rama::tls::rustls::dep::x509_parser::prelude::visitor

Trait CertificateRevocationListVisitor

pub trait CertificateRevocationListVisitor {
Show 24 methods    // Provided methods
    fn walk(&mut self, crl: &CertificateRevocationList<'_>)
       where Self: Sized { ... }
    fn visit_tbs_cert_list(&mut self, _tbs: &TbsCertList<'_>) { ... }
    fn visit_signature_algorithm(
        &mut self,
        _algorithm: &AlgorithmIdentifier<'_>,
    ) { ... }
    fn visit_signature_value(&mut self, _signature: &BitString<'_>) { ... }
    fn visit_version(&mut self, _version: Option<&X509Version>) { ... }
    fn visit_tbs_signature_algorithm(
        &mut self,
        _algorithm: &AlgorithmIdentifier<'_>,
    ) { ... }
    fn visit_issuer(&mut self, _name: &X509Name<'_>) { ... }
    fn visit_this_update(&mut self, _time: &ASN1Time) { ... }
    fn visit_next_update(&mut self, _time: Option<&ASN1Time>) { ... }
    fn visit_revoked_certificates(
        &mut self,
        _certificate: &[RevokedCertificate<'_>],
    ) { ... }
    fn visit_revoked_certificate(
        &mut self,
        _certificate: &RevokedCertificate<'_>,
    ) { ... }
    fn pre_visit_extensions(&mut self, _extensions: &[X509Extension<'_>]) { ... }
    fn visit_extension(&mut self, _extension: &X509Extension<'_>) { ... }
    fn post_visit_extensions(&mut self, _extensions: &[X509Extension<'_>]) { ... }
    fn visit_extension_aki(&mut self, _aki: &AuthorityKeyIdentifier<'_>) { ... }
    fn visit_extension_issuer_alternative_name(
        &mut self,
        _ian: &IssuerAlternativeName<'_>,
    ) { ... }
    fn visit_extension_crl_number(&mut self, _number: &BigUint) { ... }
    fn visit_extension_issuing_distribution_point(
        &mut self,
        _dp: &IssuingDistributionPoint<'_>,
    ) { ... }
    fn visit_extension_authority_information_access(
        &mut self,
        _info: &AuthorityInfoAccess<'_>,
    ) { ... }
    fn visit_extension_reason_code(&mut self, _code: &ReasonCode) { ... }
    fn visit_extension_invalidity_date(&mut self, _time: &ASN1Time) { ... }
    fn visit_extension_sct(&mut self, _sct: &[SignedCertificateTimestamp<'_>]) { ... }
    fn visit_extension_unknown(&mut self, _ext: &X509Extension<'_>) { ... }
    fn visit_extension_parse_error(
        &mut self,
        _extension: &X509Extension<'_>,
        _error: &Err<Error>,
    ) { ... }
}

Available on crate feature rustls only.

Expand description

Visitor pattern for CertificateRevocationList

§Extensions

Visitor methods are provided for extensions, both in a generic way (receiving a X509Extension object) and in a specific way for standard extensions (for ex, visit_extension_aki receives a AuthorityKeyIdentifier).

For a specific method to be called, the extension OID must be correct and the extension must be successfully parsed as the specific type.

A specific method can be called multiple times, if the extension is present multiple times.

Extension parsing methods are redundant. This is not a problem because default methods do nothing, but if a trait implementation provides several visit_extension... methods it must be aware that it will visit the same extension multiple times.

§Example

use der_parser::num_bigint::BigUint;
use x509_parser::prelude::*;
use x509_parser::visitor::CertificateRevocationListVisitor;
#[derive(Debug, Default)]
struct RevokedCertsVisitor {
    certificates: Vec<BigUint>,
}

impl CertificateRevocationListVisitor for RevokedCertsVisitor {
    fn visit_revoked_certificate(&mut self, certificate: &RevokedCertificate<'_>) {
        self.certificates.push(certificate.user_certificate.clone());
    }
}

Provided Methods§

fn walk(&mut self, crl: &CertificateRevocationList<'_>)
where Self: Sized,

Run the provided visitor (self) over the Certificate Revocation List

fn visit_tbs_cert_list(&mut self, _tbs: &TbsCertList<'_>)

