x509-parser

X.509 Parser

A X.509 v3 ([RFC5280]) parser, implemented with the nom parser combinator framework.

The code is available on Github and is part of the Rusticata project.

The main parsing method is parse_x509_der, which takes a DER-encoded certificate as input, and builds a X509Certificate object.

For PEM-encoded certificates, use the pem module.

Examples

Parsing a certificate in DER format:

```rust,norun use x509parser::parsex509der;

static IGCADER: &'static [u8] = includebytes!("../assets/IGC_A.der");

let res = parsex509der(IGCADER); match res { Ok((rem, cert)) => { assert!(rem.isempty()); // asserteq!(cert.tbscertificate.version, 2); }, _ => panic!("x509 parsing failed: {:?}", res), } ```

Changes

0.7.0

• Fix clippy warnings
  • nid2obj argument is now passed by copy, not reference
• Set edition to 2018

0.6.4

• Fix infinite loop when certificate has no END mark

0.6.3

• Fix infinite loop when reading non-pem data (#28)

0.6.2

• Remove debug code left in Pem::read

0.6.1

• Add CRL parser
• Expose CRL tbs bytes
• PEM: ignore lines before BEGIN label (#21)
• Fix parsing default values for TbsCertificate version field (#24)
• Use BerResult from der-parser for simpler function signatures
• Expose tbsCertificate bytes
• Upgrade dependencies (base64)

0.6.0

• Update to der-parser 3.0 and nom 5
• Breaks API, cleaner error types

0.5.1

• Add time_to_expiration to Validity object
• Add method to read a Pem object from BufRead + Seek
• Add method to Pem to decode and extract certificate

0.5.0

• Update to der-parser 2.0

0.4.3

• Make parse_subject_public_key_info public
• Add function sn2oid (get an OID by short name)

0.4.2

• Support GeneralizedTime conversion

0.4.1

• Fix case where certificate has no extensions

0.4.0

• Upgrade to der-parser 1.1, and Use num-bigint over num
• Rename x509parser to parsex509_der
• Do not export subparsers
• Improve documentation

0.3.0

• Upgrade to nom 4

0.2.0

• Rewrite X.509 structures and parsing code to work in one pass Warning: this is a breaking change
• Add support for PEM-encoded certificates
• Add some documentation

License

Licensed under either of

• Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.