x509_parser::revocation_list

Struct CertificateRevocationList

Source 
pub struct CertificateRevocationList<'a> {
    pub tbs_cert_list: TbsCertList<'a>,
    pub signature_algorithm: AlgorithmIdentifier<'a>,
    pub signature_value: BitString<'a>,
}
Expand description

An X.509 v2 Certificate Revocation List (CRL).

X.509 v2 CRLs are defined in RFC5280.

§Example

To parse a CRL and print information about revoked certificates:

use x509_parser::prelude::FromDer;
use x509_parser::revocation_list::CertificateRevocationList;

let res = CertificateRevocationList::from_der(DER);
match res {
    Ok((_rem, crl)) => {
        for revoked in crl.iter_revoked_certificates() {
            println!("Revoked certificate serial: {}", revoked.raw_serial_as_string());
            println!("  Reason: {}", revoked.reason_code().unwrap_or_default().1);
        }
    },
    _ => panic!("CRL parsing failed: {:?}", res),
}

Fields§

§tbs_cert_list: TbsCertList<'a>§signature_algorithm: AlgorithmIdentifier<'a>§signature_value: BitString<'a>

Implementations§

Source§

impl<'a> CertificateRevocationList<'a>

Source

pub fn version(&self) -> Option<X509Version>

Get the version of the encoded certificate

Examples found in repository?
examples/print-crl.rs (line 111)
110fn print_crl_info(crl: &CertificateRevocationList) {
111    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
112    // println!("  Subject: {}", crl.subject());
113    println!("  Signature Algorithm:");
114    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
115    println!("  Issuer: {}", crl.issuer());
116    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
117    println!("  Last Update: {}", crl.last_update());
118    println!(
119        "  Next Update: {}",
120        crl.next_update()
121            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
122    );
123    println!("{:indent$}CRL Extensions:", "", indent = 2);
124    for ext in crl.extensions() {
125        print_x509_extension(&ext.oid, ext, 4);
126    }
127    println!("  Revoked certificates:");
128    for revoked in crl.iter_revoked_certificates() {
129        print_revoked_certificate(revoked, 4);
130    }
131    println!();
132}
Source

pub fn issuer(&self) -> &X509Name<'_>

Get the certificate issuer.

Examples found in repository?
examples/print-crl.rs (line 115)
110fn print_crl_info(crl: &CertificateRevocationList) {
111    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
112    // println!("  Subject: {}", crl.subject());
113    println!("  Signature Algorithm:");
114    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
115    println!("  Issuer: {}", crl.issuer());
116    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
117    println!("  Last Update: {}", crl.last_update());
118    println!(
119        "  Next Update: {}",
120        crl.next_update()
121            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
122    );
123    println!("{:indent$}CRL Extensions:", "", indent = 2);
124    for ext in crl.extensions() {
125        print_x509_extension(&ext.oid, ext, 4);
126    }
127    println!("  Revoked certificates:");
128    for revoked in crl.iter_revoked_certificates() {
129        print_revoked_certificate(revoked, 4);
130    }
131    println!();
132}
Source

pub fn last_update(&self) -> ASN1Time

Get the date and time of the last (this) update.

Examples found in repository?
examples/print-crl.rs (line 117)
110fn print_crl_info(crl: &CertificateRevocationList) {
111    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
112    // println!("  Subject: {}", crl.subject());
113    println!("  Signature Algorithm:");
114    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
115    println!("  Issuer: {}", crl.issuer());
116    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
117    println!("  Last Update: {}", crl.last_update());
118    println!(
119        "  Next Update: {}",
120        crl.next_update()
121            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
122    );
123    println!("{:indent$}CRL Extensions:", "", indent = 2);
124    for ext in crl.extensions() {
125        print_x509_extension(&ext.oid, ext, 4);
126    }
127    println!("  Revoked certificates:");
128    for revoked in crl.iter_revoked_certificates() {
129        print_revoked_certificate(revoked, 4);
130    }
131    println!();
132}
Source

pub fn next_update(&self) -> Option<ASN1Time>

Get the date and time of the next update, if present.

