RustCrypto · tarcieri · Feb 2, 2022 · Jan 27, 2022 · Feb 1, 2022 · Feb 1, 2022
diff --git a/x509/src/certificate.rs b/x509/src/certificate.rs
@@ -2,7 +2,7 @@
 
 use crate::{Name, Validity};
 use der::asn1::{BitString, ContextSpecific, ObjectIdentifier, UIntBytes};
-use der::{Sequence, TagMode, TagNumber};
+use der::{DecodeValue, Decoder, Length, Sequence, TagMode, TagNumber};
 use spki::{AlgorithmIdentifier, SubjectPublicKeyInfo};
 
 /// returns false in support of integer DEFAULT fields set to 0
@@ -192,7 +192,7 @@ impl<'a> ::core::fmt::Debug for TBSCertificate<'a> {
 /// ```
 ///
 /// [RFC 5280 Section 4.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct Certificate<'a> {
     /// tbsCertificate       TBSCertificate,
     pub tbs_certificate: TBSCertificate<'a>,
@@ -202,6 +202,33 @@ pub struct Certificate<'a> {
     pub signature: BitString<'a>,
 }
 
+impl<'a> DecodeValue<'a> for Certificate<'a> {
+    fn decode_value(decoder: &mut Decoder<'a>, _length: Length) -> der::Result<Self> {
+        let tbs_certificate = decoder.decode()?;
+        let signature_algorithm = decoder.decode()?;
+        let signature = decoder.decode()?;
+        Ok(Self {
+            tbs_certificate,
+            signature_algorithm,
+            signature,
+        })
+        // })
+    }
+}
+
+impl<'a> ::der::Sequence<'a> for Certificate<'a> {
+    fn fields<F, T>(&self, f: F) -> ::der::Result<T>
+    where
+        F: FnOnce(&[&dyn der::Encodable]) -> ::der::Result<T>,
+    {
+        f(&[
+            &self.tbs_certificate,
+            &self.signature_algorithm,
+            &self.signature,
+        ])
+    }
+}
+
 /// Extension as defined in [RFC 5280 Section 4.1.2.9].
 ///
 /// The ASN.1 definition for Extension objects is below. The extnValue type may be further parsed using a decoder corresponding to the extnID value.

diff --git a/x509/src/lib.rs b/x509/src/lib.rs
@@ -22,6 +22,7 @@ pub mod pkix_extensions;
 pub mod pkix_oids;
 mod rdn;
 mod time;
+pub mod trust_anchor_format;
 mod validity;
 
 pub use crate::{

diff --git a/x509/src/pkix_extensions.rs b/x509/src/pkix_extensions.rs
@@ -338,20 +338,19 @@ pub struct NameConstraints<'a> {
 const PERMITTED_SUBTREES_TAG: TagNumber = TagNumber::new(0);
 const EXCLUDED_SUBTREES_TAG: TagNumber = TagNumber::new(1);
 
-impl<'a> ::der::Decodable<'a> for NameConstraints<'a> {
-    fn decode(decoder: &mut ::der::Decoder<'a>) -> ::der::Result<Self> {
-        decoder.sequence(|decoder| {
-            let permitted_subtrees =
-                ::der::asn1::ContextSpecific::decode_implicit(decoder, ::der::TagNumber::N0)?
-                    .map(|cs| cs.value);
-            let excluded_subtrees =
-                ::der::asn1::ContextSpecific::decode_implicit(decoder, ::der::TagNumber::N1)?
-                    .map(|cs| cs.value);
-            Ok(Self {
-                permitted_subtrees,
-                excluded_subtrees,
-            })
+impl<'a> DecodeValue<'a> for NameConstraints<'a> {
+    fn decode_value(decoder: &mut Decoder<'a>, _length: Length) -> der::Result<Self> {
+        let permitted_subtrees =
+            ::der::asn1::ContextSpecific::decode_implicit(decoder, ::der::TagNumber::N0)?
+                .map(|cs| cs.value);
+        let excluded_subtrees =
+            ::der::asn1::ContextSpecific::decode_implicit(decoder, ::der::TagNumber::N1)?
+                .map(|cs| cs.value);
+        Ok(Self {
+            permitted_subtrees,
+            excluded_subtrees,
         })
+        // })
     }
 }