pub struct CapturedX509Certificate { /* private fields */ }
Expand description
Implementations
sourceimpl CapturedX509Certificate
impl CapturedX509Certificate
sourcepub fn from_der(data: impl Into<Vec<u8>>) -> Result<Self, Error>
pub fn from_der(data: impl Into<Vec<u8>>) -> Result<Self, Error>
Construct an instance from DER encoded data.
A copy of this data will be stored in the instance and is guaranteed to be immutable for the lifetime of the instance. The original constructing data can be retrieved later.
sourcepub fn from_ber(data: impl Into<Vec<u8>>) -> Result<Self, Error>
pub fn from_ber(data: impl Into<Vec<u8>>) -> Result<Self, Error>
Construct an instance from BER encoded data.
A copy of this data will be stored in the instance and is guaranteed to be immutable for the lifetime of the instance, allowing it to be retrieved later.
sourcepub fn from_pem(data: impl AsRef<[u8]>) -> Result<Self, Error>
pub fn from_pem(data: impl AsRef<[u8]>) -> Result<Self, Error>
Construct an instance by parsing PEM encoded ASN.1 data.
The data is a human readable string likely containing
--------- BEGIN CERTIFICATE ----------
.
sourcepub fn from_pem_multiple(data: impl AsRef<[u8]>) -> Result<Vec<Self>, Error>
pub fn from_pem_multiple(data: impl AsRef<[u8]>) -> Result<Vec<Self>, Error>
Construct instances by parsing PEM with potentially multiple records.
By default, we only look for --------- BEGIN CERTIFICATE --------
entries and silently ignore unknown ones. If you would like to specify
an alternate set of tags (this is the value after the BEGIN
) to search,
call Self::from_pem_multiple_tags.
Construct instances by parsing PEM armored DER encoded certificates with specific PEM tags.
This is like Self::from_pem_multiple except you control the filter for
which BEGIN <tag>
values are filtered through to the DER parser.
sourcepub fn constructed_data(&self) -> &[u8]ⓘNotable traits for &'_ [u8]impl<'_> Read for &'_ [u8]impl<'_> Write for &'_ mut [u8]
pub fn constructed_data(&self) -> &[u8]ⓘNotable traits for &'_ [u8]impl<'_> Read for &'_ [u8]impl<'_> Write for &'_ mut [u8]
Obtain the DER data that was used to construct this instance.
The data is guaranteed to not have been modified since the instance was constructed.
sourcepub fn encode_pem(&self) -> String
pub fn encode_pem(&self) -> String
Encode the original contents of this certificate to PEM.
sourcepub fn verify_signed_by_certificate(
&self,
other: impl AsRef<X509Certificate>
) -> Result<(), Error>
pub fn verify_signed_by_certificate(
&self,
other: impl AsRef<X509Certificate>
) -> Result<(), Error>
Verify that another certificate, other
, signed this certificate.
If this is a self-signed certificate, you can pass self
as the 2nd
argument.
This function isn’t exposed on X509Certificate because the exact bytes constituting the certificate’s internals need to be consulted to verify signatures. And since this type tracks the underlying bytes, we are guaranteed to have a pristine copy.
sourcepub fn verify_signed_data(
&self,
signed_data: impl AsRef<[u8]>,
signature: impl AsRef<[u8]>
) -> Result<(), Error>
pub fn verify_signed_data(
&self,
signed_data: impl AsRef<[u8]>,
signature: impl AsRef<[u8]>
) -> Result<(), Error>
Verify a signature over signed data purportedly signed by this certificate.
This is a wrapper to Self::verify_signed_data_with_algorithm() that will derive the verification algorithm from the public key type type and the signature algorithm indicated in this certificate. Typically these align. However, it is possible for a signature to be produced with a different digest algorithm from that indicated in this certificate.
sourcepub fn verify_signed_data_with_algorithm(
&self,
signed_data: impl AsRef<[u8]>,
signature: impl AsRef<[u8]>,
verify_algorithm: &'static dyn VerificationAlgorithm
) -> Result<(), Error>
pub fn verify_signed_data_with_algorithm(
&self,
signed_data: impl AsRef<[u8]>,
signature: impl AsRef<[u8]>,
verify_algorithm: &'static dyn VerificationAlgorithm
) -> Result<(), Error>
Verify a signature over signed data using an explicit verification algorithm.