Examples found in repository?
examples/print-crl.rs (line 120)
110fn print_crl_info(crl: &CertificateRevocationList) {
111    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
112    // println!("  Subject: {}", crl.subject());
113    println!("  Signature Algorithm:");
114    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
115    println!("  Issuer: {}", crl.issuer());
116    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
117    println!("  Last Update: {}", crl.last_update());
118    println!(
119        "  Next Update: {}",
120        crl.next_update()
121            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
122    );
123    println!("{:indent$}CRL Extensions:", "", indent = 2);
124    for ext in crl.extensions() {
125        print_x509_extension(&ext.oid, ext, 4);
126    }
127    println!("  Revoked certificates:");
128    for revoked in crl.iter_revoked_certificates() {
129        print_revoked_certificate(revoked, 4);
130    }
131    println!();
132}
Source

pub fn iter_revoked_certificates( &self, ) -> impl Iterator<Item = &RevokedCertificate<'a>>

Return an iterator over the RevokedCertificate objects

Examples found in repository?
examples/print-crl.rs (line 128)
110fn print_crl_info(crl: &CertificateRevocationList) {
111    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
112    // println!("  Subject: {}", crl.subject());
113    println!("  Signature Algorithm:");
114    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
115    println!("  Issuer: {}", crl.issuer());
116    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
117    println!("  Last Update: {}", crl.last_update());
118    println!(
119        "  Next Update: {}",
120        crl.next_update()
121            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
122    );
123    println!("{:indent$}CRL Extensions:", "", indent = 2);
124    for ext in crl.extensions() {
125        print_x509_extension(&ext.oid, ext, 4);
126    }
127    println!("  Revoked certificates:");
128    for revoked in crl.iter_revoked_certificates() {
129        print_revoked_certificate(revoked, 4);
130    }
131    println!();
132}
Source

pub fn extensions(&self) -> &[X509Extension<'_>]

Get the CRL extensions.

Examples found in repository?
examples/print-crl.rs (line 124)
110fn print_crl_info(crl: &CertificateRevocationList) {
111    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
112    // println!("  Subject: {}", crl.subject());
113    println!("  Signature Algorithm:");
114    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
115    println!("  Issuer: {}", crl.issuer());
116    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
117    println!("  Last Update: {}", crl.last_update());
118    println!(
119        "  Next Update: {}",
120        crl.next_update()
121            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
122    );
123    println!("{:indent$}CRL Extensions:", "", indent = 2);
124    for ext in crl.extensions() {
125        print_x509_extension(&ext.oid, ext, 4);
126    }
127    println!("  Revoked certificates:");
128    for revoked in crl.iter_revoked_certificates() {
129        print_revoked_certificate(revoked, 4);
130    }
131    println!();
132}
Source

pub fn crl_number(&self) -> Option<&BigUint>

Get the CRL number, if present

Note that the returned value is a BigUint, because of the following RFC specification:

Given the requirements above, CRL numbers can be expected to contain long integers.  CRL
verifiers MUST be able to handle CRLNumber values up to 20 octets.  Conformant CRL issuers
MUST NOT use CRLNumber values longer than 20 octets.
Source

pub fn verify_signature( &self, public_key: &SubjectPublicKeyInfo<'_>, ) -> Result<(), X509Error>

Available on crate feature verify only.

Verify the cryptographic signature of this certificate revocation list

public_key is the public key of the signer.

Not all algorithms are supported, this function is limited to what ring supports.

Source§

impl CertificateRevocationList<'_>

Source

pub fn walk<V: CertificateRevocationListVisitor>(&self, visitor: &mut V)

Run the provided CertificateRevocationListVisitor over the Certificate Revocation List (self)

Trait Implementations§

Source§

impl<'a> Clone for CertificateRevocationList<'a>

Source§

fn clone(&self) -> CertificateRevocationList<'a>

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<'a> Debug for CertificateRevocationList<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'a> FromDer<'a, X509Error> for CertificateRevocationList<'a>

CertificateList  ::=  SEQUENCE  {
     tbsCertList          TBSCertList,
     signatureAlgorithm   AlgorithmIdentifier,
     signatureValue       BIT STRING  }
Source§

fn from_der(i: &'a [u8]) -> X509Result<'a, Self>

Attempt to parse input bytes into a DER object (enforcing constraints)

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.