Module x509_parser::pem
source · Expand description
Decoding functions for PEM-encoded data
A PEM object is a container, which can store (amongst other formats) a public X.509 Certificate, or a CRL, etc. It contains only printable characters. PEM-encoded binary data is essentially a beginning and matching end tag that encloses base64-encoded binary data (see: https://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail).
§Examples
To parse a certificate in PEM format, first create the Pem
object, then decode
contents:
use x509_parser::pem::Pem;
use x509_parser::x509::X509Version;
static IGCA_PEM: &str = "../assets/IGC_A.pem";
let data = std::fs::read(IGCA_PEM).expect("Could not read file");
for pem in Pem::iter_from_buffer(&data) {
let pem = pem.expect("Reading next PEM block failed");
let x509 = pem.parse_x509().expect("X.509: decoding DER failed");
assert_eq!(x509.tbs_certificate.version, X509Version::V3);
}
This is the most direct method to parse PEM data.
Another method to parse the certificate is to use parse_x509_pem
:
use x509_parser::pem::parse_x509_pem;
use x509_parser::parse_x509_certificate;
static IGCA_PEM: &[u8] = include_bytes!("../assets/IGC_A.pem");
let res = parse_x509_pem(IGCA_PEM);
match res {
Ok((rem, pem)) => {
assert!(rem.is_empty());
//
assert_eq!(pem.label, String::from("CERTIFICATE"));
//
let res_x509 = parse_x509_certificate(&pem.contents);
assert!(res_x509.is_ok());
},
_ => panic!("PEM parsing failed: {:?}", res),
}
Note that all methods require to store the Pem
object in a variable, mainly because decoding
the PEM object requires allocation of buffers, and that the lifetime of X.509 certificates will
be bound to these buffers.
Structs§
- Representation of PEM data
- Iterator over PEM-encapsulated blocks
Functions§
- Read a PEM-encoded structure, and decode the base64 data
- pem_to_derDeprecated