_st(self.details.not_before) > time {
+            return Err(EpfPkiCertificateValidationError::NotValidYet {valid_at: u64_to_st(self.details.not_before)})
+        }
+
+        let fingerprint_on_cert = fingerprint(&self.details).map_err(|e| EpfPkiCertificateValidationError::InvalidCertificateData { e })?;
+
+        // Does the fingerprint match
+        if fingerprint_on_cert != self.fingerprint {
+            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: self.fingerprint.clone(), got: fingerprint_on_cert})
+        }
+
+        // Does the signature match
+        let signature = Signature::from_slice(&self.signature).map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?;
+
+        let is_self_signed;
+
+        println!("{}: {:?} {:?}", self.details.name, self.details.issuer_public_key, self.details.public_key);
+
+        let verifying_key = if self.details.issuer_public_key == self.details.public_key {
+            // self-signed certificate
+            is_self_signed = true;
+            VerifyingKey::from_bytes(&self.details.public_key).map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?
+        } else {
+            is_self_signed = false;
+            VerifyingKey::from_bytes(&self.details.issuer_public_key).map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?
+        };
+
+        let cert_data_bytes = rmp_serde::to_vec(&self.details).map_err(|e| EpfPkiCertificateValidationError::InvalidCertificateData { e })?;
+
+        verifying_key.verify(&cert_data_bytes, &signature).map_err(|e| EpfPkiCertificateValidationError::InvalidSignature { e })?;
+
+        // Signature OK
+
+        // Is the signer trusted?
+        let ca_cert = if is_self_signed {
+            if let Some(cert) = ca_pool.get_ca(&self.details.public_key) {
+                cert
+            } else {
+                return Ok(false);
+            }
+        } else if let Some(cert) = ca_pool.get_ca(&self.details.issuer_public_key) {
+                cert
+        } else {
+            return Ok(false);
+        };
+        // Yes.
+        // Make sure this cert wasnt valid before the CA
+        if ca_cert.details.not_after < self.details.not_after {
+            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);
+        }
+        // Make sure this cert isnt valid after the root
+        if ca_cert.details.not_before > self.details.not_before {
+            return Err(EpfPkiCertificateValidationError::ValidAfterSigner)
+        }
+
+        // Cert OK
+
+        Ok(true)
+    }
+
+    fn verify(&self, ca_pool: &EpfCaPool) -> Result<bool, EpfPkiCertificateValidationError> {
+        self.verify_with_time(SystemTime::now(), ca_pool)
+    }
+}
+
 #[cfg_attr(tarpaulin, ignore)]
 impl Display for EPFCertificate {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
         writeln!(f, "EPFCertificate {{")?;
         writeln!(f, "\tDetails: {{")?;
         writeln!(f, "\t\tName: {}", self.details.name)?;
-        writeln!(f, "\t\tNot Before: {}", self.details.not_before)?;
-        writeln!(f, "\t\tNot After: {}", self.details.not_after)?;
+        writeln!(f, "\t\tNot Before: {}", pretty_print_date(&u64_to_st(self.details.not_before)))?;
+        writeln!(f, "\t\tNot After: {}", pretty_print_date(&u64_to_st(self.details.not_after)))?;
         writeln!(f, "\t\tPublic Key: {}", hex::encode(self.details.public_key))?;
-        writeln!(f, "\t\tIssuer: {{")?;
-        writeln!(f, "\t\t\tName: {}", self.details.issuer_name)?;
-        writeln!(f, "\t\t\tFingerprint: {}", self.details.issuer_fingerprint)?;
-        writeln!(f, "\t\t}}")?;
+        writeln!(f, "\t\tIssuer Fingerprint: {}", hex::encode(self.details.issuer_public_key))?;
         writeln!(f, "\t}}")?;
         writeln!(f, "\tFingerprint: {}", self.fingerprint)?;
         writeln!(f, "\tSignature: {}", hex::encode(self.signature))?;
@@ -138,7 +280,11 @@ impl EpfPkiSerializable for EpfPrivateKey {
 #[cfg(test)]
 mod tests {
     use std::collections::HashMap;
-    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};
+    use std::time::{SystemTime, UNIX_EPOCH};
+    use ed25519_dalek::{SignatureError, SigningKey};
+    use rand::rngs::OsRng;
+    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};
+    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiCertificateOps, EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};
 
     #[test]
     pub fn certificate_serialization() {
@@ -212,15 +358,240 @@ mod tests {
         assert_eq!(EpfPrivateKey::from_pem(&null_private_key_pem()).unwrap(), [0u8; 64])
     }
 
+    #[test]
+    #[should_panic]
+    pub fn privkey_deserialization_pem_wrong_tag() {
+        assert_eq!(EpfPrivateKey::from_pem(&null_public_key_pem()).unwrap(), [0u8; 64])
+    }
+
     #[test]
     pub fn cert_display() {
         println!("{}", cert());
     }
 
     #[test]
-    #[should_panic]
-    pub fn privkey_deserialization_pem_wrong_tag() {
-        EPFCertificate::from_pem(&null_public_key_pem()).unwrap();
+    pub fn cert_fingerprinting() {
+        let mut cert = cert();
+        cert.recalculate_fingerprint().unwrap();
+        assert_eq!(cert.fingerprint, "922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf");
+    }
+
+    #[test]
+    pub fn cert_validation() {
+        let private_key = SigningKey::generate(&mut OsRng);
+        let public_key = private_key.verifying_key();
+
+        let private_key2 = SigningKey::generate(&mut OsRng);
+        let public_key2 = private_key2.verifying_key();
+
+        let mut ca_pool = EpfCaPool::new();
+
+        let mut ca_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing CA".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,
+                public_key: *public_key.as_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        println!("{}", ca_cert);
+
+        assert!(ca_cert.verify(&ca_pool).is_err());
+
+        ca_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+
+        assert!(!ca_cert.verify(&ca_pool).unwrap());
+
+        ca_pool.insert(&ca_cert);
+
+        assert!(ca_cert.verify(&ca_pool).unwrap());
+
+        ca_pool.insert(&ca_cert);
+
+        let mut not_ca_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,
+                public_key: *public_key2.as_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        assert!(not_ca_cert.verify(&ca_pool).is_err());
+        not_ca_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+        assert!(not_ca_cert.verify(&ca_pool).unwrap());
+    }
+
+    #[test]
+    pub fn certificate_verification_expired() {
+        let expired_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Expired".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs(),
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() -20,
+                public_key: [0u8; 32],
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        let ca_pool = EpfCaPool::new();
+
+        assert!(matches!(expired_cert.verify(&ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NoLongerValid { .. }))
+    }
+
+    #[test]
+    pub fn certificate_verification_not_valid_yet() {
+        let not_yet_valid_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Not Yet Valid".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 20,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,
+                public_key: [0u8; 32],
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        let ca_pool = EpfCaPool::new();
+
+        assert!(matches!(not_yet_valid_cert.verify(&ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NotValidYet { .. }))
+    }
+
+    #[test]
+    pub fn certificate_verification_not_trusted() {
+        let private_key = SigningKey::generate(&mut OsRng);
+        let public_key = private_key.verifying_key();
+
+        let mut not_trusted_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Not Trusted".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 20,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,
+                public_key: [0u8; 32],
+                issuer_public_key: *public_key.as_bytes(),
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+        not_trusted_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+
+        let ca_pool = EpfCaPool::new();
+
+        assert!(!not_trusted_cert.verify(&ca_pool).unwrap());
+    }
+
+    #[test]
+    pub fn cert_validation_expires_after_signer() {
+        let private_key = SigningKey::generate(&mut OsRng);
+        let public_key = private_key.verifying_key();
+
+        let private_key2 = SigningKey::generate(&mut OsRng);
+        let public_key2 = private_key2.verifying_key();
+
+        let mut ca_pool = EpfCaPool::new();
+
+        let mut ca_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing CA".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,
+                public_key: *public_key.as_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        ca_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+        ca_pool.insert(&ca_cert);
+
+        let mut not_ca_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Valid After Signer".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 120,
+                public_key: *public_key2.as_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        assert!(not_ca_cert.verify(&ca_pool).is_err());
+        not_ca_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+        assert!(matches!(not_ca_cert.verify(&ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ExpiresAfterSigner));
+    }
+
+    #[test]
+    pub fn cert_validation_valid_after_signer() {
+        let private_key = SigningKey::generate(&mut OsRng);
+        let public_key = private_key.verifying_key();
+
+        let private_key2 = SigningKey::generate(&mut OsRng);
+        let public_key2 = private_key2.verifying_key();
+
+        let mut ca_pool = EpfCaPool::new();
+
+        let mut ca_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing CA".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,
