| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/webpki-0.21.4/src/webpki.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>webpki.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../normalize.css"><link rel="stylesheet" href="../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../ayu.css" disabled><link rel="stylesheet" href="../../dark.css" disabled><link rel="stylesheet" href="../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../storage.js"></script><script defer src="../../source-script.js"></script><script defer src="../../source-files.js"></script><script defer src="../../main.js"></script><noscript><link rel="stylesheet" href="../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../webpki/index.html"><div class="logo-container"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../webpki/index.html"><img class="rust-logo" src="../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span> |
| <span id="2">2</span> |
| <span id="3">3</span> |
| <span id="4">4</span> |
| <span id="5">5</span> |
| <span id="6">6</span> |
| <span id="7">7</span> |
| <span id="8">8</span> |
| <span id="9">9</span> |
| <span id="10">10</span> |
| <span id="11">11</span> |
| <span id="12">12</span> |
| <span id="13">13</span> |
| <span id="14">14</span> |
| <span id="15">15</span> |
| <span id="16">16</span> |
| <span id="17">17</span> |
| <span id="18">18</span> |
| <span id="19">19</span> |
| <span id="20">20</span> |
| <span id="21">21</span> |
| <span id="22">22</span> |
| <span id="23">23</span> |
| <span id="24">24</span> |
| <span id="25">25</span> |
| <span id="26">26</span> |
| <span id="27">27</span> |
| <span id="28">28</span> |
| <span id="29">29</span> |
| <span id="30">30</span> |
| <span id="31">31</span> |
| <span id="32">32</span> |
| <span id="33">33</span> |
| <span id="34">34</span> |
| <span id="35">35</span> |
| <span id="36">36</span> |
| <span id="37">37</span> |
| <span id="38">38</span> |
| <span id="39">39</span> |
| <span id="40">40</span> |
| <span id="41">41</span> |
| <span id="42">42</span> |
| <span id="43">43</span> |
| <span id="44">44</span> |
| <span id="45">45</span> |
| <span id="46">46</span> |
| <span id="47">47</span> |
| <span id="48">48</span> |
| <span id="49">49</span> |
| <span id="50">50</span> |
| <span id="51">51</span> |
| <span id="52">52</span> |
| <span id="53">53</span> |
| <span id="54">54</span> |
| <span id="55">55</span> |
| <span id="56">56</span> |
| <span id="57">57</span> |
| <span id="58">58</span> |
| <span id="59">59</span> |
| <span id="60">60</span> |
| <span id="61">61</span> |
| <span id="62">62</span> |
| <span id="63">63</span> |
| <span id="64">64</span> |
| <span id="65">65</span> |
| <span id="66">66</span> |
| <span id="67">67</span> |
| <span id="68">68</span> |
| <span id="69">69</span> |
| <span id="70">70</span> |
| <span id="71">71</span> |
| <span id="72">72</span> |
| <span id="73">73</span> |
| <span id="74">74</span> |
| <span id="75">75</span> |
| <span id="76">76</span> |
| <span id="77">77</span> |
| <span id="78">78</span> |
| <span id="79">79</span> |
| <span id="80">80</span> |
| <span id="81">81</span> |
| <span id="82">82</span> |
| <span id="83">83</span> |
| <span id="84">84</span> |
| <span id="85">85</span> |
| <span id="86">86</span> |
| <span id="87">87</span> |
| <span id="88">88</span> |
| <span id="89">89</span> |
| <span id="90">90</span> |
| <span id="91">91</span> |
| <span id="92">92</span> |
| <span id="93">93</span> |
| <span id="94">94</span> |
| <span id="95">95</span> |
| <span id="96">96</span> |
| <span id="97">97</span> |
| <span id="98">98</span> |
| <span id="99">99</span> |
| <span id="100">100</span> |
| <span id="101">101</span> |
| <span id="102">102</span> |
| <span id="103">103</span> |
| <span id="104">104</span> |
| <span id="105">105</span> |
| <span id="106">106</span> |
| <span id="107">107</span> |
| <span id="108">108</span> |
