Struct x509_parser::revocation_list::CertificateRevocationList

source · 
pub struct CertificateRevocationList<'a> {
    pub tbs_cert_list: TbsCertList<'a>,
    pub signature_algorithm: AlgorithmIdentifier<'a>,
    pub signature_value: BitString<'a>,
}
Expand description

An X.509 v2 Certificate Revocation List (CRL).

X.509 v2 CRLs are defined in RFC5280.

§Example

To parse a CRL and print information about revoked certificates:

use x509_parser::prelude::FromDer;
use x509_parser::revocation_list::CertificateRevocationList;

let res = CertificateRevocationList::from_der(DER);
match res {
    Ok((_rem, crl)) => {
        for revoked in crl.iter_revoked_certificates() {
            println!("Revoked certificate serial: {}", revoked.raw_serial_as_string());
            println!("  Reason: {}", revoked.reason_code().unwrap_or_default().1);
        }
    },
    _ => panic!("CRL parsing failed: {:?}", res),
}

Fields§

§tbs_cert_list: TbsCertList<'a>§signature_algorithm: AlgorithmIdentifier<'a>§signature_value: BitString<'a>

Implementations§

source§

impl<'a> CertificateRevocationList<'a>

source

pub fn version(&self) -> Option<X509Version>

Get the version of the encoded certificate

Examples found in repository?
examples/print-crl.rs (line 111)
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

fn print_crl_info(crl: &CertificateRevocationList) {
    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
    // println!("  Subject: {}", crl.subject());
    println!("  Signature Algorithm:");
    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
    println!("  Issuer: {}", crl.issuer());
    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
    println!("  Last Update: {}", crl.last_update());
    println!(
        "  Next Update: {}",
        crl.next_update()
            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
    );
    println!("{:indent$}CRL Extensions:", "", indent = 2);
    for ext in crl.extensions() {
        print_x509_extension(&ext.oid, ext, 4);
    }
    println!("  Revoked certificates:");
    for revoked in crl.iter_revoked_certificates() {
        print_revoked_certificate(revoked, 4);
    }
    println!();
}
source

pub fn issuer(&self) -> &X509Name<'_>

Get the certificate issuer.

Examples found in repository?
examples/print-crl.rs (line 115)
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

fn print_crl_info(crl: &CertificateRevocationList) {
    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
    // println!("  Subject: {}", crl.subject());
    println!("  Signature Algorithm:");
    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
    println!("  Issuer: {}", crl.issuer());
    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
    println!("  Last Update: {}", crl.last_update());
    println!(
        "  Next Update: {}",
        crl.next_update()
            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
    );
    println!("{:indent$}CRL Extensions:", "", indent = 2);
    for ext in crl.extensions() {
        print_x509_extension(&ext.oid, ext, 4);
    }
    println!("  Revoked certificates:");
    for revoked in crl.iter_revoked_certificates() {
        print_revoked_certificate(revoked, 4);
    }
    println!();
}
source

pub fn last_update(&self) -> ASN1Time

Get the date and time of the last (this) update.

Examples found in repository?
examples/print-crl.rs (line 117)
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

fn print_crl_info(crl: &CertificateRevocationList) {
    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
    // println!("  Subject: {}", crl.subject());
    println!("  Signature Algorithm:");
    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
    println!("  Issuer: {}", crl.issuer());
    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
    println!("  Last Update: {}", crl.last_update());
    println!(
        "  Next Update: {}",
        crl.next_update()
            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
    );
    println!("{:indent$}CRL Extensions:", "", indent = 2);
    for ext in crl.extensions() {
        print_x509_extension(&ext.oid, ext, 4);
    }
    println!("  Revoked certificates:");
    for revoked in crl.iter_revoked_certificates() {
        print_revoked_certificate(revoked, 4);
    }
    println!();
}
source

pub fn next_update(&self) -> Option<ASN1Time>

Get the date and time of the next update, if present.