+                public_key: *public_key.as_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        ca_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+        ca_pool.insert(&ca_cert);
+
+        let mut not_ca_cert = EPFCertificate {
+            details: EPFCertificateDetails {
+                name: "Testing Certificate - Valid After Signer".to_string(),
+                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 200,
+                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 10,
+                public_key: *public_key2.as_bytes(),
+                issuer_public_key: [0u8; 32],
+                claims: Default::default(),
+            },
+            fingerprint: "".to_string(),
+            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],
+        };
+
+        assert!(not_ca_cert.verify(&ca_pool).is_err());
+        not_ca_cert.sign(&private_key.to_keypair_bytes()).unwrap();
+        assert!(matches!(not_ca_cert.verify(&ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ValidAfterSigner));
+    }
+
+    #[test]
+    pub fn verifying_error_display() {
+        println!("{}", EpfPkiCertificateValidationError::NoLongerValid { expired_at: SystemTime::now() });
+        println!("{}", EpfPkiCertificateValidationError::NotValidYet { valid_at: SystemTime::now() });
+        println!("{}", EpfPkiCertificateValidationError::InvalidCertificateData { e: rmp_serde::encode::Error::UnknownLength});
+        println!("{}", EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: "".to_string(), got: "".to_string() });
+        println!("{}", EpfPkiCertificateValidationError::InvalidSignature { e: SignatureError::new() });
+        println!("{}", EpfPkiCertificateValidationError::ExpiresAfterSigner);
+        println!("{}", EpfPkiCertificateValidationError::ValidAfterSigner);
     }
 
     fn cert() -> EPFCertificate {
@@ -230,8 +601,7 @@ mod tests {
                 not_before: 0,
                 not_after: 0,
                 public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],
-                issuer_name: "Invalid Testing Certificate Issuer".to_string(),
-                issuer_fingerprint: "0000000000000000000000000000000000000000000000000000000000000000".to_string(),
+                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],
                 claims: HashMap::new()
             },
             fingerprint: "0000000000000000000000000000000000000000000000000000000000000000".to_string(),
@@ -239,10 +609,10 @@ mod tests {
         }
     }
     fn cert_bytes() -> Vec<u8> {
-        vec![147, 151, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 217, 34, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 32, 73, 115, 115, 117, 101, 114, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
+        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
     }
     fn cert_pem() -> Vec<u8> {
-        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 101, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 107, 105, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 13, 10, 73, 69, 108, 122, 99, 51, 86, 108, 99, 116, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 73, 68, 90, 81, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 68, 99, 65, 69, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]
+        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119, 65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]
     }
     fn null_public_key_pem() -> Vec<u8> {
         vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]
diff --git a/libepf/src/util.rs b/libepf/src/util.rs
new file mode 100644
index 0000000..f2f5aae
--- /dev/null
+++ b/libepf/src/util.rs
@@ -0,0 +1,12 @@
+use std::ops::Add;
+use std::time::{Duration, SystemTime};
+use chrono::{DateTime, Utc};
+
+pub fn pretty_print_date(date: &SystemTime) -> String {
+    let datetime: DateTime<Utc> = (*date).into();
+    datetime.format("%Y-%m-%dT%H:%M:%S%.f%:z").to_string()
+}
+
+pub fn u64_to_st(unix: u64) -> SystemTime {
+    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))
+}
\ No newline at end of file
diff --git a/tarpaulin-report.html b/tarpaulin-report.html
index dbd85a4..ca50d5b 100644
--- a/tarpaulin-report.html
+++ b/tarpaulin-report.html
@@ -107,8 +107,8 @@
 <body>
     <div id="root"></div>
     <script>
-        var data = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod pki;","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub type EpfPublicKey = [u8; 32];\npub type EpfPrivateKey = [u8; 64];\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_name: String,\n    pub issuer_fingerprint: String\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e where Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized;\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(f, \"\\t\\tNot Before: {}\", self.details.not_before)?;\n        writeln!(f, \"\\t\\tNot After: {}\", self.details.not_after)?;\n        writeln!(f, \"\\t\\tPublic Key: {}\", hex::encode(self.details.public_key))?;\n        writeln!(f, \"\\t\\tIssuer: {{\")?;\n        writeln!(f, \"\\t\\t\\tName: {}\", self.details.issuer_name)?;\n        writeln!(f, \"\\t\\t\\tFingerprint: {}\", self.details.issuer_fingerprint)?;\n        writeln!(f, \"\\t\\t}}\")?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(EPFCertificate::from_bytes(\u0026cert_bytes()).unwrap(), cert())\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(([0u8; 32]).as_bytes().unwrap(), [0u8; 32].to_vec())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(([0u8; 32]).as_pem().unwrap(), null_public_key_pem())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        assert_eq!(([0u8; 64]).as_bytes().unwrap(), [0u8; 64].to_vec())\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        assert_eq!(EpfPrivateKey::from_bytes(\u0026[0u8; 64]).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        assert_eq!(([0u8; 64]).as_pem().unwrap(), null_private_key_pem())\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_private_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_name: \"Invalid Testing Certificate Issuer\".to_string(),\n                issuer_fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 217, 34, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 32, 73, 115, 115, 117, 101, 114, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 107, 105, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 13, 10, 73, 69, 108, 122, 99, 51, 86, 108, 99, 116, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n}","traces":[{"line":45,"address":[386112,387290],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":46,"address":[386326,386145],"length":1,"stats":{"Line":1},"fn_name":null},{"line":47,"address":[386227,386497],"length":1,"stats":{"Line":1},"fn_name":null},{"line":48,"address":[386366,386656],"length":1,"stats":{"Line":1},"fn_name":null},{"line":49,"address":[386525,386812],"length":1,"stats":{"Line":1},"fn_name":null},{"line":50,"address":[386684,386916],"length":1,"stats":{"Line":1},"fn_name":null},{"line":51,"address":[387243,386840,386939],"length":1,"stats":{"Line":1},"fn_name":null},{"line":52,"address":[387144,387452],"length":1,"stats":{"Line":1},"fn_name":null},{"line":53,"address":[387608,387321],"length":1,"stats":{"Line":1},"fn_name":null},{"line":54,"address":[387480,387727],"length":1,"stats":{"Line":1},"fn_name":null},{"line":55,"address":[387631,387849],"length":1,"stats":{"Line":1},"fn_name":null},{"line":56,"address":[388004,387750],"length":1,"stats":{"Line":1},"fn_name":null},{"line":57,"address":[387877,388131],"length":1,"stats":{"Line":1},"fn_name":null},{"line":58,"address":[388154,388032,388426],"length":1,"stats":{"Line":1},"fn_name":null},{"line":59,"address":[388359],"length":1,"stats":{"Line":1},"fn_name":null},{"line":66,"address":[388480],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":67,"address":[388497],"length":1,"stats":{"Line":1},"fn_name":null},{"line":70,"address":[388512],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":74,"address":[389105,388560,389132],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":75,"address":[389052,388984,388585],"length":1,"stats":{"Line":3},"fn_name":null},{"line":78,"address":[389152,389814],"length":1,"stats":{"Line":1},"fn_name":"from_pem"},{"line":79,"address":[389185,389433],"length":1,"stats":{"Line":2},"fn_name":null},{"line":80,"address":[389404,389578],"length":1,"stats":{"Line":3},"fn_name":null},{"line":81,"address":[389660],"length":1,"stats":{"Line":1},"fn_name":null},{"line":83,"address":[389936,389634,389753,389840],"length":1,"stats":{"Line":3},"fn_name":null},{"line":90,"address":[390080],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":91,"address":[390099],"length":1,"stats":{"Line":1},"fn_name":null},{"line":94,"address":[390176],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":95,"address":[243520,243504],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":98,"address":[390288,390833,390860],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":99,"address":[390313,390712,390780],"length":1,"stats":{"Line":3},"fn_name":null},{"line":102,"address":[391530,390880],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":103,"address":[390913,391161],"length":1,"stats":{"Line":2},"fn_name":null},{"line":104,"address":[391306,391132],"length":1,"stats":{"Line":4},"fn_name":null},{"line":105,"address":[391388],"length":1,"stats":{"Line":1},"fn_name":null},{"line":107,"address":[391561,391362,391761,391477],"length":1,"stats":{"Line":3},"fn_name":null},{"line":114,"address":[391904],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":115,"address":[391923],"length":1,"stats":{"Line":1},"fn_name":null},{"line":118,"address":[392000],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":119,"address":[243536,243552],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":122,"address":[392112,392657,392684],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":123,"address":[392137,392604,392536],"length":1,"stats":{"Line":3},"fn_name":null},{"line":126,"address":[392704,393354],"length":1,"stats":{"Line":1},"fn_name":"from_pem"},{"line":127,"address":[392737,392985],"length":1,"stats":{"Line":1},"fn_name":null},{"line":128,"address":[392956,393130],"length":1,"stats":{"Line":2},"fn_name":null},{"line":129,"address":[393212],"length":1,"stats":{"Line":0},"fn_name":null},{"line":131,"address":[393186,393301,393380,393492],"length":1,"stats":{"Line":3},"fn_name":null}],"covered":46,"coverable":47}]};
