Move Certificate::key_identifier() to CertificateParams

djc · djc · commit 67a73a713c03 · 2025-04-23T13:56:50.000Z
diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs
@@ -25,7 +25,6 @@ use crate::{
 #[derive(Debug, Clone)]
 pub struct Certificate {
 	pub(crate) params: CertificateParams,
-	pub(crate) subject_public_key_info: Vec<u8>,
 	pub(crate) der: CertificateDer<'static>,
 }
 
@@ -34,13 +33,6 @@ impl Certificate {
 	pub fn params(&self) -> &CertificateParams {
 		&self.params
 	}
-	/// Calculates a subject key identifier for the certificate subject's public key.
-	/// This key identifier is used in the SubjectKeyIdentifier X.509v3 extension.
-	pub fn key_identifier(&self) -> Vec<u8> {
-		self.params
-			.key_identifier_method
-			.derive(&self.subject_public_key_info)
-	}
 	/// Get the certificate in DER encoded format.
 	///
 	/// [`CertificateDer`] implements `Deref<Target = [u8]>` and `AsRef<[u8]>`, so you can easily
@@ -169,11 +161,7 @@ impl CertificateParams {
 		};
 
 		let der = self.serialize_der_with_signer(public_key, issuer)?;
-		Ok(Certificate {
-			params: self,
-			subject_public_key_info: public_key.subject_public_key_info(),
-			der,
-		})
+		Ok(Certificate { params: self, der })
 	}
 
 	/// Generates a new self-signed certificate from the given parameters.
@@ -188,13 +176,15 @@ impl CertificateParams {
 			key_pair,
 		};
 
-		let subject_public_key_info = key_pair.subject_public_key_info();
 		let der = self.serialize_der_with_signer(key_pair, issuer)?;
-		Ok(Certificate {
-			params: self,
-			subject_public_key_info,
-			der,
-		})
+		Ok(Certificate { params: self, der })
+	}
+
+	/// Calculates a subject key identifier for the certificate subject's public key.
+	/// This key identifier is used in the SubjectKeyIdentifier X.509v3 extension.
+	pub fn key_identifier(&self, key: &impl PublicKeyData) -> Vec<u8> {
+		self.key_identifier_method
+			.derive(&key.subject_public_key_info())
 	}
 
 	/// Parses an existing ca certificate from the ASCII PEM format.
@@ -1489,8 +1479,9 @@ PITGdT9dgN88nHPCle0B1+OY+OZ5
 			);
 
 			let ca_kp = KeyPair::from_pem(ca_key).unwrap();
+			let key_id = params.key_identifier(&ca_kp);
 			let ca_cert = params.self_signed(&ca_kp).unwrap();
-			assert_eq!(&ca_ski, &ca_cert.key_identifier());
+			assert_eq!(&ca_ski, &key_id);
 
 			let (_, x509_ca) = x509_parser::parse_x509_certificate(ca_cert.der()).unwrap();
 			assert_eq!(
diff --git a/rcgen/src/csr.rs b/rcgen/src/csr.rs
@@ -218,7 +218,6 @@ impl CertificateSigningRequestParams {
 
 		Ok(Certificate {
 			params: self.params,
-			subject_public_key_info: self.public_key.subject_public_key_info(),
 			der,
 		})
 	}

Original file line number	Diff line number	Diff line change
`@@ -218,7 +218,6 @@ impl CertificateSigningRequestParams {`
`218`	`218`
`219`	`219`	`Ok(Certificate {`
`220`	`220`	`params: self.params,`
`221`		`- subject_public_key_info: self.public_key.subject_public_key_info(),`
`222`	`221`	`der,`
`223`	`222`	`})`
`224`	`223`	`}`