| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.19.1/src/anchors.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>anchors.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../rustls/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../rustls/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| <span id="99">99</span> |
| <span id="100">100</span> |
| <span id="101">101</span> |
| <span id="102">102</span> |
| <span id="103">103</span> |
| <span id="104">104</span> |
| <span id="105">105</span> |
| <span id="106">106</span> |
| <span id="107">107</span> |
| <span id="108">108</span> |
| <span id="109">109</span> |
| <span id="110">110</span> |
| <span id="111">111</span> |
| <span id="112">112</span> |
| <span id="113">113</span> |
| <span id="114">114</span> |
| <span id="115">115</span> |
| <span id="116">116</span> |
| <span id="117">117</span> |
| <span id="118">118</span> |
| <span id="119">119</span> |
| <span id="120">120</span> |
| <span id="121">121</span> |
| <span id="122">122</span> |
| <span id="123">123</span> |
| <span id="124">124</span> |
| <span id="125">125</span> |
| <span id="126">126</span> |
| <span id="127">127</span> |
| <span id="128">128</span> |
| <span id="129">129</span> |
| <span id="130">130</span> |
| <span id="131">131</span> |
| <span id="132">132</span> |
| <span id="133">133</span> |
| <span id="134">134</span> |
| <span id="135">135</span> |
| <span id="136">136</span> |
| <span id="137">137</span> |
| <span id="138">138</span> |
| <span id="139">139</span> |
| <span id="140">140</span> |
| <span id="141">141</span> |
| <span id="142">142</span> |
| <span id="143">143</span> |
| <span id="144">144</span> |
| <span id="145">145</span> |
| <span id="146">146</span> |
| <span id="147">147</span> |
| <span id="148">148</span> |
| <span id="149">149</span> |
| </pre><pre class="rust"><code><span class="kw">use </span>webpki; |
| |
| <span class="kw">use </span><span class="kw">crate</span>::key; |
| <span class="attribute">#[cfg(feature = <span class="string">"logging"</span>)] |
| </span><span class="kw">use </span><span class="kw">crate</span>::log::{debug, trace}; |
| <span class="kw">pub use </span><span class="kw">crate</span>::msgs::handshake::{DistinguishedName, DistinguishedNames}; |
| <span class="kw">use </span><span class="kw">crate</span>::pemfile; |
| <span class="kw">use </span><span class="kw">crate</span>::x509; |
| <span class="kw">use </span>std::io; |
| |
| <span class="doccomment">/// This is like a `webpki::TrustAnchor`, except it owns |
| /// rather than borrows its memory. That prevents lifetimes |
| /// leaking up the object tree. |
| </span><span class="attribute">#[derive(Debug, Clone)] |
| </span><span class="kw">pub struct </span>OwnedTrustAnchor { |
| subject: Vec<u8>, |
| spki: Vec<u8>, |
| name_constraints: <span class="prelude-ty">Option</span><Vec<u8>>, |
| } |
| |
| <span class="kw">impl </span>OwnedTrustAnchor { |
| <span class="doccomment">/// Copy a `webpki::TrustAnchor` into owned memory |
| </span><span class="kw">pub fn </span>from_trust_anchor(t: <span class="kw-2">&</span>webpki::TrustAnchor) -> OwnedTrustAnchor { |
| OwnedTrustAnchor { |
| subject: t.subject.to_vec(), |
| spki: t.spki.to_vec(), |
| name_constraints: t.name_constraints.map(|x| x.to_vec()), |
| } |
| } |
| |
| <span class="doccomment">/// Get a `webpki::TrustAnchor` by borrowing the owned elements. |
| </span><span class="kw">pub fn </span>to_trust_anchor(<span class="kw-2">&</span><span class="self">self</span>) -> webpki::TrustAnchor { |
| webpki::TrustAnchor { |
| subject: <span class="kw-2">&</span><span class="self">self</span>.subject, |
| spki: <span class="kw-2">&</span><span class="self">self</span>.spki, |
| name_constraints: <span class="self">self |
| </span>.name_constraints |
| .as_ref() |
| .map(Vec::as_slice), |
| } |
| } |
| } |
| |
| <span class="kw">impl </span>From<webpki::TrustAnchor<<span class="lifetime">'_</span>>> <span class="kw">for </span>OwnedTrustAnchor { |
| <span class="kw">fn </span>from(t: webpki::TrustAnchor) -> OwnedTrustAnchor { |
| <span class="self">Self</span>::from_trust_anchor(<span class="kw-2">&</span>t) |
| } |
| } |
| |
| <span class="kw">impl</span><<span class="lifetime">'a</span>> Into<webpki::TrustAnchor<<span class="lifetime">'a</span>>> <span class="kw">for </span><span class="kw-2">&</span><span class="lifetime">'a </span>OwnedTrustAnchor { |
| <span class="kw">fn </span>into(<span class="self">self</span>) -> webpki::TrustAnchor<<span class="lifetime">'a</span>> { |
| <span class="self">self</span>.to_trust_anchor() |
| } |
| } |
| |
| <span class="doccomment">/// A container for root certificates able to provide a root-of-trust |
| /// for connection authentication. |
| </span><span class="attribute">#[derive(Debug, Clone)] |
| </span><span class="kw">pub struct </span>RootCertStore { |
| <span class="doccomment">/// The list of roots. |
| </span><span class="kw">pub </span>roots: Vec<OwnedTrustAnchor>, |
