Skip to main content

VerifyContext

xml_sec::xmldsig::verify

Struct VerifyContext 

Source 
pub struct VerifyContext<'a> { /* private fields */ }
Expand description

Verification builder/configuration.

Implementations§

Source§

impl<'a> VerifyContext<'a>

Source

pub fn new() -> Self

Create a context with conservative defaults.

Defaults:

  • no pre-set key, no key resolver
  • manifests disabled
  • same-document URIs only
  • all transforms allowed
  • pre-digest buffers not stored
Source

pub fn key(self, key: &'a dyn VerifyingKey) -> Self

Set a pre-resolved verification key.

Source

pub fn key_resolver(self, resolver: &'a dyn KeyResolver) -> Self

Set a key resolver fallback used when key() is not provided.

Source

pub fn process_manifests(self, enabled: bool) -> Self

Enable or disable <Manifest> processing.

Note: manifest verification is not implemented yet. When enabled, the verifier fails closed with ManifestProcessingUnsupported if a <ds:Manifest> is present under <ds:Object> or if a <Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest"> is present.

Source

pub fn allowed_uri_types(self, types: UriTypeSet) -> Self

Restrict allowed reference URI classes.

Source

pub fn allowed_transforms<I, S>(self, transforms: I) -> Self
where I: IntoIterator<Item = S>, S: Into<String>,

Restrict allowed transform algorithms by URI.

Example values:

  • http://www.w3.org/2000/09/xmldsig#enveloped-signature
  • http://www.w3.org/2001/10/xml-exc-c14n#

When a <Reference> has no explicit canonicalization transform, XMLDSig applies implicit default C14N (http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If an allowlist is configured, include that URI as well unless all references use explicit Transform::C14n(...).

Source

pub fn store_pre_digest(self, enabled: bool) -> Self

Store pre-digest buffers for diagnostics.

Source

pub fn verify( &self, xml: &str, ) -> Result<VerifyResult, SignatureVerificationPipelineError>

Verify one XMLDSig signature using this context.

Returns Ok(VerifyResult) for both valid and invalid signatures; inspect VerifyResult::status for the verification outcome. Err(...) is reserved for pipeline failures.

Trait Implementations§

Source§

impl Default for VerifyContext<'_>

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl<'a> Freeze for VerifyContext<'a>

§

impl<'a> !RefUnwindSafe for VerifyContext<'a>

§

impl<'a> !Send for VerifyContext<'a>

§

impl<'a> !Sync for VerifyContext<'a>

§

impl<'a> Unpin for VerifyContext<'a>

§

impl<'a> UnsafeUnpin for VerifyContext<'a>

§

impl<'a> !UnwindSafe for VerifyContext<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.