refactor: Generalize csr/crl signed_by to take &impl AsRef issuer

This makes these consistent with Certificate::signed_by.
rustls · Jan 19, 2025 · 5a0e2bf · 5a0e2bf
1 parent cd88a39
commit 5a0e2bf
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 11 deletions.
diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs
@@ -157,7 +157,7 @@ impl CertificateParams {
 	pub fn signed_by(
 		self,
 		public_key: &impl PublicKeyData,
-		issuer: &impl AsRef<Self>,
+		issuer: &impl AsRef<CertificateParams>,
 		issuer_key: &KeyPair,
 	) -> Result<Certificate, Error> {
 		let issuer = Issuer {

diff --git a/rcgen/src/crl.rs b/rcgen/src/crl.rs
@@ -9,7 +9,7 @@ use yasna::Tag;
 use crate::ENCODE_CONFIG;
 use crate::{
 	oid, write_distinguished_name, write_dt_utc_or_generalized,
-	write_x509_authority_key_identifier, write_x509_extension, Certificate, Error, Issuer,
+	write_x509_authority_key_identifier, write_x509_extension, CertificateParams, Error, Issuer,
 	KeyIdMethod, KeyPair, KeyUsagePurpose, SerialNumber,
 };
 
@@ -188,17 +188,17 @@ impl CertificateRevocationListParams {
 	/// Including a signature from the issuing certificate authority's key.
 	pub fn signed_by(
 		self,
-		issuer: &Certificate,
+		issuer: &impl AsRef<CertificateParams>,
 		issuer_key: &KeyPair,
 	) -> Result<CertificateRevocationList, Error> {
 		if self.next_update.le(&self.this_update) {
 			return Err(Error::InvalidCrlNextUpdate);
 		}
 
 		let issuer = Issuer {
-			distinguished_name: &issuer.params.distinguished_name,
-			key_identifier_method: &issuer.params.key_identifier_method,
-			key_usages: &issuer.params.key_usages,
+			distinguished_name: &issuer.as_ref().distinguished_name,
+			key_identifier_method: &issuer.as_ref().key_identifier_method,
+			key_usages: &issuer.as_ref().key_usages,
 			key_pair: issuer_key,
 		};
 

diff --git a/rcgen/src/csr.rs b/rcgen/src/csr.rs
@@ -192,7 +192,8 @@ impl CertificateSigningRequestParams {
 	///
 	/// The returned certificate will have its issuer field set to the subject of the provided
 	/// `issuer`, and the authority key identifier extension will be populated using the subject
-	/// public key of `issuer`. It will be signed by `issuer_key`.
+	/// public key of `issuer` (typically either a [`CertificateParams`] or
+	/// [`Certificate`]). It will be signed by `issuer_key`.
 	///
 	/// Note that no validation of the `issuer` certificate is performed. Rcgen will not require
 	/// the certificate to be a CA certificate, or have key usage extensions that allow signing.
@@ -201,13 +202,13 @@ impl CertificateSigningRequestParams {
 	/// [`Certificate::pem`].
 	pub fn signed_by(
 		self,
-		issuer: &Certificate,
+		issuer: &impl AsRef<CertificateParams>,
 		issuer_key: &KeyPair,
 	) -> Result<Certificate, Error> {
 		let issuer = Issuer {
-			distinguished_name: &issuer.params.distinguished_name,
-			key_identifier_method: &issuer.params.key_identifier_method,
-			key_usages: &issuer.params.key_usages,
+			distinguished_name: &issuer.as_ref().distinguished_name,
+			key_identifier_method: &issuer.as_ref().key_identifier_method,
+			key_usages: &issuer.as_ref().key_usages,
 			key_pair: issuer_key,
 		};