Struct openssl::x509::X509Generator
[−]
[src]
pub struct X509Generator { // some fields omitted }
Generator of private key/certificate pairs
Example
use std::fs; use std::fs::File; use std::io::prelude::*; use std::path::Path; use openssl::crypto::hash::Type; use openssl::x509::{KeyUsage, X509Generator}; let gen = X509Generator::new() .set_bitlength(2048) .set_valid_period(365*2) .set_CN("SuperMegaCorp Inc.") .set_sign_hash(Type::SHA256) .set_usage(&[KeyUsage::DigitalSignature]); let (cert, pkey) = gen.generate().unwrap(); let cert_path = "doc_cert.pem"; let mut file = File::create(cert_path).unwrap(); assert!(cert.write_pem(&mut file).is_ok()); let pkey_path = "doc_key.pem"; let mut file = File::create(pkey_path).unwrap(); assert!(pkey.write_pem(&mut file).is_ok());
Methods
impl X509Generator
fn new() -> X509Generator
Creates a new generator with the following defaults:
bit length: 1024
validity period: 365 days
CN: "rust-openssl"
hash: SHA1
fn set_bitlength(self, bits: u32) -> X509Generator
Sets desired bit length
fn set_valid_period(self, days: u32) -> X509Generator
Sets certificate validity period in days since today
fn set_CN(self, CN: &str) -> X509Generator
(deprecated) Sets Common Name of certificate
This function is deprecated, use X509Generator.add_name
instead.
Don't use this function AND the add_name
method
fn add_name(self, attr_type: String, attr_value: String) -> X509Generator
Add attribute to the name of the certificate
generator.add_name("CN".to_string(),"example.com".to_string());
fn add_names<I>(self, attrs: I) -> X509Generator where I: IntoIterator<Item=(String, String)>
Add multiple attributes to the name of the certificate
generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
fn set_usage(self, purposes: &[KeyUsage]) -> X509Generator
(deprecated) Sets what for certificate could be used
This function is deprecated, use X509Generator.add_extension
instead.
fn set_ext_usage(self, purposes: &[ExtKeyUsage]) -> X509Generator
(deprecated) Sets allowed extended usage of certificate
This function is deprecated, use X509Generator.add_extension
instead.
fn add_extension(self, ext: Extension) -> X509Generator
Add an extension to a certificate
If the extension already exists, it will be replaced.
use openssl::x509::extension::Extension::*; use openssl::x509::extension::KeyUsageOption::*; generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]));
fn add_extensions<I>(self, exts: I) -> X509Generator where I: IntoIterator<Item=Extension>
Add multiple extensions to a certificate
If any of the extensions already exist, they will be replaced.
use openssl::x509::extension::Extension::*; use openssl::x509::extension::KeyUsageOption::*; generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]);
fn set_sign_hash(self, hash_type: Type) -> X509Generator
fn generate<'a>(&self) -> Result<(X509<'a>, PKey), SslError>
Generates a private key and a self-signed certificate and returns them
fn sign<'a>(&self, p_key: &PKey) -> Result<X509<'a>, SslError>
Sets the certificate public-key, then self-sign and return it Note: That the bit-length of the private key is used (set_bitlength is ignored)
fn request(&self, p_key: &PKey) -> Result<X509Req, SslError>
Obtain a certificate signing request (CSR)