Struct CertificateTrustPolicy

pub struct CertificateTrustPolicy { /* private fields */ }

A CertificateTrustPolicy is configured with information about trust anchors, privately-accepted end-entity certificates, and allowed EKUs. It can be used to evaluate a signing certificate against those policies.

Implementations

impl CertificateTrustPolicy

pub fn new() -> Self

Create a new certificate acceptance policy with no preconfigured trust roots.

Use default() if you want a typical built-in configuration.

pub fn check_certificate_trust( &self, chain_der: &[Vec<u8>], end_entity_cert_der: &[u8], signing_time_epoch: Option<i64>, ) -> Result<(), CertificateTrustError>

Evaluate a certificate against the trust policy described by this struct.

Returns Ok(()) if the certificate appears on the end-entity certificate list or has a valid chain to one of the trust anchors that was provided and that it has a valid extended key usage (EKU).

If signing_time_epoch is provided, evaluates the signing time (which must be in Unix seconds since the epoch) against the certificate’s period of validity.

pub async fn check_certificate_trust_async( &self, chain_der: &[Vec<u8>], end_entity_cert_der: &[u8], signing_time_epoch: Option<i64>, ) -> Result<(), CertificateTrustError>

Evaluate a certificate against the trust policy described by this struct.

Returns Ok(()) if the certificate appears on the end-entity certificate list or has a valid chain to one of the trust anchors that was provided and that it has a valid extended key usage (EKU).

If signing_time_epoch is provided, evaluates the signing time (which must be in Unix seconds since the epoch) against the certificate’s period of validity.

pub fn add_trust_anchors( &mut self, trust_anchor_pems: &[u8], ) -> Result<(), InvalidCertificateError>

Add trust anchors (root X.509 certificates) that shall be accepted when verifying COSE signatures.

From §14.4.1, C2PA Signers, of the C2PA Technical Specification:

A validator shall maintain the following lists for C2PA signers:

• The list of X.509 certificate trust anchors provided by the C2PA (i.e., the C2PA Trust List).
• A list of additional X.509 certificate trust anchors.
• A list of accepted Extended Key Usage (EKU) values. (not relevant for this API)

NOTE: Some of these lists can be empty.

In addition to the list of trust anchors provided in the C2PA Trust List, a validator should allow a user to configure additional trust anchor stores, and should provide default options or offer lists maintained by external parties that the user may opt into to populate the validator’s trust anchor store for C2PA signers.

This function reads zero or more X.509 root certificates in PEM format and configures the trust handler to accept certificates that chain up to these trust anchors.

pub fn add_end_entity_credentials( &mut self, end_entity_cert_pems: &[u8], ) -> Result<(), InvalidCertificateError>

Add individual end-entity credentials that shall be accepted when verifying COSE signatures.

From §14.4.3, Private Credential Storage, of the C2PA Technical Specification:

A validator may also allow the user to create and maintain a private credential store of signing credentials. This store is intended as an “address book” of credentials they have chosen to trust based on an out-of-band relationship. If present, the private credential store shall only apply to validating signed C2PA manifests, and shall not apply to validating time-stamps. If present, the private credential store shall only allow trust in signer certificates directly; entries in the private credential store cannot issue credentials and shall not be included as trust anchors during validation.

This function reads zero or more X.509 end-entity certificates in PEM format and configures the trust handler to accept those specific certificates, regardless of how they may or may not chain up to other trust anchors.

As an optimization, this function also accepts standalone lines (outside of the X.509 PEM blocks). Each such line must contain a Base-64 encoded SHA_256 hash value over the value of a PEM certificate.

Lines that match neither format (PEM or hash) are ignored.

pub fn add_valid_ekus(&mut self, eku_oids: &[u8])

Add extended key usage (EKU) values that shall be accepted when verifying COSE signatures.

From §14.4.1, C2PA Signers, of the C2PA Technical Specification:

A validator shall maintain the following lists for C2PA signers:

• The list of X.509 certificate trust anchors provided by the C2PA (i.e., the C2PA Trust List). (not relevant for this API)
• A list of additional X.509 certificate trust anchors. (not relevant for this API)
• A list of accepted Extended Key Usage (EKU) values.

NOTE: Some of these lists can be empty.

This function reads zero or more EKU object identifiers (OIDs) in dotted-decimal notation (one per line) and configures the trust handler to accept certificates that are issued with one of those EKUs.

IMPORTANT: The trust configuration will always accept the default set of OIDs descfibed in the C2PA Technical Specification.

This function will quietly ignore any invalid input, such as a non-UTF8 input or lines within the input such as comments or blank lines that can not be parsed as OIDs.

pub fn clear(&mut self)

Remove all trust anchors, private credentials, and EKUs previously configured.

Trait Implementations

impl Debug for CertificateTrustPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for CertificateTrustPolicy

fn default() -> Self

Returns the “default value” for a type.