| <span id="109">109</span> |
| <span id="110">110</span> |
| <span id="111">111</span> |
| <span id="112">112</span> |
| <span id="113">113</span> |
| <span id="114">114</span> |
| <span id="115">115</span> |
| <span id="116">116</span> |
| <span id="117">117</span> |
| <span id="118">118</span> |
| <span id="119">119</span> |
| <span id="120">120</span> |
| <span id="121">121</span> |
| <span id="122">122</span> |
| <span id="123">123</span> |
| <span id="124">124</span> |
| <span id="125">125</span> |
| <span id="126">126</span> |
| <span id="127">127</span> |
| <span id="128">128</span> |
| <span id="129">129</span> |
| <span id="130">130</span> |
| <span id="131">131</span> |
| <span id="132">132</span> |
| <span id="133">133</span> |
| <span id="134">134</span> |
| <span id="135">135</span> |
| <span id="136">136</span> |
| <span id="137">137</span> |
| <span id="138">138</span> |
| <span id="139">139</span> |
| <span id="140">140</span> |
| <span id="141">141</span> |
| <span id="142">142</span> |
| <span id="143">143</span> |
| <span id="144">144</span> |
| <span id="145">145</span> |
| <span id="146">146</span> |
| <span id="147">147</span> |
| <span id="148">148</span> |
| <span id="149">149</span> |
| <span id="150">150</span> |
| <span id="151">151</span> |
| <span id="152">152</span> |
| <span id="153">153</span> |
| <span id="154">154</span> |
| <span id="155">155</span> |
| <span id="156">156</span> |
| <span id="157">157</span> |
| <span id="158">158</span> |
| <span id="159">159</span> |
| <span id="160">160</span> |
| <span id="161">161</span> |
| <span id="162">162</span> |
| <span id="163">163</span> |
| <span id="164">164</span> |
| <span id="165">165</span> |
| <span id="166">166</span> |
| <span id="167">167</span> |
| <span id="168">168</span> |
| <span id="169">169</span> |
| <span id="170">170</span> |
| <span id="171">171</span> |
| <span id="172">172</span> |
| <span id="173">173</span> |
| <span id="174">174</span> |
| <span id="175">175</span> |
| <span id="176">176</span> |
| <span id="177">177</span> |
| <span id="178">178</span> |
| <span id="179">179</span> |
| <span id="180">180</span> |
| <span id="181">181</span> |
| <span id="182">182</span> |
| <span id="183">183</span> |
| <span id="184">184</span> |
| <span id="185">185</span> |
| <span id="186">186</span> |
| <span id="187">187</span> |
| <span id="188">188</span> |
| <span id="189">189</span> |
| <span id="190">190</span> |
| <span id="191">191</span> |
| <span id="192">192</span> |
| <span id="193">193</span> |
| <span id="194">194</span> |
| <span id="195">195</span> |
| <span id="196">196</span> |
| <span id="197">197</span> |
| <span id="198">198</span> |
| <span id="199">199</span> |
| <span id="200">200</span> |
| <span id="201">201</span> |
| <span id="202">202</span> |
| <span id="203">203</span> |
| <span id="204">204</span> |
| <span id="205">205</span> |
| <span id="206">206</span> |
| <span id="207">207</span> |
| <span id="208">208</span> |
| <span id="209">209</span> |
| <span id="210">210</span> |
| <span id="211">211</span> |
| <span id="212">212</span> |
| <span id="213">213</span> |
| <span id="214">214</span> |
| <span id="215">215</span> |
| <span id="216">216</span> |
| <span id="217">217</span> |
| <span id="218">218</span> |
| <span id="219">219</span> |
| <span id="220">220</span> |
| <span id="221">221</span> |
| <span id="222">222</span> |
| <span id="223">223</span> |
| <span id="224">224</span> |
| <span id="225">225</span> |
| <span id="226">226</span> |
| <span id="227">227</span> |
| <span id="228">228</span> |
| <span id="229">229</span> |
| <span id="230">230</span> |
| <span id="231">231</span> |
| <span id="232">232</span> |
| <span id="233">233</span> |
| <span id="234">234</span> |
| <span id="235">235</span> |
| <span id="236">236</span> |
| <span id="237">237</span> |
| <span id="238">238</span> |
| <span id="239">239</span> |
