parseCert

Function parameters

Parameters

cb:*Bundle
gpa:Allocator
decoded_start:u32
now_sec:i64

Functions in this namespace

Functions

verify
find: The returned bytes become invalid after calling any of the rescan functions
deinit
rescan: Clears the set of certificates and then scans the host operating system
addCertsFromDirPath
addCertsFromDirPathAbsolute
addCertsFromDir
addCertsFromFilePathAbsolute
addCertsFromFilePath
addCertsFromFile
parseCert

Error sets in this namespace

Error Sets

VerifyError
RescanError
AddCertsFromDirPathError
AddCertsFromDirError
AddCertsFromFilePathError
AddCertsFromFileError
ParseCertError

Source

Implementation

pub fn parseCert(cb: *Bundle, gpa: Allocator, decoded_start: u32, now_sec: i64) ParseCertError!void {
    // Even though we could only partially parse the certificate to find
    // the subject name, we pre-parse all of them to make sure and only
    // include in the bundle ones that we know will parse. This way we can
    // use `catch unreachable` later.
    const parsed_cert = Certificate.parse(.{
        .buffer = cb.bytes.items,
        .index = decoded_start,
    }) catch |err| switch (err) {
        error.CertificateHasUnrecognizedObjectId => {
            cb.bytes.items.len = decoded_start;
            return;
        },
        else => |e| return e,
    };
    if (now_sec > parsed_cert.validity.not_after) {
        // Ignore expired cert.
        cb.bytes.items.len = decoded_start;
        return;
    }
    const gop = try cb.map.getOrPutContext(gpa, parsed_cert.subject_slice, .{ .cb = cb });
    if (gop.found_existing) {
        cb.bytes.items.len = decoded_start;
    } else {
        gop.value_ptr.* = decoded_start;
    }
}