pub struct X509(/* private fields */);
Expand description
An X509
public key certificate.
Implementations§
source§impl X509
impl X509
sourcepub fn builder() -> Result<X509Builder, ErrorStack>
pub fn builder() -> Result<X509Builder, ErrorStack>
Returns a new builder.
sourcepub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>
pub fn from_pem(pem: &[u8]) -> Result<X509, ErrorStack>
Deserializes a PEM-encoded X509 structure.
The input should have a header of -----BEGIN CERTIFICATE-----
.
This corresponds to PEM_read_bio_X509
.
sourcepub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>
pub fn from_der(der: &[u8]) -> Result<X509, ErrorStack>
Deserializes a DER-encoded X509 structure.
This corresponds to d2i_X509
.
sourcepub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>
pub fn stack_from_pem(pem: &[u8]) -> Result<Vec<X509>, ErrorStack>
Deserializes a list of PEM-formatted certificates.
This corresponds to PEM_read_bio_X509
.
Methods from Deref<Target = X509Ref>§
sourcepub fn subject_name(&self) -> &X509NameRef
pub fn subject_name(&self) -> &X509NameRef
Returns this certificate’s subject name.
This corresponds to X509_get_subject_name
.
sourcepub fn subject_name_hash(&self) -> u32
pub fn subject_name_hash(&self) -> u32
Returns the hash of the certificates subject
This corresponds to X509_subject_name_hash
.
sourcepub fn issuer_name(&self) -> &X509NameRef
pub fn issuer_name(&self) -> &X509NameRef
Returns this certificate’s issuer name.
This corresponds to X509_get_issuer_name
.
sourcepub fn issuer_name_hash(&self) -> u32
pub fn issuer_name_hash(&self) -> u32
Returns the hash of the certificates issuer
This corresponds to X509_issuer_name_hash
.
sourcepub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>
pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>>
Returns this certificate’s subject alternative name entries, if they exist.
This corresponds to X509_get_ext_d2i
.
sourcepub fn crl_distribution_points(&self) -> Option<Stack<DistPoint>>
pub fn crl_distribution_points(&self) -> Option<Stack<DistPoint>>
Returns this certificate’s CRL distribution points, if they exist.
This corresponds to X509_get_ext_d2i
.
sourcepub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>
pub fn issuer_alt_names(&self) -> Option<Stack<GeneralName>>
Returns this certificate’s issuer alternative name entries, if they exist.
This corresponds to X509_get_ext_d2i
.
Returns this certificate’s authority information access
entries, if they exist.
This corresponds to X509_get_ext_d2i
.
sourcepub fn pathlen(&self) -> Option<u32>
pub fn pathlen(&self) -> Option<u32>
Retrieves the path length extension from a certificate, if it exists.
This corresponds to X509_get_pathlen
.
sourcepub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef>
pub fn subject_key_id(&self) -> Option<&Asn1OctetStringRef>
Returns this certificate’s subject key id, if it exists.
This corresponds to X509_get0_subject_key_id
.
Returns this certificate’s authority key id, if it exists.
This corresponds to X509_get0_authority_key_id
.
Returns this certificate’s authority issuer name entries, if they exist.
This corresponds to X509_get0_authority_issuer
.
Returns this certificate’s authority serial number, if it exists.
This corresponds to X509_get0_authority_serial
.
sourcepub fn public_key(&self) -> Result<PKey<Public>, ErrorStack>
pub fn public_key(&self) -> Result<PKey<Public>, ErrorStack>
This corresponds to X509_get_pubkey
.
sourcepub fn digest(
&self,
hash_type: MessageDigest,
) -> Result<DigestBytes, ErrorStack>
pub fn digest( &self, hash_type: MessageDigest, ) -> Result<DigestBytes, ErrorStack>
Returns a digest of the DER representation of the certificate.
