Struct Credentials 

#[non_exhaustive]
pub struct Credentials {
    pub identity: Arc<Identity<'static>>,
    pub key: Box<dyn SigningKey>,
    pub ocsp: Option<Arc<[u8]>>,
}

A packaged-together certificate chain, matching SigningKey and optional stapled OCSP response.

Note: this struct is also used to represent an RFC 7250 raw public key, when the client/server is configured to use raw public keys instead of certificates.

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

identity: Arc<Identity<'static>>

The certificate chain or raw public key.

key: Box<dyn SigningKey>

The signing key matching the identity.

ocsp: Option<Arc<[u8]>>

An optional OCSP response from the certificate issuer, attesting to its continued validity.

Implementations

impl Credentials

pub fn from_der( identity: Arc<Identity<'static>>, key: PrivateKeyDer<'static>, provider: &CryptoProvider, ) -> Result<Self, Error>

Create a new Credentials from a certificate chain and DER-encoded private key.

Attempt to parse the private key with the given CryptoProvider’s KeyProvider and verify that it matches the public key in the first certificate of the identity if possible (if it is an X509 identity).

pub fn new( identity: Arc<Identity<'static>>, key: Box<dyn SigningKey>, ) -> Result<Self, Error>

Make a new Credentials, with the given identity and key.

Yields Error::InconsistentKeys if the identity is X509 and the end-entity certificate’s subject public key info does not match that of the key’s public key, or if the key does not have a public key.

This constructor should be used with all SigningKey implementations that can provide a public key, including those provided by rustls itself.

pub fn new_unchecked( identity: Arc<Identity<'static>>, key: Box<dyn SigningKey>, ) -> Self

Make a new Credentials from a raw private key.

Unlike Credentials::new(), this does not check that the end-entity certificate’s subject key matches key’s public key.

This avoids parsing the end-entity certificate, which is useful when using client certificates that are not fully standards compliant, but known to usable by the peer.

pub fn signer( &self, sig_schemes: &[SignatureScheme], ) -> Option<SelectedCredential>

Attempt to produce a SelectedCredential using one of the given signature schemes.

Calls SigningKey::choose_scheme() and propagates cert_chain and ocsp.

Trait Implementations

impl Debug for Credentials

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl From<Credentials> for SingleCredential

fn from(credentials: Credentials) -> Self

Converts to this type from the input type.

impl Hash for Credentials

fn hash<H: Hasher>(&self, state: &mut H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.