-        var previousData = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod pki;","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub type EpfPublicKey = [u8; 32];\npub type EpfPrivateKey = [u8; 64];\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_name: String,\n    pub issuer_fingerprint: String\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e where Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized;\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(f, \"\\t\\tNot Before: {}\", self.details.not_before)?;\n        writeln!(f, \"\\t\\tNot After: {}\", self.details.not_after)?;\n        writeln!(f, \"\\t\\tPublic Key: {}\", hex::encode(self.details.public_key))?;\n        writeln!(f, \"\\t\\tIssuer: {{\")?;\n        writeln!(f, \"\\t\\t\\tName: {}\", self.details.issuer_name)?;\n        writeln!(f, \"\\t\\t\\tFingerprint: {}\", self.details.issuer_fingerprint)?;\n        writeln!(f, \"\\t\\t}}\")?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(EPFCertificate::from_bytes(\u0026cert_bytes()).unwrap(), cert())\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(([0u8; 32]).as_bytes().unwrap(), [0u8; 32].to_vec())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(([0u8; 32]).as_pem().unwrap(), null_public_key_pem())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        assert_eq!(([0u8; 64]).as_bytes().unwrap(), [0u8; 64].to_vec())\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        assert_eq!(EpfPrivateKey::from_bytes(\u0026[0u8; 64]).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        assert_eq!(([0u8; 64]).as_pem().unwrap(), null_private_key_pem())\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_private_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_name: \"Invalid Testing Certificate Issuer\".to_string(),\n                issuer_fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 217, 34, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 32, 73, 115, 115, 117, 101, 114, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48,48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 107, 105, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 13, 10, 73, 69, 108, 122, 99, 51, 86, 108, 99, 116, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n}","traces":[{"line":45,"address":[386906,385728],"length":1,"stats":{"Line":0},"fn_name":"fmt"},{"line":46,"address":[385761,385942],"length":1,"stats":{"Line":0},"fn_name":null},{"line":47,"address":[385843,386113],"length":1,"stats":{"Line":0},"fn_name":null},{"line":48,"address":[385982,386272],"length":1,"stats":{"Line":0},"fn_name":null},{"line":49,"address":[386428,386141],"length":1,"stats":{"Line":0},"fn_name":null},{"line":50,"address":[386300,386532],"length":1,"stats":{"Line":0},"fn_name":null},{"line":51,"address":[386555,386456,386859],"length":1,"stats":{"Line":0},"fn_name":null},{"line":52,"address":[386760,387068],"length":1,"stats":{"Line":0},"fn_name":null},{"line":53,"address":[386937,387224],"length":1,"stats":{"Line":0},"fn_name":null},{"line":54,"address":[387096,387343],"length":1,"stats":{"Line":0},"fn_name":null},{"line":55,"address":[387247,387465],"length":1,"stats":{"Line":0},"fn_name":null},{"line":56,"address":[387366,387620],"length":1,"stats":{"Line":0},"fn_name":null},{"line":57,"address":[387747,387493],"length":1,"stats":{"Line":0},"fn_name":null},{"line":58,"address":[387648,387770,388042],"length":1,"stats":{"Line":0},"fn_name":null},{"line":59,"address":[387975],"length":1,"stats":{"Line":0},"fn_name":null},{"line":66,"address":[388096],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":67,"address":[388113],"length":1,"stats":{"Line":1},"fn_name":null},{"line":70,"address":[388128],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":74,"address":[388748,388721,388176],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":75,"address":[388201,388668,388600],"length":1,"stats":{"Line":3},"fn_name":null},{"line":78,"address":[388768,389430],"length":1,"stats":{"Line":1},"fn_name":"from_pem"},{"line":79,"address":[389049,388801],"length":1,"stats":{"Line":2},"fn_name":null},{"line":80,"address":[389194,389020],"length":1,"stats":{"Line":2},"fn_name":null},{"line":81,"address":[389276],"length":1,"stats":{"Line":1},"fn_name":null},{"line":83,"address":[389369,389250,389456,389552],"length":1,"stats":{"Line":3},"fn_name":null},{"line":90,"address":[389696],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":91,"address":[389715],"length":1,"stats":{"Line":1},"fn_name":null},{"line":94,"address":[389792],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":95,"address":[243200,243216],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":98,"address":[390476,389904,390449],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":99,"address":[390328,389929,390396],"length":1,"stats":{"Line":3},"fn_name":null},{"line":102,"address":[391146,390496],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":103,"address":[390529,390777],"length":1,"stats":{"Line":2},"fn_name":null},{"line":104,"address":[390922,390748],"length":1,"stats":{"Line":4},"fn_name":null},{"line":105,"address":[391004],"length":1,"stats":{"Line":1},"fn_name":null},{"line":107,"address":[390978,391093,391377,391177],"length":1,"stats":{"Line":3},"fn_name":null},{"line":114,"address":[391520],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":115,"address":[391539],"length":1,"stats":{"Line":1},"fn_name":null},{"line":118,"address":[391616],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":119,"address":[243232,243248],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":122,"address":[391728,392300,392273],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":123,"address":[391753,392152,392220],"length":1,"stats":{"Line":3},"fn_name":null},{"line":126,"address":[392320,392970],"length":1,"stats":{"Line":1},"fn_name":"from_pem"},{"line":127,"address":[392601,392353],"length":1,"stats":{"Line":1},"fn_name":null},{"line":128,"address":[392746,392572],"length":1,"stats":{"Line":2},"fn_name":null},{"line":129,"address":[392828],"length":1,"stats":{"Line":0},"fn_name":null},{"line":131,"address":[392996,392917,392802,393108],"length":1,"stats":{"Line":3},"fn_name":null}],"covered":31,"coverable":47}]};
+        var data = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","ca_pool.rs"],"content":"use std::collections::HashMap;\nuse crate::pki::{EPFCertificate, EpfPublicKey};\n\npub struct EpfCaPool {\n    pub ca_lookup_table: HashMap\u003cEpfPublicKey, EPFCertificate\u003e\n}\n\npub trait EpfCaPoolOps {\n    fn new() -\u003e Self;\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e;\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate);\n}\n\nimpl EpfCaPoolOps for EpfCaPool {\n    fn new() -\u003e Self {\n        Self {\n            ca_lookup_table: HashMap::new()\n        }\n    }\n\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e {\n        self.ca_lookup_table.get(public_key)\n    }\n\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate) {\n        self.ca_lookup_table.insert(cert.details.public_key, cert.clone());\n    }\n}","traces":[{"line":15,"address":[647856],"length":1,"stats":{"Line":3},"fn_name":"new"},{"line":17,"address":[647870],"length":1,"stats":{"Line":2},"fn_name":null},{"line":21,"address":[647920],"length":1,"stats":{"Line":1},"fn_name":"get_ca"},{"line":22,"address":[647934],"length":1,"stats":{"Line":1},"fn_name":null},{"line":25,"address":[647952],"length":1,"stats":{"Line":1},"fn_name":"insert"},{"line":26,"address":[647979],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":6,"coverable":6},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod pki;\npub mod util;\npub mod ca_pool;","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use std::collections::HashMap;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse std::time::{SystemTime, UNIX_EPOCH};\nuse ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\nuse sha2::{Digest, Sha256};\nuse crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\nuse crate::util::{pretty_print_date, u64_to_st};\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub const EPFPKI_SELF_SIGNED_CERTIFICATE: \u0026str = \"0000000000000000000000000000000000000000000000000000000000000000\";\n\npub type EpfPublicKey = [u8; 32];\npub type EpfPrivateKey = [u8; 64];\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub claims: HashMap\u003cString, String\u003e\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e where Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized;\n}\n\npub fn fingerprint(cert: \u0026EPFCertificateDetails) -\u003e Result\u003cString, rmp_serde::encode::Error\u003e {\n    let cert_bytes = rmp_serde::to_vec(cert)?;\n    let mut hasher = Sha256::new();\n    hasher.update(cert_bytes);\n    let hash = hasher.finalize();\n    Ok(hex::encode(hash))\n}\n\nfn load_signing_key(b: \u0026[u8; 64]) -\u003e Result\u003cSigningKey, SignatureError\u003e {\n    SigningKey::from_keypair_bytes(b)\n}\n\n#[derive(Debug)]\npub enum EpfPkiCertificateValidationError {\n    NoLongerValid { expired_at: SystemTime },\n    NotValidYet { valid_at: SystemTime },\n    InvalidCertificateData { e: rmp_serde::encode::Error },\n    FingerprintDoesNotMatch { expected: String, got: String },\n    InvalidSignature { e: SignatureError },\n    ExpiresAfterSigner,\n    ValidAfterSigner\n}\n\nimpl Display for EpfPkiCertificateValidationError {\n    #[cfg_attr(tarpaulin, ignore)]\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfPkiCertificateValidationError::NoLongerValid { expired_at } =\u003e write!