x509_certificate::certificate

Struct MutableX509Certificate

Source
pub struct MutableX509Certificate(/* private fields */);
Expand description

Provides a mutable wrapper to an X.509 certificate that was parsed from data.

This is like CapturedX509Certificate except it implements DerefMut, enabling you to modify the certificate while still being able to access the raw data the certificate is backed by. However, mutations are only performed against the parsed ASN.1 data structure, not the original data it was constructed with.

Methods from Deref<Target = X509Certificate>§

Source

pub fn serial_number_asn1(&self) -> &Integer

Obtain the serial number as the ASN.1 Integer type.

Source

pub fn subject_name(&self) -> &Name

Obtain the certificate’s subject, as its ASN.1 Name type.

Source

pub fn subject_common_name(&self) -> Option<String>

Obtain the Common Name (CN) attribute from the certificate’s subject, if set and decodable.

Source

pub fn issuer_name(&self) -> &Name

Obtain the certificate’s issuer, as its ASN.1 Name type.

Source

pub fn issuer_common_name(&self) -> Option<String>

Obtain the Common Name (CN) attribute from the certificate’s issuer, if set and decodable.

Source

pub fn iter_extensions(&self) -> impl Iterator<Item = &Extension>

Iterate over extensions defined in this certificate.

Source

pub fn encode_der_to(&self, fh: &mut impl Write) -> Result<(), Error>

Encode the certificate data structure using DER encoding.

(This is the common ASN.1 encoding format for X.509 certificates.)

This always serializes the internal ASN.1 data structure. If you call this on a wrapper type that has retained a copy of the original data, this may emit different data than that copy.

Source

pub fn encode_ber_to(&self, fh: &mut impl Write) -> Result<(), Error>

Encode the certificate data structure use BER encoding.

Source

pub fn encode_der(&self) -> Result<Vec<u8>, Error>

Encode the internal ASN.1 data structures to DER.

Source

pub fn encode_ber(&self) -> Result<Vec<u8>, Error>

Obtain the BER encoded representation of this certificate.

Source

pub fn write_pem(&self, fh: &mut impl Write) -> Result<(), Error>

Encode the certificate to PEM.

This will write a human-readable string with ------ BEGIN CERTIFICATE ------- armoring. This is a very common method for encoding certificates.

The underlying binary data is DER encoded.

Source

pub fn encode_pem(&self) -> Result<String, Error>

Encode the certificate to a PEM string.

Source

pub fn key_algorithm(&self) -> Option<KeyAlgorithm>

Attempt to resolve a known KeyAlgorithm used by the private key associated with this certificate.

If this crate isn’t aware of the OID associated with the key algorithm, None is returned.

Source

pub fn key_algorithm_oid(&self) -> &Oid

Obtain the OID of the private key’s algorithm.

Source

pub fn signature_algorithm(&self) -> Option<SignatureAlgorithm>

Obtain the [SignatureAlgorithm this certificate will use.

Returns None if we failed to resolve an instance (probably because we don’t recognize the algorithm).

Source

pub fn signature_algorithm_oid(&self) -> &Oid

Obtain the OID of the signature algorithm this certificate will use.

Source

pub fn signature_signature_algorithm(&self) -> Option<SignatureAlgorithm>

Obtain the SignatureAlgorithm used to sign this certificate.

Returns None if we failed to resolve an instance (probably because we don’t recognize that algorithm).

Source

pub fn signature_signature_algorithm_oid(&self) -> &Oid

Obtain the OID of the signature algorithm used to sign this certificate.

Source

pub fn public_key_data(&self) -> Bytes

Obtain the raw data constituting this certificate’s public key.

A copy of the data is returned.

Source

pub fn rsa_public_key_data(&self) -> Result<RsaPublicKey, Error>

Attempt to parse the public key data as RsaPublicKey parameters.

Note that the raw integer value for modulus has a leading 0 byte. So its raw length will be 1 greater than key length. e.g. an RSA 2048 key will have value.modulus.as_slice().len() == 257 instead of 256.

Source

pub fn compare_issuer(&self, other: &Self) -> Ordering

Compare 2 instances, sorting them so the issuer comes before the issued.

This function examines the Self::issuer_name and Self::subject_name fields of 2 certificates, attempting to sort them so the issuing certificate comes before the issued certificate.

This function performs a strict compare of the ASN.1 Name data. The assumption here is that the issuing certificate’s subject Name is identical to the issued’s issuer Name. This assumption is often true. But it likely isn’t always true, so this function may not produce reliable results.

Source

pub fn subject_is_issuer(&self) -> bool

Whether the subject Name is also the issuer’s Name.

This might be a way of determining if a certificate is self-signed. But there can likely be false negatives due to differences in ASN.1 encoding of the underlying data. So we don’t claim this is a test for being self-signed.

Source

pub fn fingerprint(&self, algorithm: DigestAlgorithm) -> Result<Digest, Error>

Obtain the fingerprint for this certificate given a digest algorithm.

Source

pub fn sha1_fingerprint(&self) -> Result<Digest, Error>

Obtain the SHA-1 fingerprint of this certificate.

Source

pub fn sha256_fingerprint(&self) -> Result<Digest, Error>

Obtain the SHA-256 fingerprint of this certificate.

Source

pub fn tbs_certificate(&self) -> &TbsCertificate

Obtain the raw rfc5280::TbsCertificate for this certificate.

Source

pub fn validity_not_before(&self) -> DateTime<Utc>

Obtain the certificate validity “not before” time.

Source

pub fn validity_not_after(&self) -> DateTime<Utc>

Obtain the certificate validity “not after” time.

Source

pub fn time_constraints_valid( &self, compare_time: Option<DateTime<Utc>>, ) -> bool

Determine whether a time is between the validity constraints in the certificate.

i.e. check whether a certificate is “expired.”

Receives a date time to check against.

If None, the current time is used. This relies on the machine’s wall clock to be accurate, of course.

Trait Implementations§

Source§

impl Clone for MutableX509Certificate

Source§

fn clone(&self) -> MutableX509Certificate

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for MutableX509Certificate

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Deref for MutableX509Certificate

Source§

type Target = X509Certificate

The resulting type after dereferencing.
Source§

fn deref(&self) -> &Self::Target

Dereferences the value.
Source§

impl DerefMut for MutableX509Certificate

Source§

fn deref_mut(&mut self) -> &mut Self::Target

Mutably dereferences the value.
Source§

impl From<CapturedX509Certificate> for MutableX509Certificate

Source§

fn from(cert: CapturedX509Certificate) -> Self

Converts to this type from the input type.
Source§

impl PartialEq for MutableX509Certificate

Source§

fn eq(&self, other: &MutableX509Certificate) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for MutableX509Certificate

Source§

impl StructuralPartialEq for MutableX509Certificate

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.