pub struct Signature<'a> { /* private fields */ }
Implementations§
§impl<'a> Signature<'a>
impl<'a> Signature<'a>
pub fn from<R: Read + Seek>(reader: &mut R) -> Option<Self>
pub fn from<R: Read + Seek>(reader: &mut R) -> Option<Self>
Create a Signature from a PKCS#7 reader implementing the Read + Seek
traits
pub fn digest_algorithm(&self) -> Algorithms
pub fn digest_algorithm(&self) -> Algorithms
Algorithm used to digest the file.
It should match SignerInfo::digest_algorithm
pub fn content_info(&'a self) -> ContentInfo<'a>
pub fn content_info(&'a self) -> ContentInfo<'a>
ContentInfo as described in the RFC2315 https://tools.ietf.org/html/rfc2315#section-7
pub fn certificates(&'a self) -> Certificates<'a> ⓘ
pub fn certificates(&'a self) -> Certificates<'a> ⓘ
Return list of X509
certificates associated with this signature
pub fn signers(&'a self) -> Signers<'a> ⓘ
pub fn signers(&'a self) -> Signers<'a> ⓘ
Iterator over the signer SignerInfo
defined in the PKCS #7 signature
pub fn crt_by_serial(&self, serial: &[u8]) -> Option<X509<'_>>
pub fn crt_by_serial(&self, serial: &[u8]) -> Option<X509<'_>>
Find x509 certificate according to its serial number
pub fn crt_by_subject(&self, subject: &str) -> Option<X509<'_>>
pub fn crt_by_subject(&self, subject: &str) -> Option<X509<'_>>
Find X509
certificate according to its subject
pub fn crt_by_subject_and_serial(
&self,
subject: &str,
serial: &[u8]
) -> Option<X509<'_>>
pub fn crt_by_subject_and_serial( &self, subject: &str, serial: &[u8] ) -> Option<X509<'_>>
Find X509
certificate according to its subject AND serial number
pub fn crt_by_issuer(&self, issuer: &str) -> Option<X509<'_>>
pub fn crt_by_issuer(&self, issuer: &str) -> Option<X509<'_>>
Find X509
certificate according to its issuer
pub fn find_crt_by_issuer_and_serial(
&self,
issuer: &str,
serial: &[u8]
) -> Option<X509<'_>>
pub fn find_crt_by_issuer_and_serial( &self, issuer: &str, serial: &[u8] ) -> Option<X509<'_>>
Find X509
certificate according to its issuer AND serial number
pub fn check(&self, checks: VerificationChecks) -> VerificationFlags
pub fn check(&self, checks: VerificationChecks) -> VerificationFlags
Check if this signature is valid according to the Authenticode/PKCS #7 verification scheme
By default, it performs the following verifications:
- It must contain only one signer info
Signature::digest_algorithm
must match:- The x509 certificate specified by
SignerInfo::serial_number
andSignerInfo::issuer
must exist withinSignature::certificates
- Given the x509 certificate, compare
SignerInfo::encrypted_digest
against either:- hash of authenticated attributes if present
- hash of ContentInfo
- If authenticated attributes are present, check that a
PKCS9_MESSAGE_DIGEST
attribute exists and that its value matches hash of ContentInfo - Check the validity of the PKCS #9 counter signature if present
- If the signature doesn’t embed a signing-time in the counter signature, check the certificate
validity.
(See
VerificationChecks::LIFETIME_SIGNING
andVerificationChecks::SKIP_CERT_TIME
)
See: VerificationChecks
to tweak the behavior