src/ext/pkix/certpolicy.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

//! PKIX Certificate Policies extension

use alloc::{string::String, vec::Vec};

use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES;
use const_oid::AssociatedOid;
use der::asn1::{GeneralizedTime, Ia5String, ObjectIdentifier, Uint};
use der::{Any, Choice, Sequence, ValueOrd};

/// CertificatePolicies as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
/// ```
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
//  If this extension is
//  critical, the path validation software MUST be able to interpret this
//  extension (including the optional qualifier), or MUST reject the
//  certificate.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct CertificatePolicies(pub Vec<PolicyInformation>);

impl AssociatedOid for CertificatePolicies {
    const OID: ObjectIdentifier = ID_CE_CERTIFICATE_POLICIES;
}

impl_newtype!(CertificatePolicies, Vec<PolicyInformation>);
impl_extension!(CertificatePolicies);

/// PolicyInformation as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// PolicyInformation ::= SEQUENCE {
///     policyIdentifier   CertPolicyId,
///     policyQualifiers   SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
/// }
///
/// CertPolicyId ::= OBJECT IDENTIFIER
/// ```
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
#[allow(missing_docs)]
pub struct PolicyInformation {
    pub policy_identifier: ObjectIdentifier,
    pub policy_qualifiers: Option<Vec<PolicyQualifierInfo>>,
}

/// PolicyQualifierInfo as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// PolicyQualifierInfo ::= SEQUENCE {
///     policyQualifierId  PolicyQualifierId,
///     qualifier          ANY DEFINED BY policyQualifierId
/// }
/// ```
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
#[allow(missing_docs)]
pub struct PolicyQualifierInfo {
    pub policy_qualifier_id: ObjectIdentifier,
    pub qualifier: Option<Any>,
}

/// CpsUri as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// CPSuri ::= IA5String
/// ```
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
pub type CpsUri = Ia5String;

/// UserNotice as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// UserNotice ::= SEQUENCE {
///     noticeRef        NoticeReference OPTIONAL,
///     explicitText     DisplayText OPTIONAL
/// }
/// ```
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
#[allow(missing_docs)]
pub struct UserNotice {
    pub notice_ref: Option<GeneralizedTime>,
    pub explicit_text: Option<DisplayText>,
}

/// NoticeReference as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// NoticeReference ::= SEQUENCE {
///      organization     DisplayText,
///      noticeNumbers    SEQUENCE OF INTEGER }
/// ```
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
#[allow(missing_docs)]
pub struct NoticeReference {
    pub organization: DisplayText,
    pub notice_numbers: Option<Vec<Uint>>,
}

/// DisplayText as defined in [RFC 5280 Section 4.2.1.4].
///
/// ```text
/// DisplayText ::= CHOICE {
///     ia5String        IA5String      (SIZE (1..200)),
///     visibleString    VisibleString  (SIZE (1..200)),
///     bmpString        BMPString      (SIZE (1..200)),
///     utf8String       UTF8String     (SIZE (1..200))
/// }
/// ```
///
/// Only the ia5String and utf8String options are currently supported.
///
/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
#[derive(Choice, Clone, Debug, Eq, PartialEq)]
#[allow(missing_docs)]
pub enum DisplayText {
    #[asn1(type = "IA5String")]
    Ia5String(Ia5String),

    #[asn1(type = "UTF8String")]
    Utf8String(String),
}