pub struct CertificateBuilder<'a> { /* private fields */ }Expand description
A builder for creating X.509 certificates
§Example:
use quantcrypt::certificates::CertificateBuilder;
use quantcrypt::dsas::DsaAlgorithm;
use quantcrypt::kems::KemAlgorithm;
use quantcrypt::certificates::Profile;
use quantcrypt::dsas::DsaKeyGenerator;
use quantcrypt::kems::KemKeyGenerator;
use quantcrypt::certificates::CertValidity;
// Create a TA key pair
let (pk_root, sk_root) = DsaKeyGenerator::new(DsaAlgorithm::MlDsa44).generate().unwrap();
let profile = Profile::Root;
let serial_no = None; // This will generate a random serial number
let validity = CertValidity::new(None, "2035-01-01T00:00:00Z").unwrap(); // Not before is now
let subject = "CN=example.com".to_string();
let cert_public_key = pk_root.clone();
let signer = &sk_root;
// Create the TA certificate builder
let builder = CertificateBuilder::new(
profile,
serial_no,
validity.clone(),
subject.clone(),
cert_public_key,
signer).unwrap();
let cert_root = builder.build().unwrap();
assert!(cert_root.verify_self_signed().unwrap());
// Create a leaf (EE) key pair for KEM
let (pk_kem, sk_kem) = KemKeyGenerator::new(KemAlgorithm::MlKem512).generate().unwrap();
let builder = CertificateBuilder::new(Profile::Leaf {
issuer: cert_root.get_subject(),
enable_key_agreement: false,
enable_key_encipherment: true,
}, serial_no,
validity,
subject,
pk_kem,
signer).unwrap();
let cert_kem = builder.build().unwrap();
// It's not self signed so verification as self signed should fail
assert!(!cert_kem.verify_self_signed().unwrap());
// But it should verify against the root
assert!(cert_root.verify_child(&cert_kem).unwrap());Implementations§
source§impl<'a> CertificateBuilder<'a>
impl<'a> CertificateBuilder<'a>
sourcepub fn new(
profile: Profile,
serial_number: Option<[u8; 20]>,
validity: CertValidity,
subject: String,
cert_public_key: PublicKey,
signer: &'a PrivateKey,
) -> Result<CertificateBuilder<'a>, QuantCryptError>
pub fn new( profile: Profile, serial_number: Option<[u8; 20]>, validity: CertValidity, subject: String, cert_public_key: PublicKey, signer: &'a PrivateKey, ) -> Result<CertificateBuilder<'a>, QuantCryptError>
Create a new certificate builder
pub fn add_extension( &mut self, extension: impl AsExtension, ) -> Result<&mut Self, QuantCryptError>
pub fn build(self) -> Result<Certificate, QuantCryptError>
Auto Trait Implementations§
impl<'a> Freeze for CertificateBuilder<'a>
impl<'a> RefUnwindSafe for CertificateBuilder<'a>
impl<'a> Send for CertificateBuilder<'a>
impl<'a> Sync for CertificateBuilder<'a>
impl<'a> Unpin for CertificateBuilder<'a>
impl<'a> UnwindSafe for CertificateBuilder<'a>
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more