Struct openssl::x509::X509Generator [−] [src]

pub struct X509Generator {
    // some fields omitted
}

Generator of private key/certificate pairs

Example

use openssl::crypto::hash::Type;
use openssl::crypto::pkey::PKey;
use openssl::crypto::rsa::RSA;
use openssl::x509::X509Generator;
use openssl::x509::extension::{Extension, KeyUsageOption};

let rsa = RSA::generate(2048).unwrap();
let pkey = PKey::from_rsa(rsa).unwrap();

let gen = X509Generator::new()
       .set_valid_period(365*2)
       .add_name("CN".to_owned(), "SuperMegaCorp Inc.".to_owned())
       .set_sign_hash(Type::SHA256)
       .add_extension(Extension::KeyUsage(vec![KeyUsageOption::DigitalSignature]));

let cert = gen.sign(&pkey).unwrap();
let cert_pem = cert.to_pem().unwrap();
let pkey_pem = pkey.private_key_to_pem().unwrap();

Methods

`impl X509Generator`
[src]

`fn new() -> X509Generator`

Creates a new generator with the following defaults:

validity period: 365 days

CN: "rust-openssl"

hash: SHA1

`fn set_valid_period(self, days: u32) -> X509Generator`

Sets certificate validity period in days since today

`fn add_name(self, attr_type: String, attr_value: String) -> X509Generator`

Add attribute to the name of the certificate

generator.add_name("CN".to_string(),"example.com".to_string());

`fn add_names<I>(self, attrs: I) -> X509Generator where I: IntoIterator<Item=(String, String)>`

Add multiple attributes to the name of the certificate

generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);

`fn add_extension(self, ext: Extension) -> X509Generator`

Add an extension to a certificate

If the extension already exists, it will be replaced.

use openssl::x509::extension::Extension::*;
use openssl::x509::extension::KeyUsageOption::*;

generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));

`fn add_extensions<I>(self, exts: I) -> X509Generator where I: IntoIterator<Item=Extension>`

Add multiple extensions to a certificate

If any of the extensions already exist, they will be replaced.

use openssl::x509::extension::Extension::*;
use openssl::x509::extension::KeyUsageOption::*;

generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);

`fn set_sign_hash(self, hash_type: Type) -> X509Generator`

`fn sign(&self, p_key: &PKey) -> Result<X509, ErrorStack>`

Sets the certificate public-key, then self-sign and return it Note: That the bit-length of the private key is used (set_bitlength is ignored)

`fn request(&self, p_key: &PKey) -> Result<X509Req, ErrorStack>`

Obtain a certificate signing request (CSR)

Requries the x509_generator_request feature.

Struct openssl::x509::X509Generator [−] [src]

Example

Methods

impl X509Generator[src]

fn new() -> X509Generator

fn set_valid_period(self, days: u32) -> X509Generator

fn add_name(self, attr_type: String, attr_value: String) -> X509Generator

fn add_names<I>(self, attrs: I) -> X509Generator where I: IntoIterator<Item=(String, String)>

fn add_extension(self, ext: Extension) -> X509Generator

fn add_extensions<I>(self, exts: I) -> X509Generator where I: IntoIterator<Item=Extension>

fn set_sign_hash(self, hash_type: Type) -> X509Generator

fn sign(&self, p_key: &PKey) -> Result<X509, ErrorStack>

fn request(&self, p_key: &PKey) -> Result<X509Req, ErrorStack>