| <span id="240">240</span> |
| <span id="241">241</span> |
| <span id="242">242</span> |
| <span id="243">243</span> |
| <span id="244">244</span> |
| <span id="245">245</span> |
| <span id="246">246</span> |
| <span id="247">247</span> |
| <span id="248">248</span> |
| <span id="249">249</span> |
| <span id="250">250</span> |
| <span id="251">251</span> |
| <span id="252">252</span> |
| <span id="253">253</span> |
| <span id="254">254</span> |
| <span id="255">255</span> |
| <span id="256">256</span> |
| <span id="257">257</span> |
| <span id="258">258</span> |
| <span id="259">259</span> |
| <span id="260">260</span> |
| <span id="261">261</span> |
| <span id="262">262</span> |
| <span id="263">263</span> |
| <span id="264">264</span> |
| <span id="265">265</span> |
| <span id="266">266</span> |
| <span id="267">267</span> |
| <span id="268">268</span> |
| <span id="269">269</span> |
| <span id="270">270</span> |
| <span id="271">271</span> |
| <span id="272">272</span> |
| </pre><pre class="rust"><code><span class="comment">// Copyright 2015 Brian Smith. |
| // |
| // Permission to use, copy, modify, and/or distribute this software for any |
| // purpose with or without fee is hereby granted, provided that the above |
| // copyright notice and this permission notice appear in all copies. |
| // |
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR |
| // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| |
| </span><span class="doccomment">//! webpki: Web PKI X.509 Certificate Validation. |
| //! |
| //! See `EndEntityCert`'s documentation for a description of the certificate |
| //! processing steps necessary for a TLS connection. |
| |
| </span><span class="attribute">#![doc(html_root_url = <span class="string">"https://briansmith.org/rustdoc/"</span>)] |
| #![cfg_attr(not(feature = <span class="string">"std"</span>), no_std)] |
| #![allow(missing_debug_implementations)] |
| </span><span class="comment">// `#[derive(...)]` uses `#[allow(unused_qualifications)]` internally. |
| </span><span class="attribute">#![deny(unused_qualifications)] |
| #![forbid( |
| anonymous_parameters, |
| box_pointers, |
| missing_copy_implementations, |
| missing_docs, |
| trivial_casts, |
| trivial_numeric_casts, |
| unsafe_code, |
| unstable_features, |
| unused_extern_crates, |
| unused_import_braces, |
| unused_results, |
| variant_size_differences, |
| warnings |
| )] |
| |
| #[cfg(all(test, not(feature = <span class="string">"std"</span>)))] |
| #[macro_use] |
| </span><span class="kw">extern crate </span>std; |
| |
| <span class="attribute">#[macro_use] |
| </span><span class="kw">mod </span>der; |
| |
| <span class="kw">mod </span>calendar; |
| <span class="kw">mod </span>cert; |
| <span class="kw">mod </span>error; |
| <span class="kw">mod </span>name; |
| <span class="kw">mod </span>signed_data; |
| <span class="kw">mod </span>time; |
| |
| <span class="attribute">#[cfg(feature = <span class="string">"trust_anchor_util"</span>)] |
| </span><span class="kw">pub mod </span>trust_anchor_util; |
| |
| <span class="kw">mod </span>verify_cert; |
| |
| <span class="kw">pub use </span>error::Error; |
| <span class="kw">pub use </span>name::{DNSNameRef, InvalidDNSNameError}; |
| |
| <span class="attribute">#[cfg(feature = <span class="string">"std"</span>)] |
| </span><span class="kw">pub use </span>name::DNSName; |
| |
| <span class="kw">pub use </span>signed_data::{ |
| SignatureAlgorithm, ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, |
| ED25519, RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, |
| RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, |
| RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, |
| }; |
| |
| <span class="kw">pub use </span>time::Time; |
| |
| <span class="doccomment">/// An end-entity certificate. |
| /// |
| /// Server certificate processing in a TLS connection consists of several |
| /// steps. All of these steps are necessary: |
