api-docs/crates-app/src/webpki/trust_anchor_util.rs.html - incubator-teaclave-website - Git at Google

 <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/webpki-0.21.4/src/trust_anchor_util.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>trust_anchor_util.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../webpki/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../webpki/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
 <span id="2">2</span>
 <span id="3">3</span>
 <span id="4">4</span>
 <span id="5">5</span>
 <span id="6">6</span>
 <span id="7">7</span>
 <span id="8">8</span>
 <span id="9">9</span>
 <span id="10">10</span>
 <span id="11">11</span>
 <span id="12">12</span>
 <span id="13">13</span>
 <span id="14">14</span>
 <span id="15">15</span>
 <span id="16">16</span>
 <span id="17">17</span>
 <span id="18">18</span>
 <span id="19">19</span>
 <span id="20">20</span>
 <span id="21">21</span>
 <span id="22">22</span>
 <span id="23">23</span>
 <span id="24">24</span>
 <span id="25">25</span>
 <span id="26">26</span>
 <span id="27">27</span>
 <span id="28">28</span>
 <span id="29">29</span>
 <span id="30">30</span>
 <span id="31">31</span>
 <span id="32">32</span>
 <span id="33">33</span>
 <span id="34">34</span>
 <span id="35">35</span>
 <span id="36">36</span>
 <span id="37">37</span>
 <span id="38">38</span>
 <span id="39">39</span>
 <span id="40">40</span>
 <span id="41">41</span>
 <span id="42">42</span>
 <span id="43">43</span>
 <span id="44">44</span>
 <span id="45">45</span>
 <span id="46">46</span>
 <span id="47">47</span>
 <span id="48">48</span>
 <span id="49">49</span>
 <span id="50">50</span>
 <span id="51">51</span>
 <span id="52">52</span>
 <span id="53">53</span>
 <span id="54">54</span>
 <span id="55">55</span>
 <span id="56">56</span>
 <span id="57">57</span>
 <span id="58">58</span>
 <span id="59">59</span>
 <span id="60">60</span>
 <span id="61">61</span>
 <span id="62">62</span>
 <span id="63">63</span>
 <span id="64">64</span>
 <span id="65">65</span>
 <span id="66">66</span>
 <span id="67">67</span>
 <span id="68">68</span>
 <span id="69">69</span>
 <span id="70">70</span>
 <span id="71">71</span>
 <span id="72">72</span>
 <span id="73">73</span>
 <span id="74">74</span>
 <span id="75">75</span>
 <span id="76">76</span>
 <span id="77">77</span>
 <span id="78">78</span>
 <span id="79">79</span>
 <span id="80">80</span>
 <span id="81">81</span>
 <span id="82">82</span>
 <span id="83">83</span>
 <span id="84">84</span>
 <span id="85">85</span>
 <span id="86">86</span>
 <span id="87">87</span>
 <span id="88">88</span>
 <span id="89">89</span>
 <span id="90">90</span>
 <span id="91">91</span>
 <span id="92">92</span>
 <span id="93">93</span>
 <span id="94">94</span>
 <span id="95">95</span>
 <span id="96">96</span>
 <span id="97">97</span>
 <span id="98">98</span>
 <span id="99">99</span>
 <span id="100">100</span>
 <span id="101">101</span>
 <span id="102">102</span>
 <span id="103">103</span>
 <span id="104">104</span>
 <span id="105">105</span>
 <span id="106">106</span>
 <span id="107">107</span>
 <span id="108">108</span>
 <span id="109">109</span>
 <span id="110">110</span>
 <span id="111">111</span>
 <span id="112">112</span>
 <span id="113">113</span>
 <span id="114">114</span>
 <span id="115">115</span>
 <span id="116">116</span>
 <span id="117">117</span>
 <span id="118">118</span>
 <span id="119">119</span>
 <span id="120">120</span>
 </pre><pre class="rust"><code><span class="comment">// Copyright 2015 Brian Smith.
 //
 // Permission to use, copy, modify, and/or distribute this software for any
 // purpose with or without fee is hereby granted, provided that the above
 // copyright notice and this permission notice appear in all copies.
 //
 // THE SOFTWARE IS PROVIDED &quot;AS IS&quot; AND THE AUTHORS DISCLAIM ALL WARRANTIES
 // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
 // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 </span><span class="doccomment">//! Utilities for efficiently embedding trust anchors in programs.

