pub struct X509CertificateBuilder { /* private fields */ }Expand description
Interface for constructing new X.509 certificates.
This holds fields for various certificate metadata and allows you to incrementally derive a new X.509 certificate.
The certificate is populated with defaults:
- The serial number is 1.
- The time validity is now until 1 hour from now.
- There is no issuer. If no attempt is made to define an issuer, the subject will be copied to the issuer field and this will be a self-signed certificate.
This type can also be used to produce certificate signing requests. In this mode, only the subject value and additional registered attributes are meaningful.
Implementations§
Source§impl X509CertificateBuilder
impl X509CertificateBuilder
Sourcepub fn new() -> Self
👎Deprecated
pub fn new() -> Self
Deprecated. Use Self::default() instead.
Sourcepub fn subject(&mut self) -> &mut Name
pub fn subject(&mut self) -> &mut Name
Obtain a mutable reference to the subject Name.
The type has functions that will allow you to add attributes with ease.
Sourcepub fn issuer(&mut self) -> &mut Name
pub fn issuer(&mut self) -> &mut Name
Obtain a mutable reference to the issuer Name.
If no issuer has been created yet, an empty one will be created.
Sourcepub fn serial_number(&mut self, value: i64)
pub fn serial_number(&mut self, value: i64)
Set the serial number for the certificate.
Sourcepub fn extensions(&self) -> &Extensions
pub fn extensions(&self) -> &Extensions
Obtain the raw certificate extensions.
Sourcepub fn extensions_mut(&mut self) -> &mut Extensions
pub fn extensions_mut(&mut self) -> &mut Extensions
Obtain a mutable reference to raw certificate extensions.
Sourcepub fn add_extension_der_data(
&mut self,
oid: Oid,
critical: bool,
data: impl AsRef<[u8]>,
)
pub fn add_extension_der_data( &mut self, oid: Oid, critical: bool, data: impl AsRef<[u8]>, )
Add an extension to the certificate with its value as pre-encoded DER data.
Sourcepub fn validity_duration(&mut self, duration: Duration)
pub fn validity_duration(&mut self, duration: Duration)
Set the expiration time in terms of Duration since its currently set start time.
Sourcepub fn constraint_not_ca(&mut self)
pub fn constraint_not_ca(&mut self)
Add a basic constraint extension that this isn’t a CA certificate.
Sourcepub fn add_csr_attribute(&mut self, attribute: Attribute)
pub fn add_csr_attribute(&mut self, attribute: Attribute)
Add an [Attribute] to a future certificate signing requests.
Has no effect on regular certificate creation: only if creating certificate signing requests.
Sourcepub fn create_with_key_pair(
&self,
key_pair: &InMemorySigningKeyPair,
) -> Result<CapturedX509Certificate, Error>
pub fn create_with_key_pair( &self, key_pair: &InMemorySigningKeyPair, ) -> Result<CapturedX509Certificate, Error>
Create a new certificate given settings using the provided key pair.
Sourcepub fn create_with_random_keypair(
&self,
key_algorithm: KeyAlgorithm,
) -> Result<(CapturedX509Certificate, InMemorySigningKeyPair), Error>
pub fn create_with_random_keypair( &self, key_algorithm: KeyAlgorithm, ) -> Result<(CapturedX509Certificate, InMemorySigningKeyPair), Error>
Create a new certificate given settings, using a randomly generated key pair.
Sourcepub fn create_certificate_signing_request(
&self,
signer: &dyn KeyInfoSigner,
) -> Result<CertificationRequest, Error>
pub fn create_certificate_signing_request( &self, signer: &dyn KeyInfoSigner, ) -> Result<CertificationRequest, Error>
Create a new certificate signing request (CSR).
The CSR is derived according to the process defined in RFC 2986 Section 3. Essentially, we collect metadata about the request, sign that metadata using a provided signing/private key, then attach the signature to form a complete certification request.