#Certificate #parser #nom #X509

x509-parser

Parser for the X.509 v3 format (RFC 5280 certificates)

16 unstable releases (6 breaking)

✓ Uses Rust 2018 edition

new 0.7.0 Mar 31, 2020
0.6.2 Feb 23, 2020
0.6.0 Aug 5, 2019
0.5.1 Jul 17, 2019
0.1.0 Jan 20, 2018

#225 in Parser implementations

Download history 1796/week @ 2019-12-10 1169/week @ 2019-12-17 294/week @ 2019-12-24 414/week @ 2019-12-31 866/week @ 2020-01-07 1158/week @ 2020-01-14 857/week @ 2020-01-21 876/week @ 2020-01-28 810/week @ 2020-02-04 1181/week @ 2020-02-11 1747/week @ 2020-02-18 1237/week @ 2020-02-25 2444/week @ 2020-03-03 2965/week @ 2020-03-10 3267/week @ 2020-03-17 3169/week @ 2020-03-24

7,253 downloads per month
Used in 10 crates (8 directly)

MIT/Apache

47KB
934 lines

x509-parser

License: MIT Apache License 2.0 Build Status Crates.io Version

X.509 Parser

A X.509 v3 (RFC5280) parser, implemented with the nom parser combinator framework.

The code is available on Github and is part of the Rusticata project.

The main parsing method is parse_x509_der, which takes a DER-encoded certificate as input, and builds a X509Certificate object.

For PEM-encoded certificates, use the pem module.

Examples

Parsing a certificate in DER format:

use x509_parser::parse_x509_der;

static IGCA_DER: &'static [u8] = include_bytes!("../assets/IGC_A.der");

let res = parse_x509_der(IGCA_DER);
match res {
    Ok((rem, cert)) => {
        assert!(rem.is_empty());
        //
        assert_eq!(cert.tbs_certificate.version, 2);
    },
    _ => panic!("x509 parsing failed: {:?}", res),
}

Changes

0.7.0

  • Fix clippy warnings
    • nid2obj argument is now passed by copy, not reference
  • Set edition to 2018

0.6.4

  • Fix infinite loop when certificate has no END mark

0.6.3

  • Fix infinite loop when reading non-pem data (#28)

0.6.2

  • Remove debug code left in Pem::read

0.6.1

  • Add CRL parser
  • Expose CRL tbs bytes
  • PEM: ignore lines before BEGIN label (#21)
  • Fix parsing default values for TbsCertificate version field (#24)
  • Use BerResult from der-parser for simpler function signatures
  • Expose tbsCertificate bytes
  • Upgrade dependencies (base64)

0.6.0

  • Update to der-parser 3.0 and nom 5
  • Breaks API, cleaner error types

0.5.1

  • Add time_to_expiration to Validity object
  • Add method to read a Pem object from BufRead + Seek
  • Add method to Pem to decode and extract certificate

0.5.0

  • Update to der-parser 2.0

0.4.3

  • Make parse_subject_public_key_info public
  • Add function sn2oid (get an OID by short name)

0.4.2

  • Support GeneralizedTime conversion

0.4.1

  • Fix case where certificate has no extensions

0.4.0

  • Upgrade to der-parser 1.1, and Use num-bigint over num
  • Rename x509_parser to parse_x509_der
  • Do not export subparsers
  • Improve documentation

0.3.0

  • Upgrade to nom 4

0.2.0

  • Rewrite X.509 structures and parsing code to work in one pass Warning: this is a breaking change
  • Add support for PEM-encoded certificates
  • Add some documentation

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~2MB
~38K SLoC