| /// |
| /// * `EndEntityCert.verify_is_valid_tls_server_cert`: Verify that the server's |
| /// certificate is currently valid *for use by a TLS server*. |
| /// * `EndEntityCert.verify_is_valid_for_dns_name`: Verify that the server's |
| /// certificate is valid for the host that is being connected to. |
| /// * `EndEntityCert.verify_signature`: Verify that the signature of server's |
| /// `ServerKeyExchange` message is valid for the server's certificate. |
| /// |
| /// Client certificate processing in a TLS connection consists of analogous |
| /// steps. All of these steps are necessary: |
| /// |
| /// * `EndEntityCert.verify_is_valid_tls_client_cert`: Verify that the client's |
| /// certificate is currently valid *for use by a TLS client*. |
| /// * `EndEntityCert.verify_is_valid_for_dns_name` or |
| /// `EndEntityCert.verify_is_valid_for_at_least_one_dns_name`: Verify that the |
| /// client's certificate is valid for the identity or identities used to |
| /// identify the client. (Currently client authentication only works when the |
| /// client is identified by one or more DNS hostnames.) |
| /// * `EndEntityCert.verify_signature`: Verify that the client's signature in |
| /// its `CertificateVerify` message is valid using the public key from the |
| /// client's certificate. |
| /// |
| /// Although it would be less error-prone to combine all these steps into a |
| /// single function call, some significant optimizations are possible if the |
| /// three steps are processed separately (in parallel). It does not matter much |
| /// which order the steps are done in, but **all of these steps must completed |
| /// before application data is sent and before received application data is |
| /// processed**. `EndEntityCert::from` is an inexpensive operation and is |
| /// deterministic, so if these tasks are done in multiple threads, it is |
| /// probably best to just call `EndEntityCert::from` multiple times (before each |
| /// operation) for the same DER-encoded ASN.1 certificate bytes. |
| </span><span class="kw">pub struct </span>EndEntityCert<<span class="lifetime">'a</span>> { |
| inner: cert::Cert<<span class="lifetime">'a</span>>, |
| } |
| |
| <span class="kw">impl</span><<span class="lifetime">'a</span>> EndEntityCert<<span class="lifetime">'a</span>> { |
| <span class="doccomment">/// Parse the ASN.1 DER-encoded X.509 encoding of the certificate |
| /// `cert_der`. |
| </span><span class="kw">pub fn </span>from(cert_der: <span class="kw-2">&</span><span class="lifetime">'a </span>[u8]) -> <span class="prelude-ty">Result</span><<span class="self">Self</span>, Error> { |
| <span class="prelude-val">Ok</span>(<span class="self">Self </span>{ |
| inner: cert::parse_cert( |
| untrusted::Input::from(cert_der), |
| cert::EndEntityOrCA::EndEntity, |
| )<span class="question-mark">?</span>, |
| }) |
| } |
| |
| <span class="doccomment">/// Verifies that the end-entity certificate is valid for use by a TLS |
| /// server. |
| /// |
| /// `supported_sig_algs` is the list of signature algorithms that are |
| /// trusted for use in certificate signatures; the end-entity certificate's |
| /// public key is not validated against this list. `trust_anchors` is the |
| /// list of root CAs to trust. `intermediate_certs` is the sequence of |
| /// intermediate certificates that the server sent in the TLS handshake. |
| /// `time` is the time for which the validation is effective (usually the |
| /// current time). |
| </span><span class="kw">pub fn </span>verify_is_valid_tls_server_cert( |
| <span class="kw-2">&</span><span class="self">self</span>, supported_sig_algs: <span class="kw-2">&</span>[<span class="kw-2">&</span>SignatureAlgorithm], |
| <span class="kw-2">&</span>TLSServerTrustAnchors(trust_anchors): <span class="kw-2">&</span>TLSServerTrustAnchors, |
| intermediate_certs: <span class="kw-2">&</span>[<span class="kw-2">&</span>[u8]], time: Time, |
