cryptographic_message_syntax/asn1/rfc3281.rs
1// This Source Code Form is subject to the terms of the Mozilla Public
2// License, v. 2.0. If a copy of the MPL was not distributed with this
3// file, You can obtain one at https://mozilla.org/MPL/2.0/.
4
5use {
6 bcder::{
7 decode::{Constructed, DecodeError, Source},
8 BitString, Oid,
9 },
10 x509_certificate::{asn1time::*, rfc3280::*, rfc5280::*},
11};
12
13/// Attribute certificate.
14///
15/// ```ASN.1
16/// AttributeCertificate ::= SEQUENCE {
17/// acinfo AttributeCertificateInfo,
18/// signatureAlgorithm AlgorithmIdentifier,
19/// signatureValue BIT STRING
20/// }
21/// ```
22#[derive(Clone, Debug, Eq, PartialEq)]
23pub struct AttributeCertificate {
24 pub ac_info: AttributeCertificateInfo,
25 pub signature_algorithm: AlgorithmIdentifier,
26 pub signature_value: BitString,
27}
28
29impl AttributeCertificate {
30 pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, DecodeError<S::Error>> {
31 cons.take_sequence(|cons| {
32 let ac_info = AttributeCertificateInfo::take_from(cons)?;
33 let signature_algorithm = AlgorithmIdentifier::take_from(cons)?;
34 let signature_value = BitString::take_from(cons)?;
35
36 Ok(Self {
37 ac_info,
38 signature_algorithm,
39 signature_value,
40 })
41 })
42 }
43}
44
45/// Attribute certificate info.
46///
47/// ```ASN.1
48/// AttributeCertificateInfo ::= SEQUENCE {
49/// version AttCertVersion -- version is v2,
50/// holder Holder,
51/// issuer AttCertIssuer,
52/// signature AlgorithmIdentifier,
53/// serialNumber CertificateSerialNumber,
54/// attrCertValidityPeriod AttCertValidityPeriod,
55/// attributes SEQUENCE OF Attribute,
56/// issuerUniqueID UniqueIdentifier OPTIONAL,
57/// extensions Extensions OPTIONAL
58/// }
59/// ```
60#[derive(Clone, Debug, Eq, PartialEq)]
61pub struct AttributeCertificateInfo {
62 pub version: AttCertVersion,
63 pub holder: Holder,
64 pub issuer: AttCertIssuer,
65 pub signature: AlgorithmIdentifier,
66 pub serial_number: CertificateSerialNumber,
67 pub attr_cert_validity_period: AttCertValidityPeriod,
68 pub attributes: Vec<Attribute>,
69 pub issuer_unique_ud: Option<UniqueIdentifier>,
70 pub extensions: Option<Extensions>,
71}
72
73impl AttributeCertificateInfo {
74 pub fn take_from<S: Source>(cons: &mut Constructed<S>) -> Result<Self, DecodeError<S::Error>> {
75 Err(cons.content_err("AttributeCertificateInfo parsing not implemented"))
76 }
77}
78
79#[derive(Clone, Copy, Debug, Eq, PartialEq)]
80pub enum AttCertVersion {
81 V2 = 1,
82}
83
84/// Holder
85///
86/// ```ASN.1
87/// Holder ::= SEQUENCE {
88/// baseCertificateID [0] IssuerSerial OPTIONAL,
89/// -- the issuer and serial number of
90/// -- the holder's Public Key Certificate
91/// entityName [1] GeneralNames OPTIONAL,
92/// -- the name of the claimant or role
93/// objectDigestInfo [2] ObjectDigestInfo OPTIONAL
94/// -- used to directly authenticate the holder,
95/// -- for example, an executable
96/// ```
97#[derive(Clone, Debug, Eq, PartialEq)]
98pub struct Holder {
99 pub base_certificate_id: Option<IssuerSerial>,
100 pub entity_name: Option<GeneralNames>,
101 pub object_digest_info: Option<ObjectDigestInfo>,
102}
103
104#[derive(Clone, Debug, Eq, PartialEq)]
105pub enum DigestedObjectType {
106 PublicKey = 0,
107 PublicKeyCert = 1,
108 OtherObjectTypes = 2,
109}
110
111/// Object digest info.
