Struct x509_parser::certificate::X509Certificate

pub struct X509Certificate<'a> {
    pub tbs_certificate: TbsCertificate<'a>,
    pub signature_algorithm: AlgorithmIdentifier<'a>,
    pub signature_value: BitStringObject<'a>,
}

An X.509 v3 Certificate.

X.509 v3 certificates are defined in RFC5280, section 4.1. This object uses the same structure for content, so for ex the subject can be accessed using the path x509.tbs_certificate.subject.

X509Certificate also contains convenience methods to access the most common fields (subject, issuer, etc.).

A X509Certificate is a zero-copy view over a buffer, so the lifetime is the same as the buffer containing the binary representation.

fn display_x509_info(x509: &X509Certificate<'_>) {
     let subject = x509.subject();
     let issuer = x509.issuer();
     println!("X.509 Subject: {}", subject);
     println!("X.509 Issuer: {}", issuer);
     println!("X.509 serial: {}", x509.tbs_certificate.raw_serial_as_string());
}

Fields

tbs_certificate: TbsCertificate<'a>

signature_algorithm: AlgorithmIdentifier<'a>

signature_value: BitStringObject<'a>

Implementations

impl<'a> X509Certificate<'a>

pub fn version(&self) -> X509Version

Get the version of the encoded certificate

pub fn subject(&self) -> &X509Name<'_>

Get the certificate subject.

pub fn issuer(&self) -> &X509Name<'_>

Get the certificate issuer.

pub fn validity(&self) -> &Validity

Get the certificate validity.

pub fn public_key(&self) -> &SubjectPublicKeyInfo<'_>

Get the certificate public key information.

pub fn extensions(&self) -> &[X509Extension<'_>]

Get the certificate extensions.

pub fn verify_signature(
    &self,
    public_key: Option<&SubjectPublicKeyInfo<'_>>
) -> Result<(), X509Error>

This is supported on crate feature verify only.

Verify the cryptographic signature of this certificate

public_key is the public key of the signer. For a self-signed certificate, (for ex. a public root certificate authority), this is the key from the certificate, so you can use None.

For a leaf certificate, this is the public key of the certificate that signed it. It is usually an intermediate authority.

Trait Implementations

impl<'a> Clone for X509Certificate<'a>

fn clone(&self) -> X509Certificate<'a>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a> Debug for X509Certificate<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> FromDer<'a> for X509Certificate<'a>

fn from_der(i: &'a [u8]) -> X509Result<'_, Self>

Parse a DER-encoded X.509 Certificate, and return the remaining of the input and the built object.

The returned object uses zero-copy, and so has the same lifetime as the input.

Note that only parsing is done, not validation.

Certificate  ::=  SEQUENCE  {
        tbsCertificate       TBSCertificate,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING  }

Example

To parse a certificate and print the subject and issuer:

let res = parse_x509_certificate(DER);
match res {
    Ok((_rem, x509)) => {
        let subject = x509.subject();
        let issuer = x509.issuer();
        println!("X.509 Subject: {}", subject);
        println!("X.509 Issuer: {}", issuer);
    },
    _ => panic!("x509 parsing failed: {:?}", res),
}

impl<'a> Parser<&'a [u8], X509Certificate<'a>, X509Error> for X509CertificateParser

fn parse(
    &mut self,
    input: &'a [u8]
) -> IResult<&'a [u8], X509Certificate<'a>, X509Error>

A parser takes in input type, and returns a Result containing either the remaining input and the output value, or an error

fn map<G, O2>(self, g: G) -> Map<Self, G, O> where
    G: Fn(O) -> O2, 

Maps a function over the result of a parser

fn flat_map<G, H, O2>(self, g: G) -> FlatMap<Self, G, O> where
    G: Fn(O) -> H,
    H: Parser<I, O2, E>, 

Creates a second parser from the output of the first one, then apply over the rest of the input

fn and_then<G, O2>(self, g: G) -> AndThen<Self, G, O> where
    G: Parser<O, O2, E>, 

Applies a second parser over the output of the first one

fn and<G, O2>(self, g: G) -> And<Self, G> where
    G: Parser<I, O2, E>, 

Applies a second parser after the first one, return their results as a tuple

fn or<G>(self, g: G) -> Or<Self, G> where
    G: Parser<I, O, E>, 

Applies a second parser over the input if the first one failed

fn into<O2, E2>(self) -> Into<Self, O, O2, E, E2> where
    O2: From<O>,
    E2: From<E>, 

automatically converts the parser’s output and error values to another type, as long as they implement the From trait

impl<'a> PartialEq<X509Certificate<'a>> for X509Certificate<'a>

fn eq(&self, other: &X509Certificate<'a>) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &X509Certificate<'a>) -> bool

This method tests for !=.

impl Validate for X509Certificate<'_>

This is supported on crate feature validate only.

fn validate<W, E>(&self, warn: W, err: E) -> bool where
    W: FnMut(&str),
    E: FnMut(&str), 

Attempts to validate current item.

fn validate_to_vec(&self) -> (bool, Vec<String>, Vec<String>)

Attempts to validate current item, storing warning and errors in Vec.

impl<'a> StructuralPartialEq for X509Certificate<'a>