Add Issuer::from_ca_cert_der that takes a KeyPair reference

[0xIO32]

Add a Issuer::from_ca_cert_der alternative that takes a KeyPair reference, instead of requireing an owned instance of KeyPair.

My current workarround:

fn clone_keypair(keypair: &KeyPair) -> KeyPair {
    let der = PrivateKeyDer::try_from(keypair.serialize_der()).expect("Unable to clone keypair");
    KeyPair::from_der_and_sign_algo(&der, keypair.algorithm()).expect("Unable to clone keypair")
}

[djc]

Why do you need this? What would the surrounding code look like?

[0xIO32]

Signing a key with specific properties (used later for tls authentication).

My internal api takes a reference to KeyPair. So a: the function / Issuer struct doesn't actually need the ownership (it even has a lifetime declared), and b I don't want to break my internal api.

[djc]

Ah, okay -- I misunderstood your issue. Does

• Forward signing and public key data through references #380

address your use case?

[0xIO32]

Ah, okay -- I misunderstood your issue. Does

• Forward signing and public key data through references #380

address your use case?

Unfortunetly not, sorry. With "signing a key", I meant creating a new x509 certificate that is trusted/signed by an existing x509 ca certificate. To call CertificateSigningRequestParams::signed_by, I need a reference to Issuer. Issuer takes ownership of KeyPair although it doesn't need it.

( CertificateParams.self_signed also still takes a reference to KeyPair)

[djc]

Unfortunetly not, sorry. With "signing a key", I meant creating a new x509 certificate that is trusted/signed by an existing x509 ca certificate. To call CertificateSigningRequestParams::signed_by, I need a reference to Issuer. Issuer takes ownership of KeyPair although it doesn't need it.

Issuer::signing_key holds an S: SigningKey, but with my PR &impl SigningKey itself also implements SigningKey, so you should be able to call one of the Issuer constructors while only passing it a &KeyPair. Please try it and tell me the specific error you get if it doesn't work.

[0xIO32]

Unfortunetly not, sorry. With "signing a key", I meant creating a new x509 certificate that is trusted/signed by an existing x509 ca certificate. To call CertificateSigningRequestParams::signed_by, I need a reference to Issuer. Issuer takes ownership of KeyPair although it doesn't need it.

Issuer::signing_key holds an S: SigningKey, but with my PR &impl SigningKey itself also implements SigningKey, so you should be able to call one of the Issuer constructors while only passing it a &KeyPair. Please try it and tell me the specific error you get if it doesn't work.

Ah, yes thanks for pointing it out. My fault. I misunterstood the pr while reviewing it on my mobile device. It does indeed solve the issue.