Struct hyper_static_server::rustls::sign::CertifiedKey[]

pub struct CertifiedKey {
    pub cert: Vec<Certificate, Global>,
    pub key: Arc<Box<dyn SigningKey + 'static, Global>>,
    pub ocsp: Option<Vec<u8, Global>>,
    pub sct_list: Option<Vec<u8, Global>>,
}

A packaged-together certificate chain, matching SigningKey and optional stapled OCSP response and/or SCT list.

Fields

cert: Vec<Certificate, Global>

The certificate chain.

key: Arc<Box<dyn SigningKey + 'static, Global>>

The certified key.

ocsp: Option<Vec<u8, Global>>

An optional OCSP response from the certificate issuer, attesting to its continued validity.

sct_list: Option<Vec<u8, Global>>

An optional collection of SCTs from CT logs, proving the certificate is included on those logs. This must be a SignedCertificateTimestampList encoding; see RFC6962.

Implementations

impl CertifiedKey

pub fn new(
    cert: Vec<Certificate, Global>,
    key: Arc<Box<dyn SigningKey + 'static, Global>>
) -> CertifiedKey

Make a new CertifiedKey, with the given chain and key.

The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.

pub fn end_entity_cert(&self) -> Result<&Certificate, ()>

The end-entity certificate.

pub fn take_cert(&mut self) -> Vec<Certificate, Global>

Steal ownership of the certificate chain.

pub fn has_ocsp(&self) -> bool

Return true if there's an OCSP response.

pub fn take_ocsp(&mut self) -> Option<Vec<u8, Global>>

Steal ownership of the OCSP response.

pub fn has_sct_list(&self) -> bool

Return true if there's an SCT list.

pub fn take_sct_list(&mut self) -> Option<Vec<u8, Global>>

Steal ownership of the SCT list.

pub fn cross_check_end_entity_cert(
    &self,
    name: Option<DNSNameRef<'_>>
) -> Result<(), TLSError>

Check the certificate chain for validity:

  • it should be non-empty list
  • the first certificate should be parsable as a x509v3,
  • the first certificate should quote the given server name (if provided)

These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.

Trait Implementations

impl Clone for CertifiedKey

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T> Instrument for T[src]

impl<T> Instrument for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,