SignedData

webpki::signed_data

Struct SignedData 

Source 
pub(crate) struct SignedData<'a> {
    pub(crate) data: Input<'a>,
    pub(crate) algorithm: Input<'a>,
    pub(crate) signature: Input<'a>,
}
Expand description

X.509 certificates and related items that are signed are almost always encoded in the format “tbs||signatureAlgorithm||signature”. This structure captures this pattern.

Fields§

§data: Input<'a>

The signed data. This would be tbsCertificate in the case of an X.509 certificate, tbsResponseData in the case of an OCSP response, tbsCertList in the case of a CRL, and the data nested in the digitally-signed construct for TLS 1.2 signed data.

§algorithm: Input<'a>

The value of the AlgorithmIdentifier. This would be signatureAlgorithm in the case of an X.509 certificate, OCSP response or CRL. This would have to be synthesized in the case of TLS 1.2 signed data, since TLS does not identify algorithms by ASN.1 OIDs.

§signature: Input<'a>

The value of the signature. This would be signature in an X.509 certificate, OCSP response or CRL. This would be the value of DigitallySigned.signature for TLS 1.2 signed data.

Implementations§

Source§

impl<'a> SignedData<'a>

Source

pub(crate) fn from_der( der: &mut Reader<'a>, size_limit: usize, ) -> Result<(Input<'a>, Self), Error>

Parses the concatenation of “tbs||signatureAlgorithm||signature” that is common in the X.509 certificate and OCSP response syntaxes.

X.509 Certificates (RFC 5280) look like this:

Certificate (SEQUENCE) {
    tbsCertificate TBSCertificate,
    signatureAlgorithm AlgorithmIdentifier,
    signatureValue BIT STRING
}

OCSP responses (RFC 6960) look like this:

BasicOCSPResponse {
    tbsResponseData ResponseData,
    signatureAlgorithm AlgorithmIdentifier,
    signature BIT STRING,
    certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
}

Note that this function does NOT parse the outermost SEQUENCE or the certs value.

The return value’s first component is the contents of tbsCertificate/tbsResponseData; the second component is a SignedData structure that can be passed to verify_signed_data.

The provided size_limit will enforce the largest possible outermost SEQUENCE this function will read.

Source

pub(crate) fn to_owned(&self) -> OwnedSignedData

Convert the borrowed signed data to an OwnedSignedData.

Trait Implementations§

Source§

impl<'a> Debug for SignedData<'a>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<'a> Freeze for SignedData<'a>

§

impl<'a> RefUnwindSafe for SignedData<'a>

§

impl<'a> Send for SignedData<'a>

§

impl<'a> Sync for SignedData<'a>

§

impl<'a> Unpin for SignedData<'a>

§

impl<'a> UnwindSafe for SignedData<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.