Struct FullCmcRequest 

pub struct FullCmcRequest { /* private fields */ }

Full CMC request (RFC 7030 §4.3.1).

Contains a CMC PKIData message wrapped in a PKCS#7 SignedData structure. The SignedData MUST be signed by an RA certificate with id-kp-cmcRA EKU.

CMC supports advanced features:

• Batch enrollment (multiple CSRs in one request)
• Attribute certification
• Key archival
• Revocation requests
• ML-DSA and ML-KEM enrollment

Implementations

impl FullCmcRequest

pub fn new(cmc_der: Vec<u8>) -> Self

Creates a new Full CMC request from DER-encoded PKCS#7.

pub fn cmc_der(&self) -> &[u8]

Returns the raw DER-encoded CMC data.

pub fn into_cmc_der(self) -> Vec<u8>

Consumes self and returns the DER-encoded CMC data.

pub fn to_base64(&self) -> String

Encodes the request as base64 for HTTP transport.

pub fn from_base64(base64_data: &str) -> EstResult<Self>

Decodes a base64-encoded Full CMC request.

pub fn validate(&self) -> EstResult<()>

Validates the CMC structure.

This performs basic DER validation. Full CMC validation (signature verification, RA EKU check, PKIData parsing) is delegated to the CA module.

pub fn validate_ra_eku(&self, _ra_cert_der: &[u8]) -> EstResult<()>

Validates RA certificate EKU (stub).

The RA certificate used to sign the CMC request MUST contain the id-kp-cmcRA (1.3.6.1.5.5.7.3.28) extended key usage.

This is a placeholder - actual validation requires parsing the SignedData and verifying the signer certificate’s EKU. Delegated to CA module.

Arguments

• ra_cert_der - DER-encoded RA certificate from SignedData

Errors

Returns EstError::InvalidEku if the certificate lacks id-kp-cmcRA.

pub fn contains_pqc(&self) -> bool

Checks if the CMC request contains ML-DSA or ML-KEM enrollment requests.

Searches for post-quantum algorithm OID prefixes in the DER structure.

Trait Implementations

impl Clone for FullCmcRequest

fn clone(&self) -> FullCmcRequest

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for FullCmcRequest

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for FullCmcRequest

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for FullCmcRequest

fn eq(&self, other: &FullCmcRequest) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for FullCmcRequest

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for FullCmcRequest

impl StructuralPartialEq for FullCmcRequest