(f, \"Certificate no longer valid (expired at {})\", pretty_print_date(expired_at)),\n            EpfPkiCertificateValidationError::NotValidYet { valid_at } =\u003e write!(f, \"Certificate not valid yet (valid at {})\", pretty_print_date(valid_at)),\n            EpfPkiCertificateValidationError::InvalidCertificateData { e } =\u003e write!(f, \"Unable to serialize cert data: {}\", e),\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } =\u003e write!(f, \"Fingerprint mismatch (expected {}, got {})\", expected, got),\n            EpfPkiCertificateValidationError::InvalidSignature { e } =\u003e write!(f, \"Certificate validation error: {}\", e),\n            EpfPkiCertificateValidationError::ExpiresAfterSigner =\u003e write!(f, \"Certificate expires after it's signing certificate\"),\n            EpfPkiCertificateValidationError::ValidAfterSigner =\u003e write!(f, \"Certificate is valid longer than it's signing certificate\")\n        }\n    }\n}\n\npub trait EpfPkiCertificateOps {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e;\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n}\nimpl EpfPkiCertificateOps for EPFCertificate {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e {\n        self.fingerprint = fingerprint(\u0026self.details)?;\n        Ok(())\n    }\n\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        self.recalculate_fingerprint()?;\n\n        let signing_key = load_signing_key(private_key)?;\n        self.details.issuer_public_key = *signing_key.verifying_key().as_bytes();\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)?;\n\n        let signature = signing_key.sign(\u0026cert_data_bytes).to_vec();\n\n        self.signature = signature.try_into().unwrap();\n\n        self.recalculate_fingerprint()?;\n\n        Ok(())\n    }\n\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        // Is it expired\n        if u64_to_st(self.details.not_after) \u003c time {\n            return Err(EpfPkiCertificateValidationError::NoLongerValid {expired_at: u64_to_st(self.details.not_after)})\n        }\n\n        // Is it valid yet\n        if u64_to_st(self.details.not_before) \u003e time {\n            return Err(EpfPkiCertificateValidationError::NotValidYet {valid_at: u64_to_st(self.details.not_before)})\n        }\n\n        let fingerprint_on_cert = fingerprint(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        // Does the fingerprint match\n        if fingerprint_on_cert != self.fingerprint {\n            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: self.fingerprint.clone(), got: fingerprint_on_cert})\n        }\n\n        // Does the signature match\n        let signature = Signature::from_slice(\u0026self.signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        let is_self_signed;\n\n        println!(\"{}: {:?} {:?}\", self.details.name, self.details.issuer_public_key, self.details.public_key);\n\n        let verifying_key = if self.details.issuer_public_key == self.details.public_key {\n            // self-signed certificate\n            is_self_signed = true;\n            VerifyingKey::from_bytes(\u0026self.details.public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        } else {\n            is_self_signed = false;\n            VerifyingKey::from_bytes(\u0026self.details.issuer_public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        };\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        verifying_key.verify(\u0026cert_data_bytes, \u0026signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        // Signature OK\n\n        // Is the signer trusted?\n        let ca_cert = if is_self_signed {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        } else {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.issuer_public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        };\n        // Yes.\n        // Make sure this cert wasnt valid before the CA\n        if ca_cert.details.not_after \u003c self.details.not_after {\n            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        }\n        // Make sure this cert isnt valid after the root\n        if ca_cert.details.not_before \u003e self.details.not_before {\n            return Err(EpfPkiCertificateValidationError::ValidAfterSigner)\n        }\n\n        // Cert OK\n\n        Ok(true)\n    }\n\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        self.verify_with_time(SystemTime::now(), ca_pool)\n    }\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(f, \"\\t\\tNot Before: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_before)))?;\n        writeln!(f, \"\\t\\tNot After: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_after)))?;\n        writeln!(f, \"\\t\\tPublic Key: {}\", hex::encode(self.details.public_key))?;\n        writeln!(f, \"\\t\\tIssuer Fingerprint: {}\", hex::encode(self.details.issuer_public_key))?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use std::collections::HashMap;\n    use std::time::{SystemTime, UNIX_EPOCH};\n    use ed25519_dalek::{SignatureError, SigningKey};\n    use rand::rngs::OsRng;\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiCertificateOps, EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(EPFCertificate::from_bytes(\u0026cert_bytes()).unwrap(), cert())\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(([0u8; 32]).as_bytes().unwrap(), [0u8; 32].to_vec())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(([0u8; 32]).as_pem().unwrap(), null_public_key_pem())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        assert_eq!(([0u8; 64]).as_bytes().unwrap(), [0u8; 64].to_vec())\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        assert_eq!(EpfPrivateKey::from_bytes(\u0026[0u8; 64]).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        assert_eq!(([0u8; 64]).as_pem().unwrap(), null_private_key_pem())\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_private_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    pub fn cert_fingerprinting() {\n        let mut cert = cert();\n        cert.recalculate_fingerprint().unwrap();\n        assert_eq!(cert.fingerprint, \"922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf\");\n    }\n\n    #[test]\n    pub fn cert_validation() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        println!(\"{}\", ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).is_err());\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), false);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), true);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert_eq!(not_ca_cert.verify(\u0026ca_pool).unwrap(), true);\n    }\n\n    #[test]\n    pub fn certificate_verification_expired() {\n        let expired_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Expired\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs(),\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() -20,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(expired_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NoLongerValid { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_valid_yet() {\n        let not_yet_valid_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Yet Valid\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(not_yet_valid_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NotValidYet { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_trusted() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut not_trusted_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Trusted\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        not_trusted_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert_eq!(not_trusted_cert.verify(\u0026ca_pool).unwrap(), false);\n    }\n\n    #[test]\n    pub fn cert_validation_expires_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 120,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ExpiresAfterSigner));\n    }\n\n    #[test]\n    pub fn cert_validation_valid_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 200,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 10,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ValidAfterSigner));\n    }\n\n    #[test]\n    pub fn verifying_error_display() {\n        println!(\"{}\", EpfPkiCertificateValidationError::NoLongerValid { expired_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::NotValidYet { valid_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidCertificateData { e: rmp_serde::encode::Error::UnknownLength});\n        println!(\"{}\", EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: \"\".to_string(), got: \"\".to_string() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidSignature { e: SignatureError::new() });\n        println!(\"{}\", EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        println!