| } |
| |
| <span class="kw">impl </span>RootCertStore { |
| <span class="doccomment">/// Make a new, empty `RootCertStore`. |
| </span><span class="kw">pub fn </span>empty() -> RootCertStore { |
| RootCertStore { roots: Vec::new() } |
| } |
| |
| <span class="doccomment">/// Return true if there are no certificates. |
| </span><span class="kw">pub fn </span>is_empty(<span class="kw-2">&</span><span class="self">self</span>) -> bool { |
| <span class="self">self</span>.len() == <span class="number">0 |
| </span>} |
| |
| <span class="doccomment">/// Say how many certificates are in the container. |
| </span><span class="kw">pub fn </span>len(<span class="kw-2">&</span><span class="self">self</span>) -> usize { |
| <span class="self">self</span>.roots.len() |
| } |
| |
| <span class="doccomment">/// Return the Subject Names for certificates in the container. |
| </span><span class="kw">pub fn </span>get_subjects(<span class="kw-2">&</span><span class="self">self</span>) -> DistinguishedNames { |
| <span class="kw">let </span><span class="kw-2">mut </span>r = DistinguishedNames::new(); |
| |
| <span class="kw">for </span>ota <span class="kw">in </span><span class="kw-2">&</span><span class="self">self</span>.roots { |
| <span class="kw">let </span><span class="kw-2">mut </span>name = Vec::new(); |
| name.extend_from_slice(<span class="kw-2">&</span>ota.subject); |
| x509::wrap_in_sequence(<span class="kw-2">&mut </span>name); |
| r.push(DistinguishedName::new(name)); |
| } |
| |
| r |
| } |
| |
| <span class="doccomment">/// Add a single DER-encoded certificate to the store. |
| </span><span class="kw">pub fn </span>add(<span class="kw-2">&mut </span><span class="self">self</span>, der: <span class="kw-2">&</span>key::Certificate) -> <span class="prelude-ty">Result</span><(), webpki::Error> { |
| <span class="kw">let </span>ta = webpki::trust_anchor_util::cert_der_as_trust_anchor(<span class="kw-2">&</span>der.<span class="number">0</span>)<span class="question-mark">?</span>; |
| |
| <span class="kw">let </span>ota = OwnedTrustAnchor::from_trust_anchor(<span class="kw-2">&</span>ta); |
| <span class="self">self</span>.roots.push(ota); |
| <span class="prelude-val">Ok</span>(()) |
| } |
| |
| <span class="doccomment">/// Adds all the given TrustAnchors `anchors`. This does not |
| /// fail. |
| </span><span class="kw">pub fn </span>add_server_trust_anchors( |
| <span class="kw-2">&mut </span><span class="self">self</span>, |
| <span class="kw-2">&</span>webpki::TLSServerTrustAnchors(anchors): <span class="kw-2">&</span>webpki::TLSServerTrustAnchors, |
| ) { |
| <span class="kw">for </span>ta <span class="kw">in </span>anchors { |
| <span class="self">self</span>.roots |
| .push(OwnedTrustAnchor::from_trust_anchor(ta)); |
| } |
| } |
| |
| <span class="doccomment">/// Parse a PEM file and add all certificates found inside. |
| /// Errors are non-specific; they may be io errors in `rd` and |
| /// PEM format errors, but not certificate validity errors. |
| /// |
| /// This is because large collections of root certificates often |
| /// include ancient or syntactically invalid certificates. CAs |
| /// are competent like that. |
| /// |
| /// Returns the number of certificates added, and the number |
| /// which were extracted from the PEM but ultimately unsuitable. |
| </span><span class="kw">pub fn </span>add_pem_file(<span class="kw-2">&mut </span><span class="self">self</span>, rd: <span class="kw-2">&mut </span><span class="kw">dyn </span>io::BufRead) -> <span class="prelude-ty">Result</span><(usize, usize), ()> { |
| <span class="kw">let </span>ders = pemfile::certs(rd)<span class="question-mark">?</span>; |
| <span class="kw">let </span><span class="kw-2">mut </span>valid_count = <span class="number">0</span>; |
| <span class="kw">let </span><span class="kw-2">mut </span>invalid_count = <span class="number">0</span>; |
| |
| <span class="kw">for </span>der <span class="kw">in </span>ders { |
| <span class="attribute">#[cfg_attr(not(feature = <span class="string">"logging"</span>), allow(unused_variables))] |
| </span><span class="kw">match </span><span class="self">self</span>.add(<span class="kw-2">&</span>der) { |
| <span class="prelude-val">Ok</span>(<span class="kw">_</span>) => valid_count += <span class="number">1</span>, |
| <span class="prelude-val">Err</span>(err) => { |
| <span class="macro">trace!</span>(<span class="string">"invalid cert der {:?}"</span>, der); |
| <span class="macro">debug!</span>(<span class="string">"certificate parsing failed: {:?}"</span>, err); |
| invalid_count += <span class="number">1 |
| </span>} |
| } |
| } |
| |
| <span class="macro">debug!</span>( |
| <span class="string">"add_pem_file processed {} valid and {} invalid certs"</span>, |
| valid_count, invalid_count |
| ); |
| |
| <span class="prelude-val">Ok</span>((valid_count, invalid_count)) |
| } |
| } |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="rustls" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |