Validator

x509_parser::validate

Trait Validator 

Source 
pub trait Validator<'a> {
    type Item;

    // Required method
    fn validate<L: Logger>(&self, item: &'a Self::Item, l: &mut L) -> bool;

    // Provided method
    fn chain<V2>(self, v2: V2) -> ChainValidator<'a, Self, V2, Self::Item>
       where Self: Sized,
             V2: Validator<'a, Item = Self::Item> { ... }
}
Available on crate feature validate only.
Expand description

Trait for build item validators (for ex. validate X.509 structure)

See X509StructureValidator for a default implementation, validating the DER structure of a X.509 Certificate.

See implementors of the Logger trait for methods to collect or handle warnings and errors.

§Examples

Collecting warnings and errors to Vec:

use x509_parser::certificate::X509Certificate;
use x509_parser::validate::*;

#[cfg(feature = "validate")]
fn validate_certificate(x509: &X509Certificate<'_>) -> Result<(), &'static str> {
    let mut logger = VecLogger::default();
    println!("  Subject: {}", x509.subject());
    // validate and print warnings and errors to stderr
    let ok = X509StructureValidator.validate(&x509, &mut logger);
    print!("Structure validation status: ");
    if ok {
        println!("Ok");
    } else {
        println!("FAIL");
    }
    for warning in logger.warnings() {
        eprintln!("  [W] {}", warning);
    }
    for error in logger.errors() {
        eprintln!("  [E] {}", error);
    }
    println!();
    if !logger.errors().is_empty() {
        return Err("validation failed");
    }
    Ok(())
}

Required Associated Types§

Source

type Item

The item to validate

Required Methods§

Source

fn validate<L: Logger>(&self, item: &'a Self::Item, l: &mut L) -> bool

Attempts to validate current item.

Returns true if item was validated.

Call l.warn() if a non-fatal error was encountered, and l.err() if the error is fatal. These functions receive a description of the error.

Provided Methods§

Source

fn chain<V2>(self, v2: V2) -> ChainValidator<'a, Self, V2, Self::Item>
where Self: Sized, V2: Validator<'a, Item = Self::Item>,

Examples found in repository?
examples/print-cert.rs (line 189)
156fn print_x509_info(x509: &X509Certificate) -> io::Result<()> {
157    let version = x509.version();
158    if version.0 < 3 {
159        println!("  Version: {version}");
160    } else {
161        println!("  Version: INVALID({})", version.0);
162    }
163    println!("  Serial: {}", x509.tbs_certificate.raw_serial_as_string());
164    println!("  Subject: {}", x509.subject());
165    println!("  Issuer: {}", x509.issuer());
166    println!("  Validity:");
167    println!("    NotBefore: {}", x509.validity().not_before);
168    println!("    NotAfter:  {}", x509.validity().not_after);
169    println!("    is_valid:  {}", x509.validity().is_valid());
170    println!("  Subject Public Key Info:");
171    print_x509_ski(x509.public_key());
172    print_x509_signature_algorithm(&x509.signature_algorithm, 4);
173
174    println!("  Signature Value:");
175    for l in format_number_to_hex_with_colon(&x509.signature_value.data, 16) {
176        println!("      {l}");
177    }
178    println!("  Extensions:");
179    for ext in x509.extensions() {
180        print_x509_extension(&ext.oid, ext);
181    }
182    println!();
183    print!("Structure validation status: ");
184    #[cfg(feature = "validate")]
185    {
186        let mut logger = VecLogger::default();
187        // structure validation status
188        let ok = X509StructureValidator
189            .chain(X509CertificateValidator)
190            .validate(x509, &mut logger);
191        if ok {
192            println!("Ok");
193        } else {
194            println!("FAIL");
195        }
196        for warning in logger.warnings() {
197            println!("  [W] {warning}");
198        }
199        for error in logger.errors() {
200            println!("  [E] {error}");
201        }
202        println!();
203        if VALIDATE_ERRORS_FATAL && !logger.errors().is_empty() {
204            return Err(io::Error::new(io::ErrorKind::Other, "validation failed"));
205        }
206    }
207    #[cfg(not(feature = "validate"))]
208    {
209        println!("Unknown (feature 'validate' not enabled)");
210    }
211    #[cfg(feature = "verify")]
212    {
213        print!("Signature verification: ");
214        if x509.subject() == x509.issuer() {
215            if x509.verify_signature(None).is_ok() {
216                println!("OK");
217                println!("  [I] certificate is self-signed");
218            } else if x509.subject() == x509.issuer() {
219                println!("FAIL");
220                println!("  [W] certificate looks self-signed, but signature verification failed");
221            }
222        } else {
223            // if subject is different from issuer, we cannot verify certificate without the public key of the issuer
224            println!("N/A");
225        }
226    }
227    Ok(())
228}

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§