x509_cert/ext/pkix/crl/dp.rs
1//! PKIX distribution point types
2
3use const_oid::{db::rfc5280::ID_PE_SUBJECT_INFO_ACCESS, AssociatedOid, ObjectIdentifier};
4use der::flagset::{flags, FlagSet};
5use der::{Sequence, ValueOrd};
6
7use crate::ext::pkix::name::{DistributionPointName, GeneralNames};
8
9/// IssuingDistributionPoint as defined in [RFC 5280 Section 5.2.5].
10///
11/// ```text
12/// IssuingDistributionPoint ::= SEQUENCE {
13/// distributionPoint [0] DistributionPointName OPTIONAL,
14/// onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
15/// onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
16/// onlySomeReasons [3] ReasonFlags OPTIONAL,
17/// indirectCRL [4] BOOLEAN DEFAULT FALSE,
18/// onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE
19/// -- at most one of onlyContainsUserCerts, onlyContainsCACerts,
20/// -- and onlyContainsAttributeCerts may be set to TRUE.
21/// }
22/// ```
23///
24/// [RFC 5280 Section 5.2.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.2.5
25#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
26#[allow(missing_docs)]
27pub struct IssuingDistributionPoint {
28 #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")]
29 pub distribution_point: Option<DistributionPointName>,
30
31 #[asn1(
32 context_specific = "1",
33 tag_mode = "IMPLICIT",
34 default = "Default::default"
35 )]
36 pub only_contains_user_certs: bool,
37
38 #[asn1(
39 context_specific = "2",
40 tag_mode = "IMPLICIT",
41 default = "Default::default"
42 )]
43 pub only_contains_ca_certs: bool,
44
45 #[asn1(context_specific = "3", tag_mode = "IMPLICIT", optional = "true")]
46 pub only_some_reasons: Option<ReasonFlags>,
47
48 #[asn1(
49 context_specific = "4",
50 tag_mode = "IMPLICIT",
51 default = "Default::default"
52 )]
53 pub indirect_crl: bool,
54
55 #[asn1(
56 context_specific = "5",
57 tag_mode = "IMPLICIT",
58 default = "Default::default"
59 )]
60 pub only_contains_attribute_certs: bool,
61}
62
63impl AssociatedOid for IssuingDistributionPoint {
64 const OID: ObjectIdentifier = ID_PE_SUBJECT_INFO_ACCESS;
65}
66
67impl_extension!(IssuingDistributionPoint, critical = true);
68
69/// DistributionPoint as defined in [RFC 5280 Section 4.2.1.13].
70///
71/// ```text
72/// DistributionPoint ::= SEQUENCE {
73/// distributionPoint [0] DistributionPointName OPTIONAL,
74/// reasons [1] ReasonFlags OPTIONAL,
75/// cRLIssuer [2] GeneralNames OPTIONAL }
76/// ```
77///
78/// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13
79#[derive(Clone, Debug, PartialEq, Eq, Sequence, ValueOrd)]
80#[allow(missing_docs)]
81pub struct DistributionPoint {
82 #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")]
83 pub distribution_point: Option<DistributionPointName>,
84
85 #[asn1(context_specific = "1", tag_mode = "IMPLICIT", optional = "true")]
86 pub reasons: Option<ReasonFlags>,
87
88 #[asn1(context_specific = "2", tag_mode = "IMPLICIT", optional = "true")]
89 pub crl_issuer: Option<GeneralNames>,
90}
91
92/// ReasonFlags as defined in [RFC 5280 Section 4.2.1.13].
93///
94/// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13
95pub type ReasonFlags = FlagSet<Reasons>;
96
97flags! {
98 /// ReasonFlags values as defined in [RFC 5280 Section 4.2.1.13].
99 ///
100 /// ```text
101 /// ReasonFlags ::= BIT STRING {
102 /// unused (0),
103 /// keyCompromise (1),
104 /// cACompromise (2),
105 /// affiliationChanged (3),
106 /// superseded (4),
107 /// cessationOfOperation (5),
108 /// certificateHold (6),
109 /// privilegeWithdrawn (7),
110 /// aACompromise (8)
111 /// }
112 /// ```
113 ///
114 /// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13
115 #[allow(missing_docs)]
116 pub enum Reasons: u16 {
117 Unused = 1 << 0,
118 KeyCompromise = 1 << 1,
119 CaCompromise = 1 << 2,
120 AffiliationChanged = 1 << 3,
121 Superseded = 1 << 4,
122 CessationOfOperation = 1 << 5,
123 CertificateHold = 1 << 6,
124 PrivilegeWithdrawn = 1 << 7,
125 AaCompromise = 1 << 8,
126 }
127}