| ) -> <span class="prelude-ty">Result</span><(), Error> { |
| verify_cert::build_chain( |
| verify_cert::EKU_SERVER_AUTH, |
| supported_sig_algs, |
| trust_anchors, |
| intermediate_certs, |
| <span class="kw-2">&</span><span class="self">self</span>.inner, |
| time, |
| <span class="number">0</span>, |
| ) |
| } |
| |
| <span class="doccomment">/// Verifies that the end-entity certificate is valid for use by a TLS |
| /// client. |
| /// |
| /// If the certificate is not valid for any of the given names then this |
| /// fails with `Error::CertNotValidForName`. |
| /// |
| /// `supported_sig_algs` is the list of signature algorithms that are |
| /// trusted for use in certificate signatures; the end-entity certificate's |
| /// public key is not validated against this list. `trust_anchors` is the |
| /// list of root CAs to trust. `intermediate_certs` is the sequence of |
| /// intermediate certificates that the client sent in the TLS handshake. |
| /// `cert` is the purported end-entity certificate of the client. `time` is |
| /// the time for which the validation is effective (usually the current |
| /// time). |
| </span><span class="kw">pub fn </span>verify_is_valid_tls_client_cert( |
| <span class="kw-2">&</span><span class="self">self</span>, supported_sig_algs: <span class="kw-2">&</span>[<span class="kw-2">&</span>SignatureAlgorithm], |
| <span class="kw-2">&</span>TLSClientTrustAnchors(trust_anchors): <span class="kw-2">&</span>TLSClientTrustAnchors, |
| intermediate_certs: <span class="kw-2">&</span>[<span class="kw-2">&</span>[u8]], time: Time, |
| ) -> <span class="prelude-ty">Result</span><(), Error> { |
| verify_cert::build_chain( |
| verify_cert::EKU_CLIENT_AUTH, |
| supported_sig_algs, |
| trust_anchors, |
| intermediate_certs, |
| <span class="kw-2">&</span><span class="self">self</span>.inner, |
| time, |
| <span class="number">0</span>, |
| ) |
| } |
| |
| <span class="doccomment">/// Verifies that the certificate is valid for the given DNS host name. |
| </span><span class="kw">pub fn </span>verify_is_valid_for_dns_name(<span class="kw-2">&</span><span class="self">self</span>, dns_name: DNSNameRef) -> <span class="prelude-ty">Result</span><(), Error> { |
| name::verify_cert_dns_name(<span class="kw-2">&</span><span class="self">self</span>, dns_name) |
| } |
| |
| <span class="doccomment">/// Verifies that the certificate is valid for at least one of the given DNS |
| /// host names. |
| /// |
| /// If the certificate is not valid for any of the given names then this |
| /// fails with `Error::CertNotValidForName`. Otherwise the DNS names for |
| /// which the certificate is valid are returned. |
| /// |
| /// Requires the `std` default feature; i.e. this isn't available in |
| /// `#![no_std]` configurations. |
| </span><span class="attribute">#[cfg(feature = <span class="string">"std"</span>)] |
| </span><span class="kw">pub fn </span>verify_is_valid_for_at_least_one_dns_name<<span class="lifetime">'names</span>, Names>( |
| <span class="kw-2">&</span><span class="self">self</span>, dns_names: Names, |
| ) -> <span class="prelude-ty">Result</span><Vec<DNSNameRef<<span class="lifetime">'names</span>>>, Error> |
| <span class="kw">where |
| </span>Names: Iterator<Item = DNSNameRef<<span class="lifetime">'names</span>>>, |
| { |
| <span class="kw">let </span>result: Vec<DNSNameRef<<span class="lifetime">'names</span>>> = dns_names |
| .filter(|n| <span class="self">self</span>.verify_is_valid_for_dns_name(<span class="kw-2">*</span>n).is_ok()) |
| .collect(); |
| <span class="kw">if </span>result.is_empty() { |
| <span class="kw">return </span><span class="prelude-val">Err</span>(Error::CertNotValidForName); |
| } |
| <span class="prelude-val">Ok</span>(result) |
| } |
| |
| <span class="doccomment">/// Verifies the signature `signature` of message `msg` using the |
| /// certificate's public key. |
| /// |
| /// `signature_alg` is the algorithm to use to |