 </span><span class="kw">use </span><span class="kw">super</span>::der;
 <span class="kw">use crate</span>::{
     cert::{certificate_serial_number, parse_cert_internal, Cert, EndEntityOrCA},
     Error, TrustAnchor,
 };

 <span class="doccomment">/// Interprets the given DER-encoded certificate as a `TrustAnchor`. The
 /// certificate is not validated. In particular, there is no check that the
 /// certificate is self-signed or even that the certificate has the cA basic
 /// constraint.
 </span><span class="kw">pub fn </span>cert_der_as_trust_anchor(cert_der: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Result</span>&lt;TrustAnchor, Error&gt; {
     <span class="kw">let </span>cert_der = untrusted::Input::from(cert_der);

     <span class="comment">// XXX: `EndEntityOrCA::EndEntity` is used instead of `EndEntityOrCA::CA`
     // because we don&#39;t have a reference to a child cert, which is needed for
     // `EndEntityOrCA::CA`. For this purpose, it doesn&#39;t matter.
     //
     // v1 certificates will result in `Error::BadDER` because `parse_cert` will
     // expect a version field that isn&#39;t there. In that case, try to parse the
     // certificate using a special parser for v1 certificates. Notably, that
     // parser doesn&#39;t allow extensions, so there&#39;s no need to worry about
     // embedded name constraints in a v1 certificate.
     </span><span class="kw">match </span>parse_cert_internal(
         cert_der,
         EndEntityOrCA::EndEntity,
         possibly_invalid_certificate_serial_number,
     ) {
         <span class="prelude-val">Ok</span>(cert) =&gt; <span class="prelude-val">Ok</span>(trust_anchor_from_cert(cert)),
         <span class="prelude-val">Err</span>(Error::BadDER) =&gt; parse_cert_v1(cert_der).or(<span class="prelude-val">Err</span>(Error::BadDER)),
         <span class="prelude-val">Err</span>(err) =&gt; <span class="prelude-val">Err</span>(err),
     }
 }

 <span class="kw">fn </span>possibly_invalid_certificate_serial_number&lt;<span class="lifetime">&#39;a</span>&gt;(
     input: <span class="kw-2">&amp;mut </span>untrusted::Reader&lt;<span class="lifetime">&#39;a</span>&gt;,
 ) -&gt; <span class="prelude-ty">Result</span>&lt;(), Error&gt; {
     <span class="comment">// https://tools.ietf.org/html/rfc5280#section-4.1.2.2:
     // * Conforming CAs MUST NOT use serialNumber values longer than 20 octets.&quot;
     // * &quot;The serial number MUST be a positive integer [...]&quot;
     //
     // However, we don&#39;t enforce these constraints on trust anchors, as there
     // are widely-deployed trust anchors that violate these constraints.
     </span>skip(input, der::Tag::Integer)
 }

 <span class="doccomment">/// Generates code for hard-coding the given trust anchors into a program. This
 /// is designed to be used in a build script. `name` is the name of the public
 /// static variable that will contain the TrustAnchor array.
 </span><span class="kw">pub fn </span>generate_code_for_trust_anchors(name: <span class="kw-2">&amp;</span>str, trust_anchors: <span class="kw-2">&amp;</span>[TrustAnchor]) -&gt; String {
     <span class="kw">let </span>decl = <span class="macro">format!</span>(
         <span class="string">&quot;static {}: [TrustAnchor&lt;&#39;static&gt;; {}] = &quot;</span>,
         name,
         trust_anchors.len()
     );

     <span class="comment">// &quot;{:?}&quot; formats the array of trust anchors as Rust code, approximately,
     // except that it drops the leading &quot;&amp;&quot; on slices.
     </span><span class="kw">let </span>value = str::replace(<span class="kw-2">&amp;</span><span class="macro">format!</span>(<span class="string">&quot;{:?};\n&quot;</span>, trust_anchors), <span class="string">&quot;: [&quot;</span>, <span class="string">&quot;: &amp;[&quot;</span>);

     decl + <span class="kw-2">&amp;</span>value
 }

 <span class="kw">fn </span>trust_anchor_from_cert&lt;<span class="lifetime">&#39;a</span>&gt;(cert: Cert&lt;<span class="lifetime">&#39;a</span>&gt;) -&gt; TrustAnchor&lt;<span class="lifetime">&#39;a</span>&gt; {
     TrustAnchor {
         subject: cert.subject.as_slice_less_safe(),
         spki: cert.spki.value().as_slice_less_safe(),
         name_constraints: cert.name_constraints.map(|nc| nc.as_slice_less_safe()),
     }
 }

