Enum tugger_apple_codesign::KnownCertificate [−][src]
pub enum KnownCertificate {}Show variants
AppleComputerIncRoot, AppleRootCa, AppleRootCaG2Root, AppleRootCaG3Root, AppleIstCa2G1, AppleIstCa8G1, ApplicationIntegration, ApplicationIntegration2, ApplicationIntegrationG3, AppleApplicationIntegrationCa5G1, DeveloperAuthentication, DeveloperId, SoftwareUpdate, Timestamp, Wwdr2023, Wwdr2030, WwdrG2,
Defines all known Apple certificates.
This crate embeds the raw certificate data for the various known Apple certificate authorities, as advertised at https://www.apple.com/certificateauthority/.
This enumeration defines all the ones we know about. Instances can be dereferenced into concrete [AppleCertificate] to get at the underlying certificate and access its metadata.
Variants
Apple Computer, Inc. Root Certificate.
C = US, O = “Apple Computer, Inc.”, OU = Apple Computer Certificate Authority, CN = Apple Root Certificate Authority
Apple Inc. Root Certificate
C = US, O = Apple Inc., OU = Apple Certification Authority, CN = Apple Root CA
Apple Root CA - G2 Root Certificate
CN = Apple Root CA - G2, OU = Apple Certification Authority, O = Apple Inc., C = US
Apple Root CA - G3 Root Certificate
CN = Apple Root CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
Apple IST CA 2 - G1 Certificate
CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US
Apple IST CA 8 - G1 Certificate
CN = Apple IST CA 8 - G1, OU = Certification Authority, O = Apple Inc., C = US
Application Integration Certificate
C = US, O = Apple Inc., OU = Apple Certification Authority, CN = Apple Application Integration Certification Authority
Application Integration 2 Certificate
CN = Apple Application Integration 2 Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
Application Integration - G3 Certificate
CN = Apple Application Integration CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
Apple Application Integration CA 5 - G1 Certificate
CN = Apple Application Integration CA 5 - G1, OU = Apple Certification Authority, O = Apple Inc., C = US
Developer Authentication Certificate
CN = Developer Authentication Certification Authority, OU = Apple Worldwide Developer Relations, O = Apple Inc., C = US
Developer ID Certificate
CN = Developer ID Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
Software Update Certificate
CN = Apple Software Update Certification Authority, OU = Certification Authority, O = Apple Inc., C = US
Timestamp Certificate
CN = Apple Timestamp Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
WWDR Certificate (Expiring 02/07/2023 21:48:47 UTC)
C = US, O = Apple Inc., OU = Apple Worldwide Developer Relations, CN = Apple Worldwide Developer Relations Certification Authority
WWDR Certificate (Expiring 02/20/2030 12:00:00 UTC)
CN = Apple Worldwide Developer Relations Certification Authority, OU = G3, O = Apple Inc., C = US
Worldwide Developer Relations - G2 Certificate
CN = Apple Worldwide Developer Relations CA - G2, OU = Apple Certification Authority, O = Apple Inc., C = US
Implementations
impl KnownCertificate
[src]
impl KnownCertificate
[src]pub fn all() -> &'static [&'static CapturedX509Certificate]ⓘ
[src]
Obtain a slice of all known [AppleCertificate].
If you want to iterate over all certificates and find one, you can use this.
pub fn all_roots() -> &'static [&'static CapturedX509Certificate]ⓘ
[src]
All of Apple’s known root certificate authority certificates.
Methods from Deref<Target = CapturedX509Certificate>
pub fn constructed_data(&self) -> &[u8]ⓘ
[src]
Obtain the DER data that was used to construct this instance.
The data is guaranteed to not have been modified since the instance was constructed.
pub fn encode_pem(&self) -> String
[src]
Encode the original contents of this certificate to PEM.
pub fn verify_signed_by_certificate(
&self,
other: impl AsRef<X509Certificate>
) -> Result<(), X509CertificateError>
[src]
&self,
other: impl AsRef<X509Certificate>
) -> Result<(), X509CertificateError>
Verify that another certificate, other
, signed this certificate.
If this is a self-signed certificate, you can pass self
as the 2nd
argument.
