Skip to main content

ChainSpec

uselesskey_x509

Struct ChainSpec 

Source 
pub struct ChainSpec {
    pub leaf_cn: String,
    pub leaf_sans: Vec<String>,
    pub root_cn: String,
    pub intermediate_cn: String,
    pub rsa_bits: usize,
    pub root_validity_days: u32,
    pub intermediate_validity_days: u32,
    pub leaf_validity_days: u32,
    pub leaf_not_before: Option<NotBeforeOffset>,
    pub intermediate_not_before: Option<NotBeforeOffset>,
    pub intermediate_is_ca: Option<bool>,
    pub intermediate_key_usage: Option<KeyUsage>,
}
Expand description

Specification for generating a three-level X.509 certificate chain (root CA -> intermediate CA -> leaf).

Fields§

§leaf_cn: String

Common Name (CN) for the leaf certificate.

§leaf_sans: Vec<String>

DNS Subject Alternative Names for the leaf certificate.

§root_cn: String

Common Name (CN) for the root CA.

§intermediate_cn: String

Common Name (CN) for the intermediate CA.

§rsa_bits: usize

RSA key size in bits.

§root_validity_days: u32

Root CA validity period in days.

§intermediate_validity_days: u32

Intermediate CA validity period in days.

§leaf_validity_days: u32

Leaf certificate validity period in days.

§leaf_not_before: Option<NotBeforeOffset>

Override for leaf not_before relative to the deterministic base time.

When None, not_before = base_time - 1 day (the default).

§intermediate_not_before: Option<NotBeforeOffset>

Override for intermediate not_before relative to the deterministic base time.

When None, not_before = base_time - 1 day (the default).

§intermediate_is_ca: Option<bool>

Optional override for whether the intermediate claims CA status.

When None, the intermediate remains a CA.

§intermediate_key_usage: Option<KeyUsage>

Optional override for the intermediate key usage bits.

When None, the intermediate uses standard CA key usage.

Implementations§

Source§

impl ChainSpec

Source

pub fn new(leaf_cn: impl Into<String>) -> ChainSpec

Create a chain spec with sensible defaults for the given leaf CN.

The leaf CN is automatically added to the SAN list.

Source

pub fn with_sans(self, sans: Vec<String>) -> ChainSpec

Set the DNS Subject Alternative Names for the leaf certificate.

The leaf CN is not automatically added; include it explicitly if needed.

Source

pub fn with_root_cn(self, cn: impl Into<String>) -> ChainSpec

Set the root CA Common Name.

Source

pub fn with_intermediate_cn(self, cn: impl Into<String>) -> ChainSpec

Set the intermediate CA Common Name.

Source

pub fn with_rsa_bits(self, bits: usize) -> ChainSpec

Set the RSA key size in bits.

Source

pub fn with_root_validity_days(self, days: u32) -> ChainSpec

Set the root CA validity period in days.

Source

pub fn with_intermediate_validity_days(self, days: u32) -> ChainSpec

Set the intermediate CA validity period in days.

Source

pub fn with_leaf_validity_days(self, days: u32) -> ChainSpec

Set the leaf certificate validity period in days.

Source

pub fn with_leaf_not_before(self, offset: NotBeforeOffset) -> ChainSpec

Set the leaf not_before override.

Source

pub fn with_intermediate_not_before(self, offset: NotBeforeOffset) -> ChainSpec

Set the intermediate not_before override.

Source

pub fn with_intermediate_is_ca(self, is_ca: bool) -> ChainSpec

Override whether the intermediate claims CA status.

Source

pub fn with_intermediate_key_usage(self, key_usage: KeyUsage) -> ChainSpec

Override the intermediate key usage bits.

Source

pub fn stable_bytes(&self) -> Vec<u8>

Stable byte representation for deterministic derivation.

SANs are sorted and deduplicated before encoding for stability.

For backward compatibility, specs that only use the pre-#279 surface keep the legacy v2 encoding so existing good/expired chain fixtures do not drift. Richer time offsets and intermediate overrides use v3.

Trait Implementations§

Source§

impl Clone for ChainSpec

Source§

fn clone(&self) -> ChainSpec

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ChainSpec

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Hash for ChainSpec

Source§

fn hash<__H>(&self, state: &mut __H)
where __H: Hasher,

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for ChainSpec

Source§

fn eq(&self, other: &ChainSpec) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for ChainSpec

Source§

impl StructuralPartialEq for ChainSpec

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V