(\"{}\", EpfPkiCertificateValidationError::ValidAfterSigner);\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                claims: HashMap::new()\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119, 65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n}","traces":[{"line":52,"address":[653072,653727,653758],"length":1,"stats":{"Line":3},"fn_name":"fingerprint"},{"line":53,"address":[653096,653234],"length":1,"stats":{"Line":1},"fn_name":null},{"line":54,"address":[653220],"length":1,"stats":{"Line":1},"fn_name":null},{"line":55,"address":[653420],"length":1,"stats":{"Line":3},"fn_name":null},{"line":56,"address":[653477],"length":1,"stats":{"Line":1},"fn_name":null},{"line":57,"address":[653612],"length":1,"stats":{"Line":3},"fn_name":null},{"line":60,"address":[653776],"length":1,"stats":{"Line":2},"fn_name":"load_signing_key"},{"line":61,"address":[653793],"length":1,"stats":{"Line":2},"fn_name":null},{"line":77,"address":[654715,653808],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":78,"address":[653841],"length":1,"stats":{"Line":1},"fn_name":null},{"line":79,"address":[654741,653877],"length":1,"stats":{"Line":1},"fn_name":null},{"line":80,"address":[654547,653941],"length":1,"stats":{"Line":1},"fn_name":null},{"line":81,"address":[654005],"length":1,"stats":{"Line":1},"fn_name":null},{"line":82,"address":[654118],"length":1,"stats":{"Line":1},"fn_name":null},{"line":83,"address":[654299],"length":1,"stats":{"Line":1},"fn_name":null},{"line":84,"address":[654404],"length":1,"stats":{"Line":1},"fn_name":null},{"line":85,"address":[654468],"length":1,"stats":{"Line":1},"fn_name":null},{"line":97,"address":[655255,654912],"length":1,"stats":{"Line":2},"fn_name":"recalculate_fingerprint"},{"line":98,"address":[654942,655231,655302],"length":1,"stats":{"Line":2},"fn_name":null},{"line":99,"address":[655338],"length":1,"stats":{"Line":3},"fn_name":null},{"line":102,"address":[655360,656716,656686],"length":1,"stats":{"Line":1},"fn_name":"sign"},{"line":103,"address":[655515,655399],"length":1,"stats":{"Line":1},"fn_name":null},{"line":105,"address":[655726,655627,655464],"length":1,"stats":{"Line":3},"fn_name":null},{"line":106,"address":[655707,655837],"length":1,"stats":{"Line":4},"fn_name":null},{"line":108,"address":[656073,655921],"length":1,"stats":{"Line":2},"fn_name":null},{"line":110,"address":[656041,656262],"length":1,"stats":{"Line":4},"fn_name":null},{"line":112,"address":[656316],"length":1,"stats":{"Line":2},"fn_name":null},{"line":114,"address":[656548,656461],"length":1,"stats":{"Line":1},"fn_name":null},{"line":116,"address":[656517],"length":1,"stats":{"Line":1},"fn_name":null},{"line":119,"address":[656736,660012,660277],"length":1,"stats":{"Line":1},"fn_name":"verify_with_time"},{"line":121,"address":[656812],"length":1,"stats":{"Line":1},"fn_name":null},{"line":122,"address":[656946],"length":1,"stats":{"Line":1},"fn_name":null},{"line":126,"address":[656880],"length":1,"stats":{"Line":1},"fn_name":null},{"line":127,"address":[657133],"length":1,"stats":{"Line":1},"fn_name":null},{"line":130,"address":[388555,388544],"length":1,"stats":{"Line":2},"fn_name":"{closure#0}"},{"line":133,"address":[657283,657453],"length":1,"stats":{"Line":4},"fn_name":null},{"line":134,"address":[657502],"length":1,"stats":{"Line":1},"fn_name":null},{"line":138,"address":[388699,388672],"length":1,"stats":{"Line":3},"fn_name":"{closure#1}"},{"line":142,"address":[658163,657941],"length":1,"stats":{"Line":2},"fn_name":null},{"line":144,"address":[658601,658379,658912],"length":1,"stats":{"Line":3},"fn_name":null},{"line":146,"address":[658461],"length":1,"stats":{"Line":1},"fn_name":null},{"line":147,"address":[388795,388768],"length":1,"stats":{"Line":1},"fn_name":"{closure#2}"},{"line":149,"address":[658423],"length":1,"stats":{"Line":1},"fn_name":null},{"line":150,"address":[388864,388891],"length":1,"stats":{"Line":2},"fn_name":"{closure#3}"},{"line":153,"address":[388971,388960],"length":1,"stats":{"Line":2},"fn_name":"{closure#4}"},{"line":155,"address":[389088,389109],"length":1,"stats":{"Line":2},"fn_name":"{closure#5}"},{"line":160,"address":[659572,659904,660047],"length":1,"stats":{"Line":4},"fn_name":null},{"line":161,"address":[659824],"length":1,"stats":{"Line":1},"fn_name":null},{"line":162,"address":[659896],"length":1,"stats":{"Line":1},"fn_name":null},{"line":164,"address":[659914],"length":1,"stats":{"Line":1},"fn_name":null},{"line":167,"address":[659789,659973,660023],"length":1,"stats":{"Line":4},"fn_name":null},{"line":170,"address":[660057],"length":1,"stats":{"Line":1},"fn_name":null},{"line":175,"address":[659938],"length":1,"stats":{"Line":2},"fn_name":null},{"line":176,"address":[660115],"length":1,"stats":{"Line":1},"fn_name":null},{"line":179,"address":[660081],"length":1,"stats":{"Line":1},"fn_name":null},{"line":180,"address":[660196],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[660158],"length":1,"stats":{"Line":1},"fn_name":null},{"line":188,"address":[660304],"length":1,"stats":{"Line":1},"fn_name":"verify"},{"line":189,"address":[660337],"length":1,"stats":{"Line":1},"fn_name":null},{"line":195,"address":[660384,661348],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":196,"address":[660423,660630],"length":1,"stats":{"Line":1},"fn_name":null},{"line":197,"address":[660818,660524],"length":1,"stats":{"Line":2},"fn_name":null},{"line":198,"address":[660680,660944],"length":1,"stats":{"Line":1},"fn_name":null},{"line":199,"address":[660971,661294,660853],"length":1,"stats":{"Line":2},"fn_name":null},{"line":200,"address":[661673,661212,661374],"length":1,"stats":{"Line":2},"fn_name":null},{"line":201,"address":[661727,662026,661597],"length":1,"stats":{"Line":2},"fn_name":null},{"line":202,"address":[662398,661950,662080],"length":1,"stats":{"Line":2},"fn_name":null},{"line":203,"address":[662597,662292],"length":1,"stats":{"Line":2},"fn_name":null},{"line":204,"address":[662731,662460],"length":1,"stats":{"Line":2},"fn_name":null},{"line":205,"address":[662632,663043,662758],"length":1,"stats":{"Line":2},"fn_name":null},{"line":206,"address":[662970],"length":1,"stats":{"Line":2},"fn_name":null},{"line":213,"address":[663104],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":214,"address":[663121],"length":1,"stats":{"Line":1},"fn_name":null},{"line":217,"address":[663136],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":221,"address":[663184,663760,663733],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":222,"address":[663608,663671,663209],"length":1,"stats":{"Line":3},"fn_name":null},{"line":225,"address":[664441,663776],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":226,"address":[663809,664057],"length":1,"stats":{"Line":2},"fn_name":null},{"line":227,"address":[664028,664202],"length":1,"stats":{"Line":4},"fn_name":null},{"line":228,"address":[664284],"length":1,"stats":{"Line":1},"fn_name":null},{"line":230,"address":[664467,664258,664563,664380],"length":1,"stats":{"Line":3},"fn_name":null},{"line":237,"address":[664720],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":238,"address":[664739],"length":1,"stats":{"Line":1},"fn_name":null},{"line":241,"address":[664816],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":242,"address":[389152,389168],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":245,"address":[665504,664928,665477],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":246,"address":[664953,665415,665352],"length":1,"stats":{"Line":3},"fn_name":null},{"line":249,"address":[666170,665520],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":250,"address":[665553,665801],"length":1,"stats":{"Line":2},"fn_name":null},{"line":251,"address":[665772,665946],"length":1,"stats":{"Line":4},"fn_name":null},{"line":252,"address":[666028],"length":1,"stats":{"Line":1},"fn_name":null},{"line":254,"address":[666201,666002,666117,666401],"length":1,"stats":{"Line":3},"fn_name":null},{"line":261,"address":[666544],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":262,"address":[666563],"length":1,"stats":{"Line":1},"fn_name":null},{"line":265,"address":[666640],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":266,"address":[389184,389200],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":269,"address":[667328,666752,667301],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":270,"address":[667239,666777,667176],"length":1,"stats":{"Line":3},"fn_name":null},{"line":273,"address":[667994,667344],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":274,"address":[667377,667625],"length":1,"stats":{"Line":2},"fn_name":null},{"line":275,"address":[667596,667770],"length":1,"stats":{"Line":4},"fn_name":null},{"line":276,"address":[667852],"length":1,"stats":{"Line":1},"fn_name":null},{"line":278,"address":[668132,667941,668020,667826],"length":1,"stats":{"Line":3},"fn_name":null}],"covered":103,"coverable":103},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","util.rs"],"content":"use std::ops::Add;\nuse std::time::{Duration, SystemTime};\nuse chrono::{DateTime, Utc};\n\npub fn pretty_print_date(date: \u0026SystemTime) -\u003e String {\n    let datetime: DateTime\u003cUtc\u003e = (*date).into();\n    datetime.format(\"%Y-%m-%dT%H:%M:%S%.f%:z\").to_string()\n}\n\npub fn u64_to_st(unix: u64) -\u003e SystemTime {\n    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))\n}","traces":[{"line":5,"address":[368112,368267],"length":1,"stats":{"Line":2},"fn_name":"pretty_print_date"},{"line":6,"address":[368140],"length":1,"stats":{"Line":2},"fn_name":null},{"line":7,"address":[368166],"length":1,"stats":{"Line":2},"fn_name":null},{"line":10,"address":[368304],"length":1,"stats":{"Line":1},"fn_name":"u64_to_st"},{"line":11,"address":[368313],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":5,"coverable":5}]};
