[−][src]Crate x509_parser
X.509 Parser
A X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.
It is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken to ensure security and safety of this crate, including design (recursion limit, defensive programming), tests, and fuzzing. It also aims to be panic-free.
The code is available on Github and is part of the Rusticata project.
The main parsing method is parse_x509_der
, which takes a
DER-encoded certificate as input, and builds a
X509Certificate
object.
For PEM-encoded certificates, use the pem
module.
Examples
Parsing a certificate in DER format:
use x509_parser::parse_x509_der; static IGCA_DER: &'static [u8] = include_bytes!("../assets/IGC_A.der"); let res = parse_x509_der(IGCA_DER); match res { Ok((rem, cert)) => { assert!(rem.is_empty()); // assert_eq!(cert.tbs_certificate.version, 2); }, _ => panic!("x509 parsing failed: {:?}", res), }
See also examples/print-cert.rs
.
Features
- The
verify
feature adds support for (cryptographic) signature verification, based on ring. It adds theverify_signature
toX509Certificate
.
/// Cryptographic signature verification: returns true if certificate was signed by issuer #[cfg(feature = "verify")] pub fn check_signature(cert: &X509Certificate<'_>, issuer: &X509Certificate<'_>) -> bool { let issuer_public_key = &issuer.tbs_certificate.subject_pki; cert .verify_signature(Some(issuer_public_key)) .is_ok() }
Re-exports
pub use x509::*; |
Modules
error | X.509 errors |
extensions | |
objects | X.509 helper objects definitions: OID, short and long names, NID (internal ID) |
pem | Decoding functions for PEM-encoded data |
x509 | X.509 objects |
Structs
ASN1Time | An ASN.1 timestamp. |
Functions
parse_crl_der | |
parse_subject_public_key_info | Parse the SubjectPublicKeyInfo struct portion of a DER-encoded X.509 Certificate |
parse_x509_der | Parse a DER-encoded X.509 Certificate, and return the remaining of the input and the built object. |
parse_x509_name | Parse the X.501 type Name, used for ex in issuer and subject of a X.509 certificate |
x509_parser | Deprecated |