Struct opcua_server::prelude::certificate_store::CertificateStore
source · [−]pub struct CertificateStore { /* private fields */ }
Expand description
The certificate store manages the storage of a server/client’s own certificate & private key and the trust / rejection of certificates from the other end.
Implementations
sourceimpl CertificateStore
impl CertificateStore
sourcepub fn new(pki_path: &Path) -> CertificateStore
pub fn new(pki_path: &Path) -> CertificateStore
Sets up the certificate store to the specified PKI directory. It is a bad idea to have more than one running instance pointing to the same path location on disk.
pub fn new_with_x509_data<X>(
pki_path: &Path,
overwrite: bool,
cert_path: Option<&Path>,
pkey_path: Option<&Path>,
x509_data: Option<X>
) -> (CertificateStore, Option<X509>, Option<PKey<Private>>) where
X: Into<X509Data>,
pub fn set_skip_verify_certs(&mut self, skip_verify_certs: bool)
pub fn set_trust_unknown_certs(&mut self, trust_unknown_certs: bool)
pub fn set_check_time(&mut self, check_time: bool)
sourcepub fn read_pkey(path: &Path) -> Result<PKey<Private>, String>
pub fn read_pkey(path: &Path) -> Result<PKey<Private>, String>
Reads a private key from a path on disk.
sourcepub fn read_own_cert_and_pkey(&self) -> Result<(X509, PKey<Private>), String>
pub fn read_own_cert_and_pkey(&self) -> Result<(X509, PKey<Private>), String>
Reads the store’s own certificate and private key
sourcepub fn read_own_cert_and_pkey_optional(
&self
) -> (Option<X509>, Option<PKey<Private>>)
pub fn read_own_cert_and_pkey_optional(
&self
) -> (Option<X509>, Option<PKey<Private>>)
Fetches the public certificate and private key into options
sourcepub fn create_certificate_and_key(
args: &X509Data,
overwrite: bool,
cert_path: &Path,
pkey_path: &Path
) -> Result<(X509, PKey<Private>), String>
pub fn create_certificate_and_key(
args: &X509Data,
overwrite: bool,
cert_path: &Path,
pkey_path: &Path
) -> Result<(X509, PKey<Private>), String>
Create a certificate and key pair to the specified locations
sourcepub fn create_and_store_application_instance_cert(
&self,
args: &X509Data,
overwrite: bool
) -> Result<(X509, PKey<Private>), String>
pub fn create_and_store_application_instance_cert(
&self,
args: &X509Data,
overwrite: bool
) -> Result<(X509, PKey<Private>), String>
This function will use the supplied arguments to create an Application Instance Certificate consisting of a X509v3 certificate and public/private key pair. The cert (including pubkey) and private key will be written to disk under the pki path.
sourcepub fn validate_or_reject_application_instance_cert(
&self,
cert: &X509,
security_policy: SecurityPolicy,
hostname: Option<&str>,
application_uri: Option<&str>
) -> StatusCode
pub fn validate_or_reject_application_instance_cert(
&self,
cert: &X509,
security_policy: SecurityPolicy,
hostname: Option<&str>,
application_uri: Option<&str>
) -> StatusCode
Validates the cert as trusted and valid. If the cert is unknown, it will be written to the rejected folder so that the administrator can manually move it to the trusted folder.
Errors
A non Good
status code indicates a failure in the cert or in some action required in
order to validate it.
sourcepub fn validate_application_instance_cert(
&self,
cert: &X509,
security_policy: SecurityPolicy,
hostname: Option<&str>,
application_uri: Option<&str>
) -> StatusCode
pub fn validate_application_instance_cert(
&self,
cert: &X509,
security_policy: SecurityPolicy,
hostname: Option<&str>,
application_uri: Option<&str>
) -> StatusCode
Validates the certificate according to the strictness set in the CertificateStore itself. Validation might include checking the issue time, expiration time, revocation, trust chain etc. In the first instance this function will only check if the cert is recognized and is already contained in the trusted or rejected folder.
Errors
A non Good
status code indicates a failure in the cert or in some action required in
order to validate it.
sourcepub fn cert_file_name(cert: &X509) -> String
pub fn cert_file_name(cert: &X509) -> String
Returns a certificate file name from the cert’s issuer and thumbprint fields. File name is either “prefix - [thumbprint].der” or “thumbprint.der” depending on the cert’s common name being empty or not
sourcepub fn ensure_pki_path(&self) -> Result<(), String>
pub fn ensure_pki_path(&self) -> Result<(), String>
sourcepub fn own_certificate_path(&self) -> PathBuf
pub fn own_certificate_path(&self) -> PathBuf
Get path to application instance certificate
sourcepub fn own_private_key_path(&self) -> PathBuf
pub fn own_private_key_path(&self) -> PathBuf
Get path to application instance private key
sourcepub fn rejected_certs_dir(&self) -> PathBuf
pub fn rejected_certs_dir(&self) -> PathBuf
Get the path to the rejected certs dir
sourcepub fn trusted_certs_dir(&self) -> PathBuf
pub fn trusted_certs_dir(&self) -> PathBuf
Get the path to the trusted certs dir
Auto Trait Implementations
impl RefUnwindSafe for CertificateStore
impl Send for CertificateStore
impl Sync for CertificateStore
impl Unpin for CertificateStore
impl UnwindSafe for CertificateStore
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more