Struct rustls::sign::CertifiedKey

source · [−]

pub struct CertifiedKey {
    pub cert: Vec<Certificate>,
    pub key: Arc<Box<dyn SigningKey>>,
    pub ocsp: Option<Vec<u8>>,
    pub sct_list: Option<Vec<u8>>,
}

Expand description

A packaged-together certificate chain, matching SigningKey and optional stapled OCSP response and/or SCT list.

Fields

cert: Vec<Certificate>

The certificate chain.

key: Arc<Box<dyn SigningKey>>

The certified key.

ocsp: Option<Vec<u8>>

An optional OCSP response from the certificate issuer, attesting to its continued validity.

sct_list: Option<Vec<u8>>

An optional collection of SCTs from CT logs, proving the certificate is included on those logs. This must be a SignedCertificateTimestampList encoding; see RFC6962.

Implementations

source

impl CertifiedKey

source

pub fn new(cert: Vec<Certificate>, key: Arc<Box<dyn SigningKey>>) -> CertifiedKey

Make a new CertifiedKey, with the given chain and key.

The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.

source

pub fn end_entity_cert(&self) -> Result<&Certificate, ()>

The end-entity certificate.

source

pub fn take_cert(&mut self) -> Vec<Certificate>

Steal ownership of the certificate chain.

source

pub fn has_ocsp(&self) -> bool

Return true if there’s an OCSP response.

source

pub fn take_ocsp(&mut self) -> Option<Vec<u8>>

Steal ownership of the OCSP response.

source

pub fn has_sct_list(&self) -> bool

Return true if there’s an SCT list.

source

pub fn take_sct_list(&mut self) -> Option<Vec<u8>>

Steal ownership of the SCT list.

source

pub fn cross_check_end_entity_cert(
&self,
name: Option<DNSNameRef<'_>>
) -> Result<(), TLSError>

Check the certificate chain for validity:

it should be non-empty list
the first certificate should be parsable as a x509v3,
the first certificate should quote the given server name (if provided)

These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.

Trait Implementations

source

impl Clone for CertifiedKey

source

fn clone(&self) -> CertifiedKey

Returns a copy of the value. Read more

1.0.0

const fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations

impl !RefUnwindSafe for CertifiedKey

impl Send for CertifiedKey

impl Sync for CertifiedKey

impl Unpin for CertifiedKey

impl !UnwindSafe for CertifiedKey

Blanket Implementations

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into for Twhere
U: From<T>,

const: unstable

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

impl<T> ToOwned for Twhere
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

impl<T, U> TryInto for Twhere
U: TryFrom<T>,

type Error = >::Error

The type returned in the event of a conversion error.

const: unstable

fn try_into(self) -> Result<U, >::Error>

Performs the conversion.

Struct rustls::sign::CertifiedKey

Fields

Implementations

impl CertifiedKey

pub fn new(cert: Vec<Certificate>, key: Arc<Box<dyn SigningKey>>) -> CertifiedKey

pub fn end_entity_cert(&self) -> Result<&Certificate, ()>

pub fn take_cert(&mut self) -> Vec<Certificate>

pub fn has_ocsp(&self) -> bool

pub fn take_ocsp(&mut self) -> Option<Vec<u8>>

pub fn has_sct_list(&self) -> bool

pub fn take_sct_list(&mut self) -> Option<Vec<u8>>

pub fn cross_check_end_entity_cert( &self, name: Option<DNSNameRef<'_>>) -> Result<(), TLSError>

Trait Implementations

impl Clone for CertifiedKey

fn clone(&self) -> CertifiedKey

const fn clone_from(&mut self, source: &Self)

Auto Trait Implementations

impl !RefUnwindSafe for CertifiedKey

impl Send for CertifiedKey

impl Sync for CertifiedKey

impl Unpin for CertifiedKey

impl !UnwindSafe for CertifiedKey

Blanket Implementations

impl<T> Any for Twhere T: 'static + ?Sized,

fn type_id(&self) -> TypeId

impl<T> Borrow<T> for Twhere T: ?Sized,

fn borrow(&self) -> &T

impl<T> BorrowMut<T> for Twhere T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

impl<T> From<T> for T

fn from(t: T) -> T

impl<T, U> Into<U> for Twhere U: From<T>,

fn into(self) -> U

impl<T> ToOwned for Twhere T: Clone,

type Owned = T

fn to_owned(&self) -> T

fn clone_into(&self, target: &mut T)

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

type Error = Infallible

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

pub fn cross_check_end_entity_cert(
&self,
name: Option<DNSNameRef<'_>>
) -> Result<(), TLSError>

impl<T> Any for Twhere
T: 'static + ?Sized,

impl<T> Borrow<T> for Twhere
T: ?Sized,

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

impl<T, U> Into<U> for Twhere
U: From<T>,

impl<T> ToOwned for Twhere
T: Clone,

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,