Struct rustls::sign::CertifiedKey

source · [−]

pub struct CertifiedKey {
    pub cert: Vec<Certificate>,
    pub key: Arc<Box<dyn SigningKey>>,
    pub ocsp: Option<Vec<u8>>,
    pub sct_list: Option<Vec<u8>>,
}

Expand description

A packaged-together certificate chain, matching SigningKey and optional stapled OCSP response and/or SCT list.

Fields

cert: Vec<Certificate>

The certificate chain.

key: Arc<Box<dyn SigningKey>>

The certified key.

ocsp: Option<Vec<u8>>

An optional OCSP response from the certificate issuer, attesting to its continued validity.

sct_list: Option<Vec<u8>>

An optional collection of SCTs from CT logs, proving the certificate is included on those logs. This must be a SignedCertificateTimestampList encoding; see RFC6962.

Implementations

impl CertifiedKey

pub fn new(
cert: Vec<Certificate>,
key: Arc<Box<dyn SigningKey>>
) -> CertifiedKey

Make a new CertifiedKey, with the given chain and key.

The cert chain must not be empty. The first certificate in the chain must be the end-entity certificate.

pub fn end_entity_cert(&self) -> Result<&Certificate, ()>

The end-entity certificate.

pub fn take_cert(&mut self) -> Vec<Certificate>

Steal ownership of the certificate chain.

pub fn has_ocsp(&self) -> bool

Return true if there’s an OCSP response.

pub fn take_ocsp(&mut self) -> Option<Vec<u8>>

Steal ownership of the OCSP response.

pub fn has_sct_list(&self) -> bool

Return true if there’s an SCT list.

pub fn take_sct_list(&mut self) -> Option<Vec<u8>>

Steal ownership of the SCT list.

pub fn cross_check_end_entity_cert(
&self,
name: Option<DNSNameRef<'_>>
) -> Result<(), TLSError>

Check the certificate chain for validity:

it should be non-empty list
the first certificate should be parsable as a x509v3,
the first certificate should quote the given server name (if provided)

These checks are not security-sensitive. They are the server attempting to detect accidental misconfiguration.

Trait Implementations

impl Clone for CertifiedKey

fn clone(&self) -> CertifiedKey

Returns a copy of the value. Read more

1.0.0 · source

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations

impl !RefUnwindSafe for CertifiedKey

impl Send for CertifiedKey

impl Sync for CertifiedKey

impl Unpin for CertifiedKey

impl !UnwindSafe for CertifiedKey

Blanket Implementations

impl<T> Any for T where
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T where
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for T where
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.