pub trait AppleCertificate: Sized {
// Required methods
fn is_apple_root_ca(&self) -> bool;
fn is_apple_intermediate_ca(&self) -> bool;
fn apple_ca_extensions(&self) -> Vec<CertificateAuthorityExtension>;
fn apple_extended_key_usage_purposes(&self) -> Vec<ExtendedKeyUsagePurpose>;
fn apple_code_signing_extensions(
&self,
) -> Vec<CodeSigningCertificateExtension>;
fn apple_guess_profile(&self) -> Option<CertificateProfile>;
fn apple_issuing_chain(&self) -> Vec<KnownCertificate>;
fn chains_to_apple_root_ca(&self) -> bool;
fn apple_root_certificate_chain(
&self,
) -> Option<Vec<CapturedX509Certificate>>;
fn apple_team_id(&self) -> Option<String>;
fn is_test_apple_signed_certificate(&self) -> bool;
}Expand description
Extends functionality of CapturedX509Certificate with Apple specific certificate knowledge.
Required Methods§
Sourcefn is_apple_root_ca(&self) -> bool
fn is_apple_root_ca(&self) -> bool
Whether this is a known Apple root certificate authority.
We define this criteria as a certificate in our built-in list of known Apple certificates that has the same subject and issuer Names.
Sourcefn is_apple_intermediate_ca(&self) -> bool
fn is_apple_intermediate_ca(&self) -> bool
Whether this is a known Apple intermediate certificate authority.
This is similar to Self::is_apple_root_ca except it doesn’t match against known self-signed Apple certificates.
Sourcefn apple_ca_extensions(&self) -> Vec<CertificateAuthorityExtension>
fn apple_ca_extensions(&self) -> Vec<CertificateAuthorityExtension>
Find CertificateAuthorityExtension present on this certificate.
If this is non-empty, the certificate says it is an Apple certificate whose role is issuing other certificates using for signing things.
This function does not perform trust validation that the underlying certificate is a legitimate Apple issued certificate: just that it has the desired property.
Sourcefn apple_extended_key_usage_purposes(&self) -> Vec<ExtendedKeyUsagePurpose>
fn apple_extended_key_usage_purposes(&self) -> Vec<ExtendedKeyUsagePurpose>
Obtain all of Apple’s ExtendedKeyUsagePurpose in this certificate.
Sourcefn apple_code_signing_extensions(&self) -> Vec<CodeSigningCertificateExtension>
fn apple_code_signing_extensions(&self) -> Vec<CodeSigningCertificateExtension>
Obtain all of Apple’s CodeSigningCertificateExtension in this certificate.
Sourcefn apple_guess_profile(&self) -> Option<CertificateProfile>
fn apple_guess_profile(&self) -> Option<CertificateProfile>
Attempt to guess the CertificateProfile associated with this certificate.
This keys off present certificate extensions to guess which profile it belongs to. Incorrect guesses are possible, which is why guess is in the function name.
Returns None if we don’t think a CertificateProfile is associated with
this extension.
Sourcefn apple_issuing_chain(&self) -> Vec<KnownCertificate>
fn apple_issuing_chain(&self) -> Vec<KnownCertificate>
Attempt to resolve the certificate issuer chain back to AppleCertificate.
This is a glorified wrapper around CapturedX509Certificate::resolve_signing_chain that filters matches against certificates in our known set of Apple certificates and maps them back to our KnownCertificate Rust enumeration.
False negatives (read: missing certificates) can be encountered if we don’t know about an Apple CA certificate.
Sourcefn chains_to_apple_root_ca(&self) -> bool
fn chains_to_apple_root_ca(&self) -> bool
Whether this certificate chains back to a known Apple root certificate authority.
This is true if the resolved certificate issuance chain (which is confirmed via verifying the cryptographic signatures on certificates) ands in a certificate that is known to be an Apple root CA.
Sourcefn apple_root_certificate_chain(&self) -> Option<Vec<CapturedX509Certificate>>
fn apple_root_certificate_chain(&self) -> Option<Vec<CapturedX509Certificate>>
Obtain the chain of issuing certificates, back to a known Apple root.
The returned chain starts with this certificate and ends with a known Apple root certificate authority. None is returned if this certificate doesn’t appear to chain to a known Apple root CA.
Sourcefn apple_team_id(&self) -> Option<String>
fn apple_team_id(&self) -> Option<String>
Attempt to resolve the team id of an Apple issued certificate.
The team id is a value like AB42XYZ789 that is attached to your
Apple Developer account. It seems to always be embedded in signing
certificates as the Organizational Unit field of the subject. So this
function is just a shortcut for retrieving that.
Sourcefn is_test_apple_signed_certificate(&self) -> bool
fn is_test_apple_signed_certificate(&self) -> bool
Whether this is a certificate pretending to be signed by an Apple CA but isn’t really.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.