1 //! PKIX Certificate Policies extension 2 3 use alloc::{string::String, vec::Vec}; 4 5 use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES; 6 use const_oid::AssociatedOid; 7 use der::asn1::{GeneralizedTime, Ia5String, ObjectIdentifier, Uint}; 8 use der::{Any, Choice, Sequence, ValueOrd}; 9 10 /// CertificatePolicies as defined in [RFC 5280 Section 4.2.1.4]. 11 /// 12 /// ```text 13 /// CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation 14 /// ``` 15 /// 16 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 17 // If this extension is 18 // critical, the path validation software MUST be able to interpret this 19 // extension (including the optional qualifier), or MUST reject the 20 // certificate. 21 #[derive(Clone, Debug, PartialEq, Eq)] 22 pub struct CertificatePolicies(pub Vec<PolicyInformation>); 23 24 impl AssociatedOid for CertificatePolicies { 25 const OID: ObjectIdentifier = ID_CE_CERTIFICATE_POLICIES; 26 } 27 28 impl_newtype!(CertificatePolicies, Vec<PolicyInformation>); 29 impl_extension!(CertificatePolicies); 30 31 /// PolicyInformation as defined in [RFC 5280 Section 4.2.1.4]. 32 /// 33 /// ```text 34 /// PolicyInformation ::= SEQUENCE { 35 /// policyIdentifier CertPolicyId, 36 /// policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL 37 /// } 38 /// 39 /// CertPolicyId ::= OBJECT IDENTIFIER 40 /// ``` 41 /// 42 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 43 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] 44 #[allow(missing_docs)] 45 pub struct PolicyInformation { 46 pub policy_identifier: ObjectIdentifier, 47 pub policy_qualifiers: Option<Vec<PolicyQualifierInfo>>, 48 } 49 50 /// PolicyQualifierInfo as defined in [RFC 5280 Section 4.2.1.4]. 51 /// 52 /// ```text 53 /// PolicyQualifierInfo ::= SEQUENCE { 54 /// policyQualifierId PolicyQualifierId, 55 /// qualifier ANY DEFINED BY policyQualifierId 56 /// } 57 /// ``` 58 /// 59 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 60 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] 61 #[allow(missing_docs)] 62 pub struct PolicyQualifierInfo { 63 pub policy_qualifier_id: ObjectIdentifier, 64 pub qualifier: Option<Any>, 65 } 66 67 /// CpsUri as defined in [RFC 5280 Section 4.2.1.4]. 68 /// 69 /// ```text 70 /// CPSuri ::= IA5String 71 /// ``` 72 /// 73 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 74 pub type CpsUri = Ia5String; 75 76 /// UserNotice as defined in [RFC 5280 Section 4.2.1.4]. 77 /// 78 /// ```text 79 /// UserNotice ::= SEQUENCE { 80 /// noticeRef NoticeReference OPTIONAL, 81 /// explicitText DisplayText OPTIONAL 82 /// } 83 /// ``` 84 /// 85 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 86 #[derive(Clone, Debug, Eq, PartialEq, Sequence)] 87 #[allow(missing_docs)] 88 pub struct UserNotice { 89 pub notice_ref: Option<GeneralizedTime>, 90 pub explicit_text: Option<DisplayText>, 91 } 92 93 /// NoticeReference as defined in [RFC 5280 Section 4.2.1.4]. 94 /// 95 /// ```text 96 /// NoticeReference ::= SEQUENCE { 97 /// organization DisplayText, 98 /// noticeNumbers SEQUENCE OF INTEGER } 99 /// ``` 100 /// 101 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 102 #[derive(Clone, Debug, Eq, PartialEq, Sequence)] 103 #[allow(missing_docs)] 104 pub struct NoticeReference { 105 pub organization: DisplayText, 106 pub notice_numbers: Option<Vec<Uint>>, 107 } 108 109 /// DisplayText as defined in [RFC 5280 Section 4.2.1.4]. 110 /// 111 /// ```text 112 /// DisplayText ::= CHOICE { 113 /// ia5String IA5String (SIZE (1..200)), 114 /// visibleString VisibleString (SIZE (1..200)), 115 /// bmpString BMPString (SIZE (1..200)), 116 /// utf8String UTF8String (SIZE (1..200)) 117 /// } 118 /// ``` 119 /// 120 /// Only the ia5String and utf8String options are currently supported. 121 /// 122 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 123 #[derive(Choice, Clone, Debug, Eq, PartialEq)] 124 #[allow(missing_docs)] 125 pub enum DisplayText { 126 #[asn1(type = "IA5String")] 127 Ia5String(Ia5String), 128 129 #[asn1(type = "UTF8String")] 130 Utf8String(String), 131 } 132