| /// verify the signature; the certificate's public key is verified to be |
| /// compatible with this algorithm. |
| /// |
| /// For TLS 1.2, `signature` corresponds to TLS's |
| /// `DigitallySigned.signature` and `signature_alg` corresponds to TLS's |
| /// `DigitallySigned.algorithm` of TLS type `SignatureAndHashAlgorithm`. In |
| /// TLS 1.2 a single `SignatureAndHashAlgorithm` may map to multiple |
| /// `SignatureAlgorithm`s. For example, a TLS 1.2 |
| /// `ignatureAndHashAlgorithm` of (ECDSA, SHA-256) may map to any or all |
| /// of {`ECDSA_P256_SHA256`, `ECDSA_P384_SHA256`}, depending on how the TLS |
| /// implementation is configured. |
| /// |
| /// For current TLS 1.3 drafts, `signature_alg` corresponds to TLS's |
| /// `algorithm` fields of type `SignatureScheme`. There is (currently) a |
| /// one-to-one correspondence between TLS 1.3's `SignatureScheme` and |
| /// `SignatureAlgorithm`. |
| </span><span class="kw">pub fn </span>verify_signature( |
| <span class="kw-2">&</span><span class="self">self</span>, signature_alg: <span class="kw-2">&</span>SignatureAlgorithm, msg: <span class="kw-2">&</span>[u8], signature: <span class="kw-2">&</span>[u8], |
| ) -> <span class="prelude-ty">Result</span><(), Error> { |
| signed_data::verify_signature( |
| signature_alg, |
| <span class="self">self</span>.inner.spki.value(), |
| untrusted::Input::from(msg), |
| untrusted::Input::from(signature), |
| ) |
| } |
| } |
| |
| <span class="doccomment">/// A trust anchor (a.k.a. root CA). |
| /// |
| /// Traditionally, certificate verification libraries have represented trust |
| /// anchors as full X.509 root certificates. However, those certificates |
| /// contain a lot more data than is needed for verifying certificates. The |
| /// `TrustAnchor` representation allows an application to store just the |
| /// essential elements of trust anchors. The `webpki::trust_anchor_util` module |
| /// provides functions for converting X.509 certificates to to the minimized |
| /// `TrustAnchor` representation, either at runtime or in a build script. |
| </span><span class="attribute">#[derive(Debug)] |
| </span><span class="kw">pub struct </span>TrustAnchor<<span class="lifetime">'a</span>> { |
| <span class="doccomment">/// The value of the `subject` field of the trust anchor. |
| </span><span class="kw">pub </span>subject: <span class="kw-2">&</span><span class="lifetime">'a </span>[u8], |
| |
| <span class="doccomment">/// The value of the `subjectPublicKeyInfo` field of the trust anchor. |
| </span><span class="kw">pub </span>spki: <span class="kw-2">&</span><span class="lifetime">'a </span>[u8], |
| |
| <span class="doccomment">/// The value of a DER-encoded NameConstraints, containing name |
| /// constraints to apply to the trust anchor, if any. |
| </span><span class="kw">pub </span>name_constraints: <span class="prelude-ty">Option</span><<span class="kw-2">&</span><span class="lifetime">'a </span>[u8]>, |
| } |
| |
| <span class="doccomment">/// Trust anchors which may be used for authenticating servers. |
| </span><span class="attribute">#[derive(Debug)] |
| </span><span class="kw">pub struct </span>TLSServerTrustAnchors<<span class="lifetime">'a</span>>(<span class="kw">pub </span><span class="kw-2">&</span><span class="lifetime">'a </span>[TrustAnchor<<span class="lifetime">'a</span>>]); |
| |
| <span class="doccomment">/// Trust anchors which may be used for authenticating clients. |
| </span><span class="attribute">#[derive(Debug)] |
| </span><span class="kw">pub struct </span>TLSClientTrustAnchors<<span class="lifetime">'a</span>>(<span class="kw">pub </span><span class="kw-2">&</span><span class="lifetime">'a </span>[TrustAnchor<<span class="lifetime">'a</span>>]); |
| </code></pre></div> |
| </section></div></main><div id="rustdoc-vars" data-root-path="../../" data-current-crate="webpki" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html> |