Struct tugger_code_signing::Signer

pub struct Signer { /* fields omitted */ }

An entity for performing code signing.

This contains the SigningCertificate as well as other global signing settings.

Implementations

impl Signer

pub fn new(signing_certificate: SigningCertificate) -> Self

Construct a new instance given a SigningCertificate.

pub fn chain_certificate(&mut self, certificate: CapturedX509Certificate)

Add an X.509 certificate to the certificate chain.

When signing, it is common to include the chain of certificates that signed the signing certificate in the signature. This can facilitate with validation of the signature.

This function can be called to register addition certificates into the signing chain.

pub fn chain_certificates_pem(
    &mut self,
    data: impl AsRef<[u8]>
) -> Result<(), SigningError>

Add PEM encoded X.509 certificates to the certificate chain.

This is like Self::chain_certificate except the certificate is specified as PEM encoded data. This is a human readable string like -----BEGIN CERTIFICATE----- and is a common method for encoding certificate data. The specified data can contain multiple certificates.

pub fn chain_certificates(
    &mut self,
    certificates: impl Iterator<Item = CapturedX509Certificate>
)

Add multiple X.509 certificates to the certificate chain.

See Self::chain_certificate for details.

pub fn chain_certificates_macos_keychain(&mut self) -> Result<(), SigningError>

Chain X.509 certificates by searching for them in the macOS keychain.

This function will access the macOS keychain and attempt to locate the certificates composing the signing chain of the currently configured signing certificate.

This function only works when run on macOS.

This function will error if the signing certificate wasn’t self-signed and its issuer chain could not be resolved.

pub fn time_stamp_url(&mut self, url: impl IntoUrl) -> Result<(), SigningError>

Set the URL of a Time-Stamp Protocol server to use.

If specified, the server will always be used. In some cases, a Time-Stamp Protocol server will be used automatically if one is not specified.

pub fn apple_settings_callback(&mut self, cb: AppleSigningSettingsFn)

Set a callback function to be called to influence settings for signing individual Apple signables.

pub fn windows_settings_callback(&mut self, cb: WindowsSignerFn)

Set a callback function to be called to influence settings for signing individual Windows signables.

pub fn resolve_signability(
    &self,
    candidate: &SignableCandidate<'_>
) -> Result<Signability, SigningError>

Determine the signability of a potentially signable entity.

pub fn resolve_signer(
    &self,
    candidate: &SignableCandidate<'_>
) -> Result<Option<SignableSigner<'_>>, SigningError>

Attempt to resolve a SignableSigner for the SignableCandidate.

This will determine if a given entity can be signed by us. If so, we will return a Some(T) that can be used to sign it. If the entity is not signable, returns a None.

If an error occurs computing signability, Err occurs.

Trait Implementations

impl From<SigningCertificate> for Signer

fn from(cert: SigningCertificate) -> Self

Performs the conversion.