pub struct X509(/* private fields */);
Expand description
An X509
public key certificate.
Implementations§
source§impl X509
impl X509
sourcepub fn builder() -> Result<X509Builder, ErrorStack>
pub fn builder() -> Result<X509Builder, ErrorStack>
Returns a new builder.
sourcepub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>
pub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>
Deserializes a PEM-encoded X509 structure.
The input should have a header of -----BEGIN CERTIFICATE-----
.
This corresponds to PEM_read_bio_X509
.
sourcepub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>
pub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>
Deserializes a DER-encoded X509 structure.
This corresponds to d2i_X509
.
sourcepub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>
pub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>
Deserializes a list of PEM-formatted certificates.
Methods from Deref<Target = X509Ref>§
sourcepub fn subject_name(&self) -> &X509NameRef
pub fn subject_name(&self) -> &X509NameRef
Returns this certificate’s subject name.
This corresponds to X509_get_subject_name
.
sourcepub fn subject_name_hash(&self) -> u32
pub fn subject_name_hash(&self) -> u32
Returns the hash of the certificates subject
This corresponds to X509_subject_name_hash
.
sourcepub fn issuer_name(&self) -> &X509NameRef
pub fn issuer_name(&self) -> &X509NameRef
Returns this certificate’s issuer name.
This corresponds to X509_get_issuer_name
.
sourcepub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>
pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>
Returns this certificate’s subject alternative name entries, if they exist.
This corresponds to X509_get_ext_d2i
called with NID_subject_alt_name
.
sourcepub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>
pub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>
Returns this certificate’s issuer alternative name entries, if they exist.
This corresponds to X509_get_ext_d2i
called with NID_issuer_alt_name
.
pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack>
sourcepub fn digest(
&self,
hash_type: MessageDigest
) -> Result<DigestBytes, ErrorStack>
pub fn digest( &self, hash_type: MessageDigest ) -> Result<DigestBytes, ErrorStack>
Returns a digest of the DER representation of the certificate.
This corresponds to X509_digest
.
pub fn fingerprint( &self, hash_type: MessageDigest ) -> Result<Vec<u8>, ErrorStack>
sourcepub fn not_after(&self) -> &Asn1TimeRef
pub fn not_after(&self) -> &Asn1TimeRef
Returns the certificate’s Not After validity period.
sourcepub fn not_before(&self) -> &Asn1TimeRef
pub fn not_before(&self) -> &Asn1TimeRef
Returns the certificate’s Not Before validity period.
sourcepub fn signature(&self) -> &Asn1BitStringRef
pub fn signature(&self) -> &Asn1BitStringRef
Returns the certificate’s signature
sourcepub fn signature_algorithm(&self) -> &X509AlgorithmRef
pub fn signature_algorithm(&self) -> &X509AlgorithmRef
Returns the certificate’s signature algorithm.
sourcepub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>
pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>
Returns the list of OCSP responder URLs specified in the certificate’s Authority Information Access field.
sourcepub fn issued(&self, subject: &X509Ref) -> X509VerifyResult
pub fn issued(&self, subject: &X509Ref) -> X509VerifyResult
Checks that this certificate issued subject
.
sourcepub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>where
T: HasPublic,
pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>where
T: HasPublic,
Check if the certificate is signed using the given public key.
Only the signature is checked: no other checks (such as certificate chain validity) are performed.
Returns true
if verification succeeds.
This corresponds to X509_verify
.
sourcepub fn serial_number(&self) -> &Asn1IntegerRef
pub fn serial_number(&self) -> &Asn1IntegerRef
Returns this certificate’s serial number.
This corresponds to X509_get_serialNumber
.
sourcepub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the certificate into a PEM-encoded X509 structure.
The output will have a header of -----BEGIN CERTIFICATE-----
.
This corresponds to PEM_write_bio_X509
.