acumen - v1.1.0

acumen/renewal_info

Renewal information types and certificate identifier helpers (RFC 9773).

The ACME Renewal Information (ARI) extension allows servers to suggest optimal renewal windows for certificates.

Example

import acumen/renewal_info
import kryptos/x509/certificate

// From raw components:
let id = renewal_info.cert_id(aki_bytes, serial_bytes)

// From a parsed certificate:
let assert Ok(certs) = certificate.from_pem(pem_string)
let assert [cert, ..] = certs
let assert Ok(id) = renewal_info.cert_id_from_certificate(cert)

Types

RenewalInfo

</>

Renewal information from an ACME server (RFC 9773).

pub type RenewalInfo {
  RenewalInfo(
    suggested_window: SuggestedWindow,
    explanation_url: option.Option(uri.Uri),
  )
}

Constructors 

  • RenewalInfo(
  suggested_window: SuggestedWindow,
  explanation_url: option.Option(uri.Uri),
)

    Arguments

    suggested_window

    The server’s suggested renewal window.

    explanation_url

    URL with additional context about the renewal recommendation.

SuggestedWindow

</>

A suggested renewal window with start and end timestamps.

pub type SuggestedWindow {
  SuggestedWindow(
    start: timestamp.Timestamp,
    end: timestamp.Timestamp,
  )
}

Constructors

Values

cert_id

</> 
pub fn cert_id(
  authority_key_identifier authority_key_identifier: BitArray,
  serial serial: BitArray,
) -> String

Builds a certificate identifier from raw AKI keyIdentifier and serial number bytes.

The identifier format is base64url(AKI) "." base64url(serial) as specified by RFC 9773. This identifier is used both for querying renewal information and for the replaces field in order creation.

Example

let id = renewal_info.cert_id(aki_bytes, serial_bytes)

cert_id_from_certificate

</> 
pub fn cert_id_from_certificate(
  cert: certificate.Certificate(certificate.Parsed),
) -> Result(String, acumen.AcmeError)

Extracts a certificate identifier from a parsed certificate.

Extracts the Authority Key Identifier (AKI) keyIdentifier and serial number, and constructs the RFC 9773 certificate identifier.

Parse certificates with kryptos/x509/certificate.from_pem or kryptos/x509/certificate.from_der before calling this function.

Example

let assert Ok(certs) = certificate.from_pem(pem_string)
let assert [cert, ..] = certs
let assert Ok(id) = renewal_info.cert_id_from_certificate(cert)
Search Document