Skip to main content

CertificateResolver

Struct CertificateResolver

pub struct CertificateResolver {
    pub domains: TrieNode<Fingerprint>,
    /* private fields */
}

Expand description

Parses and stores TLS certificates, makes them available to Rustls for TLS handshakes

the domains TrieNode is an addressing system to resolve a certificate for a given domain name. Certificates are stored in a hashmap that may contain unreachable certificates if no domain name points to it.

Fields§

§domains: TrieNode<Fingerprint>

routing one domain name to one certificate for fast resolving

Implementations§

impl CertificateResolver

pub fn get_certificate( &self, fingerprint: &Fingerprint, ) -> Option<CertifiedKeyWrapper>

return the certificate in the Rustls-usable form

pub fn add_certificate( &mut self, add: &AddCertificate, ) -> Result<Fingerprint, CertificateResolverError>

persist a certificate, after ensuring validity, and checking if it can replace another certificate. return the certificate fingerprint regardless of having inserted it or not

pub fn remove_certificate( &mut self, fingerprint: &Fingerprint, ) -> Result<(), CertificateResolverError>

Delete a certificate from the resolver. May fail if there is no alternative for

pub fn replace_certificate( &mut self, replace: &ReplaceCertificate, ) -> Result<Fingerprint, CertificateResolverError>

Add the new certificate first, then remove the old one. This ordering ensures that the old certificate remains available if adding the new one fails.

pub fn domain_lookup( &self, domain: &[u8], accept_wildcard: bool, ) -> Option<&KeyValue<Key, Fingerprint>>

pub fn names_for_sni(&self, domain: &[u8]) -> Option<Vec<String>>

Resolve the SAN set Sōzu would serve for domain (the same trie lookup rustls uses, wildcard-aware via domain_lookup). Returns the certificate’s names exactly as stored — wildcards retain their leading *. so the caller can apply RFC 6125 §6.4.3 matching. None when no cert covers domain (rustls would fall back to DEFAULT_CERTIFICATE).

Mirrors MutexCertificateResolver::resolve minus the rustls glue, so the SAN snapshot taken at handshake matches the certificate the peer actually validated (RFC 7540 §9.1.1 / RFC 9113 §9.1.1 connection reuse).

Trait Implementations§

impl Debug for CertificateResolver

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for CertificateResolver

fn default() -> CertificateResolver

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl !RefUnwindSafe for CertificateResolver

impl !UnwindSafe for CertificateResolver

impl Freeze for CertificateResolver

impl Send for CertificateResolver

impl Sync for CertificateResolver

impl Unpin for CertificateResolver

impl UnsafeUnpin for CertificateResolver

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

fn vzip(self) -> V

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more