[−][src]Struct x509_signature::X509Certificate
A parsed (but not validated) X.509 version 3 certificate.
Implementations
impl<'a> X509Certificate<'a>
[src]
pub fn das(&self) -> DataAlgorithmSignature<'a>
[src]
The tbsCertificate, signatureAlgorithm, and signature
pub fn serial(&self) -> &'a [u8]
[src]
The serial number. Big-endian and non-empty. The first byte is guaranteed to be non-zero.
pub fn issuer(&self) -> &'a [u8]
[src]
The X.509 issuer. This has not been validated and is not trusted. In particular, it is not guaranteed to be valid ASN.1 DER.
pub fn not_before(&self) -> ASN1Time
[src]
The earliest time, in seconds since the Unix epoch, that the certificate is valid.
Will always be between MIN_ASN1_TIMESTAMP
and
MAX_ASN1_TIMESTAMP
, inclusive.
pub fn not_after(&self) -> ASN1Time
[src]
The latest time, in seconds since the Unix epoch, that the certificate is valid.
Will always be between MIN_ASN1_TIMESTAMP
and
MAX_ASN1_TIMESTAMP
, inclusive.
pub fn subject(&self) -> &'a [u8]
[src]
X.509 subject. This has not been validated and is not trusted. In particular, it is not guaranteed to be valid ASN.1 DER.
pub fn subject_public_key_info(&self) -> SubjectPublicKeyInfo<'a>
[src]
The subjectPublicKeyInfo, encoded as ASN.1 DER. There is no guarantee that the OID or public key are valid ASN.1 DER, but if they are not, all methods that check signatures will fail.
pub fn extensions(&self) -> ExtensionIterator<'a>
[src]
An iterator over the certificate’s extensions.
pub fn check_signature(
&self,
algorithm: SignatureScheme,
message: &[u8],
signature: &[u8]
) -> Result<(), Error>
[src]
&self,
algorithm: SignatureScheme,
message: &[u8],
signature: &[u8]
) -> Result<(), Error>
Verify a signature made by the certificate.
pub fn check_tls13_signature(
&self,
algorithm: SignatureScheme,
message: &[u8],
signature: &[u8]
) -> Result<(), Error>
[src]
&self,
algorithm: SignatureScheme,
message: &[u8],
signature: &[u8]
) -> Result<(), Error>
Verify a signature made by the certificate, applying the restrictions of TLSv1.3:
- ECDSA algorithms where the hash has a different size than the curve are not allowed.
- RSA PKCS1.5 signatures are not allowed.
This is a good choice for new protocols and applications. Note that extensions are not checked, so applications must process extensions themselves.
pub fn check_tls12_signature(
&self,
algorithm: SignatureScheme,
message: &[u8],
signature: &[u8]
) -> Result<(), Error>
[src]
&self,
algorithm: SignatureScheme,
message: &[u8],
signature: &[u8]
) -> Result<(), Error>
Verify a signature made by the certificate, applying the restrictions of TLSv1.2:
- RSA-PSS signatures are not allowed.
This should not be used outside of a TLSv1.2 implementation. Note that extensions are not checked, so applications must process extensions themselves.
pub fn valid_at_timestamp(&self, now: i64) -> Result<(), Error>
[src]
Check that the certificate is valid at time now
, in seconds since the
Epoch.
pub fn tbs_certificate(&self) -> &[u8]
[src]
The tbsCertficate
pub fn signature_algorithm_id(&self) -> &[u8]
[src]
The AlgorithmId
of the algorithm used to sign this certificate
pub fn signature(&self) -> &[u8]
[src]
The signature of the certificate
pub fn check_signature_from(&self, cert: &X509Certificate) -> Result<(), Error>
[src]
Verify that this certificate was signed by cert
’s secret key.
This does not check that cert
is a certificate authority.
pub fn check_issued_by(&self, cert: &X509Certificate) -> Result<(), Error>
[src]
As above, but also check that self
’s issuer is cert
’s subject.
pub fn check_self_signature(&self) -> Result<(), Error>
[src]
Use check_self_issued instead
Check that this certificate is self-signed. This does not check that the subject and issuer are equal.
pub fn check_self_issued(&self) -> Result<(), Error>
[src]
Check that this certificate is self-signed, and that the subject and issuer are equal.
Trait Implementations
Auto Trait Implementations
impl<'a> Send for X509Certificate<'a>
impl<'a> Sync for X509Certificate<'a>
impl<'a> Unpin for X509Certificate<'a>
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,