pub trait LocalAuthority:
Send
+ Sync
+ Debug {
// Required methods
fn name(&self) -> &str;
fn cert_chain(&self) -> &[CertificateDer<'static>];
fn sign(&self, data: &[u8]) -> BoxFuture<'_, Result<Vec<u8>, SignError>>;
// Provided methods
fn public_key(&self) -> SubjectPublicKeyInfoDer<'_> { ... }
fn verify(
&self,
data: &[u8],
signature: &[u8],
) -> BoxFuture<'_, Result<bool, VerifyError>> { ... }
}Expand description
Local authority for DHTTP identity material.
Signatures use DHTTP’s canonical key-to-signature-scheme policy instead of accepting a caller-supplied scheme. The policy is:
- Ed25519 keys use
SignatureScheme::ED25519. - ECDSA P-256 keys use
SignatureScheme::ECDSA_NISTP256_SHA256. - ECDSA P-384 keys use
SignatureScheme::ECDSA_NISTP384_SHA384. - RSA keys use
SignatureScheme::RSA_PSS_SHA512, matching the QUIC/TLS RSA signing preference used by rustls.
Callers should treat sign and verify as DHTTP identity operations, not
as general-purpose cryptographic primitives with negotiable algorithms.
Required Methods§
fn name(&self) -> &str
fn cert_chain(&self) -> &[CertificateDer<'static>]
fn sign(&self, data: &[u8]) -> BoxFuture<'_, Result<Vec<u8>, SignError>>
Provided Methods§
fn public_key(&self) -> SubjectPublicKeyInfoDer<'_>
fn verify( &self, data: &[u8], signature: &[u8], ) -> BoxFuture<'_, Result<bool, VerifyError>>
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".