[−][src]Struct rpki::cert::Cert
A raw resource certificate.
A value of this type represents a resource certificate. It can be one of three different variants.
A CA certificate appears in its own file in the repository. Its main use is to sign other certificates.
An EE certificate is used to sign other objects in the repository, such as manifests or ROAs and is included in the file of these objects. In RPKI, EE certificates are used only once. Whenever a new object is created, a new EE certificate is created, signed by its CA, used to sign the object, and then the private key is thrown away.
Finally, TA certificates are the installed trust anchors. These are self-signed.
If a certificate is stored in a file, you can use the decode
function
to parse the entire file. If the certificate is part of some other
structure, the take_from
and from_constructed
functions can be
used during parsing of that structure.
Once parsing succeeded, the three methods validate_ca
,
validate_ee
, and validate_ta
can be used to validate the
certificate and turn it into a ResourceCert
so it can be used for
further processing. In addition, various methods exist to access
information contained in the certificate.
Methods
impl Cert
[src]
pub fn decode<S: Source>(source: S) -> Result<Self, S::Err>
[src]
Decodes a source as a certificate.
pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, S::Err>
[src]
Takes an encoded certificate from the beginning of a value.
This function assumes that the certificate is encoded in the next
constructed value in cons
tagged as a sequence.
pub fn from_constructed<S: Source>(
cons: &mut Constructed<S>
) -> Result<Self, S::Err>
[src]
cons: &mut Constructed<S>
) -> Result<Self, S::Err>
Parses the content of a Certificate sequence.
pub fn encode_ref<'a>(&'a self) -> impl Values + 'a
[src]
Returns a value encoder for a reference to the certificate.
pub fn to_captured(&self) -> Captured
[src]
Returns a captured encoding of the certificate.
impl Cert
[src]
pub fn validate_ta(
self,
tal: Arc<TalInfo>,
strict: bool
) -> Result<ResourceCert, ValidationError>
[src]
self,
tal: Arc<TalInfo>,
strict: bool
) -> Result<ResourceCert, ValidationError>
Validates the certificate as a trust anchor.
This validates that the certificate “is a current, self-signed RPKI CA certificate that conforms to the profile as specified in RFC6487” (RFC7730, section 3, step 2).
pub fn validate_ta_at(
self,
tal: Arc<TalInfo>,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
[src]
self,
tal: Arc<TalInfo>,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
pub fn validate_ca(
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
Validates the certificate as a CA certificate.
For validation to succeed, the certificate needs to have been signed
by the provided issuer
certificate.
Note that this does not check the CRL.
pub fn validate_ca_at(
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
pub fn validate_ee(
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool
) -> Result<ResourceCert, ValidationError>
Validates the certificate as an EE certificate.
For validation to succeed, the certificate needs to have been signed
by the provided issuer
certificate.
Note that this does not check the CRL.
pub fn validate_ee_at(
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
[src]
self,
issuer: &ResourceCert,
strict: bool,
now: Time
) -> Result<ResourceCert, ValidationError>
Methods from Deref<Target = TbsCert>
pub fn serial_number(&self) -> Serial
[src]
Returns the serial number of the certificate.
pub fn issuer(&self) -> &Name
[src]
Returns a reference to the issuer.
pub fn validity(&self) -> Validity
[src]
Returns a reference to the validity.
pub fn subject(&self) -> &Name
[src]
Returns a reference to the subject.
pub fn subject_public_key_info(&self) -> &PublicKey
[src]
Returns a reference to the public key.
pub fn basic_ca(&self) -> Option<bool>
[src]
Returns the cA field of the basic constraints extension if present.
pub fn subject_key_identifier(&self) -> KeyIdentifier
[src]
Returns a reference to the subject key identifier.
There is no method to set this extension as this happens automatically
when the subject public key is set via set_subject_public_key
.
pub fn authority_key_identifier(&self) -> Option<KeyIdentifier>
[src]
Returns a reference to the authority key identifier if present.
pub fn key_usage(&self) -> KeyUsage
[src]
Returns the key usage of the certificate.
pub fn extended_key_usage(&self) -> Option<&Captured>
[src]
Returns a reference to the extended key usage if present.
Since this field isn’t allowed in any certificate used for RPKI objects directly, we do not currently support setting this field.
pub fn crl_uri(&self) -> Option<&Rsync>
[src]
Returns a reference to the certificate’s CRL distribution point.
pub fn ca_issuer(&self) -> Option<&Rsync>
[src]
Returns a reference to caIssuer AIA rsync URI if present.
pub fn ca_repository(&self) -> Option<&Rsync>
[src]
Returns a reference to the caRepository SIA rsync URI if present.
pub fn rpki_manifest(&self) -> Option<&Rsync>
[src]
Returns a reference to the rpkiManifest SIA rsync URI if present.
pub fn signed_object(&self) -> Option<&Rsync>
[src]
Returns a reference to the signedObject SIA rsync URI if present.
pub fn rpki_notify(&self) -> Option<&Https>
[src]
Returns a reference to the rpkiNotify SIA HTTPS URI if present.
pub fn overclaim(&self) -> Overclaim
[src]
Returns the overclaim mode of the certificate.
pub fn v4_resources(&self) -> Option<&IpResources>
[src]
Returns a reference to the IPv4 address resources if present.
pub fn v6_resources(&self) -> Option<&IpResources>
[src]
Returns a reference to the IPv6 address resources if present.
pub fn has_ip_resources(&self) -> bool
[src]
Returns whether the certificate has any IP resources at all.
pub fn as_resources(&self) -> Option<&AsResources>
[src]
Returns a reference to the AS resources if present.
pub fn encode_ref<'a>(&'a self) -> impl Values + 'a
[src]
Returns an encoder for the value.
Trait Implementations
impl AsRef<Cert> for Cert
[src]
impl AsRef<TbsCert> for Cert
[src]
impl AsRef<Cert> for ResourceCert
[src]
impl Clone for Cert
[src]
impl Debug for Cert
[src]
impl Deref for Cert
[src]
impl Borrow<TbsCert> for Cert
[src]
impl Serialize for Cert
[src]
impl<'de> Deserialize<'de> for Cert
[src]
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
D: Deserializer<'de>,
[src]
D: Deserializer<'de>,
Auto Trait Implementations
impl Send for Cert
impl Sync for Cert
impl Unpin for Cert
impl UnwindSafe for Cert
impl RefUnwindSafe for Cert
Blanket Implementations
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From<T> for T
[src]
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> DeserializeOwned for T where
T: Deserialize<'de>,
[src]
T: Deserialize<'de>,