Skip to main content

Crate pkix_aia

Crate pkix_aia 

Source
Expand description

§pkix-aia

Authority Information Access (AIA) fetcher trait and types for pkix-chain, per RFC 5280 §4.2.2.1.

AIA is the extension that carries caIssuers URIs pointing at the certificate’s issuer. Chain-build code can follow these URIs to fetch missing intermediate certificates when the caller-supplied chain is incomplete.

This crate ships only the trait surface: the AiaError type (this release), the AiaFetcher trait (planned, tracked at PKIX-zkjb.3), and the NoAiaFetcher zero-cost default (planned, tracked at PKIX-zkjb.4). Real HTTP fetching lives in a separate adapter crate (pkix-aia-http, planned, tracked at PKIX-zkjb.5).

§Architectural placement

pkix-chain  ----+------>  pkix-aia          (trait + error + no-op default)
                |
                +------>  pkix-aia-http     (real HTTP fetcher adapter)

pkix-chain’s Verifier struct holds an A: AiaFetcher generic parameter that defaults to NoAiaFetcher. Callers who do not need AIA fetching see no API change; callers who do can plug in any AiaFetcher implementation, including HTTP adapters shipped by separate crates or in-process caching wrappers.

§no_std and feature flags

The default build is no_std + alloc. Enabling the std feature unlocks the AiaError::IoFailure variant (whose kind: std::io::ErrorKind field requires std::io) and the std::error::Error impl. Enabling serde derives serde::Serialize / serde::Deserialize on AiaError; with both std + serde the IoFailure variant round-trips its kind field through a crate-private label helper.

Per AGENTS.md non-negotiable #6, AiaError is Clone + Debug + PartialEq + Eq + Send + Sync (compile-time asserted) and is #[non_exhaustive]. No embedded std::io::Error handle (it is not Clone + Eq + Serialize); the variant uses the IoFailure { kind, message } shape mandated by PKIX-2l0v.1 D3.

§Status

Initial release: AiaError + AiaFetcher + NoAiaFetcher. The remaining work under the PKIX-zkjb epic integrates the trait into pkix-chain::Verifier (PKIX-zkjb.9) and ships the HTTP transport adapter pkix-aia-http (PKIX-zkjb.5).

Structs§

NoAiaFetcher
Zero-cost AiaFetcher default that never fetches.

Enums§

AiaError
Failure modes for AiaFetcher implementations.

Traits§

AiaFetcher
Trait for fetching certificate DER bytes by URI.