ssh-key: fix certificate::Builder::new_with_validity_times

It previously had the `valid_after` and `valid_before` arguments
swapped, which would've caused errors with expected usage.

This commit adds a test that confirmed the certificate builder
initializes successfully after swapping the arguments back.

Closes #142

ssh-key/src/certificate/builder.rs

@@ -145,7 +145,7 @@ impl Builder {
         let valid_before =
             UnixTime::try_from(valid_before).map_err(|_| Field::ValidBefore.invalid_error())?;
 
-        Self::new(nonce, public_key, valid_before.into(), valid_after.into())
+        Self::new(nonce, public_key, valid_after.into(), valid_before.into())
     }
 
     /// Create a new certificate builder, generating a random nonce using the

ssh-key/tests/certificate_builder.rs

@@ -16,6 +16,9 @@ use ssh_key::EcdsaCurve;
 #[cfg(all(feature = "ed25519", feature = "rsa"))]
 use std::str::FromStr;
 
+#[cfg(all(feature = "ed25519", feature = "std"))]
+use std::time::{Duration, SystemTime};
+
 /// Example Unix timestamp when a certificate was issued (2020-09-13 12:26:40 UTC).
 const ISSUED_AT: u64 = 1600000000;
 
@@ -183,3 +186,24 @@ R6qbyo6hPuCiV9cAAAAAAQID
     let ca_fingerprint = ca_key.fingerprint(Default::default());
     assert!(cert.validate_at(VALID_AT, &[ca_fingerprint]).is_ok());
 }
+
+#[cfg(all(feature = "ed25519", feature = "std"))]
+#[test]
+fn new_with_validity_times() {
+    let mut rng = ChaCha8Rng::from_seed(PRNG_SEED);
+    let subject_key = PrivateKey::random(&mut rng, Algorithm::Ed25519).unwrap();
+
+    // NOTE: use a random nonce, not an all-zero one!
+    let nonce = [0u8; certificate::Builder::RECOMMENDED_NONCE_SIZE];
+
+    let issued_at = SystemTime::now();
+    let expires_at = issued_at + Duration::from_secs(3600);
+
+    assert!(certificate::Builder::new_with_validity_times(
+        nonce,
+        subject_key.public_key(),
+        issued_at,
+        expires_at
+    )
+    .is_ok());
+}