x509_parser/extensions/
nameconstraints.rs1use super::GeneralName;
2use crate::error::{X509Error, X509Result};
3use crate::extensions::parse_generalname;
4use asn1_rs::FromDer;
5use der_parser::der::*;
6use der_parser::error::BerError;
7use nom::combinator::{all_consuming, complete, map, opt};
8use nom::multi::many1;
9use nom::{Err, IResult};
10
11#[derive(Clone, Debug, PartialEq)]
12pub struct NameConstraints<'a> {
13 pub permitted_subtrees: Option<Vec<GeneralSubtree<'a>>>,
14 pub excluded_subtrees: Option<Vec<GeneralSubtree<'a>>>,
15}
16
17impl<'a> FromDer<'a, X509Error> for NameConstraints<'a> {
18 fn from_der(i: &'a [u8]) -> X509Result<'a, Self> {
19 parse_nameconstraints(i).map_err(Err::convert)
20 }
21}
22
23#[derive(Clone, Debug, PartialEq)]
24pub struct GeneralSubtree<'a> {
27 pub base: GeneralName<'a>,
28 }
31
32pub(crate) fn parse_nameconstraints(i: &[u8]) -> IResult<&[u8], NameConstraints, BerError> {
33 fn parse_subtree(i: &[u8]) -> IResult<&[u8], GeneralSubtree, BerError> {
34 parse_der_sequence_defined_g(|input, _| {
35 map(parse_generalname, |base| GeneralSubtree { base })(input)
36 })(i)
37 }
38 fn parse_subtrees(i: &[u8]) -> IResult<&[u8], Vec<GeneralSubtree>, BerError> {
39 all_consuming(many1(complete(parse_subtree)))(i)
40 }
41
42 let (ret, named_constraints) = parse_der_sequence_defined_g(|input, _| {
43 let (rem, permitted_subtrees) =
44 opt(complete(parse_der_tagged_explicit_g(0, |input, _| {
45 parse_subtrees(input)
46 })))(input)?;
47 let (rem, excluded_subtrees) =
48 opt(complete(parse_der_tagged_explicit_g(1, |input, _| {
49 parse_subtrees(input)
50 })))(rem)?;
51 let named_constraints = NameConstraints {
52 permitted_subtrees,
53 excluded_subtrees,
54 };
55 Ok((rem, named_constraints))
56 })(i)?;
57
58 Ok((ret, named_constraints))
59}