This corresponds to X509_digest
.
pub fn fingerprint( &self, hash_type: MessageDigest, ) -> Result<Vec<u8>, ErrorStack>
sourcepub fn not_after(&self) -> &Asn1TimeRef
pub fn not_after(&self) -> &Asn1TimeRef
Returns the certificate’s Not After validity period.
This corresponds to X509_getm_notAfter
.
sourcepub fn not_before(&self) -> &Asn1TimeRef
pub fn not_before(&self) -> &Asn1TimeRef
Returns the certificate’s Not Before validity period.
This corresponds to X509_getm_notBefore
.
sourcepub fn signature(&self) -> &Asn1BitStringRef
pub fn signature(&self) -> &Asn1BitStringRef
Returns the certificate’s signature
This corresponds to X509_get0_signature
.
sourcepub fn signature_algorithm(&self) -> &X509AlgorithmRef
pub fn signature_algorithm(&self) -> &X509AlgorithmRef
Returns the certificate’s signature algorithm.
This corresponds to X509_get0_signature
.
sourcepub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>
pub fn ocsp_responders(&self) -> Result<Stack<OpensslString>, ErrorStack>
Returns the list of OCSP responder URLs specified in the certificate’s Authority Information Access field.
This corresponds to X509_get1_ocsp
.
sourcepub fn issued(&self, subject: &X509Ref) -> X509VerifyResult
pub fn issued(&self, subject: &X509Ref) -> X509VerifyResult
Checks that this certificate issued subject
.
This corresponds to X509_check_issued
.
sourcepub fn version(&self) -> i32
pub fn version(&self) -> i32
Returns certificate version. If this certificate has no explicit version set, it defaults to version 1.
Note that 0
return value stands for version 1, 1
for version 2 and so on.
This corresponds to X509_get_version
.
sourcepub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>where
T: HasPublic,
pub fn verify<T>(&self, key: &PKeyRef<T>) -> Result<bool, ErrorStack>where
T: HasPublic,
Check if the certificate is signed using the given public key.
Only the signature is checked: no other checks (such as certificate chain validity) are performed.
Returns true
if verification succeeds.
This corresponds to X509_verify
.
sourcepub fn serial_number(&self) -> &Asn1IntegerRef
pub fn serial_number(&self) -> &Asn1IntegerRef
Returns this certificate’s serial number.
This corresponds to X509_get_serialNumber
.
sourcepub fn alias(&self) -> Option<&[u8]>
pub fn alias(&self) -> Option<&[u8]>
Returns this certificate’s “alias”. This field is populated by
OpenSSL in some situations – specifically OpenSSL will store a
PKCS#12 friendlyName
in this field. This is not a part of the X.509
certificate itself, OpenSSL merely attaches it to this structure in
memory.
This corresponds to X509_alias_get0
.
sourcepub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
pub fn to_pem(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the certificate into a PEM-encoded X509 structure.
The output will have a header of -----BEGIN CERTIFICATE-----
.
This corresponds to PEM_write_bio_X509
.
sourcepub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>
pub fn to_der(&self) -> Result<Vec<u8>, ErrorStack>
Serializes the certificate into a DER-encoded X509 structure.
This corresponds to i2d_X509
.
sourcepub fn to_text(&self) -> Result<Vec<u8>, ErrorStack>
pub fn to_text(&self) -> Result<Vec<u8>, ErrorStack>
Converts the certificate to human readable text.
This corresponds to X509_print
.
Trait Implementations§
source§impl ForeignType for X509
impl ForeignType for X509
source§impl Ord for X509
impl Ord for X509
source§impl PartialOrd<X509> for X509Ref
impl PartialOrd<X509> for X509Ref
source§impl PartialOrd<X509Ref> for X509
impl PartialOrd<X509Ref> for X509
source§impl PartialOrd for X509
impl PartialOrd for X509
source§impl Stackable for X509
impl Stackable for X509
§type StackType = stack_st_X509
type StackType = stack_st_X509
impl Eq for X509
impl Send for X509
impl Sync for X509
Auto Trait Implementations§
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)