x509_cert/
crl.rs

1//! Certificate Revocation List types
2
3use crate::ext::Extensions;
4use crate::name::Name;
5use crate::serial_number::SerialNumber;
6use crate::time::Time;
7use crate::Version;
8
9use alloc::vec::Vec;
10
11use der::asn1::BitString;
12use der::{Sequence, ValueOrd};
13use spki::AlgorithmIdentifierOwned;
14
15/// `CertificateList` as defined in [RFC 5280 Section 5.1].
16///
17/// ```text
18/// CertificateList  ::=  SEQUENCE  {
19///     tbsCertList          TBSCertList,
20///     signatureAlgorithm   AlgorithmIdentifier,
21///     signatureValue       BIT STRING
22/// }
23/// ```
24///
25/// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
26#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
27#[allow(missing_docs)]
28pub struct CertificateList {
29    pub tbs_cert_list: TbsCertList,
30    pub signature_algorithm: AlgorithmIdentifierOwned,
31    pub signature: BitString,
32}
33
34/// Implicit intermediate structure from the ASN.1 definition of `TBSCertList`.
35///
36/// This type is used for the `revoked_certificates` field of `TbsCertList`.
37/// See [RFC 5280 Section 5.1].
38///
39/// ```text
40/// RevokedCert ::= SEQUENCE {
41///     userCertificate         CertificateSerialNumber,
42///     revocationDate          Time,
43///     crlEntryExtensions      Extensions OPTIONAL
44/// }
45/// ```
46///
47/// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
48#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
49#[allow(missing_docs)]
50pub struct RevokedCert {
51    pub serial_number: SerialNumber,
52    pub revocation_date: Time,
53    pub crl_entry_extensions: Option<Extensions>,
54}
55
56/// `TbsCertList` as defined in [RFC 5280 Section 5.1].
57///
58/// ```text
59/// TBSCertList  ::=  SEQUENCE  {
60///      version                 Version OPTIONAL, -- if present, MUST be v2
61///      signature               AlgorithmIdentifier,
62///      issuer                  Name,
63///      thisUpdate              Time,
64///      nextUpdate              Time OPTIONAL,
65///      revokedCertificates     SEQUENCE OF SEQUENCE  {
66///           userCertificate         CertificateSerialNumber,
67///           revocationDate          Time,
68///           crlEntryExtensions      Extensions OPTIONAL -- if present, version MUST be v2
69///      }  OPTIONAL,
70///      crlExtensions           [0]  EXPLICIT Extensions OPTIONAL -- if present, version MUST be v2
71/// }
72/// ```
73///
74/// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
75#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
76#[allow(missing_docs)]
77pub struct TbsCertList {
78    pub version: Version,
79    pub signature: AlgorithmIdentifierOwned,
80    pub issuer: Name,
81    pub this_update: Time,
82    pub next_update: Option<Time>,
83    pub revoked_certificates: Option<Vec<RevokedCert>>,
84
85    #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")]
86    pub crl_extensions: Option<Extensions>,
87}
x509_cert/crl.rs

x509_cert/
crl.rs
