/rust/registry/src/index.crates.io-1949cf8c6b5b557f/x509-parser-0.17.0/src/extensions/nameconstraints.rs

Source
use super::GeneralName;
use crate::error::{X509Error, X509Result};
use crate::extensions::parse_generalname;
use asn1_rs::FromDer;
use der_parser::der::*;
use der_parser::error::BerError;
use nom::combinator::{all_consuming, complete, map, opt};
use nom::multi::many1;
use nom::{Err, IResult};

#[derive(Clone, Debug, PartialEq)]
pub struct NameConstraints<'a> {
    pub permitted_subtrees: Option<Vec<GeneralSubtree<'a>>>,
    pub excluded_subtrees: Option<Vec<GeneralSubtree<'a>>>,
}

impl<'a> FromDer<'a, X509Error> for NameConstraints<'a> {
    fn from_der(i: &'a [u8]) -> X509Result<'a, Self> {
        parse_nameconstraints(i).map_err(Err::convert)
    }
}

#[derive(Clone, Debug, PartialEq)]
/// Represents the structure used in the name constraints extensions.
/// The fields minimum and maximum are not supported (openssl also has no support).
pub struct GeneralSubtree<'a> {
    pub base: GeneralName<'a>,
    // minimum: u32,
    // maximum: Option<u32>,
}

pub(crate) fn parse_nameconstraints(i: &[u8]) -> IResult<&[u8], NameConstraints, BerError> {
    fn parse_subtree(i: &[u8]) -> IResult<&[u8], GeneralSubtree, BerError> {
        parse_der_sequence_defined_g(|input, _| {
            map(parse_generalname, |base| GeneralSubtree { base })(input)
        })(i)
    }
    fn parse_subtrees(i: &[u8]) -> IResult<&[u8], Vec<GeneralSubtree>, BerError> {
        all_consuming(many1(complete(parse_subtree)))(i)
    }

    let (ret, named_constraints) = parse_der_sequence_defined_g(|input, _| {
        let (rem, permitted_subtrees) =
            opt(complete(parse_der_tagged_explicit_g(0, |input, _| {
                parse_subtrees(input)
            })))(input)?;
        let (rem, excluded_subtrees) =
            opt(complete(parse_der_tagged_explicit_g(1, |input, _| {
                parse_subtrees(input)
            })))(rem)?;
        let named_constraints = NameConstraints {
            permitted_subtrees,
            excluded_subtrees,
        };
        Ok((rem, named_constraints))
    })(i)?;

    Ok((ret, named_constraints))
}

Coverage Report

Created: 2025-10-29 07:05

Line	Count	Source
1		use super::GeneralName;
2		use crate::error::{X509Error, X509Result};
3		use crate::extensions::parse_generalname;
4		use asn1_rs::FromDer;
5		use der_parser::der::*;
6		use der_parser::error::BerError;
7		use nom::combinator::{all_consuming, complete, map, opt};
8		use nom::multi::many1;
9		use nom::{Err, IResult};
10
11		#[derive(Clone, Debug, PartialEq)]
12		pub struct NameConstraints<'a> {
13		pub permitted_subtrees: Option<Vec<GeneralSubtree<'a>>>,
14		pub excluded_subtrees: Option<Vec<GeneralSubtree<'a>>>,
15		}
16
17		impl<'a> FromDer<'a, X509Error> for NameConstraints<'a> {
18	0	fn from_der(i: &'a [u8]) -> X509Result<'a, Self> {
19	0	parse_nameconstraints(i).map_err(Err::convert)
20	0	}
21		}
22
23		#[derive(Clone, Debug, PartialEq)]
24		/// Represents the structure used in the name constraints extensions.
25		/// The fields minimum and maximum are not supported (openssl also has no support).
26		pub struct GeneralSubtree<'a> {
27		pub base: GeneralName<'a>,
28		// minimum: u32,
29		// maximum: Option<u32>,
30		}
31
32	0	pub(crate) fn parse_nameconstraints(i: &[u8]) -> IResult<&[u8], NameConstraints, BerError> {
33	0	fn parse_subtree(i: &[u8]) -> IResult<&[u8], GeneralSubtree, BerError> {
34	0	parse_der_sequence_defined_g(\|input, _\| {
35	0	map(parse_generalname, \|base\| GeneralSubtree { base })(input)
36	0	})(i)
37	0	}
38	0	fn parse_subtrees(i: &[u8]) -> IResult<&[u8], Vec<GeneralSubtree>, BerError> {
39	0	all_consuming(many1(complete(parse_subtree)))(i)
40	0	}
41
42	0	let (ret, named_constraints) = parse_der_sequence_defined_g(\|input, _\| {
43	0	let (rem, permitted_subtrees) =
44	0	opt(complete(parse_der_tagged_explicit_g(0, \|input, _\| {
45	0	parse_subtrees(input)
46	0	})))(input)?;
47	0	let (rem, excluded_subtrees) =
48	0	opt(complete(parse_der_tagged_explicit_g(1, \|input, _\| {
49	0	parse_subtrees(input)
50	0	})))(rem)?;
51	0	let named_constraints = NameConstraints {
52	0	permitted_subtrees,
53	0	excluded_subtrees,
54	0	};
55	0	Ok((rem, named_constraints))
56	0	})(i)?;
57
58	0	Ok((ret, named_constraints))
59	0	}