 <span class="doccomment">/// Parses a v1 certificate directly into a TrustAnchor.
 </span><span class="kw">fn </span>parse_cert_v1&lt;<span class="lifetime">&#39;a</span>&gt;(cert_der: untrusted::Input&lt;<span class="lifetime">&#39;a</span>&gt;) -&gt; <span class="prelude-ty">Result</span>&lt;TrustAnchor&lt;<span class="lifetime">&#39;a</span>&gt;, Error&gt; {
     <span class="comment">// X.509 Certificate: https://tools.ietf.org/html/rfc5280#section-4.1.
     </span>cert_der.read_all(Error::BadDER, |cert_der| {
         der::nested(cert_der, der::Tag::Sequence, Error::BadDER, |cert_der| {
             <span class="kw">let </span>anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDER, |tbs| {
                 <span class="comment">// The version number field does not appear in v1 certificates.
                 </span>certificate_serial_number(tbs)<span class="question-mark">?</span>;

                 skip(tbs, der::Tag::Sequence)<span class="question-mark">?</span>; <span class="comment">// signature.
                 </span>skip(tbs, der::Tag::Sequence)<span class="question-mark">?</span>; <span class="comment">// issuer.
                 </span>skip(tbs, der::Tag::Sequence)<span class="question-mark">?</span>; <span class="comment">// validity.
                 </span><span class="kw">let </span>subject = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)<span class="question-mark">?</span>;
                 <span class="kw">let </span>spki = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)<span class="question-mark">?</span>;

                 <span class="prelude-val">Ok</span>(TrustAnchor {
                     subject: subject.as_slice_less_safe(),
                     spki: spki.as_slice_less_safe(),
                     name_constraints: <span class="prelude-val">None</span>,
                 })
             });

             <span class="comment">// read and discard signatureAlgorithm + signature
             </span>skip(cert_der, der::Tag::Sequence)<span class="question-mark">?</span>;
             skip(cert_der, der::Tag::BitString)<span class="question-mark">?</span>;