This function isn’t exposed on X509Certificate because the exact bytes constituting the certificate’s internals need to be consulted to verify signatures. And since this type tracks the underlying bytes, we are guaranteed to have a pristine copy.
pub fn verify_signed_by_public_key(
&self,
public_key_data: impl AsRef<[u8]>
) -> Result<(), X509CertificateError>
[src]
&self,
public_key_data: impl AsRef<[u8]>
) -> Result<(), X509CertificateError>
Verifies that this certificate was cryptographically signed using raw public key data from a signing key.
This function does the low-level work of extracting the signature and verification details from the current certificate and figuring out the correct combination of cryptography settings to apply to perform signature verification.
In many cases, an X.509 certificate is signed by another certificate. And since the public key is embedded in the X.509 certificate, it is easier to go through Self::verify_signed_by_certificate instead.
pub fn find_signing_certificate<'a>(
&self,
certs: impl Iterator<Item = &'a CapturedX509Certificate>
) -> Option<&'a CapturedX509Certificate>
[src]
&self,
certs: impl Iterator<Item = &'a CapturedX509Certificate>
) -> Option<&'a CapturedX509Certificate>
Attempt to find the issuing certificate of this one.
Given an iterable of certificates, we find the first certificate where we are able to verify that our signature was made by their public key.
This function can yield false negatives for cases where we don’t support the signature algorithm on the incoming certificates.
pub fn resolve_signing_chain<'a>(
&self,
certs: impl Iterator<Item = &'a CapturedX509Certificate>
) -> Vec<&'a CapturedX509Certificate, Global>ⓘ
[src]
&self,
certs: impl Iterator<Item = &'a CapturedX509Certificate>
) -> Vec<&'a CapturedX509Certificate, Global>ⓘ
Attempt to resolve the signing chain of this certificate.
Given an iterable of certificates, we recursively resolve the chain of certificates that signed this one until we are no longer able to find any more certificates in the input set.
Like Self::find_signing_certificate, this can yield false negatives (read: an incomplete chain) due to run-time failures, such as lack of support for a certificate’s signature algorithm.
As a certificate is encountered, it is removed from the set of future candidates.
The traversal ends when we get to an identical certificate (its DER data is equivalent) or we couldn’t find a certificate in the remaining set that signed the last one.
Because we need to recursively verify certificates, the incoming iterator is buffered.
Methods from Deref<Target = X509Certificate>
pub fn serial_number_asn1(&self) -> &Integer
[src]
Obtain the serial number as the ASN.1 Integer type.
pub fn subject_name(&self) -> &Name
[src]
Obtain the certificate’s subject, as its ASN.1 Name type.
pub fn subject_common_name(&self) -> Option<String>
[src]
Obtain the Common Name (CN) attribute from the certificate’s subject, if set and decodable.
pub fn issuer_name(&self) -> &Name
[src]
Obtain the certificate’s issuer, as its ASN.1 Name type.
pub fn encode_der_to(&self, fh: &mut impl Write) -> Result<(), Error>
[src]
Encode the certificate data structure using DER encoding.
(This is the common ASN.1 encoding format for X.509 certificates.)
This always serializes the internal ASN.1 data structure. If you call this on a wrapper type that has retained a copy of the original data, this may emit different data than that copy.
pub fn encode_ber_to(&self, fh: &mut impl Write) -> Result<(), Error>
[src]
Encode the certificate data structure use BER encoding.
pub fn encode_der(&self) -> Result<Vec<u8, Global>, Error>
[src]
Encode the internal ASN.1 data structures to DER.
pub fn encode_ber(&self) -> Result<Vec<u8, Global>, Error>
[src]
Obtain the BER encoded representation of this certificate.
pub fn write_pem(&self, fh: &mut impl Write) -> Result<(), Error>
[src]
Encode the certificate to PEM.
This will write a human-readable string with ------ BEGIN CERTIFICATE -------
armoring. This is a very common method for encoding certificates.
