Project Structure
synta-python/ # Python extension crate (cdylib → _synta)
├── Cargo.toml # Declares crate-type = ["cdylib"]
└── src/
├── lib.rs # #[pymodule] entry point, Encoding enum, pem_to_der/der_to_pem
├── types.rs # ASN.1 primitive type wrappers (Integer, OID, BitString, …)
├── decoder.rs # PyDecoder wrapper
├── encoder.rs # PyEncoder wrapper
├── error.rs # SyntaErr newtype + exception mapping
├── certificate/
│ ├── mod.rs # re-exports; PKI types live in synta-certificate
│ ├── cert.rs # PyCertificate
│ ├── cert_builder.rs # CertificateBuilder
│ ├── csr_builder.rs # CsrBuilder
│ ├── name_builder.rs # NameBuilder
│ ├── pkix.rs # CertificateList, OCSPResponse
│ └── cms/ # synta.cms submodule (RFC 5652 / RFC 9629)
│ ├── mod.rs # register_cms_submodule, encode_element_opt helper
│ ├── container.rs # ContentInfo, IssuerAndSerialNumber
│ ├── signed.rs # SignedData, SignerInfo
│ ├── enveloped.rs # EnvelopedData, EncryptedData
│ ├── digest.rs # DigestedData, AuthenticatedData
│ ├── kem.rs # KEMRecipientInfo, CMSORIforKEMOtherInfo
│ └── builder.rs # EnvelopedDataBuilder
├── ext_builders.rs # synta.ext submodule: basic_constraints, key_usage, SKI/AKI, SAN/AIA/EKU builders
├── crypto.rs # synta symmetric-crypto primitives (HMAC, PBKDF2, AES, Fernet, OTP)
├── crypto_keys.rs # PublicKey, PrivateKey (RSA, EC, EdDSA)
└── krb5.rs # synta.krb5 submodule: Krb5PrincipalName, PKINIT classes
synta-certificate/src/python.rs # ObjectIdentifier, Certificate, CertificationRequest,
# CertificateList, OCSPResponse, PKCS loaders,
# synta.oids / synta.oids.attr submodules
synta-krb5/src/python.rs # EncryptionKey, Checksum, KDFAlgorithmId,
# IssuerAndSerialNumber, ExternalPrincipalIdentifier,
# PKAuthenticator, AuthPack, PaPkAsReq,
# DHRepInfo, KDCDHKeyInfo, ReplyKeyPack, PaPkAsRep
python/ # Python package source (installed by maturin)
├── bench_certificate.py # Certificate parsing benchmark (synta vs cryptography)
├── bench_x509.py # Port of cryptography's test_x509.py benchmarks
├── bench_pkcs.py # PKCS#7 / PKCS#12 extraction benchmark (synta vs cryptography)
├── criterion_compat.py # Criterion-compatible sampling + JSON output (importable)
└── synta/
├── __init__.py # Package exports (Certificate, PKCS loaders, pem_to_der, …)
└── py.typed # PEP 561 marker
pyproject.toml # Maturin configuration (manifest-path → synta-python)
Key source file roles
| Source file | Contents |
|---|---|
src/lib.rs | Module registration, Encoding enum, pem_to_der, der_to_pem, top-level exports |
src/decoder.rs | Decoder class wrapping synta::Decoder; includes decode_any_str() |
src/encoder.rs | Encoder class wrapping synta::Encoder |
src/types.rs | Python wrappers for all ASN.1 primitive types |
src/error.rs | SyntaError Python exception |
src/certificate.rs | PKI types: ObjectIdentifier, Certificate, CertificationRequest, CertificateList, OCSPResponse, PKCS loaders, synta.oids / synta.oids.attr submodules |
src/pkinit.rs | PKINIT classes: EncryptionKey, Checksum, KDFAlgorithmId, PKAuthenticator, AuthPack, PaPkAsReq/Rep, etc. |
src/krb5.rs | synta.krb5 submodule registration: Krb5PrincipalName, PKINIT classes, NT_* constants |
src/x509_verification.rs | synta.x509 submodule: TrustStore, VerificationPolicy, X509VerificationError, verify functions |
src/certificate/pkixalgs.rs | synta.pkixalgs submodule: DssParms, DssSigValue, EcdsaSigValue, ECParameters, OID constants |
src/certificate/ac.rs | synta.ac submodule: AttributeCertificate, RFC 5755 OID constants |
src/certificate/crmf.rs | synta.crmf submodule: CertReqMessages, CertReqMsg, registration-control OID constants |
src/certificate/cmp.rs | synta.cmp submodule: CMPMessage, MAC algorithm and key-purpose OID constants |
All PyO3 bindings live directly in synta-python. The synta-certificate and synta-krb5
library crates have no PyO3 dependency; their types are wrapped in src/certificate.rs
and src/pkinit.rs respectively.
See also Cargo Features and Development.