1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125
//! OCSP Response
use crate::BasicOcspResponse;
use const_oid::db::rfc6960::ID_PKIX_OCSP_BASIC;
use core::option::Option;
use der::{
asn1::{Null, ObjectIdentifier, OctetString},
Encode, Enumerated, Sequence,
};
/// OcspNoCheck as defined in [RFC 6960 Section 4.2.2.2.1].
///
/// This extension is identified by the ID_PKIX_OCSP_NOCHECK OID.
///
/// ```text
/// OcspNoCheck ::= NULL
/// ```
///
/// [RFC 6960 Section 4.2.2.2.1]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2.1
pub type OcspNoCheck = Null;
/// OCSPResponse structure as defined in [RFC 6960 Section 4.2.1].
///
/// ```text
/// OCSPResponse ::= SEQUENCE {
/// responseStatus OCSPResponseStatus,
/// responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
/// ```
///
/// [RFC 6960 Section 4.2.1]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.1
#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
pub struct OcspResponse {
pub response_status: OcspResponseStatus,
#[asn1(context_specific = "0", optional = "true", tag_mode = "EXPLICIT")]
pub response_bytes: Option<ResponseBytes>,
}
impl OcspResponse {
pub fn successful(basic: BasicOcspResponse) -> Result<Self, der::Error> {
Ok(OcspResponse {
response_status: OcspResponseStatus::Successful,
response_bytes: Some(ResponseBytes {
response_type: ID_PKIX_OCSP_BASIC,
response: OctetString::new(basic.to_der()?)?,
}),
})
}
pub fn malformed_request() -> Self {
OcspResponse {
response_status: OcspResponseStatus::MalformedRequest,
response_bytes: None,
}
}
pub fn internal_error() -> Self {
OcspResponse {
response_status: OcspResponseStatus::InternalError,
response_bytes: None,
}
}
pub fn try_later() -> Self {
OcspResponse {
response_status: OcspResponseStatus::TryLater,
response_bytes: None,
}
}
pub fn sig_required() -> Self {
OcspResponse {
response_status: OcspResponseStatus::SigRequired,
response_bytes: None,
}
}
pub fn unauthorized() -> Self {
OcspResponse {
response_status: OcspResponseStatus::Unauthorized,
response_bytes: None,
}
}
}
/// OCSPResponseStatus structure as defined in [RFC 6960 Section 4.2.1].
///
/// ```text
/// OCSPResponseStatus ::= ENUMERATED {
/// successful (0), -- Response has valid confirmations
/// malformedRequest (1), -- Illegal confirmation request
/// internalError (2), -- Internal error in issuer
/// tryLater (3), -- Try again later
/// -- (4) is not used
/// sigRequired (5), -- Must sign the request
/// unauthorized (6) -- Request unauthorized
/// }
/// ```
///
/// [RFC 6960 Section 4.2.1]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.1
#[derive(Enumerated, Copy, Clone, Debug, Eq, PartialEq)]
#[repr(u32)]
pub enum OcspResponseStatus {
Successful = 0,
MalformedRequest = 1,
InternalError = 2,
TryLater = 3,
SigRequired = 5,
Unauthorized = 6,
}
/// ResponseBytes structure as defined in [RFC 6960 Section 4.2.1].
///
/// ```text
/// ResponseBytes ::= SEQUENCE {
/// responseType OBJECT IDENTIFIER,
/// response OCTET STRING }
/// ```
///
/// [RFC 6960 Section 4.2.1]: https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.1
#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
pub struct ResponseBytes {
pub response_type: ObjectIdentifier,
pub response: OctetString,
}