From 2ebf3532263fef3027cc0d343e43447f8303790c Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <nathaniel@profian.com>
Date: Sat, 5 Mar 2022 15:01:55 -0500
Subject: [PATCH] feat(x509): add PkiPath type

Signed-off-by: Nathaniel McCallum <nathaniel@profian.com>
---
 x509/src/certificate.rs | 18 +++++++++++++++++-
 x509/src/lib.rs         |  2 +-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/x509/src/certificate.rs b/x509/src/certificate.rs
index 791dc38fd..5250901a9 100644
--- a/x509/src/certificate.rs
+++ b/x509/src/certificate.rs
@@ -1,7 +1,9 @@
 use crate::{name::Name, time::Validity};
 
+use alloc::vec::Vec;
+
 use der::asn1::{BitString, UIntBytes};
-use der::{Enumerated, Sequence};
+use der::{Enumerated, Newtype, Sequence};
 use spki::{AlgorithmIdentifier, SubjectPublicKeyInfo};
 
 /// Certificate `Version` as defined in [RFC 5280 Section 4.1].
@@ -103,3 +105,17 @@ pub struct Certificate<'a> {
     pub signature_algorithm: AlgorithmIdentifier<'a>,
     pub signature: BitString<'a>,
 }
+
+/// `PkiPath` as defined by X.509 and referenced by [RFC 6066].
+///
+/// This contains a series of certificates in validation order from the
+/// top-most certificate to the bottom-most certificate. This means that
+/// the first certificate signs the second certificate and so on.
+///
+/// ```text
+/// PkiPath ::= SEQUENCE OF Certificate
+/// ```
+///
+/// [RFC 6066]: https://datatracker.ietf.org/doc/html/rfc6066#section-10.1
+#[derive(Clone, Debug, PartialEq, Eq, Default, Newtype)]
+pub struct PkiPath<'a>(Vec<Certificate<'a>>);
diff --git a/x509/src/lib.rs b/x509/src/lib.rs
index cf02acca0..6bad29871 100644
--- a/x509/src/lib.rs
+++ b/x509/src/lib.rs
@@ -23,4 +23,4 @@ pub mod time;
 
 mod certificate;
 
-pub use certificate::{Certificate, TbsCertificate, Version};
+pub use certificate::{Certificate, PkiPath, TbsCertificate, Version};