x509_ocsp::builder

Struct OcspResponseBuilder

Source 
pub struct OcspResponseBuilder { /* private fields */ }
Available on crate feature builder only.
Expand description

X509 OCSP Response builder

use der::{asn1::ObjectIdentifier, DateTime, Decode};
use x509_cert::Certificate;
use x509_ocsp::builder::OcspResponseBuilder;
use x509_ocsp::{ext::Nonce, CertStatus, OcspGeneralizedTime, OcspRequest, OcspResponse,
    SingleResponse,
};

let req = OcspRequest::from_der(OCSP_REQ_DER).unwrap();
let ca = Certificate::from_der(CA_DER).unwrap();

let mut builder = OcspResponseBuilder::new(ca.tbs_certificate.subject.clone())
    .with_single_response(
        SingleResponse::new(
            req.tbs_request.request_list[0].req_cert.clone(),
            CertStatus::good(),
            OcspGeneralizedTime::from(DateTime::new(2023, 10, 31, 0, 0, 0).unwrap()),
        )
        .with_next_update(OcspGeneralizedTime::from(
            DateTime::new(2024, 1, 1, 0, 0, 0).unwrap()
        )),
    );

if let Some(nonce) = req.nonce() {
    builder = builder.with_extension(nonce).unwrap();
}

#[cfg(feature = "std")]
let now = OcspGeneralizedTime::try_from(std::time::SystemTime::now()).unwrap();

#[cfg(not(feature = "std"))]
let now = OcspGeneralizedTime::from(
    DateTime::new(2023, 11, 1, 0, 0, 0).unwrap()
);

let mut signer = rsa_signer();
let signer_cert_chain = vec![ca.clone()];
let resp = builder
    .sign(&mut signer, Some(signer_cert_chain), now)
    .unwrap();

Implementations§

Source§

impl OcspResponseBuilder

Source

pub fn new(responder_id: impl Into<ResponderId>) -> Self

Returns a OcspResponseBuilder given the Version, ResponderId, and Produced At values.

Source

pub fn with_single_response(self, single_response: SingleResponse) -> Self

Adds a SingleResponse to the builder as defined in RFC 6960 Section 4.2.1.

Source

pub fn with_extension(self, ext: impl AsExtension) -> Result<Self, Error>

Adds a response extension as specified in RFC 6960 Section 4.4. Errors when the extension encoding fails.

Source

pub fn sign<S, Sig>( self, signer: &mut S, certificate_chain: Option<Vec<Certificate>>, produced_at: OcspGeneralizedTime, ) -> Result<OcspResponse, Error>
where S: Signer<Sig> + DynSignatureAlgorithmIdentifier, Sig: SignatureBitStringEncoding,

Consumes the builder and returns a signed OcspResponse. Errors when the algorithm identifier encoding, message encoding, or signature generation fails.

Per RFC 6960 Section 2.4, the producedAt value must be the time the request was signed.

Source

pub fn sign_with_rng<S, Sig>( self, signer: &mut S, rng: &mut impl CryptoRngCore, certificate_chain: Option<Vec<Certificate>>, produced_at: OcspGeneralizedTime, ) -> Result<OcspResponse, Error>
where S: RandomizedSigner<Sig> + DynSignatureAlgorithmIdentifier, Sig: SignatureBitStringEncoding,

Consumes the builder and returns a signed OcspResponse. Errors when the algorithm identifier encoding, message encoding, or signature generation fails.

Per RFC 6960 Section 2.4, the producedAt value must be the time the request was signed.

Trait Implementations§

Source§

impl Clone for OcspResponseBuilder

Source§

fn clone(&self) -> OcspResponseBuilder

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OcspResponseBuilder

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.