Struct rpki::cert::Cert

pub struct Cert { /* fields omitted */ }

A resource certificate.

A value of this type represents a resource certificate. It can be one of three different variants.

A CA certificate appears in its own file in the repository. Its main use is to sign other certificates.

An EE certificate is used to sign other objects in the repository, such as manifests or ROAs and is included in the file of these objects. In RPKI, EE certificates are used only once. Whenever a new object is created, a new EE certificate is created, signed by its CA, used to sign the object, and then the private key is thrown away.

Finally, TA certificates are the installed trust anchors. These are self-signed.

If a certificate is stored in a file, you can use the decode function to parse the entire file. If the certificate is part of some other structure, the take_from and from_constructed functions can be used during parsing of that structure.

Once parsing succeeded, the three methods validate_ca, validate_ee, and validate_ta can be used to validate the certificate and turn it into a ResourceCert so it can be used for further processing. In addition, various methods exist to access information contained in the certificate.

Methods

impl Cert

Data Access

pub fn subject(&self) -> &Name

Returns a reference to the subject.

pub fn subject_key_identifier(&self) -> &OctetString

Returns a reference to the subject key identifier.

pub fn subject_public_key_info(&self) -> &PublicKey

Returns a reference to the entire public key information structure.

pub fn crl_distribution(&self) -> Option<&UriGeneralNames>

Returns a reference to the certificate’s CRL distributionb point.

If present, this will be an rsync URI.

pub fn serial_number(&self) -> &Unsigned

Returns a reference to the certificate’s serial number.

impl Cert

Decoding

pub fn decode<S: Source>(source: S) -> Result<Self, S::Err>

Decodes a source as a certificate.

pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, S::Err>

Takes an encoded certificate from the beginning of a value.

This function assumes that the certificate is encoded in the next constructed value in cons tagged as a sequence.

pub fn from_constructed<S: Source>(
    cons: &mut Constructed<S>
) -> Result<Self, S::Err>

Parses the content of a Certificate sequence.

impl Cert

Validation

pub fn validate_ta(
    self,
    tal: Arc<TalInfo>,
    strict: bool
) -> Result<ResourceCert, ValidationError>

Validates the certificate as a trust anchor.

This validates that the certificate “is a current, self-signed RPKI CA certificate that conforms to the profile as specified in RFC6487” (RFC7730, section 3, step 2).

pub fn validate_ta_at(
    self,
    tal: Arc<TalInfo>,
    strict: bool,
    now: Time
) -> Result<ResourceCert, ValidationError>

pub fn validate_ca(
    self,
    issuer: &ResourceCert,
    strict: bool
) -> Result<ResourceCert, ValidationError>

Validates the certificate as a CA certificate.

For validation to succeed, the certificate needs to have been signed by the provided issuer certificate.

Note that this does not check the CRL.

pub fn validate_ca_at(
    self,
    issuer: &ResourceCert,
    strict: bool,
    now: Time
) -> Result<ResourceCert, ValidationError>

pub fn validate_ee(
    self,
    issuer: &ResourceCert,
    strict: bool
) -> Result<ResourceCert, ValidationError>

Validates the certificate as an EE certificate.

For validation to succeed, the certificate needs to have been signed by the provided issuer certificate.

Note that this does not check the CRL.

pub fn validate_ee_at(
    self,
    issuer: &ResourceCert,
    strict: bool,
    now: Time
) -> Result<ResourceCert, ValidationError>

Trait Implementations

impl AsRef<Cert> for Cert

fn as_ref(&self) -> &Self

Performs the conversion.

impl AsRef<Cert> for ResourceCert

fn as_ref(&self) -> &Cert

Performs the conversion.

impl Clone for Cert

fn clone(&self) -> Cert

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Cert

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.