112///
113/// ```ASN.1
114/// ObjectDigestInfo ::= SEQUENCE {
115/// digestedObjectType ENUMERATED {
116/// publicKey (0),
117/// publicKeyCert (1),
118/// otherObjectTypes (2) },
119/// -- otherObjectTypes MUST NOT
120/// -- be used in this profile
121/// otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
122/// digestAlgorithm AlgorithmIdentifier,
123/// objectDigest BIT STRING
124/// ```
125#[derive(Clone, Debug, Eq, PartialEq)]
126pub struct ObjectDigestInfo {
127 pub digested_object_type: DigestedObjectType,
128 pub other_object_type_id: Oid,
129 pub digest_algorithm: AlgorithmIdentifier,
130 pub object_digest: BitString,
131}
132
133/// Att cert issuer
134///
135/// ```ASN.1
136/// AttCertIssuer ::= CHOICE {
137/// v1Form GeneralNames, -- MUST NOT be used in this
138/// -- profile
139/// v2Form [0] V2Form -- v2 only
140/// }
141/// ```
142#[derive(Clone, Debug, Eq, PartialEq)]
143pub enum AttCertIssuer {
144 V1Form(GeneralNames),
145 V2Form(Box<V2Form>),
146}
147
148/// V2 Form
149///
150/// ```ASN.1
151/// V2Form ::= SEQUENCE {
152/// issuerName GeneralNames OPTIONAL,
153/// baseCertificateID [0] IssuerSerial OPTIONAL,
154/// objectDigestInfo [1] ObjectDigestInfo OPTIONAL
155/// -- issuerName MUST be present in this profile
156/// -- baseCertificateID and objectDigestInfo MUST NOT
157/// -- be present in this profile
158/// }
159/// ```
160#[derive(Clone, Debug, Eq, PartialEq)]
161pub struct V2Form {
162 pub issuer_name: Option<GeneralNames>,
163 pub base_certificate_id: Option<IssuerSerial>,
164 pub object_digest_info: Option<ObjectDigestInfo>,
165}
166
167/// Issuer serial.
168///
169/// IssuerSerial ::= SEQUENCE {
170/// issuer GeneralNames,
171/// serial CertificateSerialNumber,
172/// issuerUID UniqueIdentifier OPTIONAL
173/// }
174#[derive(Clone, Debug, Eq, PartialEq)]
175pub struct IssuerSerial {
176 pub issuer: GeneralNames,
177 pub serial: CertificateSerialNumber,
178 pub issuer_uid: Option<UniqueIdentifier>,
179}
180
181/// Att cert validity period
182///
183/// ```ASN.1
184/// AttCertValidityPeriod ::= SEQUENCE {
185/// notBeforeTime GeneralizedTime,
186/// notAfterTime GeneralizedTime
187/// }
188#[derive(Clone, Debug, Eq, PartialEq)]
189pub struct AttCertValidityPeriod {
190 pub not_before_time: GeneralizedTime,
191 pub not_after_time: GeneralizedTime,
192}
193
194/// Attribute
195///
196/// ```ASN.1
197/// Attribute ::= SEQUENCE {
198/// type AttributeType,
199/// values SET OF AttributeValue
200/// -- at least one value is required
201/// }
202/// ```
203#[derive(Clone, Debug, Eq, PartialEq)]
204pub struct Attribute {
205 pub typ: AttributeType,
206 pub values: Vec<AttributeValue>,
207}
208
209pub type AttributeType = Oid;
210
211// TODO Any.
212pub type AttributeValue = Option<()>;