pub struct MutableX509Certificate(/* private fields */);
Expand description
Provides a mutable wrapper to an X.509 certificate that was parsed from data.
This is like CapturedX509Certificate except it implements DerefMut, enabling you to modify the certificate while still being able to access the raw data the certificate is backed by. However, mutations are only performed against the parsed ASN.1 data structure, not the original data it was constructed with.
Methods from Deref<Target = X509Certificate>§
Sourcepub fn serial_number_asn1(&self) -> &Integer
pub fn serial_number_asn1(&self) -> &Integer
Obtain the serial number as the ASN.1 Integer type.
Sourcepub fn subject_name(&self) -> &Name
pub fn subject_name(&self) -> &Name
Obtain the certificate’s subject, as its ASN.1 Name type.
Sourcepub fn subject_common_name(&self) -> Option<String>
pub fn subject_common_name(&self) -> Option<String>
Obtain the Common Name (CN) attribute from the certificate’s subject, if set and decodable.
Sourcepub fn issuer_name(&self) -> &Name
pub fn issuer_name(&self) -> &Name
Obtain the certificate’s issuer, as its ASN.1 Name type.
Sourcepub fn issuer_common_name(&self) -> Option<String>
pub fn issuer_common_name(&self) -> Option<String>
Obtain the Common Name (CN) attribute from the certificate’s issuer, if set and decodable.
Sourcepub fn iter_extensions(&self) -> impl Iterator<Item = &Extension>
pub fn iter_extensions(&self) -> impl Iterator<Item = &Extension>
Iterate over extensions defined in this certificate.
Sourcepub fn encode_der_to(&self, fh: &mut impl Write) -> Result<(), Error>
pub fn encode_der_to(&self, fh: &mut impl Write) -> Result<(), Error>
Encode the certificate data structure using DER encoding.
(This is the common ASN.1 encoding format for X.509 certificates.)
This always serializes the internal ASN.1 data structure. If you call this on a wrapper type that has retained a copy of the original data, this may emit different data than that copy.
Sourcepub fn encode_ber_to(&self, fh: &mut impl Write) -> Result<(), Error>
pub fn encode_ber_to(&self, fh: &mut impl Write) -> Result<(), Error>
Encode the certificate data structure use BER encoding.
Sourcepub fn encode_der(&self) -> Result<Vec<u8>, Error>
pub fn encode_der(&self) -> Result<Vec<u8>, Error>
Encode the internal ASN.1 data structures to DER.
Sourcepub fn encode_ber(&self) -> Result<Vec<u8>, Error>
pub fn encode_ber(&self) -> Result<Vec<u8>, Error>
Obtain the BER encoded representation of this certificate.
Sourcepub fn write_pem(&self, fh: &mut impl Write) -> Result<(), Error>
pub fn write_pem(&self, fh: &mut impl Write) -> Result<(), Error>
Encode the certificate to PEM.
This will write a human-readable string with ------ BEGIN CERTIFICATE -------
armoring. This is a very common method for encoding certificates.
The underlying binary data is DER encoded.
Sourcepub fn encode_pem(&self) -> Result<String, Error>
pub fn encode_pem(&self) -> Result<String, Error>
Encode the certificate to a PEM string.
Sourcepub fn key_algorithm(&self) -> Option<KeyAlgorithm>
pub fn key_algorithm(&self) -> Option<KeyAlgorithm>
Attempt to resolve a known KeyAlgorithm used by the private key associated with this certificate.
If this crate isn’t aware of the OID associated with the key algorithm,
None
is returned.
Sourcepub fn key_algorithm_oid(&self) -> &Oid
pub fn key_algorithm_oid(&self) -> &Oid
Obtain the OID of the private key’s algorithm.
Sourcepub fn signature_algorithm(&self) -> Option<SignatureAlgorithm>
pub fn signature_algorithm(&self) -> Option<SignatureAlgorithm>
Obtain the [SignatureAlgorithm this certificate will use.
Returns None if we failed to resolve an instance (probably because we don’t recognize the algorithm).
Sourcepub fn signature_algorithm_oid(&self) -> &Oid
pub fn signature_algorithm_oid(&self) -> &Oid
Obtain the OID of the signature algorithm this certificate will use.
Sourcepub fn signature_signature_algorithm(&self) -> Option<SignatureAlgorithm>
pub fn signature_signature_algorithm(&self) -> Option<SignatureAlgorithm>
Obtain the SignatureAlgorithm used to sign this certificate.
Returns None if we failed to resolve an instance (probably because we don’t recognize that algorithm).