This is like Self::verify_signed_data() except the verification algorithm to use is passed in instead of derived from the default algorithm for the signing key’s type.
sourcepub fn verify_signed_by_public_key(
&self,
public_key_data: impl AsRef<[u8]>
) -> Result<(), Error>
pub fn verify_signed_by_public_key(
&self,
public_key_data: impl AsRef<[u8]>
) -> Result<(), Error>
Verifies that this certificate was cryptographically signed using raw public key data from a signing key.
This function does the low-level work of extracting the signature and verification details from the current certificate and figuring out the correct combination of cryptography settings to apply to perform signature verification.
In many cases, an X.509 certificate is signed by another certificate. And since the public key is embedded in the X.509 certificate, it is easier to go through Self::verify_signed_by_certificate instead.
sourcepub fn find_signing_certificate<'a>(
&self,
certs: impl Iterator<Item = &'a Self>
) -> Option<&'a Self>
pub fn find_signing_certificate<'a>(
&self,
certs: impl Iterator<Item = &'a Self>
) -> Option<&'a Self>
Attempt to find the issuing certificate of this one.
Given an iterable of certificates, we find the first certificate where we are able to verify that our signature was made by their public key.
This function can yield false negatives for cases where we don’t support the signature algorithm on the incoming certificates.
sourcepub fn resolve_signing_chain<'a>(
&self,
certs: impl Iterator<Item = &'a Self>
) -> Vec<&'a Self>
pub fn resolve_signing_chain<'a>(
&self,
certs: impl Iterator<Item = &'a Self>
) -> Vec<&'a Self>
Attempt to resolve the signing chain of this certificate.
Given an iterable of certificates, we recursively resolve the chain of certificates that signed this one until we are no longer able to find any more certificates in the input set.
Like Self::find_signing_certificate, this can yield false negatives (read: an incomplete chain) due to run-time failures, such as lack of support for a certificate’s signature algorithm.
As a certificate is encountered, it is removed from the set of future candidates.
The traversal ends when we get to an identical certificate (its DER data is equivalent) or we couldn’t find a certificate in the remaining set that signed the last one.
Because we need to recursively verify certificates, the incoming iterator is buffered.
Methods from Deref<Target = X509Certificate>
sourcepub fn serial_number_asn1(&self) -> &Integer
pub fn serial_number_asn1(&self) -> &Integer
Obtain the serial number as the ASN.1 Integer type.
sourcepub fn subject_name(&self) -> &Name
pub fn subject_name(&self) -> &Name
Obtain the certificate’s subject, as its ASN.1 Name type.
sourcepub fn subject_common_name(&self) -> Option<String>
pub fn subject_common_name(&self) -> Option<String>
Obtain the Common Name (CN) attribute from the certificate’s subject, if set and decodable.
sourcepub fn issuer_name(&self) -> &Name
pub fn issuer_name(&self) -> &Name
Obtain the certificate’s issuer, as its ASN.1 Name type.
sourcepub fn issuer_common_name(&self) -> Option<String>
pub fn issuer_common_name(&self) -> Option<String>
Obtain the Common Name (CN) attribute from the certificate’s issuer, if set and decodable.
sourcepub fn iter_extensions(&self) -> impl Iterator<Item = &Extension>
pub fn iter_extensions(&self) -> impl Iterator<Item = &Extension>
Iterate over extensions defined in this certificate.
sourcepub fn encode_der_to(&self, fh: &mut impl Write) -> Result<(), Error>
pub fn encode_der_to(&self, fh: &mut impl Write) -> Result<(), Error>
Encode the certificate data structure using DER encoding.