+        var previousData = {"files":[{"path":["/","home","core","prj","e3t","e3pf","libepf","src","ca_pool.rs"],"content":"use std::collections::HashMap;\nuse crate::pki::{EPFCertificate, EpfPublicKey};\n\npub struct EpfCaPool {\n    pub ca_lookup_table: HashMap\u003cEpfPublicKey, EPFCertificate\u003e\n}\n\npub trait EpfCaPoolOps {\n    fn new() -\u003e Self;\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e;\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate);\n}\n\nimpl EpfCaPoolOps for EpfCaPool {\n    fn new() -\u003e Self {\n        Self {\n            ca_lookup_table: HashMap::new()\n        }\n    }\n\n    fn get_ca(\u0026self, public_key: \u0026EpfPublicKey) -\u003e Option\u003c\u0026EPFCertificate\u003e {\n        self.ca_lookup_table.get(public_key)\n    }\n\n    fn insert(\u0026mut self, cert: \u0026EPFCertificate) {\n        self.ca_lookup_table.insert(cert.details.public_key, cert.clone());\n    }\n}","traces":[{"line":15,"address":[647728],"length":1,"stats":{"Line":4},"fn_name":"new"},{"line":17,"address":[647742],"length":1,"stats":{"Line":3},"fn_name":null},{"line":21,"address":[647792],"length":1,"stats":{"Line":4},"fn_name":"get_ca"},{"line":22,"address":[647806],"length":1,"stats":{"Line":4},"fn_name":null},{"line":25,"address":[647824],"length":1,"stats":{"Line":2},"fn_name":"insert"},{"line":26,"address":[647851],"length":1,"stats":{"Line":2},"fn_name":null}],"covered":6,"coverable":6},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","lib.rs"],"content":"pub mod pki;\npub mod util;\npub mod ca_pool;","traces":[],"covered":0,"coverable":0},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","pki.rs"],"content":"use std::collections::HashMap;\nuse std::error::Error;\nuse std::fmt::{Display, Formatter};\nuse std::time::{SystemTime, UNIX_EPOCH};\nuse ed25519_dalek::{Signature, SignatureError, Signer, SigningKey, Verifier, VerifyingKey};\nuse pem::Pem;\nuse serde::{Deserialize, Serialize};\nuse sha2::{Digest, Sha256};\nuse crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\nuse crate::util::{pretty_print_date, u64_to_st};\n\npub const EPFPKI_PUBLIC_KEY_LENGTH: usize = 32;\npub const EPFPKI_SIGNATURE_LENGTH: usize = 64;\n\npub const EPFPKI_SELF_SIGNED_CERTIFICATE: \u0026str = \"0000000000000000000000000000000000000000000000000000000000000000\";\n\npub type EpfPublicKey = [u8; 32];\npub type EpfPrivateKey = [u8; 64];\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificate {\n    pub details: EPFCertificateDetails,\n    pub fingerprint: String,\n    #[serde(with = \"serde_arrays\")]\n    pub signature: [u8; EPFPKI_SIGNATURE_LENGTH]\n}\n\n#[derive(Serialize, Deserialize, PartialEq, Debug, Eq, Clone)]\npub struct EPFCertificateDetails {\n    pub name: String,\n\n    pub not_before: u64,\n    pub not_after: u64,\n\n    pub public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub issuer_public_key: [u8; EPFPKI_PUBLIC_KEY_LENGTH],\n\n    pub claims: HashMap\u003cString, String\u003e\n}\n\npub trait EpfPkiSerializable {\n    const PEM_BANNER: \u0026'static str;\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e;\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e where Self: Sized;\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e;\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized;\n}\n\npub fn fingerprint(cert: \u0026EPFCertificateDetails) -\u003e Result\u003cString, rmp_serde::encode::Error\u003e {\n    let cert_bytes = rmp_serde::to_vec(cert)?;\n    let mut hasher = Sha256::new();\n    hasher.update(cert_bytes);\n    let hash = hasher.finalize();\n    Ok(hex::encode(hash))\n}\n\nfn load_signing_key(b: \u0026[u8; 64]) -\u003e Result\u003cSigningKey, SignatureError\u003e {\n    SigningKey::from_keypair_bytes(b)\n}\n\n#[derive(Debug)]\npub enum EpfPkiCertificateValidationError {\n    NoLongerValid { expired_at: SystemTime },\n    NotValidYet { valid_at: SystemTime },\n    InvalidCertificateData { e: rmp_serde::encode::Error },\n    FingerprintDoesNotMatch { expected: String, got: String },\n    InvalidSignature { e: SignatureError },\n    ExpiresAfterSigner,\n    ValidAfterSigner\n}\n\nimpl Display for EpfPkiCertificateValidationError {\n    #[cfg_attr(tarpaulin, ignore)]\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        match self {\n            EpfPkiCertificateValidationError::NoLongerValid { expired_at } =\u003e write!(f, \"Certificate no longer valid (expired at {})\", pretty_print_date(expired_at)),\n            EpfPkiCertificateValidationError::NotValidYet { valid_at } =\u003e write!(f, \"Certificate not valid yet (valid at {})\", pretty_print_date(valid_at)),\n            EpfPkiCertificateValidationError::InvalidCertificateData { e } =\u003e write!(f, \"Unable to serialize cert data: {}\", e),\n            EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected, got } =\u003e write!(f, \"Fingerprint mismatch (expected {}, got {})\", expected, got),\n            EpfPkiCertificateValidationError::InvalidSignature { e } =\u003e write!(f, \"Certificate validation error: {}\", e),\n            EpfPkiCertificateValidationError::ExpiresAfterSigner =\u003e write!(f, \"Certificate expires after it's signing certificate\"),\n            EpfPkiCertificateValidationError::ValidAfterSigner =\u003e write!(f, \"Certificate is valid longer than it's signing certificate\")\n        }\n    }\n}\n\npub trait EpfPkiCertificateOps {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e;\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e;\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e;\n}\nimpl EpfPkiCertificateOps for EPFCertificate {\n    fn recalculate_fingerprint(\u0026mut self) -\u003e Result\u003c(), rmp_serde::encode::Error\u003e {\n        self.fingerprint = fingerprint(\u0026self.details)?;\n        Ok(())\n    }\n\n    fn sign(\u0026mut self, private_key: \u0026EpfPrivateKey) -\u003e Result\u003c(), Box\u003cdyn Error\u003e\u003e {\n        self.recalculate_fingerprint()?;\n\n        let signing_key = load_signing_key(private_key)?;\n        self.details.issuer_public_key = *signing_key.verifying_key().as_bytes();\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details)?;\n\n        let signature = signing_key.sign(\u0026cert_data_bytes).to_vec();\n\n        self.signature = signature.try_into().unwrap();\n\n        self.recalculate_fingerprint()?;\n\n        Ok(())\n    }\n\n    fn verify_with_time(\u0026self, time: SystemTime, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        // Is it expired\n        if u64_to_st(self.details.not_after) \u003c time {\n            return Err(EpfPkiCertificateValidationError::NoLongerValid {expired_at: u64_to_st(self.details.not_after)})\n        }\n\n        // Is it valid yet\n        if u64_to_st(self.details.not_before) \u003e time {\n            return Err(EpfPkiCertificateValidationError::NotValidYet {valid_at: u64_to_st(self.details.not_before)})\n        }\n\n        let fingerprint_on_cert = fingerprint(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        // Does the fingerprint match\n        if fingerprint_on_cert != self.fingerprint {\n            return Err(EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: self.fingerprint.clone(), got: fingerprint_on_cert})\n        }\n\n        // Does the signature match\n        let signature = Signature::from_slice(\u0026self.signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        let is_self_signed;\n\n        println!(\"{}: {:?} {:?}\", self.details.name, self.details.issuer_public_key, self.details.public_key);\n\n        let verifying_key = if self.details.issuer_public_key == self.details.public_key {\n            // self-signed certificate\n            is_self_signed = true;\n            VerifyingKey::from_bytes(\u0026self.details.public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        } else {\n            is_self_signed = false;\n            VerifyingKey::from_bytes(\u0026self.details.issuer_public_key).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?\n        };\n\n        let cert_data_bytes = rmp_serde::to_vec(\u0026self.details).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidCertificateData { e }))?;\n\n        verifying_key.verify(\u0026cert_data_bytes, \u0026signature).or_else(|e| Err(EpfPkiCertificateValidationError::InvalidSignature { e }))?;\n\n        // Signature OK\n\n        // Is the signer trusted?\n        let ca_cert = if is_self_signed {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        } else {\n            if let Some(cert) = ca_pool.get_ca(\u0026self.details.issuer_public_key) {\n                cert\n            } else {\n                return Ok(false);\n            }\n        };\n        // Yes.\n        // Make sure this cert wasnt valid before the CA\n        if ca_cert.details.not_after \u003c self.details.not_after {\n            return Err(EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        }\n        // Make sure this cert isnt valid after the root\n        if ca_cert.details.not_before \u003e self.details.not_before {\n            return Err(EpfPkiCertificateValidationError::ValidAfterSigner)\n        }\n\n        // Cert OK\n\n        Ok(true)\n    }\n\n    fn verify(\u0026self, ca_pool: \u0026EpfCaPool) -\u003e Result\u003cbool, EpfPkiCertificateValidationError\u003e {\n        self.verify_with_time(SystemTime::now(), ca_pool)\n    }\n}\n\n#[cfg_attr(tarpaulin, ignore)]\nimpl Display for EPFCertificate {\n    fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e std::fmt::Result {\n        writeln!(f, \"EPFCertificate {{\")?;\n        writeln!(f, \"\\tDetails: {{\")?;\n        writeln!(f, \"\\t\\tName: {}\", self.details.name)?;\n        writeln!(f, \"\\t\\tNot Before: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_before)))?;\n        writeln!(f, \"\\t\\tNot After: {}\", pretty_print_date(\u0026u64_to_st(self.details.not_after)))?;\n        writeln!(f, \"\\t\\tPublic Key: {}\", hex::encode(self.details.public_key))?;\n        writeln!(f, \"\\t\\tIssuer Fingerprint: {}\", hex::encode(self.details.issuer_public_key))?;\n        writeln!(f, \"\\t}}\")?;\n        writeln!(f, \"\\tFingerprint: {}\", self.fingerprint)?;\n        writeln!(f, \"\\tSignature: {}\", hex::encode(self.signature))?;\n        writeln!(f, \"}}\")\n    }\n}\n\nimpl EpfPkiSerializable for EPFCertificate {\n    const PEM_BANNER: \u0026'static str = \"EPF CERTIFICATE\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        rmp_serde::to_vec(self)\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        rmp_serde::from_slice(bytes)\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a certificate\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPublicKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PUBLIC KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Not a public key\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\nimpl EpfPkiSerializable for EpfPrivateKey {\n    const PEM_BANNER: \u0026'static str = \"EPF PRIVATE KEY\";\n\n    fn as_bytes(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, rmp_serde::encode::Error\u003e {\n        Ok(self.to_vec())\n    }\n\n    fn from_bytes(bytes: \u0026[u8]) -\u003e Result\u003cSelf, rmp_serde::decode::Error\u003e {\n        bytes.try_into().map_err(|_| rmp_serde::decode::Error::LengthMismatch(bytes.len() as u32))\n    }\n\n    fn as_pem(\u0026self) -\u003e Result\u003cVec\u003cu8\u003e, Box\u003cdyn Error\u003e\u003e {\n        Ok(pem::encode(\u0026Pem::new(Self::PEM_BANNER, self.as_bytes()?)).as_bytes().to_vec())\n    }\n\n    fn from_pem(bytes: \u0026[u8]) -\u003e Result\u003cSelf, Box\u003cdyn Error\u003e\u003e where Self: Sized {\n        let pem = pem::parse(bytes)?;\n        if pem.tag() != Self::PEM_BANNER {\n            return Err(\"Incorrect PEM tag\".into())\n        }\n        Ok(Self::from_bytes(pem.contents())?)