Struct CertificateStore

Source

pub struct CertificateStore { /* private fields */ }

Expand description

The certificate store manages the storage of a server/client’s own certificate & private key and the trust / rejection of certificates from the other end.

Implementations§

Source §

impl CertificateStore

Source

pub fn new(pki_path: &Path) -> CertificateStore

Sets up the certificate store to the specified PKI directory. It is a bad idea to have more than one running instance pointing to the same path location on disk.

Source

pub fn new_with_x509_data<X>( pki_path: &Path, overwrite: bool, cert_path: Option<&Path>, pkey_path: Option<&Path>, x509_data: Option<X>, ) -> (CertificateStore, Option<X509>, Option<PKey<RsaPrivateKey>>)
where X: Into<X509Data>,

Create a new certificate store with application certificate from the given cert_path.

Source

pub fn set_skip_verify_certs(&mut self, skip_verify_certs: bool)

Set skip_verify_certs to not verify incoming certificates.

Source

pub fn set_trust_unknown_certs(&mut self, trust_unknown_certs: bool)

Set trust_unknown_certs to automatically trust valid but untrusted certificates.

Source

pub fn set_check_time(&mut self, check_time: bool)

Check expiration time of incoming certificates.

Source

pub fn read_pkey(path: &Path) -> Result<PKey<RsaPrivateKey>, String>

Reads a private key from a path on disk.

Source

pub fn read_own_cert(&self) -> Result<X509, String>

Reads the store’s own certificate

Source

pub fn read_own_pkey(&self) -> Result<PKey<RsaPrivateKey>, String>

Read own private key from file.

Source

pub fn create_certificate_and_key( args: &X509Data, overwrite: bool, cert_path: &Path, pkey_path: &Path, ) -> Result<(X509, PKey<RsaPrivateKey>), String>

Create a certificate and key pair to the specified locations

Source

pub fn create_and_store_application_instance_cert( &self, args: &X509Data, overwrite: bool, ) -> Result<(X509, PKey<RsaPrivateKey>), String>

This function will use the supplied arguments to create an Application Instance Certificate consisting of a X509v3 certificate and public/private key pair. The cert (including pubkey) and private key will be written to disk under the pki path.

Source

pub fn validate_or_reject_application_instance_cert( &self, cert: &X509, security_policy: SecurityPolicy, hostname: Option<&str>, application_uri: Option<&str>, ) -> Result<(), StatusCode>

Validates the cert as trusted and valid. If the cert is unknown, it will be written to the rejected folder so that the administrator can manually move it to the trusted folder.

§Errors

A non Good status code indicates a failure in the cert or in some action required in order to validate it.

Source

pub fn validate_application_instance_cert( &self, cert: &X509, security_policy: SecurityPolicy, hostname: Option<&str>, application_uri: Option<&str>, ) -> Result<(), StatusCode>

Validates the certificate according to the strictness set in the CertificateStore itself. Validation might include checking the issue time, expiration time, revocation, trust chain etc. In the first instance this function will only check if the cert is recognized and is already contained in the trusted or rejected folder.

§Errors

A non Good status code indicates a failure in the cert or in some action required in order to validate it.

Source

pub fn cert_file_name(cert: &X509) -> String

Returns a certificate file name from the cert’s issuer and thumbprint fields. File name is either “prefix - [thumbprint].der” or “thumbprint.der” depending on the cert’s common name being empty or not

Source