Signs the certificate using the CA's private key.
(
self,
private_key: CertificateIssuerPrivateKeyTypes,
algorithm: _AllowedHashTypes | None,
backend: typing.Any = None,
*,
rsa_padding: padding.PSS | padding.PKCS1v15 | None = None,
ecdsa_deterministic: bool | None = None,
)
| 519 | ) |
| 520 | |
| 521 | def sign( |
| 522 | self, |
| 523 | private_key: CertificateIssuerPrivateKeyTypes, |
| 524 | algorithm: _AllowedHashTypes | None, |
| 525 | backend: typing.Any = None, |
| 526 | *, |
| 527 | rsa_padding: padding.PSS | padding.PKCS1v15 | None = None, |
| 528 | ecdsa_deterministic: bool | None = None, |
| 529 | ) -> Certificate: |
| 530 | class="st">""" |
| 531 | Signs the certificate using the CA&class="cm">#x27;s private key. |
| 532 | class="st">""" |
| 533 | if self._subject_name is None: |
| 534 | raise ValueError(class="st">"A certificate must have a subject name") |
| 535 | |
| 536 | if self._issuer_name is None: |
| 537 | raise ValueError(class="st">"A certificate must have an issuer name") |
| 538 | |
| 539 | if self._serial_number is None: |
| 540 | raise ValueError(class="st">"A certificate must have a serial number") |
| 541 | |
| 542 | if self._not_valid_before is None: |
| 543 | raise ValueError(class="st">"A certificate must have a not valid before time") |
| 544 | |
| 545 | if self._not_valid_after is None: |
| 546 | raise ValueError(class="st">"A certificate must have a not valid after time") |
| 547 | |
| 548 | if self._public_key is None: |
| 549 | raise ValueError(class="st">"A certificate must have a public key") |
| 550 | |
| 551 | if rsa_padding is not None: |
| 552 | if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)): |
| 553 | raise TypeError(class="st">"Padding must be PSS or PKCS1v15") |
| 554 | if not isinstance(private_key, rsa.RSAPrivateKey): |
| 555 | raise TypeError(class="st">"Padding is only supported for RSA keys") |
| 556 | |
| 557 | if ecdsa_deterministic is not None: |
| 558 | if not isinstance(private_key, ec.EllipticCurvePrivateKey): |
| 559 | raise TypeError( |
| 560 | class="st">"Deterministic ECDSA is only supported for EC keys" |
| 561 | ) |
| 562 | |
| 563 | return rust_x509.create_x509_certificate( |
| 564 | self, |
| 565 | private_key, |
| 566 | algorithm, |
| 567 | rsa_padding, |
| 568 | ecdsa_deterministic, |
| 569 | ) |
| 570 | |
| 571 | |
| 572 | class CertificateRevocationListBuilder: |
no outgoing calls