x509-cert: builder: use DynSignatureAlgorithmIdentifier for S

RSA PSS implements DynSignatureAlgorithmIdentifier only for the
SigningKey, not for the verifying key. To allow using CertificateBuilder
with RSA PSS keys require DynSignatureAlgorithmIdentifier implementation
on S rather than on S::VerifyingKey.

This also follows the following logic: verifying key can possibly verify
several kinds of signatures, while for the signing key we must know
exact signature kind and parameters.

Signed-off-by: Dmitry Baryshkov <[email protected]>

Author: lumag

x509-cert/src/builder.rs

@@ -238,9 +238,8 @@ pub struct CertificateBuilder<'s, S> {
 
 impl<'s, S> CertificateBuilder<'s, S>
 where
-    S: Keypair,
+    S: Keypair + DynSignatureAlgorithmIdentifier,
     S::VerifyingKey: EncodePublicKey,
-    S::VerifyingKey: DynSignatureAlgorithmIdentifier,
 {
     /// Creates a new certificate builder
     pub fn new<Signature>(
@@ -260,7 +259,7 @@ where
             .to_public_key_der()?
             .decode_msg::<SubjectPublicKeyInfoOwned>()?;
 
-        let signature_alg = verifying_key.signature_algorithm_identifier()?;
+        let signature_alg = signer.signature_algorithm_identifier()?;
         let issuer = profile.get_issuer(&subject);
 
         validity.not_before.rfc5280_adjust_utc_time()?;