[−][src]Struct rpki::cert::Cert
A resource certificate.
A value of this type represents a resource certificate. It can be one of three different variants.
A CA certificate appears in its own file in the repository. Its main use is to sign other certificates.
An EE certificate is used to sign other objects in the repository, such as manifests or ROAs and is included in the file of these objects. In RPKI, EE certificates are used only once. Whenever a new object is created, a new EE certificate is created, signed by its CA, used to sign the object, and then the private key is thrown away.
Finally, TA certificates are the installed trust anchors. These are self-signed.
If a certificate is stored in a file, you can use the decode
function
to parse the entire file. If the certificate is part of some other
structure, the take_from
and from_constructed
functions can be
used during parsing of that structure.
Once parsing succeeded, the three methods validate_ca
,
validate_ee
, and validate_ta
can be used to validate the
certificate and turn it into a ResourceCert
so it can be used for
further processing. In addition, various methods exist to access
information contained in the certificate.
Methods
impl Cert
[src]
pub fn subject(&self) -> &Name
[src]
Returns a reference to the subject.
pub fn subject_key_identifier(&self) -> &OctetString
[src]
Returns a reference to the subject key identifier.
pub fn subject_public_key_info(&self) -> &PublicKey
[src]
Returns a reference to the entire public key information structure.
pub fn crl_distribution(&self) -> Option<&UriGeneralNames>
[src]
Returns a reference to the certificate’s CRL distributionb point.
If present, this will be an rsync
URI.
pub fn serial_number(&self) -> &Unsigned
[src]
Returns a reference to the certificate’s serial number.
impl Cert
[src]
pub fn decode<S: Source>(source: S) -> Result<Self, S::Err>
[src]
Decodes a source as a certificate.
pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, S::Err>
[src]
Takes an encoded certificate from the beginning of a value.
This function assumes that the certificate is encoded in the next
constructed value in cons
tagged as a sequence.
pub fn from_constructed<S: Source>(
cons: &mut Constructed<S>
) -> Result<Self, S::Err>
[src]
cons: &mut Constructed<S>
) -> Result<Self, S::Err>
Parses the content of a Certificate sequence.
impl Cert
[src]
pub fn validate_ta(
self,
tal: Arc<TalInfo>,
strict: bool
) -> Result<ResourceCert, ValidationError>
[src]
self,
tal: Arc<TalInfo>,
strict: bool
) -> Result<ResourceCert, ValidationError>
Validates the certificate as a trust anchor.
This validates that the certificate “is a current, self-signed RPKI CA certificate that conforms to the profile as specified in RFC6487” (RFC7730, section 3, step 2).
pub fn validate_ta_at(
self,
tal: Arc<TalInfo>,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
[src]
self,
tal: Arc<TalInfo>,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
pub fn validate_ca(
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
Validates the certificate as a CA certificate.
For validation to succeed, the certificate needs to have been signed
by the provided issuer
certificate.
Note that this does not check the CRL.
pub fn validate_ca_at(
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
pub fn validate_ee(
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
Validates the certificate as an EE certificate.
For validation to succeed, the certificate needs to have been signed
by the provided issuer
certificate.
Note that this does not check the CRL.
pub fn validate_ee_at(
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
Trait Implementations
impl AsRef<Cert> for Cert
[src]
impl AsRef<Cert> for ResourceCert
[src]
impl Clone for Cert
[src]
fn clone(&self) -> Cert
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
Performs copy-assignment from source
. Read more
impl Debug for Cert
[src]
Auto Trait Implementations
Blanket Implementations
impl<T, U> Into for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
impl<T> From for T
[src]
impl<T, U> TryFrom for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T> Borrow for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> BorrowMut for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T, U> TryInto for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,