(This is the common ASN.1 encoding format for X.509 certificates.)
This always serializes the internal ASN.1 data structure. If you call this on a wrapper type that has retained a copy of the original data, this may emit different data than that copy.
sourcepub fn encode_ber_to(&self, fh: &mut impl Write) -> Result<(), Error>
pub fn encode_ber_to(&self, fh: &mut impl Write) -> Result<(), Error>
Encode the certificate data structure use BER encoding.
sourcepub fn encode_der(&self) -> Result<Vec<u8>, Error>
pub fn encode_der(&self) -> Result<Vec<u8>, Error>
Encode the internal ASN.1 data structures to DER.
sourcepub fn encode_ber(&self) -> Result<Vec<u8>, Error>
pub fn encode_ber(&self) -> Result<Vec<u8>, Error>
Obtain the BER encoded representation of this certificate.
sourcepub fn write_pem(&self, fh: &mut impl Write) -> Result<(), Error>
pub fn write_pem(&self, fh: &mut impl Write) -> Result<(), Error>
Encode the certificate to PEM.
This will write a human-readable string with ------ BEGIN CERTIFICATE -------
armoring. This is a very common method for encoding certificates.
The underlying binary data is DER encoded.
sourcepub fn encode_pem(&self) -> Result<String, Error>
pub fn encode_pem(&self) -> Result<String, Error>
Encode the certificate to a PEM string.
sourcepub fn key_algorithm(&self) -> Option<KeyAlgorithm>
pub fn key_algorithm(&self) -> Option<KeyAlgorithm>
Attempt to resolve a known KeyAlgorithm used by the private key associated with this certificate.
If this crate isn’t aware of the OID associated with the key algorithm,
None
is returned.
sourcepub fn key_algorithm_oid(&self) -> &Oid
pub fn key_algorithm_oid(&self) -> &Oid
Obtain the OID of the private key’s algorithm.
sourcepub fn signature_algorithm(&self) -> Option<SignatureAlgorithm>
pub fn signature_algorithm(&self) -> Option<SignatureAlgorithm>
Obtain the [SignatureAlgorithm this certificate will use.
Returns None if we failed to resolve an instance (probably because we don’t recognize the algorithm).
sourcepub fn signature_algorithm_oid(&self) -> &Oid
pub fn signature_algorithm_oid(&self) -> &Oid
Obtain the OID of the signature algorithm this certificate will use.
sourcepub fn signature_signature_algorithm(&self) -> Option<SignatureAlgorithm>
pub fn signature_signature_algorithm(&self) -> Option<SignatureAlgorithm>
Obtain the SignatureAlgorithm used to sign this certificate.
Returns None if we failed to resolve an instance (probably because we don’t recognize that algorithm).
sourcepub fn signature_signature_algorithm_oid(&self) -> &Oid
pub fn signature_signature_algorithm_oid(&self) -> &Oid
Obtain the OID of the signature algorithm used to sign this certificate.
sourcepub fn public_key_data(&self) -> Bytes
pub fn public_key_data(&self) -> Bytes
Obtain the raw data constituting this certificate’s public key.
A copy of the data is returned.
sourcepub fn rsa_public_key_data(&self) -> Result<RsaPublicKey, Error>
pub fn rsa_public_key_data(&self) -> Result<RsaPublicKey, Error>
Attempt to parse the public key data as RsaPublicKey parameters.
Note that the raw integer value for modulus has a leading 0 byte. So its
raw length will be 1 greater than key length. e.g. an RSA 2048 key will
have value.modulus.as_slice().len() == 257
instead of 256
.
sourcepub fn compare_issuer(&self, other: &Self) -> Ordering
pub fn compare_issuer(&self, other: &Self) -> Ordering
Compare 2 instances, sorting them so the issuer comes before the issued.
This function examines the Self::issuer_name and Self::subject_name fields of 2 certificates, attempting to sort them so the issuing certificate comes before the issued certificate.