Examples found in repository?
examples/print-crl.rs (line 120)
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

fn print_crl_info(crl: &CertificateRevocationList) {
    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
    // println!("  Subject: {}", crl.subject());
    println!("  Signature Algorithm:");
    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
    println!("  Issuer: {}", crl.issuer());
    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
    println!("  Last Update: {}", crl.last_update());
    println!(
        "  Next Update: {}",
        crl.next_update()
            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
    );
    println!("{:indent$}CRL Extensions:", "", indent = 2);
    for ext in crl.extensions() {
        print_x509_extension(&ext.oid, ext, 4);
    }
    println!("  Revoked certificates:");
    for revoked in crl.iter_revoked_certificates() {
        print_revoked_certificate(revoked, 4);
    }
    println!();
}
source

pub fn iter_revoked_certificates( &self ) -> impl Iterator<Item = &RevokedCertificate<'a>>

Return an iterator over the RevokedCertificate objects

Examples found in repository?
examples/print-crl.rs (line 128)
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

fn print_crl_info(crl: &CertificateRevocationList) {
    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
    // println!("  Subject: {}", crl.subject());
    println!("  Signature Algorithm:");
    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
    println!("  Issuer: {}", crl.issuer());
    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
    println!("  Last Update: {}", crl.last_update());
    println!(
        "  Next Update: {}",
        crl.next_update()
            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
    );
    println!("{:indent$}CRL Extensions:", "", indent = 2);
    for ext in crl.extensions() {
        print_x509_extension(&ext.oid, ext, 4);
    }
    println!("  Revoked certificates:");
    for revoked in crl.iter_revoked_certificates() {
        print_revoked_certificate(revoked, 4);
    }
    println!();
}
source

pub fn extensions(&self) -> &[X509Extension<'_>]

Get the CRL extensions.

Examples found in repository?
examples/print-crl.rs (line 124)
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

fn print_crl_info(crl: &CertificateRevocationList) {
    println!("  Version: {}", crl.version().unwrap_or(X509Version(0)));
    // println!("  Subject: {}", crl.subject());
    println!("  Signature Algorithm:");
    print_x509_digest_algorithm(&crl.signature_algorithm, 4);
    println!("  Issuer: {}", crl.issuer());
    // println!("  Serial: {}", crl.tbs_certificate.raw_serial_as_string());
    println!("  Last Update: {}", crl.last_update());
    println!(
        "  Next Update: {}",
        crl.next_update()
            .map_or_else(|| "NONE".to_string(), |d| d.to_string())
    );
    println!("{:indent$}CRL Extensions:", "", indent = 2);
    for ext in crl.extensions() {
        print_x509_extension(&ext.oid, ext, 4);
    }
    println!("  Revoked certificates:");
    for revoked in crl.iter_revoked_certificates() {
        print_revoked_certificate(revoked, 4);
    }
    println!();
}
source

pub fn crl_number(&self) -> Option<&BigUint>

Get the CRL number, if present

Note that the returned value is a BigUint, because of the following RFC specification:

Given the requirements above, CRL numbers can be expected to contain long integers.  CRL
verifiers MUST be able to handle CRLNumber values up to 20 octets.  Conformant CRL issuers
MUST NOT use CRLNumber values longer than 20 octets.
source

pub fn verify_signature( &self, public_key: &SubjectPublicKeyInfo<'_> ) -> Result<(), X509Error>

Available on crate feature verify only.

Verify the cryptographic signature of this certificate revocation list

public_key is the public key of the signer.

Not all algorithms are supported, this function is limited to what ring supports.

Trait Implementations§

source§

impl<'a> Clone for CertificateRevocationList<'a>

source§

fn clone(&self) -> CertificateRevocationList<'a>

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl<'a> Debug for CertificateRevocationList<'a>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl<'a> FromDer<'a, X509Error> for CertificateRevocationList<'a>

CertificateList  ::=  SEQUENCE  {
     tbsCertList          TBSCertList,
     signatureAlgorithm   AlgorithmIdentifier,
     signatureValue       BIT STRING  }
source§

fn from_der(i: &'a [u8]) -> X509Result<'_, Self>

Attempt to parse input bytes into a DER object (enforcing constraints)

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

source§

fn implicit( self, class: Class, constructed: bool, tag: u32 ) -> TaggedParser<'a, Implicit, Self, E>

source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.