Eagerly implemented Debug trait

rcgen/src/lib.rs

@@ -34,7 +34,7 @@ println!("{}", key_pair.serialize_pem());
 #![warn(unreachable_pub)]
 
 use std::collections::HashMap;
-use std::fmt;
+use std::fmt::{self, Debug};
 use std::hash::Hash;
 use std::net::IpAddr;
 #[cfg(feature = "x509-parser")]
@@ -150,6 +150,25 @@ impl<'a, S: SigningKey> Issuer<'a, S> {
 	}
 }
 
+impl<'a, S: SigningKey> Debug for Issuer<'a, S> {
+	/// Formats the issuer information without revealing the key pair.
+	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+		// The key pair is omitted from the debug output as it contains secret information.
+		let Issuer {
+			distinguished_name,
+			key_identifier_method,
+			key_usages,
+			key_pair: _,
+		} = self;
+
+		f.debug_struct("Issuer")
+			.field("distinguished_name", distinguished_name)
+			.field("key_identifier_method", key_identifier_method)
+			.field("key_usages", key_usages)
+			.finish()
+	}
+}
+
 // https://tools.ietf.org/html/rfc5280#section-4.1.1
 
 // Example certs usable as reference:
@@ -430,7 +449,7 @@ impl DistinguishedName {
 /**
 Iterator over [`DistinguishedName`] entries
 */
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct DistinguishedNameIterator<'a> {
 	distinguished_name: &'a DistinguishedName,
 	iter: std::slice::Iter<'a, DnType>,

rcgen/src/sign_algo.rs

@@ -10,14 +10,14 @@ use crate::ring_like::signature::{self, EcdsaSigningAlgorithm, EdDSAParameters,
 use crate::Error;
 
 #[cfg(feature = "crypto")]
-#[derive(Clone, Copy)]
+#[derive(Clone, Copy, Debug)]
 pub(crate) enum SignAlgo {
 	EcDsa(&'static EcdsaSigningAlgorithm),
 	EdDsa(&'static EdDSAParameters),
 	Rsa(&'static dyn RsaEncoding),
 }
 
-#[derive(Clone, Copy, PartialEq, Eq, Hash)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
 pub(crate) enum SignatureAlgorithmParams {
 	/// Omit the parameters
 	None,

rustls-cert-gen/src/cert.rs

@@ -37,7 +37,7 @@ impl PemCertifiedKey {
 
 /// Builder to configure TLS [CertificateParams] to be finalized
 /// into either a [Ca] or an [EndEntity].
-#[derive(Clone, Default)]
+#[derive(Clone, Debug, Default)]
 pub struct CertificateBuilder {
 	params: CertificateParams,
 	alg: KeyPairAlgorithm,
@@ -80,7 +80,7 @@ impl CertificateBuilder {
 }
 
 /// [CertificateParams] from which an [Ca] [Certificate] can be built
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct CaBuilder {
 	params: CertificateParams,
 	alg: KeyPairAlgorithm,
@@ -145,6 +145,23 @@ impl Ca {
 	}
 }
 
+impl std::fmt::Debug for Ca {
+	/// Formats the `Ca` information without revealing the key pair.
+	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+		// The key pair is omitted from the debug output as it contains secret information.
+		let Ca {
+			cert,
+			params,
+			key_pair: _,
+		} = self;
+
+		f.debug_struct("Ca")
+			.field("cert", cert)
+			.field("params", params)
+			.finish()
+	}
+}
+
 /// End-entity [Certificate]
 pub struct EndEntity {
 	cert: Certificate,
@@ -161,8 +178,18 @@ impl EndEntity {
 	}
 }
 
+impl std::fmt::Debug for EndEntity {
+	/// Formats the `EndEntity` information without revealing the key pair.
+	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+		// The key pair is omitted from the debug output as it contains secret information.
+		let EndEntity { cert, key_pair: _ } = self;
+
+		f.debug_struct("EndEntity").field("cert", cert).finish()
+	}
+}
+
 /// [CertificateParams] from which an [EndEntity] [Certificate] can be built
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct EndEntityBuilder {
 	params: CertificateParams,
 	alg: KeyPairAlgorithm,