Struct rpki::cert::Cert

pub struct Cert { /* fields omitted */ }

A raw resource certificate.

A value of this type represents a resource certificate. It can be one of three different variants.

A CA certificate appears in its own file in the repository. Its main use is to sign other certificates.

An EE certificate is used to sign other objects in the repository, such as manifests or ROAs and is included in the file of these objects. In RPKI, EE certificates are used only once. Whenever a new object is created, a new EE certificate is created, signed by its CA, used to sign the object, and then the private key is thrown away.

Finally, TA certificates are the installed trust anchors. These are self-signed.

If a certificate is stored in a file, you can use the decode function to parse the entire file. If the certificate is part of some other structure, the take_from and from_constructed functions can be used during parsing of that structure.

Once parsing succeeded, the three methods validate_ca, validate_ee, and validate_ta can be used to validate the certificate and turn it into a ResourceCert so it can be used for further processing. In addition, various methods exist to access information contained in the certificate.

Methods

impl Cert

Decoding and Encoding

pub fn decode<S: Source>(source: S) -> Result<Self, S::Err>

Decodes a source as a certificate.

pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, S::Err>

Takes an encoded certificate from the beginning of a value.

This function assumes that the certificate is encoded in the next constructed value in cons tagged as a sequence.

pub fn from_constructed<S: Source>(
    cons: &mut Constructed<S>
) -> Result<Self, S::Err>

Parses the content of a Certificate sequence.

pub fn encode_ref<'a>(&'a self) -> impl Values + 'a

Returns a value encoder for a reference to the certificate.

pub fn to_captured(&self) -> Captured

Returns a captured encoding of the certificate.

impl Cert

Validation

pub fn validate_ta(
    self,
    tal: Arc<TalInfo>,
    strict: bool
) -> Result<ResourceCert, ValidationError>

Validates the certificate as a trust anchor.

This validates that the certificate “is a current, self-signed RPKI CA certificate that conforms to the profile as specified in RFC6487” (RFC7730, section 3, step 2).

pub fn validate_ta_at(
    self,
    tal: Arc<TalInfo>,
    strict: bool,
    now: Time
) -> Result<ResourceCert, ValidationError>

pub fn validate_ca(
    self,
    issuer: &ResourceCert,
    strict: bool
) -> Result<ResourceCert, ValidationError>

Validates the certificate as a CA certificate.

For validation to succeed, the certificate needs to have been signed by the provided issuer certificate.

Note that this does not check the CRL.

pub fn validate_ca_at(
    self,
    issuer: &ResourceCert,
    strict: bool,
    now: Time
) -> Result<ResourceCert, ValidationError>

pub fn validate_ee(
    self,
    issuer: &ResourceCert,
    strict: bool
) -> Result<ResourceCert, ValidationError>

Validates the certificate as an EE certificate.

For validation to succeed, the certificate needs to have been signed by the provided issuer certificate.

Note that this does not check the CRL.

pub fn validate_ee_at(
    self,
    issuer: &ResourceCert,
    strict: bool,
    now: Time
) -> Result<ResourceCert, ValidationError>

Methods from Deref<Target = TbsCert>

pub fn serial_number(&self) -> Serial

Returns the serial number of the certificate.

pub fn issuer(&self) -> &Name

Returns a reference to the issuer.

pub fn validity(&self) -> Validity

Returns a reference to the validity.

pub fn subject(&self) -> &Name

Returns a reference to the subject.

pub fn subject_public_key_info(&self) -> &PublicKey

Returns a reference to the public key.

pub fn basic_ca(&self) -> Option<bool>

Returns the cA field of the basic constraints extension if present.

pub fn subject_key_identifier(&self) -> KeyIdentifier

Returns a reference to the subject key identifier.

There is no method to set this extension as this happens automatically when the subject public key is set via set_subject_public_key.

pub fn authority_key_identifier(&self) -> Option<KeyIdentifier>

Returns a reference to the authority key identifier if present.

pub fn key_usage(&self) -> KeyUsage

Returns the key usage of the certificate.

pub fn extended_key_usage(&self) -> Option<&Captured>

Returns a reference to the extended key usage if present.

Since this field isn’t allowed in any certificate used for RPKI objects directly, we do not currently support setting this field.

pub fn crl_uri(&self) -> Option<&Rsync>

Returns a reference to the certificate’s CRL distribution point.

pub fn ca_issuer(&self) -> Option<&Rsync>

Returns a reference to caIssuer AIA rsync URI if present.

pub fn ca_repository(&self) -> Option<&Rsync>

Returns a reference to the caRepository SIA rsync URI if present.

pub fn rpki_manifest(&self) -> Option<&Rsync>

Returns a reference to the rpkiManifest SIA rsync URI if present.

pub fn signed_object(&self) -> Option<&Rsync>

Returns a reference to the signedObject SIA rsync URI if present.

pub fn rpki_notify(&self) -> Option<&Https>

Returns a reference to the rpkiNotify SIA HTTPS URI if present.

pub fn overclaim(&self) -> Overclaim

Returns the overclaim mode of the certificate.

pub fn v4_resources(&self) -> Option<&IpResources>

Returns a reference to the IPv4 address resources if present.

pub fn v6_resources(&self) -> Option<&IpResources>

Returns a reference to the IPv6 address resources if present.

pub fn has_ip_resources(&self) -> bool

Returns whether the certificate has any IP resources at all.

pub fn as_resources(&self) -> Option<&AsResources>

Returns a reference to the AS resources if present.

pub fn encode_ref<'a>(&'a self) -> impl Values + 'a

Returns an encoder for the value.

Trait Implementations

impl AsRef<Cert> for Cert

fn as_ref(&self) -> &Self

Performs the conversion.

impl AsRef<TbsCert> for Cert

fn as_ref(&self) -> &TbsCert

Performs the conversion.

impl AsRef<Cert> for ResourceCert

fn as_ref(&self) -> &Cert

Performs the conversion.

impl Clone for Cert

fn clone(&self) -> Cert

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Cert

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Deref for Cert

type Target = TbsCert

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.

impl Borrow<TbsCert> for Cert

fn borrow(&self) -> &TbsCert

Immutably borrows from an owned value.

impl Serialize for Cert

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where
    S: Serializer, 

Serialize this value into the given Serde serializer.

impl<'de> Deserialize<'de> for Cert

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
    D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.