Struct rpki::csr::Csr

pub struct Csr { /* fields omitted */ }

An RPKI Certificate Sign Request.

Methods

impl Csr

Data Access

pub fn subject(&self) -> &Name

The subject name included on the CSR.

TLDR; This field is useless and will be ignored by the issuing CA.

This field is required by RFC2986, but RFC6487 says that in the RPKI its value SHOULD be empty when requesting new certificates, and MAY be non-empty only on subsequent re-issuance requests and only if the issuing CA has adopted a policy that allows re-use of the name (implying, but not saying, that the request should then include the previously allocated name).

Issuing CAs MUST generate a unique name in the issued certificate.

pub fn public_key(&self) -> &PublicKey

Returns the public key for the requested certificate. Note that validate() should be called to ensure that the requester has possession of the private key for this public key.

pub fn basic_ca(&self) -> bool

Returns the cA field of the basic constraints extension if present, or false.

pub fn key_usage(&self) -> KeyUsage

Returns the desired KeyUsage

pub fn extended_key_usage(&self) -> Option<&Captured>

Returns the optional desired extended key usage.

pub fn ca_repository(&self) -> Option<&Rsync>

Returns the desired ca repository

pub fn rpki_manifest(&self) -> Option<&Rsync>

Returns the desired rpki manifest uri

pub fn rpki_notify(&self) -> Option<&Https>

Returns the desired rpki notify uri (for RRDP)

impl Csr

Decode and Validate

pub fn decode<S: Source>(source: S) -> Result<Self, S::Err>

Parse as a source as a certificate signing request.

pub fn validate(&self) -> Result<(), ValidationError>

Validates the CSR against its internal public key

impl Csr

Encoding

pub fn encode_ref<'a>(&'a self) -> impl Values + 'a

Returns a value encoder for a reference to the csr.

pub fn to_captured(&self) -> Captured

Returns a captured encoding of the csr.

impl Csr

Construct

pub fn construct<S: Signer>(
    signer: &S,
    key: &S::KeyId,
    ca_repository: &Rsync,
    rpki_manifest: &Rsync,
    rpki_notify: Option<&Https>
) -> Result<Captured, SigningError<S::Error>>

Builds a new Csr for RPKI CA certificates.

Other use cases are not required in RPKI, and for simplicity they are not supported here. That means that BasicConstraints, KeyUsage, and algorithm do not need to be specified. Only the values for the required SIA entries for 'id-ad-caRepository' and 'id-ad-rpkiManifest' (see RFC6487), and the optional entry for 'id-ad-rpkiNotify' (see RFC8182), need to be specified.

Trait Implementations

impl Clone for Csr

fn clone(&self) -> Csr

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Csr

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Csr

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
    D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl Serialize for Csr

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where
    S: Serializer, 

Serialize this value into the given Serde serializer.