Expand description

Decoding functions for PEM-encoded data

A PEM object is a container, which can store (amongst other formats) a public X.509 Certificate, or a CRL, etc. It contains only printable characters. PEM-encoded binary data is essentially a beginning and matching end tag that encloses base64-encoded binary data (see: https://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail).

Examples

To parse a certificate in PEM format, first create the Pem object, then decode contents:

use x509_parser::pem::Pem;
use x509_parser::x509::X509Version;

static IGCA_PEM: &str = "../assets/IGC_A.pem";

let data = std::fs::read(IGCA_PEM).expect("Could not read file");
for pem in Pem::iter_from_buffer(&data) {
    let pem = pem.expect("Reading next PEM block failed");
    let x509 = pem.parse_x509().expect("X.509: decoding DER failed");
    assert_eq!(x509.tbs_certificate.version, X509Version::V3);
}

This is the most direct method to parse PEM data.

Another method to parse the certificate is to use parse_x509_pem:

use x509_parser::pem::parse_x509_pem;
use x509_parser::parse_x509_certificate;

static IGCA_PEM: &[u8] = include_bytes!("../assets/IGC_A.pem");

let res = parse_x509_pem(IGCA_PEM);
match res {
    Ok((rem, pem)) => {
        assert!(rem.is_empty());
        //
        assert_eq!(pem.label, String::from("CERTIFICATE"));
        //
        let res_x509 = parse_x509_certificate(&pem.contents);
        assert!(res_x509.is_ok());
    },
    _ => panic!("PEM parsing failed: {:?}", res),
}

Note that all methods require to store the Pem object in a variable, mainly because decoding the PEM object requires allocation of buffers, and that the lifetime of X.509 certificates will be bound to these buffers.

Structs

Representation of PEM data

Iterator over PEM-encapsulated blocks

Functions

Read a PEM-encoded structure, and decode the base64 data

pem_to_derDeprecated