Sourcepub fn signature_signature_algorithm_oid(&self) -> &Oid
pub fn signature_signature_algorithm_oid(&self) -> &Oid
Obtain the OID of the signature algorithm used to sign this certificate.
Sourcepub fn public_key_data(&self) -> Bytes
pub fn public_key_data(&self) -> Bytes
Obtain the raw data constituting this certificate’s public key.
A copy of the data is returned.
Sourcepub fn rsa_public_key_data(&self) -> Result<RsaPublicKey, Error>
pub fn rsa_public_key_data(&self) -> Result<RsaPublicKey, Error>
Attempt to parse the public key data as RsaPublicKey parameters.
Note that the raw integer value for modulus has a leading 0 byte. So its
raw length will be 1 greater than key length. e.g. an RSA 2048 key will
have value.modulus.as_slice().len() == 257
instead of 256
.
Sourcepub fn compare_issuer(&self, other: &Self) -> Ordering
pub fn compare_issuer(&self, other: &Self) -> Ordering
Compare 2 instances, sorting them so the issuer comes before the issued.
This function examines the Self::issuer_name and Self::subject_name fields of 2 certificates, attempting to sort them so the issuing certificate comes before the issued certificate.
This function performs a strict compare of the ASN.1 Name data. The assumption here is that the issuing certificate’s subject Name is identical to the issued’s issuer Name. This assumption is often true. But it likely isn’t always true, so this function may not produce reliable results.
Sourcepub fn subject_is_issuer(&self) -> bool
pub fn subject_is_issuer(&self) -> bool
Sourcepub fn fingerprint(&self, algorithm: DigestAlgorithm) -> Result<Digest, Error>
pub fn fingerprint(&self, algorithm: DigestAlgorithm) -> Result<Digest, Error>
Obtain the fingerprint for this certificate given a digest algorithm.
Sourcepub fn sha1_fingerprint(&self) -> Result<Digest, Error>
pub fn sha1_fingerprint(&self) -> Result<Digest, Error>
Obtain the SHA-1 fingerprint of this certificate.
Sourcepub fn sha256_fingerprint(&self) -> Result<Digest, Error>
pub fn sha256_fingerprint(&self) -> Result<Digest, Error>
Obtain the SHA-256 fingerprint of this certificate.
Sourcepub fn tbs_certificate(&self) -> &TbsCertificate
pub fn tbs_certificate(&self) -> &TbsCertificate
Obtain the raw rfc5280::TbsCertificate for this certificate.
Sourcepub fn validity_not_before(&self) -> DateTime<Utc>
pub fn validity_not_before(&self) -> DateTime<Utc>
Obtain the certificate validity “not before” time.
Sourcepub fn validity_not_after(&self) -> DateTime<Utc>
pub fn validity_not_after(&self) -> DateTime<Utc>
Obtain the certificate validity “not after” time.
Sourcepub fn time_constraints_valid(
&self,
compare_time: Option<DateTime<Utc>>,
) -> bool
pub fn time_constraints_valid( &self, compare_time: Option<DateTime<Utc>>, ) -> bool
Determine whether a time is between the validity constraints in the certificate.
i.e. check whether a certificate is “expired.”
Receives a date time to check against.
If None
, the current time is used. This relies on the machine’s
wall clock to be accurate, of course.
Trait Implementations§
Source§impl Clone for MutableX509Certificate
impl Clone for MutableX509Certificate
Source§fn clone(&self) -> MutableX509Certificate
fn clone(&self) -> MutableX509Certificate
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreSource§impl Debug for MutableX509Certificate
impl Debug for MutableX509Certificate
Source§impl Deref for MutableX509Certificate
impl Deref for MutableX509Certificate
Source§impl DerefMut for MutableX509Certificate
impl DerefMut for MutableX509Certificate
Source§impl From<CapturedX509Certificate> for MutableX509Certificate
impl From<CapturedX509Certificate> for MutableX509Certificate
Source§fn from(cert: CapturedX509Certificate) -> Self
fn from(cert: CapturedX509Certificate) -> Self
Source§impl PartialEq for MutableX509Certificate
impl PartialEq for MutableX509Certificate
impl Eq for MutableX509Certificate
impl StructuralPartialEq for MutableX509Certificate
Auto Trait Implementations§
impl !Freeze for MutableX509Certificate
impl RefUnwindSafe for MutableX509Certificate
impl Send for MutableX509Certificate
impl Sync for MutableX509Certificate
impl Unpin for MutableX509Certificate
impl UnwindSafe for MutableX509Certificate
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)