pub trait KeyProvider:
Send
+ Sync
+ Debug {
// Required method
fn load_private_key(
&self,
key_der: PrivateKeyDer<'static>,
) -> Result<Arc<dyn SigningKey>, Error>;
// Provided method
fn fips(&self) -> bool { ... }
}
Expand description
A mechanism for loading private SigningKeys from PrivateKeyDer.
This trait is intended to be used with private key material that is sourced from DER, such as a private-key that may be present on-disk. It is not intended to be used with keys held in hardware security modules (HSMs) or physical tokens. For these use-cases see the Rustls manual section on customizing private key usage.
Required Methods§
Sourcefn load_private_key(
&self,
key_der: PrivateKeyDer<'static>,
) -> Result<Arc<dyn SigningKey>, Error>
fn load_private_key( &self, key_der: PrivateKeyDer<'static>, ) -> Result<Arc<dyn SigningKey>, Error>
Decode and validate a private signing key from key_der
.
This is used by ConfigBuilder::with_client_auth_cert()
, ConfigBuilder::with_single_cert()
,
and ConfigBuilder::with_single_cert_with_ocsp()
. The key types and formats supported by this
function directly defines the key types and formats supported in those APIs.
Return an error if the key type encoding is not supported, or if the key fails validation.
Provided Methods§
Sourcefn fips(&self) -> bool
fn fips(&self) -> bool
Return true
if this is backed by a FIPS-approved implementation.
If this returns true
, that must be the case for all possible key types
supported by KeyProvider::load_private_key()
.