\n    }\n}\n\n#[cfg(test)]\nmod tests {\n    use std::collections::HashMap;\n    use std::time::{SystemTime, UNIX_EPOCH};\n    use ed25519_dalek::{SignatureError, SigningKey};\n    use rand::rngs::OsRng;\n    use crate::ca_pool::{EpfCaPool, EpfCaPoolOps};\n    use crate::pki::{EPFCertificate, EPFCertificateDetails, EPFPKI_PUBLIC_KEY_LENGTH, EPFPKI_SIGNATURE_LENGTH, EpfPkiCertificateOps, EpfPkiCertificateValidationError, EpfPkiSerializable, EpfPrivateKey, EpfPublicKey};\n\n    #[test]\n    pub fn certificate_serialization() {\n        assert_eq!(cert().as_bytes().unwrap(), cert_bytes())\n    }\n\n    #[test]\n    pub fn certificate_deserialization() {\n        assert_eq!(EPFCertificate::from_bytes(\u0026cert_bytes()).unwrap(), cert())\n    }\n\n    #[test]\n    pub fn certificate_serialization_pem() {\n        assert_eq!(cert().as_pem().unwrap(), cert_pem())\n    }\n\n    #[test]\n    pub fn certificate_deserialization_pem() {\n        assert_eq!(EPFCertificate::from_pem(\u0026cert_pem()).unwrap(), cert())\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn certificate_deserialization_pem_wrong_tag() {\n        EPFCertificate::from_pem(\u0026null_public_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn pubkey_serialization() {\n        assert_eq!(([0u8; 32]).as_bytes().unwrap(), [0u8; 32].to_vec())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization() {\n        assert_eq!(EpfPublicKey::from_bytes(\u0026[0u8; 32]).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    pub fn pubkey_serialization_pem() {\n        assert_eq!(([0u8; 32]).as_pem().unwrap(), null_public_key_pem())\n    }\n\n    #[test]\n    pub fn pubkey_deserialization_pem() {\n        assert_eq!(EpfPublicKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 32])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn pubkey_deserialization_pem_wrong_tag() {\n        EpfPublicKey::from_pem(\u0026null_private_key_pem()).unwrap();\n    }\n\n    #[test]\n    pub fn privkey_serialization() {\n        assert_eq!(([0u8; 64]).as_bytes().unwrap(), [0u8; 64].to_vec())\n    }\n\n    #[test]\n    pub fn privkey_deserialization() {\n        assert_eq!(EpfPrivateKey::from_bytes(\u0026[0u8; 64]).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn privkey_serialization_pem() {\n        assert_eq!(([0u8; 64]).as_pem().unwrap(), null_private_key_pem())\n    }\n\n    #[test]\n    pub fn privkey_deserialization_pem() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_private_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    #[should_panic]\n    pub fn privkey_deserialization_pem_wrong_tag() {\n        assert_eq!(EpfPrivateKey::from_pem(\u0026null_public_key_pem()).unwrap(), [0u8; 64])\n    }\n\n    #[test]\n    pub fn cert_display() {\n        println!(\"{}\", cert());\n    }\n\n    #[test]\n    pub fn cert_fingerprinting() {\n        let mut cert = cert();\n        cert.recalculate_fingerprint().unwrap();\n        assert_eq!(cert.fingerprint, \"922c5cb83633b214d19d9aebf387314fcde67210ff92bd9691fbd059141d6adf\");\n    }\n\n    #[test]\n    pub fn cert_validation() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        println!(\"{}\", ca_cert);\n\n        assert!(ca_cert.verify(\u0026ca_pool).is_err());\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), false);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        assert_eq!(ca_cert.verify(\u0026ca_pool).unwrap(), true);\n\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert_eq!(not_ca_cert.verify(\u0026ca_pool).unwrap(), true);\n    }\n\n    #[test]\n    pub fn certificate_verification_expired() {\n        let expired_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Expired\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs(),\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() -20,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(expired_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NoLongerValid { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_valid_yet() {\n        let not_yet_valid_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Yet Valid\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        let ca_pool = EpfCaPool::new();\n\n        assert!(matches!(not_yet_valid_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::NotValidYet { .. }))\n    }\n\n    #[test]\n    pub fn certificate_verification_not_trusted() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let mut not_trusted_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Not Trusted\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 20,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 30,\n                public_key: [0u8; 32],\n                issuer_public_key: *public_key.as_bytes(),\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n        not_trusted_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n\n        let ca_pool = EpfCaPool::new();\n\n        assert_eq!(not_trusted_cert.verify(\u0026ca_pool).unwrap(), false);\n    }\n\n    #[test]\n    pub fn cert_validation_expires_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 120,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ExpiresAfterSigner));\n    }\n\n    #[test]\n    pub fn cert_validation_valid_after_signer() {\n        let private_key = SigningKey::generate(\u0026mut OsRng);\n        let public_key = private_key.verifying_key();\n\n        let private_key2 = SigningKey::generate(\u0026mut OsRng);\n        let public_key2 = private_key2.verifying_key();\n\n        let mut ca_pool = EpfCaPool::new();\n\n        let mut ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing CA\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 10,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 60,\n                public_key: *public_key.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        ca_pool.insert(\u0026ca_cert);\n\n        let mut not_ca_cert = EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Testing Certificate - Valid After Signer\".to_string(),\n                not_before: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() - 200,\n                not_after: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 10,\n                public_key: *public_key2.as_bytes(),\n                issuer_public_key: [0u8; 32],\n                claims: Default::default(),\n            },\n            fingerprint: \"\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        };\n\n        assert!(not_ca_cert.verify(\u0026ca_pool).is_err());\n        not_ca_cert.sign(\u0026private_key.to_keypair_bytes()).unwrap();\n        assert!(matches!(not_ca_cert.verify(\u0026ca_pool).unwrap_err(), EpfPkiCertificateValidationError::ValidAfterSigner));\n    }\n\n    #[test]\n    pub fn verifying_error_display() {\n        println!(\"{}\", EpfPkiCertificateValidationError::NoLongerValid { expired_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::NotValidYet { valid_at: SystemTime::now() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidCertificateData { e: rmp_serde::encode::Error::UnknownLength});\n        println!(\"{}\", EpfPkiCertificateValidationError::FingerprintDoesNotMatch { expected: \"\".to_string(), got: \"\".to_string() });\n        println!(\"{}\", EpfPkiCertificateValidationError::InvalidSignature { e: SignatureError::new() });\n        println!(\"{}\", EpfPkiCertificateValidationError::ExpiresAfterSigner);\n        println!(\"{}\", EpfPkiCertificateValidationError::ValidAfterSigner);\n    }\n\n    fn cert() -\u003e EPFCertificate {\n        EPFCertificate {\n            details: EPFCertificateDetails {\n                name: \"Invalid Testing Certificate\".to_string(),\n                not_before: 0,\n                not_after: 0,\n                public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                issuer_public_key: [0u8; EPFPKI_PUBLIC_KEY_LENGTH],\n                claims: HashMap::new()\n            },\n            fingerprint: \"0000000000000000000000000000000000000000000000000000000000000000\".to_string(),\n            signature: [0u8; EPFPKI_SIGNATURE_LENGTH],\n        }\n    }\n    fn cert_bytes() -\u003e Vec\u003cu8\u003e {\n        vec![147, 150, 187, 73, 110, 118, 97, 108, 105, 100, 32, 84, 101, 115, 116, 105, 110, 103, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 220, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 217, 64, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 48, 220, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]\n    }\n    fn cert_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10, 107, 53, 97, 55, 83, 87, 53, 50, 89, 87, 120, 112, 90, 67, 66, 85, 90, 88, 78, 48, 97, 87, 53, 110, 73, 69, 78, 108, 99, 110, 82, 112, 90, 109, 108, 106, 89, 88, 82, 108, 65, 65, 68, 99, 65, 67, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 78, 119, 65, 73, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 103, 78, 108, 65, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 13, 10, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 68, 65, 119, 77, 78, 119, 65, 81, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 67, 69, 82, 84, 73, 70, 73, 67, 65, 84, 69, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_public_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 85, 66, 76, 73, 67, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n    fn null_private_key_pem() -\u003e Vec\u003cu8\u003e {\n        vec![45, 45, 45, 