Struct x509_certificate::certificate::X509CertificateBuilder

pub struct X509CertificateBuilder { /* fields omitted */ }

Interface for constructing new X.509 certificates.

This holds fields for various certificate metadata and allows you to incrementally derive a new X.509 certificate.

The certificate is populated with defaults:

• The serial number is 1.
• The time validity is now until 1 hour from now.
• There is no issuer. If no attempt is made to define an issuer, the subject will be copied to the issuer field and this will be a self-signed certificate.

Implementations

impl X509CertificateBuilder

pub fn new(alg: KeyAlgorithm) -> Self

pub fn subject(&mut self) -> &mut Name

Obtain a mutable reference to the subject Name.

The type has functions that will allow you to add attributes with ease.

pub fn issuer(&mut self) -> &mut Name

Obtain a mutable reference to the issuer Name.

If no issuer has been created yet, an empty one will be created.

pub fn serial_number(&mut self, value: i64)

Set the serial number for the certificate.

pub fn extensions(&self) -> &Extensions

Obtain the raw certificate extensions.

pub fn extensions_mut(&mut self) -> &mut Extensions

Obtain a mutable reference to raw certificate extensions.

pub fn add_extension_der_data(
    &mut self,
    oid: Oid,
    critical: bool,
    data: impl AsRef<[u8]>
)

Add an extension to the certificate with its value as pre-encoded DER data.

pub fn validity_duration(&mut self, duration: Duration)

Set the expiration time in terms of Duration since its currently set start time.

pub fn constraint_not_ca(&mut self)

Add a basic constraint extension that this isn’t a CA certificate.

pub fn key_usage(&mut self, key_usage: KeyUsage)

Add a key usage extension.

pub fn create_with_random_keypair(
    &self
) -> Result<(CapturedX509Certificate, InMemorySigningKeyPair, Document), Error>

Create a new certificate given settings, using a randomly generated key pair.