Struct krill::commons::remote::id::IdCert

pub struct IdCert { /* fields omitted */ }

An Identity Certificate.

Identity Certificates are used in the provisioning and publication protocol. Initially the parent and child CAs and/or the publishing CA and publication server exchange self-signed Identity Certificates, wrapped in XML messages defined in the 'rfc8181' module.

The private keys corresponding to the subject public keys in these certificates are then used to sign identity EE certificates used to sign CMS messages in support of the provisioning and publication protocols.

NOTE: For the moment only V3 certificates are supported, because we insist that a TA certificate is self-signed and has the CA bit set, and that an EE certificate does not have this bit set, but does have an AKI that matches the issuer's SKI. Maybe we should take this out... and just care that things are validly signed, or only check AKI/SKI if it's version 3, but skip this for lower versions.

Implementations

impl IdCert

Data Access

pub fn public_key(&self) -> &[u8]

Returns a reference to the certificate’s public key.

pub fn subject_key_identifier(&self) -> &OctetString

Returns a reference to the subject key identifier.

pub fn ski_hex(&self) -> String

Returns the hex encoded SKI

pub fn subject_public_key_info(&self) -> &PublicKey

Returns a reference to the entire public key information structure.

pub fn serial_number(&self) -> &Unsigned

Returns a reference to the certificate’s serial number.

impl IdCert

Decoding and Encoding

pub fn decode<S: Source>(source: S) -> Result<Self, S::Err>

Decodes a source as a certificate.

pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, S::Err>

Takes an encoded certificate from the beginning of a value.

pub fn from_constructed<S: Source>(
    cons: &mut Constructed<S>
) -> Result<Self, S::Err>

Parses the content of a Certificate sequence.

pub fn encode<'a>(&'a self) -> impl Values + 'a

pub fn to_bytes(&self) -> Bytes

impl IdCert

Validation

pub fn validate_ta(&self) -> Result<(), ValidationError>

Validates the certificate as a trust anchor.

This validates that the certificate “is a current, self-signed RPKI CA certificate that conforms to the profile as specified in RFC6487” (RFC7730, section 3, step 2).

pub fn validate_ta_at(&self, now: Time) -> Result<(), ValidationError>

pub fn validate_ee(&self, issuer: &IdCert) -> Result<(), ValidationError>

Validates the certificate as an EE certificate.

For validation to succeed, the certificate needs to have been signed by the provided issuer certificate.

Note that this does not check the CRL.

pub fn validate_ee_at(
    &self,
    issuer: &IdCert,
    now: Time
) -> Result<(), ValidationError>

Trait Implementations

impl AsRef<IdCert> for IdCert

fn as_ref(&self) -> &Self

Performs the conversion.

impl Clone for IdCert

fn clone(&self) -> IdCert

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for IdCert

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for IdCert

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
    D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Eq for IdCert

impl<'_> From<&'_ IdCert> for IdCertPem

fn from(cer: &IdCert) -> Self

Performs the conversion.

impl Into<IdCert> for PublisherRequest

fn into(self) -> IdCert

Performs the conversion.

impl PartialEq<IdCert> for IdCert

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.

#[must_use]fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl Serialize for IdCert

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where
    S: Serializer, 

Serialize this value into the given Serde serializer.