@@ -41,6 +41,8 @@ use std::net::IpAddr;
41
41
use std:: net:: { Ipv4Addr , Ipv6Addr } ;
42
42
use std:: ops:: Deref ;
43
43
44
+ #[ cfg( feature = "pem" ) ]
45
+ use pem:: Pem ;
44
46
#[ cfg( feature = "x509-parser" ) ]
45
47
use pki_types:: CertificateDer ;
46
48
use time:: { OffsetDateTime , Time } ;
@@ -136,6 +138,55 @@ pub fn generate_simple_self_signed(
136
138
Ok ( CertifiedKey { cert, signing_key } )
137
139
}
138
140
141
+ /// An [`Issuer`] wrapper that also contains the issuer's [`Certificate`].
142
+ pub struct CertifiedIssuer < ' a , S > {
143
+ certificate : Certificate ,
144
+ issuer : Issuer < ' a , S > ,
145
+ }
146
+
147
+ impl < ' a , S : SigningKey > CertifiedIssuer < ' a , S > {
148
+ /// Create a new issuer from the given parameters and key, with a self-signed certificate.
149
+ pub fn self_signed ( params : CertificateParams , signing_key : S ) -> Result < Self , Error > {
150
+ Ok ( Self {
151
+ certificate : params. self_signed ( & signing_key) ?,
152
+ issuer : Issuer :: new ( params, signing_key) ,
153
+ } )
154
+ }
155
+
156
+ /// Create a new issuer from the given parameters and key, signed by the given `issuer`.
157
+ pub fn signed_by (
158
+ params : CertificateParams ,
159
+ signing_key : S ,
160
+ issuer : & Issuer < ' _ , impl SigningKey > ,
161
+ ) -> Result < Self , Error > {
162
+ Ok ( Self {
163
+ certificate : params. signed_by ( & signing_key, issuer) ?,
164
+ issuer : Issuer :: new ( params, signing_key) ,
165
+ } )
166
+ }
167
+
168
+ /// Get the certificate in PEM encoded format.
169
+ #[ cfg( feature = "pem" ) ]
170
+ pub fn pem ( & self ) -> String {
171
+ pem:: encode_config ( & Pem :: new ( "CERTIFICATE" , self . der ( ) . to_vec ( ) ) , ENCODE_CONFIG )
172
+ }
173
+
174
+ /// Get the certificate in DER encoded format.
175
+ ///
176
+ /// See also [`Certificate::der()`]
177
+ pub fn der ( & self ) -> & CertificateDer < ' static > {
178
+ self . certificate . der ( )
179
+ }
180
+ }
181
+
182
+ impl < ' a , S > Deref for CertifiedIssuer < ' a , S > {
183
+ type Target = Issuer < ' a , S > ;
184
+
185
+ fn deref ( & self ) -> & Self :: Target {
186
+ & self . issuer
187
+ }
188
+ }
189
+
139
190
/// An issuer that can sign certificates.
140
191
///
141
192
/// Encapsulates the distinguished name, key identifier method, key usages and signing key
0 commit comments