The underlying binary data is DER encoded.
pub fn encode_pem(&self) -> Result<String, Error>
[src]
Encode the certificate to a PEM string.
pub fn key_algorithm(&self) -> Option<KeyAlgorithm>
[src]
Attempt to resolve a known KeyAlgorithm used by the private key associated with this certificate.
If this crate isn’t aware of the OID associated with the key algorithm,
None
is returned.
pub fn key_algorithm_oid(&self) -> &Oid<Bytes>
[src]
Obtain the OID of the private key’s algorithm.
pub fn signature_algorithm(&self) -> Option<SignatureAlgorithm>
[src]
Obtain the SignatureAlgorithm used to sign this certificate.
Returns None if we failed to resolve an instance (probably because we don’t recognize that algorithm).
pub fn signature_algorithm_oid(&self) -> &Oid<Bytes>
[src]
Obtain the OID of the signature algorithm used to sign this certificate.
pub fn public_key_data(&self) -> Bytes
[src]
Obtain the raw data constituting this certificate’s public key.
A copy of the data is returned.
pub fn compare_issuer(&self, other: &X509Certificate) -> Ordering
[src]
Compare 2 instances, sorting them so the issuer comes before the issued.
This function examines the Self::issuer_name and Self::subject_name fields of 2 certificates, attempting to sort them so the issuing certificate comes before the issued certificate.
This function performs a strict compare of the ASN.1 Name data. The assumption here is that the issuing certificate’s subject Name is identical to the issued’s issuer Name. This assumption is often true. But it likely isn’t always true, so this function may not produce reliable results.
pub fn subject_is_issuer(&self) -> bool
[src]
Trait Implementations
impl AsRef<CapturedX509Certificate> for KnownCertificate
[src]
impl AsRef<CapturedX509Certificate> for KnownCertificate
[src]fn as_ref(&self) -> &CapturedX509Certificate
[src]
impl Clone for KnownCertificate
[src]
impl Clone for KnownCertificate
[src]fn clone(&self) -> KnownCertificate
[src]
pub fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Copy for KnownCertificate
[src]
impl Copy for KnownCertificate
[src]impl Deref for KnownCertificate
[src]
impl Deref for KnownCertificate
[src]type Target = CapturedX509Certificate
The resulting type after dereferencing.
fn deref(&self) -> &Self::Target
[src]
impl Eq for KnownCertificate
[src]
impl Eq for KnownCertificate
[src]impl PartialEq<KnownCertificate> for KnownCertificate
[src]
impl PartialEq<KnownCertificate> for KnownCertificate
[src]impl StructuralEq for KnownCertificate
[src]
impl StructuralEq for KnownCertificate
[src]impl StructuralPartialEq for KnownCertificate
[src]
impl StructuralPartialEq for KnownCertificate
[src]impl TryFrom<&'_ CapturedX509Certificate> for KnownCertificate
[src]
impl TryFrom<&'_ CapturedX509Certificate> for KnownCertificate
[src]Auto Trait Implementations
impl RefUnwindSafe for KnownCertificate
impl RefUnwindSafe for KnownCertificate
impl Send for KnownCertificate
impl Send for KnownCertificate
impl Sync for KnownCertificate
impl Sync for KnownCertificate
impl Unpin for KnownCertificate
impl Unpin for KnownCertificate
impl UnwindSafe for KnownCertificate
impl UnwindSafe for KnownCertificate
Blanket Implementations
impl<Q, K> Equivalent<K> for Q where
K: Borrow<Q> + ?Sized,
Q: Eq + ?Sized,
[src]
impl<Q, K> Equivalent<K> for Q where
K: Borrow<Q> + ?Sized,
Q: Eq + ?Sized,
[src]pub fn equivalent(&self, key: &K) -> bool
[src]
impl<T> Instrument for T
[src]
impl<T> Instrument for T
[src]pub fn instrument(self, span: Span) -> Instrumented<Self>
[src]
pub fn in_current_span(self) -> Instrumented<Self>
[src]
impl<T> Same<T> for T
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T> SendSyncUnwindSafe for T where
T: Send + Sync + UnwindSafe + ?Sized,
[src]
impl<T> SendSyncUnwindSafe for T where
T: Send + Sync + UnwindSafe + ?Sized,
[src]