Invoked for the “tbsCertList” field of the Certificate Revocation List, before visiting children

fn visit_signature_algorithm(&mut self, _algorithm: &AlgorithmIdentifier<'_>)

Invoked for the “signatureAlgorithm” field of the Certificate Revocation List

Note: this is the “signatureAlgorithm” in the “CertificateList” sequence. According to the specifications, it should be equal to “signature” field from the “TBSCertificate” sequence.

fn visit_signature_value(&mut self, _signature: &BitString<'_>)

Invoked for the “signatureValue” field of the TBSCertList

fn visit_version(&mut self, _version: Option<&X509Version>)

Invoked for the “version” field of the TBSCertList

fn visit_tbs_signature_algorithm( &mut self, _algorithm: &AlgorithmIdentifier<'_>, )

Invoked for the “signature” field of the TBSCertList

Note: this is the “signature” field from the “TBSCertList” sequence. According to the specifications, it should be equal to “signatureAlgorithm” in the “CertificateList” sequence.

fn visit_issuer(&mut self, _name: &X509Name<'_>)

Invoked for the “issuer” field of the TBSCertList

fn visit_this_update(&mut self, _time: &ASN1Time)

Invoked for the “thisUpdate” field of the TBSCertList

fn visit_next_update(&mut self, _time: Option<&ASN1Time>)

Invoked for the “nextUpdate” field of the TBSCertList

fn visit_revoked_certificates( &mut self, _certificate: &[RevokedCertificate<'_>], )

Invoked for revoked certificate that appear in the TBSCertList

fn visit_revoked_certificate(&mut self, _certificate: &RevokedCertificate<'_>)

Invoked for any revoked certificates that appear in the TBSCertList

Note: this function is redundant with visit_revoked_certificates

fn pre_visit_extensions(&mut self, _extensions: &[X509Extension<'_>])

Invoked for extensions, before visiting children

fn visit_extension(&mut self, _extension: &X509Extension<'_>)

Invoked for any extension that appear in the TBSCertList

Note: this method may be redundant with any other extension visitor method

fn post_visit_extensions(&mut self, _extensions: &[X509Extension<'_>])

Invoked for extensions, after visiting children

fn visit_extension_aki(&mut self, _aki: &AuthorityKeyIdentifier<'_>)

Invoked for the “Authority Key Identifier” (if present)

fn visit_extension_issuer_alternative_name( &mut self, _ian: &IssuerAlternativeName<'_>, )

Invoked for the “Issuer Alternative Name” (if present)

fn visit_extension_crl_number(&mut self, _number: &BigUint)

Invoked for the “CRL Number” (if present)

fn visit_extension_issuing_distribution_point( &mut self, _dp: &IssuingDistributionPoint<'_>, )

Invoked for the “Issuing Distribution Point” (if present)

fn visit_extension_authority_information_access( &mut self, _info: &AuthorityInfoAccess<'_>, )

Invoked for the “Authority Information Access” (if present)

fn visit_extension_reason_code(&mut self, _code: &ReasonCode)

Invoked for the “Reason Code” (if present)

fn visit_extension_invalidity_date(&mut self, _time: &ASN1Time)

Invoked for the “Invalidity Date” (if present)

fn visit_extension_sct(&mut self, _sct: &[SignedCertificateTimestamp<'_>])

Invoked for the “Signed Certificate Timestamp” (SCT) (if present)

fn visit_extension_unknown(&mut self, _ext: &X509Extension<'_>)

Invoked for any other extension than the specific (recognized) types

This can happen for several reasons:

the parser did not recognize the extension content
the parser was explicitly asked to not parse extension content
the extension could be correct (for ex in a CRL), but is not supposed to be part of a Certificate

fn visit_extension_parse_error( &mut self, _extension: &X509Extension<'_>, _error: &Err<Error>, )

Invoked for any extension than caused a parse error

Normally, this should not match anything except for invalid data. This could match any known extension malformed or wrongly encoded.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

CertificateRevocationListVisitor

Trait CertificateRevocationListVisitor Copy item path