             anchor
         })
     })
 }

 <span class="kw">fn </span>skip(input: <span class="kw-2">&amp;mut </span>untrusted::Reader, tag: der::Tag) -&gt; <span class="prelude-ty">Result</span>&lt;(), Error&gt; {
     der::expect_tag_and_get_value(input, tag).map(|<span class="kw">_</span>| ())
 }
 </code></pre></div>
 </section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="webpki" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>
	<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/webpki-0.21.4/src/trust_anchor_util.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>trust_anchor_util.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../webpki/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../webpki/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
	<span id="2">2</span>
	<span id="3">3</span>
	<span id="4">4</span>
	<span id="5">5</span>
	<span id="6">6</span>
	<span id="7">7</span>
	<span id="8">8</span>
	<span id="9">9</span>
	<span id="10">10</span>
	<span id="11">11</span>
	<span id="12">12</span>
	<span id="13">13</span>
	<span id="14">14</span>
	<span id="15">15</span>
	<span id="16">16</span>
	<span id="17">17</span>
	<span id="18">18</span>
	<span id="19">19</span>
	<span id="20">20</span>
	<span id="21">21</span>
	<span id="22">22</span>
	<span id="23">23</span>
	<span id="24">24</span>
	<span id="25">25</span>
	<span id="26">26</span>
	<span id="27">27</span>
	<span id="28">28</span>
	<span id="29">29</span>
	<span id="30">30</span>
	<span id="31">31</span>
	<span id="32">32</span>
	<span id="33">33</span>
	<span id="34">34</span>
	<span id="35">35</span>
	<span id="36">36</span>
	<span id="37">37</span>
	<span id="38">38</span>
	<span id="39">39</span>
	<span id="40">40</span>
	<span id="41">41</span>
	<span id="42">42</span>
	<span id="43">43</span>
	<span id="44">44</span>
	<span id="45">45</span>
	<span id="46">46</span>
	<span id="47">47</span>
	<span id="48">48</span>
	<span id="49">49</span>
	<span id="50">50</span>
	<span id="51">51</span>
	<span id="52">52</span>
	<span id="53">53</span>
	<span id="54">54</span>
	<span id="55">55</span>
	<span id="56">56</span>
	<span id="57">57</span>
	<span id="58">58</span>
	<span id="59">59</span>
	<span id="60">60</span>
	<span id="61">61</span>
	<span id="62">62</span>
	<span id="63">63</span>
	<span id="64">64</span>
	<span id="65">65</span>
	<span id="66">66</span>
	<span id="67">67</span>
	<span id="68">68</span>
	<span id="69">69</span>
	<span id="70">70</span>
	<span id="71">71</span>
	<span id="72">72</span>
	<span id="73">73</span>
	<span id="74">74</span>
	<span id="75">75</span>
	<span id="76">76</span>
	<span id="77">77</span>
	<span id="78">78</span>
	<span id="79">79</span>
	<span id="80">80</span>
	<span id="81">81</span>
	<span id="82">82</span>
	<span id="83">83</span>
	<span id="84">84</span>
	<span id="85">85</span>
	<span id="86">86</span>
	<span id="87">87</span>
	<span id="88">88</span>
	<span id="89">89</span>
	<span id="90">90</span>
	<span id="91">91</span>
	<span id="92">92</span>
	<span id="93">93</span>
	<span id="94">94</span>
	<span id="95">95</span>
	<span id="96">96</span>
	<span id="97">97</span>
	<span id="98">98</span>
	<span id="99">99</span>
	<span id="100">100</span>
	<span id="101">101</span>
	<span id="102">102</span>
	<span id="103">103</span>
	<span id="104">104</span>
	<span id="105">105</span>
	<span id="106">106</span>
	<span id="107">107</span>
	<span id="108">108</span>
	<span id="109">109</span>
	<span id="110">110</span>
	<span id="111">111</span>
	<span id="112">112</span>
	<span id="113">113</span>
	<span id="114">114</span>
	<span id="115">115</span>
	<span id="116">116</span>
	<span id="117">117</span>
	<span id="118">118</span>
	<span id="119">119</span>
	<span id="120">120</span>
	</pre><pre class="rust"><code><span class="comment">// Copyright 2015 Brian Smith.
	//
	// Permission to use, copy, modify, and/or distribute this software for any
	// purpose with or without fee is hereby granted, provided that the above
	// copyright notice and this permission notice appear in all copies.
	//
	// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
	// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
	// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

	</span><span class="doccomment">//! Utilities for efficiently embedding trust anchors in programs.

	</span><span class="kw">use </span><span class="kw">super</span>::der;
	<span class="kw">use crate</span>::{
	cert::{certificate_serial_number, parse_cert_internal, Cert, EndEntityOrCA},
	Error, TrustAnchor,
	};

	<span class="doccomment">/// Interprets the given DER-encoded certificate as a `TrustAnchor`. The
	/// certificate is not validated. In particular, there is no check that the
	/// certificate is self-signed or even that the certificate has the cA basic
	/// constraint.
	</span><span class="kw">pub fn </span>cert_der_as_trust_anchor(cert_der: <span class="kw-2">&</span>[u8]) -> <span class="prelude-ty">Result</span><TrustAnchor, Error> {
	<span class="kw">let </span>cert_der = untrusted::Input::from(cert_der);

	<span class="comment">// XXX: `EndEntityOrCA::EndEntity` is used instead of `EndEntityOrCA::CA`
	// because we don't have a reference to a child cert, which is needed for
	// `EndEntityOrCA::CA`. For this purpose, it doesn't matter.
	//
	// v1 certificates will result in `Error::BadDER` because `parse_cert` will
	// expect a version field that isn't there. In that case, try to parse the
	// certificate using a special parser for v1 certificates. Notably, that
	// parser doesn't allow extensions, so there's no need to worry about
	// embedded name constraints in a v1 certificate.
	</span><span class="kw">match </span>parse_cert_internal(
	cert_der,
	EndEntityOrCA::EndEntity,
	possibly_invalid_certificate_serial_number,
	) {
	<span class="prelude-val">Ok</span>(cert) => <span class="prelude-val">Ok</span>(trust_anchor_from_cert(cert)),
	<span class="prelude-val">Err</span>(Error::BadDER) => parse_cert_v1(cert_der).or(<span class="prelude-val">Err</span>(Error::BadDER)),
	<span class="prelude-val">Err</span>(err) => <span class="prelude-val">Err</span>(err),
	}
	}

