[][src]Crate x509_parser

License: MIT Apache License 2.0 docs.rs crates.io Download numbers Travis CI Github CI

X.509 Parser

A X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.

It is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken to ensure security and safety of this crate, including design (recursion limit, defensive programming), tests, and fuzzing. It also aims to be panic-free.

The code is available on Github and is part of the Rusticata project.

The main parsing method is parse_x509_der, which takes a DER-encoded certificate as input, and builds a X509Certificate object.

For PEM-encoded certificates, use the pem module.

Examples

Parsing a certificate in DER format:

use x509_parser::parse_x509_der;

static IGCA_DER: &'static [u8] = include_bytes!("../assets/IGC_A.der");

let res = parse_x509_der(IGCA_DER);
match res {
    Ok((rem, cert)) => {
        assert!(rem.is_empty());
        //
        assert_eq!(cert.tbs_certificate.version, 2);
    },
    _ => panic!("x509 parsing failed: {:?}", res),
}

See also examples/print-cert.rs.

Features

  • The verify feature adds support for (cryptographic) signature verification, based on ring. It adds the verify_signature to X509Certificate.
/// Cryptographic signature verification: returns true if certificate was signed by issuer
#[cfg(feature = "verify")]
pub fn check_signature(cert: &X509Certificate<'_>, issuer: &X509Certificate<'_>) -> bool {
    let issuer_public_key = &issuer.tbs_certificate.subject_pki;
    cert
        .verify_signature(Some(issuer_public_key))
        .is_ok()
}

Re-exports

pub use x509::*;

Modules

error

X.509 errors

extensions
objects

X.509 helper objects definitions: OID, short and long names, NID (internal ID)

pem

Decoding functions for PEM-encoded data

x509

X.509 objects

Structs

ASN1Time

An ASN.1 timestamp.

Functions

parse_crl_der
parse_subject_public_key_info

Parse the SubjectPublicKeyInfo struct portion of a DER-encoded X.509 Certificate

parse_x509_der

Parse a DER-encoded X.509 Certificate, and return the remaining of the input and the built object.

parse_x509_name

Parse the X.501 type Name, used for ex in issuer and subject of a X.509 certificate

x509_parserDeprecated