Struct webpki::trust_anchor::TrustAnchor

pub struct TrustAnchor<'a> {
    pub subject: &'a [u8],
    pub spki: &'a [u8],
    pub name_constraints: Option<&'a [u8]>,
}

A trust anchor (a.k.a. root CA).

Traditionally, certificate verification libraries have represented trust anchors as full X.509 root certificates. However, those certificates contain a lot more data than is needed for verifying certificates. The TrustAnchor representation allows an application to store just the essential elements of trust anchors. The TrustAnchor::try_from_cert_der function allows converting X.509 certificates to to the minimized TrustAnchor representation, either at runtime or in a build script.

Fields

subject: &'a [u8]

The value of the subject field of the trust anchor.

spki: &'a [u8]

The value of the subjectPublicKeyInfo field of the trust anchor.

name_constraints: Option<&'a [u8]>

The value of a DER-encoded NameConstraints, containing name constraints to apply to the trust anchor, if any.

Implementations

impl<'a> TrustAnchor<'a>

pub fn try_from_cert_der(cert_der: &'a [u8]) -> Result<Self, Error>

Interprets the given DER-encoded certificate as a TrustAnchor. The certificate is not validated. In particular, there is no check that the certificate is self-signed or even that the certificate has the cA basic constraint.

fn from_v1_der(cert_der: Input<'a>) -> Result<Self, Error>

Parses a v1 certificate directly into a TrustAnchor.

Trait Implementations

impl<'a> Debug for TrustAnchor<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> From<Cert<'a>> for TrustAnchor<'a>

fn from(cert: Cert<'a>) -> Self

Converts to this type from the input type.