Google Git
Sign in
android / platform / external / rust / crates / x509-parser / c5051d11821e3e739e35ce22bc1c7b9a9decb9b4
commitc5051d11821e3e739e35ce22bc1c7b9a9decb9b4[log] [tgz]
authorJoel Galenson <jgalenson@google.com>Wed Aug 11 14:44:14 2021 +0000
committerJoel Galenson <jgalenson@google.com>Wed Aug 11 14:44:14 2021 +0000
tree81ab7d86c6f58cc7c9faa2cbc6b9d188d91a71a7
parent856d48fea3c60de2ec21cddbde112a5a9025af7f [diff]
Revert "Upgrade rust/crates/x509-parser to 0.10.0"

Revert submission 1791044-der-parser-5.1.2-xml-parser-0.10.0

Reason for revert: Build breakage due to aosp/1791850
Reverted Changes:
Ib0a1d7bde:Upgrade rust/crates/x509-parser to 0.10.0
I9eead6d6d:Upgrade rust/crates/der-parser to 5.1.2

Change-Id: I89f48dfb50b4504ce7021cfc8f868a3e68baf9dd
35 files changed
tree: 81ab7d86c6f58cc7c9faa2cbc6b9d188d91a71a7
  1. assets/
  2. examples/
  3. patches/
  4. src/
  5. tests/
  6. LICENSELICENSE-APACHE
  7. .cargo_vcs_info.json
  8. .gitignore
  9. Android.bp
  10. Cargo.toml
  11. Cargo.toml.orig
  12. cargo2android.json
  13. CHANGELOG.md
  14. LICENSE-APACHE
  15. LICENSE-MIT
  16. METADATA
  17. MODULE_LICENSE_APACHE2
  18. OWNERS
  19. README.md
README.md

License: MIT Apache License 2.0 docs.rs crates.io Download numbers Github CI Minimum rustc version

X.509 Parser

A X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.

It is written in pure Rust, fast, and makes extensive use of zero-copy. A lot of care is taken to ensure security and safety of this crate, including design (recursion limit, defensive programming), tests, and fuzzing. It also aims to be panic-free.

The code is available on Github and is part of the Rusticata project.

Certificates are usually encoded in two main formats: PEM (usually the most common format) or DER. A PEM-encoded certificate is a container, storing a DER object. See the pem module for more documentation.

To decode a DER-encoded certificate, the main parsing method is parse_x509_certificate, which builds a X509Certificate object.

The returned objects for parsers follow the definitions of the RFC. This means that accessing fields is done by accessing struct members recursively. Some helper functions are provided, for example X509Certificate::issuer() returns the same as accessing <object>.tbs_certificate.issuer.

For PEM-encoded certificates, use the pem module.

Examples

Parsing a certificate in DER format:

use x509_parser::prelude::*;

static IGCA_DER: &[u8] = include_bytes!("../assets/IGC_A.der");

let res = parse_x509_certificate(IGCA_DER);
match res {
    Ok((rem, cert)) => {
        assert!(rem.is_empty());
        //
        assert_eq!(cert.tbs_certificate.version, X509Version::V3);
    },
    _ => panic!("x509 parsing failed: {:?}", res),
}

To parse a CRL and print information about revoked certificates:

#
#
let res = parse_x509_crl(DER);
match res {
    Ok((_rem, crl)) => {
        for revoked in crl.iter_revoked_certificates() {
            println!("Revoked certificate serial: {}", revoked.raw_serial_as_string());
            println!("  Reason: {}", revoked.reason_code().unwrap_or_default().1);
        }
    },
    _ => panic!("CRL parsing failed: {:?}", res),
}

See also examples/print-cert.rs.

Features

/// Cryptographic signature verification: returns true if certificate was signed by issuer
#[cfg(feature = "verify")]
pub fn check_signature(cert: &X509Certificate<'_>, issuer: &X509Certificate<'_>) -> bool {
    let issuer_public_key = &issuer.tbs_certificate.subject_pki;
    cert
        .verify_signature(Some(issuer_public_key))
        .is_ok()
}

Rust version requirements

x509-parser requires Rustc version 1.45 or greater, based on nom 6 dependencies and for proc-macro attributes support.

Changes

See CHANGELOG.md

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.