mirror of https://github.com/briansmith/webpki
104 lines
3.2 KiB
Rust
104 lines
3.2 KiB
Rust
// Copyright 2015 Brian Smith.
|
|
//
|
|
// Permission to use, copy, modify, and/or distribute this software for any
|
|
// purpose with or without fee is hereby granted, provided that the above
|
|
// copyright notice and this permission notice appear in all copies.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
|
|
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
|
|
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
//! webpki: Web PKI X.509 Certificate Validation.
|
|
//!
|
|
//! See `EndEntityCert`'s documentation for a description of the certificate
|
|
//! processing steps necessary for a TLS connection.
|
|
//!
|
|
//! # Features
|
|
//!
|
|
//! | Feature | Description |
|
|
//! | ------- | ----------- |
|
|
//! | `alloc` | Enable features that require use of the heap. Currently all RSA signature algorithms require this feature. |
|
|
//! | `std` | Enable features that require libstd. Implies `alloc`. |
|
|
|
|
#![cfg_attr(not(feature = "std"), no_std)]
|
|
#![allow(
|
|
clippy::doc_markdown,
|
|
clippy::if_not_else,
|
|
clippy::inline_always,
|
|
clippy::items_after_statements,
|
|
clippy::missing_errors_doc,
|
|
clippy::module_name_repetitions,
|
|
clippy::single_match,
|
|
clippy::single_match_else
|
|
)]
|
|
#![deny(clippy::as_conversions)]
|
|
|
|
#[cfg(any(test, feature = "alloc"))]
|
|
#[cfg_attr(test, macro_use)]
|
|
extern crate alloc;
|
|
|
|
mod budget;
|
|
|
|
#[macro_use]
|
|
mod der;
|
|
|
|
mod calendar;
|
|
mod cert;
|
|
mod end_entity;
|
|
mod error;
|
|
mod name;
|
|
mod signed_data;
|
|
mod time;
|
|
mod trust_anchor;
|
|
|
|
mod verify_cert;
|
|
|
|
pub use {
|
|
end_entity::EndEntityCert,
|
|
error::{Error, ErrorExt},
|
|
name::{DnsNameRef, InvalidDnsNameError},
|
|
signed_data::{
|
|
SignatureAlgorithm, ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256,
|
|
ECDSA_P384_SHA384, ED25519,
|
|
},
|
|
time::Time,
|
|
trust_anchor::{TlsClientTrustAnchors, TlsServerTrustAnchors, TrustAnchor},
|
|
};
|
|
|
|
#[cfg(feature = "alloc")]
|
|
pub use {
|
|
name::DnsName,
|
|
signed_data::{
|
|
RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
|
|
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
|
|
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
|
|
},
|
|
};
|
|
|
|
#[cfg(feature = "alloc")]
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
|
#[deprecated(note = "Use DnsName")]
|
|
pub type DNSName = DnsName;
|
|
|
|
#[deprecated(note = "use DnsNameRef")]
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
|
pub type DNSNameRef<'a> = DnsNameRef<'a>;
|
|
|
|
#[deprecated(note = "use TlsServerTrustAnchors")]
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
|
pub type TLSServerTrustAnchors<'a> = TlsServerTrustAnchors<'a>;
|
|
|
|
#[deprecated(note = "use TlsClientTrustAnchors")]
|
|
#[allow(unknown_lints, clippy::upper_case_acronyms)]
|
|
pub type TLSClientTrustAnchors<'a> = TlsClientTrustAnchors<'a>;
|
|
|
|
// We don't operate on secret data so a convenient comparison function is warranted.
|
|
#[must_use]
|
|
fn equal(a: untrusted::Input, b: untrusted::Input) -> bool {
|
|
a.as_slice_less_safe() == b.as_slice_less_safe()
|
|
}
|