This function performs a strict compare of the ASN.1 Name data. The assumption here is that the issuing certificate’s subject Name is identical to the issued’s issuer Name. This assumption is often true. But it likely isn’t always true, so this function may not produce reliable results.
sourcepub fn subject_is_issuer(&self) -> bool
pub fn subject_is_issuer(&self) -> bool
sourcepub fn fingerprint(&self, algorithm: DigestAlgorithm) -> Result<Digest, Error>
pub fn fingerprint(&self, algorithm: DigestAlgorithm) -> Result<Digest, Error>
Obtain the fingerprint for this certificate given a digest algorithm.
sourcepub fn sha1_fingerprint(&self) -> Result<Digest, Error>
pub fn sha1_fingerprint(&self) -> Result<Digest, Error>
Obtain the SHA-1 fingerprint of this certificate.
sourcepub fn sha256_fingerprint(&self) -> Result<Digest, Error>
pub fn sha256_fingerprint(&self) -> Result<Digest, Error>
Obtain the SHA-256 fingerprint of this certificate.
Trait Implementations
sourceimpl AsRef<Certificate> for CapturedX509Certificate
impl AsRef<Certificate> for CapturedX509Certificate
sourcefn as_ref(&self) -> &Certificate
fn as_ref(&self) -> &Certificate
Converts this type into a shared reference of the (usually inferred) input type.
sourceimpl AsRef<X509Certificate> for CapturedX509Certificate
impl AsRef<X509Certificate> for CapturedX509Certificate
sourcefn as_ref(&self) -> &X509Certificate
fn as_ref(&self) -> &X509Certificate
Converts this type into a shared reference of the (usually inferred) input type.
sourceimpl Clone for CapturedX509Certificate
impl Clone for CapturedX509Certificate
sourcefn clone(&self) -> CapturedX509Certificate
fn clone(&self) -> CapturedX509Certificate
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl Debug for CapturedX509Certificate
impl Debug for CapturedX509Certificate
sourceimpl Deref for CapturedX509Certificate
impl Deref for CapturedX509Certificate
type Target = X509Certificate
type Target = X509Certificate
The resulting type after dereferencing.
sourceimpl From<CapturedX509Certificate> for Certificate
impl From<CapturedX509Certificate> for Certificate
sourcefn from(cert: CapturedX509Certificate) -> Self
fn from(cert: CapturedX509Certificate) -> Self
Converts to this type from the input type.
sourceimpl From<CapturedX509Certificate> for MutableX509Certificate
impl From<CapturedX509Certificate> for MutableX509Certificate
sourcefn from(cert: CapturedX509Certificate) -> Self
fn from(cert: CapturedX509Certificate) -> Self
Converts to this type from the input type.
sourceimpl Hash for CapturedX509Certificate
impl Hash for CapturedX509Certificate
sourceimpl TryFrom<&'_ X509Certificate> for CapturedX509Certificate
impl TryFrom<&'_ X509Certificate> for CapturedX509Certificate
type Error = X509CertificateError
type Error = X509CertificateError
The type returned in the event of a conversion error.
sourcefn try_from(cert: &X509Certificate) -> Result<Self, Self::Error>
fn try_from(cert: &X509Certificate) -> Result<Self, Self::Error>
Performs the conversion.
sourceimpl TryFrom<X509Certificate> for CapturedX509Certificate
impl TryFrom<X509Certificate> for CapturedX509Certificate
type Error = X509CertificateError
type Error = X509CertificateError
The type returned in the event of a conversion error.
sourcefn try_from(cert: X509Certificate) -> Result<Self, Self::Error>
fn try_from(cert: X509Certificate) -> Result<Self, Self::Error>
Performs the conversion.
impl Eq for CapturedX509Certificate
Auto Trait Implementations
impl RefUnwindSafe for CapturedX509Certificate
impl Send for CapturedX509Certificate
impl Sync for CapturedX509Certificate
impl Unpin for CapturedX509Certificate
impl UnwindSafe for CapturedX509Certificate
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more