1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
/* Copyright (c) Fortanix, Inc.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
//! Request-related types
use bit_vec::BitVec;
use num_bigint::{BigInt, BigUint};
use yasna::{ASN1Result, BERDecodable, BERReader, DERWriter, Tag};
use crate::{
types::{Attribute, Extensions, Name, DerAnyOwned, AlgorithmIdentifierOwned},
x509::{SubjectPublicKeyInfo, Version},
DerWrite,
};
use super::{controls::Controls, pop::ProofOfPossession};
derive_sequence_of!{
/// The `CertReqMessages` type is defined in [RFC 4211 Section 3].
///
/// ```text
/// CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
/// ```
///
/// [RFC 4211 Section 3]: https://www.rfc-editor.org/rfc/rfc4211#section-3
CertReqMsg => CertReqMessages
}
derive_sequence! {
/// X.501 `AttributeTypeAndValue` as defined in [RFC 5280 Appendix A.1].
///
/// ```text
/// AttributeTypeAndValue ::= SEQUENCE {
/// type AttributeType,
/// value AttributeValue
/// }
/// ```
///
/// [RFC 5280 Appendix A.1]: https://datatracker.ietf.org/doc/html/rfc5280#appendix-A.1
CertReqMsg {
cert_req: [_] UNTAGGED REQUIRED: CertRequest,
popo: [_] UNTAGGED OPTIONAL: Option<ProofOfPossession>,
reg_info: [_] UNTAGGED OPTIONAL: Option<AttributeSeq>,
}
}
derive_sequence! {
/// The `CertRequest` type is defined in [RFC 4211 Section 5].
///
/// ```text
/// CertRequest ::= SEQUENCE {
/// certReqId INTEGER,
/// -- ID for matching request and reply
/// certTemplate CertTemplate,
/// -- Selected fields of cert to be issued
/// controls Controls OPTIONAL }
/// -- Attributes affecting issuance
/// ```
///
/// [RFC 4211 Section 5]: https://www.rfc-editor.org/rfc/rfc4211#section-5
CertRequest {
cert_req_id: [_] UNTAGGED REQUIRED: BigInt,
cert_template: [_] UNTAGGED REQUIRED: CertTemplate,
controls: [_] UNTAGGED OPTIONAL: Option<Controls>,
}
}
derive_sequence_of!{
/// AttributeSeq corresponds to the type that is inlined in the CertReqMsg
/// definition for the regInfo field, as shown below:
/// ```text
/// regInfo SEQUENCE SIZE(1..MAX) OF
/// SingleAttribute{{RegInfoSet}} OPTIONAL }
/// ```
Attribute<'static> => AttributeSeq
}
derive_sequence! {
/// The `CertTemplate` type is defined in [RFC 4211 Section 5].
///
/// ```text
/// CertTemplate ::= SEQUENCE {
/// version [0] Version OPTIONAL,
/// serialNumber [1] INTEGER OPTIONAL,
/// signingAlg [2] AlgorithmIdentifier{SIGNATURE-ALGORITHM,
/// {SignatureAlgorithms}} OPTIONAL,
/// issuer [3] Name OPTIONAL,
/// validity [4] OptionalValidity OPTIONAL,
/// subject [5] Name OPTIONAL,
/// publicKey [6] SubjectPublicKeyInfo OPTIONAL,
/// issuerUID [7] UniqueIdentifier OPTIONAL,
/// subjectUID [8] UniqueIdentifier OPTIONAL,
/// extensions [9] Extensions{{CertExtensions}} OPTIONAL }
/// ```
///
/// [RFC 4211 Section 5]: https://www.rfc-editor.org/rfc/rfc4211#section-5
///
/// Tags are IMPLICIT TAG according to [RFC4211#appendix-B](https://datatracker.ietf.org/doc/html/rfc4211#appendix-B),
/// but `issuer` and `subject` are EXPLICIT tagged because they are ASN.1 type of `CHOICE`.
CertTemplate {
version: [0] IMPLICIT OPTIONAL: Option<Version>,
serial_number: [1] IMPLICIT OPTIONAL: Option<SerialNumber>,
signing_alg: [2] IMPLICIT OPTIONAL: Option<AlgorithmIdentifierOwned>,
issuer: [3] EXPLICIT OPTIONAL: Option<Name>,
validity: [4] IMPLICIT OPTIONAL: Option<Validity>,
subject: [5] EXPLICIT OPTIONAL: Option<Name>,
subject_public_key_info: [6] IMPLICIT OPTIONAL: Option<SubjectPublicKeyInfo>,
issuer_unique_id: [7] IMPLICIT OPTIONAL: Option<BitVec>,
subject_unique_id: [8] IMPLICIT OPTIONAL: Option<BitVec>,
extensions: [9] IMPLICIT OPTIONAL: Option<Extensions>,
}
}
/// TODO: fields not needed now are not fully implemented
pub type SerialNumber = BigUint;
/// TODO: fields not needed now are not fully implemented
pub type Validity = DerAnyOwned;