	<span class="kw">fn </span>possibly_invalid_certificate_serial_number<<span class="lifetime">'a</span>>(
	input: <span class="kw-2">&mut </span>untrusted::Reader<<span class="lifetime">'a</span>>,
	) -> <span class="prelude-ty">Result</span><(), Error> {
	<span class="comment">// https://tools.ietf.org/html/rfc5280#section-4.1.2.2:
	// * Conforming CAs MUST NOT use serialNumber values longer than 20 octets."
	// * "The serial number MUST be a positive integer [...]"
	//
	// However, we don't enforce these constraints on trust anchors, as there
	// are widely-deployed trust anchors that violate these constraints.
	</span>skip(input, der::Tag::Integer)
	}

	<span class="doccomment">/// Generates code for hard-coding the given trust anchors into a program. This
	/// is designed to be used in a build script. `name` is the name of the public
	/// static variable that will contain the TrustAnchor array.
	</span><span class="kw">pub fn </span>generate_code_for_trust_anchors(name: <span class="kw-2">&</span>str, trust_anchors: <span class="kw-2">&</span>[TrustAnchor]) -> String {
	<span class="kw">let </span>decl = <span class="macro">format!</span>(
	<span class="string">"static {}: [TrustAnchor<'static>; {}] = "</span>,
	name,
	trust_anchors.len()
	);

	<span class="comment">// "{:?}" formats the array of trust anchors as Rust code, approximately,
	// except that it drops the leading "&" on slices.
	</span><span class="kw">let </span>value = str::replace(<span class="kw-2">&</span><span class="macro">format!</span>(<span class="string">"{:?};\n"</span>, trust_anchors), <span class="string">": ["</span>, <span class="string">": &["</span>);

	decl + <span class="kw-2">&</span>value
	}

	<span class="kw">fn </span>trust_anchor_from_cert<<span class="lifetime">'a</span>>(cert: Cert<<span class="lifetime">'a</span>>) -> TrustAnchor<<span class="lifetime">'a</span>> {
	TrustAnchor {
	subject: cert.subject.as_slice_less_safe(),
	spki: cert.spki.value().as_slice_less_safe(),
	name_constraints: cert.name_constraints.map(\|nc\| nc.as_slice_less_safe()),
	}
	}

	<span class="doccomment">/// Parses a v1 certificate directly into a TrustAnchor.
	</span><span class="kw">fn </span>parse_cert_v1<<span class="lifetime">'a</span>>(cert_der: untrusted::Input<<span class="lifetime">'a</span>>) -> <span class="prelude-ty">Result</span><TrustAnchor<<span class="lifetime">'a</span>>, Error> {
	<span class="comment">// X.509 Certificate: https://tools.ietf.org/html/rfc5280#section-4.1.
	</span>cert_der.read_all(Error::BadDER, \|cert_der\| {
	der::nested(cert_der, der::Tag::Sequence, Error::BadDER, \|cert_der\| {
	<span class="kw">let </span>anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDER, \|tbs\| {
	<span class="comment">// The version number field does not appear in v1 certificates.
	</span>certificate_serial_number(tbs)<span class="question-mark">?</span>;

	skip(tbs, der::Tag::Sequence)<span class="question-mark">?</span>; <span class="comment">// signature.
	</span>skip(tbs, der::Tag::Sequence)<span class="question-mark">?</span>; <span class="comment">// issuer.
	</span>skip(tbs, der::Tag::Sequence)<span class="question-mark">?</span>; <span class="comment">// validity.
	</span><span class="kw">let </span>subject = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)<span class="question-mark">?</span>;
	<span class="kw">let </span>spki = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)<span class="question-mark">?</span>;

	<span class="prelude-val">Ok</span>(TrustAnchor {
	subject: subject.as_slice_less_safe(),
	spki: spki.as_slice_less_safe(),
	name_constraints: <span class="prelude-val">None</span>,
	})
	});

	<span class="comment">// read and discard signatureAlgorithm + signature
	</span>skip(cert_der, der::Tag::Sequence)<span class="question-mark">?</span>;
	skip(cert_der, der::Tag::BitString)<span class="question-mark">?</span>;

	anchor
	})
	})
	}

	<span class="kw">fn </span>skip(input: <span class="kw-2">&mut </span>untrusted::Reader, tag: der::Tag) -> <span class="prelude-ty">Result</span><(), Error> {
	der::expect_tag_and_get_value(input, tag).map(\|<span class="kw">_</span>\| ())
	}
	</code></pre></div>
	</section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="webpki" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>