45, 45, 66, 69, 71, 73, 78, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 13, 10, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 61, 61, 13, 10, 45, 45, 45, 45, 45, 69, 78, 68, 32, 69, 80, 70, 32, 80, 82, 73, 86, 65, 84, 69, 32, 75, 69, 89, 45, 45, 45, 45, 45, 13, 10]\n    }\n}","traces":[{"line":52,"address":[653630,652944,653599],"length":1,"stats":{"Line":3},"fn_name":"fingerprint"},{"line":53,"address":[652968,653106],"length":1,"stats":{"Line":1},"fn_name":null},{"line":54,"address":[653092],"length":1,"stats":{"Line":3},"fn_name":null},{"line":55,"address":[653292],"length":1,"stats":{"Line":4},"fn_name":null},{"line":56,"address":[653349],"length":1,"stats":{"Line":1},"fn_name":null},{"line":57,"address":[653484],"length":1,"stats":{"Line":3},"fn_name":null},{"line":60,"address":[653648],"length":1,"stats":{"Line":3},"fn_name":"load_signing_key"},{"line":61,"address":[653665],"length":1,"stats":{"Line":3},"fn_name":null},{"line":77,"address":[654587,653680],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":78,"address":[653713],"length":1,"stats":{"Line":1},"fn_name":null},{"line":79,"address":[654613,653749],"length":1,"stats":{"Line":1},"fn_name":null},{"line":80,"address":[653813,654419],"length":1,"stats":{"Line":1},"fn_name":null},{"line":81,"address":[653877],"length":1,"stats":{"Line":1},"fn_name":null},{"line":82,"address":[653990],"length":1,"stats":{"Line":1},"fn_name":null},{"line":83,"address":[654171],"length":1,"stats":{"Line":1},"fn_name":null},{"line":84,"address":[654276],"length":1,"stats":{"Line":1},"fn_name":null},{"line":85,"address":[654340],"length":1,"stats":{"Line":1},"fn_name":null},{"line":97,"address":[655127,654784],"length":1,"stats":{"Line":2},"fn_name":"recalculate_fingerprint"},{"line":98,"address":[655174,655103,654814],"length":1,"stats":{"Line":2},"fn_name":null},{"line":99,"address":[655210],"length":1,"stats":{"Line":4},"fn_name":null},{"line":102,"address":[656588,655232,656558],"length":1,"stats":{"Line":1},"fn_name":"sign"},{"line":103,"address":[655387,655271],"length":1,"stats":{"Line":1},"fn_name":null},{"line":105,"address":[655598,655336,655499],"length":1,"stats":{"Line":4},"fn_name":null},{"line":106,"address":[655709,655579],"length":1,"stats":{"Line":6},"fn_name":null},{"line":108,"address":[655793,655945],"length":1,"stats":{"Line":3},"fn_name":null},{"line":110,"address":[656134,655913],"length":1,"stats":{"Line":6},"fn_name":null},{"line":112,"address":[656188],"length":1,"stats":{"Line":3},"fn_name":null},{"line":114,"address":[656333,656420],"length":1,"stats":{"Line":3},"fn_name":null},{"line":116,"address":[656389],"length":1,"stats":{"Line":3},"fn_name":null},{"line":119,"address":[656608,659884,660149],"length":1,"stats":{"Line":1},"fn_name":"verify_with_time"},{"line":121,"address":[656684],"length":1,"stats":{"Line":1},"fn_name":null},{"line":122,"address":[656818],"length":1,"stats":{"Line":1},"fn_name":null},{"line":126,"address":[656752],"length":1,"stats":{"Line":1},"fn_name":null},{"line":127,"address":[657005],"length":1,"stats":{"Line":1},"fn_name":null},{"line":130,"address":[388544,388555],"length":1,"stats":{"Line":4},"fn_name":"{closure#0}"},{"line":133,"address":[657155,657325],"length":1,"stats":{"Line":8},"fn_name":null},{"line":134,"address":[657374],"length":1,"stats":{"Line":3},"fn_name":null},{"line":138,"address":[388699,388672],"length":1,"stats":{"Line":5},"fn_name":"{closure#1}"},{"line":142,"address":[658035,657813],"length":1,"stats":{"Line":8},"fn_name":null},{"line":144,"address":[658473,658251,658784],"length":1,"stats":{"Line":8},"fn_name":null},{"line":146,"address":[658333],"length":1,"stats":{"Line":1},"fn_name":null},{"line":147,"address":[388795,388768],"length":1,"stats":{"Line":1},"fn_name":"{closure#2}"},{"line":149,"address":[658295],"length":1,"stats":{"Line":3},"fn_name":null},{"line":150,"address":[388864,388891],"length":1,"stats":{"Line":6},"fn_name":"{closure#3}"},{"line":153,"address":[388960,388971],"length":1,"stats":{"Line":5},"fn_name":"{closure#4}"},{"line":155,"address":[389109,389088],"length":1,"stats":{"Line":8},"fn_name":"{closure#5}"},{"line":160,"address":[659776,659919,659444],"length":1,"stats":{"Line":7},"fn_name":null},{"line":161,"address":[659696],"length":1,"stats":{"Line":1},"fn_name":null},{"line":162,"address":[659768],"length":1,"stats":{"Line":1},"fn_name":null},{"line":164,"address":[659786],"length":1,"stats":{"Line":1},"fn_name":null},{"line":167,"address":[659895,659845,659661],"length":1,"stats":{"Line":8},"fn_name":null},{"line":170,"address":[659929],"length":1,"stats":{"Line":1},"fn_name":null},{"line":175,"address":[659810],"length":1,"stats":{"Line":2},"fn_name":null},{"line":176,"address":[659987],"length":1,"stats":{"Line":1},"fn_name":null},{"line":179,"address":[659953],"length":1,"stats":{"Line":1},"fn_name":null},{"line":180,"address":[660068],"length":1,"stats":{"Line":1},"fn_name":null},{"line":185,"address":[660030],"length":1,"stats":{"Line":1},"fn_name":null},{"line":188,"address":[660176],"length":1,"stats":{"Line":1},"fn_name":"verify"},{"line":189,"address":[660209],"length":1,"stats":{"Line":1},"fn_name":null},{"line":195,"address":[660256,661220],"length":1,"stats":{"Line":1},"fn_name":"fmt"},{"line":196,"address":[660502,660295],"length":1,"stats":{"Line":1},"fn_name":null},{"line":197,"address":[660690,660396],"length":1,"stats":{"Line":1},"fn_name":null},{"line":198,"address":[660552,660816],"length":1,"stats":{"Line":1},"fn_name":null},{"line":199,"address":[660725,661166,660843],"length":1,"stats":{"Line":2},"fn_name":null},{"line":200,"address":[661545,661084,661246],"length":1,"stats":{"Line":1},"fn_name":null},{"line":201,"address":[661469,661599,661898],"length":1,"stats":{"Line":1},"fn_name":null},{"line":202,"address":[662270,661952,661822],"length":1,"stats":{"Line":1},"fn_name":null},{"line":203,"address":[662164,662469],"length":1,"stats":{"Line":1},"fn_name":null},{"line":204,"address":[662603,662332],"length":1,"stats":{"Line":1},"fn_name":null},{"line":205,"address":[662630,662915,662504],"length":1,"stats":{"Line":1},"fn_name":null},{"line":206,"address":[662842],"length":1,"stats":{"Line":1},"fn_name":null},{"line":213,"address":[662976],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":214,"address":[662993],"length":1,"stats":{"Line":1},"fn_name":null},{"line":217,"address":[663008],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":221,"address":[663632,663056,663605],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":222,"address":[663081,663480,663543],"length":1,"stats":{"Line":3},"fn_name":null},{"line":225,"address":[664313,663648],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":226,"address":[663929,663681],"length":1,"stats":{"Line":2},"fn_name":null},{"line":227,"address":[663900,664074],"length":1,"stats":{"Line":4},"fn_name":null},{"line":228,"address":[664156],"length":1,"stats":{"Line":1},"fn_name":null},{"line":230,"address":[664130,664339,664252,664435],"length":1,"stats":{"Line":3},"fn_name":null},{"line":237,"address":[664592],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":238,"address":[664611],"length":1,"stats":{"Line":1},"fn_name":null},{"line":241,"address":[664688],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":242,"address":[389168,389152],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":245,"address":[665349,665376,664800],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":246,"address":[665224,664825,665287],"length":1,"stats":{"Line":3},"fn_name":null},{"line":249,"address":[666042,665392],"length":1,"stats":{"Line":2},"fn_name":"from_pem"},{"line":250,"address":[665425,665673],"length":1,"stats":{"Line":2},"fn_name":null},{"line":251,"address":[665644,665818],"length":1,"stats":{"Line":4},"fn_name":null},{"line":252,"address":[665900],"length":1,"stats":{"Line":1},"fn_name":null},{"line":254,"address":[666273,666073,665874,665989],"length":1,"stats":{"Line":3},"fn_name":null},{"line":261,"address":[666416],"length":1,"stats":{"Line":1},"fn_name":"as_bytes"},{"line":262,"address":[666435],"length":1,"stats":{"Line":1},"fn_name":null},{"line":265,"address":[666512],"length":1,"stats":{"Line":1},"fn_name":"from_bytes"},{"line":266,"address":[389184,389200],"length":1,"stats":{"Line":1},"fn_name":"{closure#0}"},{"line":269,"address":[666624,667200,667173],"length":1,"stats":{"Line":1},"fn_name":"as_pem"},{"line":270,"address":[667111,667048,666649],"length":1,"stats":{"Line":3},"fn_name":null},{"line":273,"address":[667866,667216],"length":1,"stats":{"Line":1},"fn_name":"from_pem"},{"line":274,"address":[667249,667497],"length":1,"stats":{"Line":1},"fn_name":null},{"line":275,"address":[667468,667642],"length":1,"stats":{"Line":2},"fn_name":null},{"line":276,"address":[667724],"length":1,"stats":{"Line":0},"fn_name":null},{"line":278,"address":[668004,667698,667892,667813],"length":1,"stats":{"Line":3},"fn_name":null}],"covered":102,"coverable":103},{"path":["/","home","core","prj","e3t","e3pf","libepf","src","util.rs"],"content":"use std::ops::Add;\nuse std::time::{Duration, SystemTime};\nuse chrono::{DateTime, Utc};\n\npub fn pretty_print_date(date: \u0026SystemTime) -\u003e String {\n    let datetime: DateTime\u003cUtc\u003e = (*date).into();\n    datetime.format(\"%Y-%m-%dT%H:%M:%S%.f%:z\").to_string()\n}\n\npub fn u64_to_st(unix: u64) -\u003e SystemTime {\n    SystemTime::UNIX_EPOCH.add(Duration::from_secs(unix))\n}","traces":[{"line":5,"address":[368267,368112],"length":1,"stats":{"Line":1},"fn_name":"pretty_print_date"},{"line":6,"address":[368140],"length":1,"stats":{"Line":1},"fn_name":null},{"line":7,"address":[368166],"length":1,"stats":{"Line":1},"fn_name":null},{"line":10,"address":[368304],"length":1,"stats":{"Line":1},"fn_name":"u64_to_st"},{"line":11,"address":[368313],"length":1,"stats":{"Line":1},"fn_name":null}],"covered":5,"coverable":5}]};
     </script>
     <script crossorigin>/** @license React v16.13.1
  * react.production.min.js