Crate pkix_path 

RFC 5280 X.509 certificate path validation — pure Rust, no_std.

Implements certificate path building and validation per RFC 5280 §6.

Architecture

Cryptographic signature verification is pluggable via SignatureVerifier. The default feature set wires in RustCrypto backends for RSA-PKCS1v15-SHA-{256,384,512} (rsa feature) and ECDSA-P-256-SHA-256 (p256 feature). The optional p384 feature adds ECDSA-P-384-SHA-384; rustcrypto enables all three together. For FIPS-validated crypto, implement SignatureVerifier against wolfcrypt-rustcrypto and disable the rustcrypto feature.

Revocation checking is handled by pkix-revocation. This crate never touches the network — use pkix_chain::verify_chain for the combined API.

Limitations

The following are not currently implemented:

• Additional signature algorithms — Ed25519 (RFC 8032), ECDSA P-521 (RFC 5480), and RSA-PSS (RFC 4055) are not yet wired into the bundled RustCrypto backends. Tracked under PKIX-gphz. Callers can implement SignatureVerifier for any algorithm they need without waiting for the bundled backends; the trait is the only algorithm-specific surface in this crate. SHA-1 verifiers (RFC 8017, legacy) are intentionally not shipped; deployments requiring legacy SHA-1 trust must implement SignatureVerifier themselves.
• RFC 4518 full Unicode NFKC DN normalization — ASCII case-folding plus insignificant-whitespace collapsing is applied. BMPString AVA values are transcoded UCS-2-BE → UTF-8 and then compared via the same ASCII-only normalization pipeline, so two AVAs that share Unicode code points but differ only in DER string-type (e.g. BMPString “Foo Co” vs UTF8String “Foo Co”) compare equal. Full RFC 4518 prep (NFKC, non-ASCII Unicode case fold, prohibit/bidi steps) is future work tracked under PKIX-l63j; until it lands, two BMPString values that contain the same Unicode code points but differ in canonical decomposition (e.g. precomposed U+00E9 ‘é’ vs decomposed U+0065 U+0301 ‘e’+ combining acute) compare unequal. UniversalString AVA values are rejected by the der crate at parse time (tag 0x1C is not in der::Tag in 0.7) and never reach the path validator. TeletexString AVAs use raw DER byte comparison by policy — pkix-path deliberately does not transcode T.61 to Unicode; see any_to_str_bytes rustdoc for the rationale.
• Online revocation — revocation is handled by pkix-revocation (CRL/OCSP); this crate is network-free by design.
• Path building — converting an unordered bag of certificates into a validated chain is handled by pkix-path-builder. This crate validates a caller-ordered &[Certificate] only.
• AIA fetching — chains with missing intermediates are not reassembled from AuthorityInfoAccess URIs. Callers must supply a complete chain. The pkix-aia crate (trait + NoAiaFetcher default) and pkix-aia-http adapter are tracked under PKIX-zkjb.

Modules

serde_derserde

Helper module for format-adaptive serde serialization of DER-encodable types. Public so downstream crates (pkix-chain, pkix-revocation, pkix-truststore) can reuse the same wire form on their own result types without redefining the helpers. Helper functions for serde-serializing DER-encodable types in a format-adaptive wire form.

Structs

DefaultVerifierp256 or p384 or rsa

A SignatureVerifier that dispatches to available RustCrypto backends by OID.

DerError

Opaque wrapper around an underlying ASN.1 / DER error.

EcdsaP256Verifierp256

ECDSA P-256 with SHA-256 signature verifier.

EcdsaP384Verifierp384

ECDSA P-384 with SHA-384 signature verifier.

NameConstraints

Re-exported for use with TrustAnchor::name_constraints. NameConstraints extension as defined in RFC 5280 Section 4.2.1.10.

PolicyTreeNode

A node in the §6.1.5 valid_policy_tree, exposed for post-validation qualifier extraction on ValidatedPath::valid_policy_tree.

RsaPkcs1v15Sha256Verifierrsa

RSA with PKCS#1 v1.5 padding and SHA-256 signature verifier.

RsaPkcs1v15Sha384Verifierrsa

RSA with PKCS#1 v1.5 padding and SHA-384 signature verifier.

RsaPkcs1v15Sha512Verifierrsa

RSA with PKCS#1 v1.5 padding and SHA-512 signature verifier.

TrustAnchor

A trust anchor used to terminate path validation.

ValidatedPath

The result of a successful certificate path validation.

ValidationPolicy

Policy parameters controlling path validation.

Enums

DnAttrRule

Compositional rule for asserting required Subject DN attributes on a leaf cert.

Error

Errors returned by path validation.

Traits

Profile

A PKI regime profile that bundles identity, citation, and a validation policy.

SignatureVerifier

Pluggable signature verification backend.

Functions

cert_is_ca

Returns Ok(true) if cert is a CA certificate per its BasicConstraints extension (RFC 5280 §4.2.1.9), Ok(false) if the extension is absent or cA = FALSE, and Err(DerError) if the extension is present but cannot be DER-decoded.

names_match

Compare two distinguished names per RFC 4518 string prep rules.

validate_path

Validate a certificate chain from subject to a trust anchor.

validate_path_with_profile

Validate a certificate chain using a Profile to produce the policy.

Type Aliases

Result

Result alias for this crate.