1/* 2 * Copyright (c) 2005-2009,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25/* 26 * DER_CertCrl.h - support for decoding X509 certificates and CRLs 27 * 28 */ 29 30#ifndef _DER_CERT_CRL_H_ 31#define _DER_CERT_CRL_H_ 32 33#ifdef __cplusplus 34extern "C" { 35#endif 36 37#include <libDER/libDER.h> 38#include <libDER/DER_Decode.h> 39 40/* 41 * Top level cert or CRL - the two are identical at this level - three 42 * components. The tbs field is saved in full DER form for sig verify. 43 */ 44typedef struct { 45 DERItem tbs; /* sequence, DERTBSCert, DER_DEC_SAVE_DER */ 46 DERItem sigAlg; /* sequence, DERAlgorithmId */ 47 DERItem sig; /* bit string */ 48} DERSignedCertCrl; 49 50/* DERItemSpecs to decode into a DERSignedCertCrl */ 51extern const DERItemSpec DERSignedCertCrlItemSpecs[]; 52extern const DERSize DERNumSignedCertCrlItemSpecs; 53 54/* TBS cert components */ 55typedef struct { 56 DERItem version; /* integer, optional, EXPLICIT */ 57 DERItem serialNum; /* integer */ 58 DERItem tbsSigAlg; /* sequence, DERAlgorithmId */ 59 DERItem issuer; /* sequence, TBD */ 60 DERItem validity; /* sequence, DERValidity */ 61 DERItem subject; /* sequence, TBD */ 62 DERItem subjectPubKey; /* sequence, DERSubjPubKeyInfo */ 63 DERItem issuerID; /* bit string, optional */ 64 DERItem subjectID; /* bit string, optional */ 65 DERItem extensions; /* sequence, optional, EXPLICIT */ 66} DERTBSCert; 67 68/* DERItemSpecs to decode into a DERTBSCert */ 69extern const DERItemSpec DERTBSCertItemSpecs[]; 70extern const DERSize DERNumTBSCertItemSpecs; 71 72/* 73 * validity - components can be either UTC or generalized time. 74 * Both are ASN_ANY with DER_DEC_SAVE_DER. 75 */ 76typedef struct { 77 DERItem notBefore; 78 DERItem notAfter; 79} DERValidity; 80 81/* DERItemSpecs to decode into a DERValidity */ 82extern const DERItemSpec DERValidityItemSpecs[]; 83extern const DERSize DERNumValidityItemSpecs; 84 85/* AttributeTypeAndValue components. */ 86typedef struct { 87 DERItem type; 88 DERItem value; 89} DERAttributeTypeAndValue; 90 91/* DERItemSpecs to decode into DERAttributeTypeAndValue */ 92extern const DERItemSpec DERAttributeTypeAndValueItemSpecs[]; 93extern const DERSize DERNumAttributeTypeAndValueItemSpecs; 94 95/* Extension components */ 96typedef struct { 97 DERItem extnID; 98 DERItem critical; 99 DERItem extnValue; 100} DERExtension; 101 102/* DERItemSpecs to decode into DERExtension */ 103extern const DERItemSpec DERExtensionItemSpecs[]; 104extern const DERSize DERNumExtensionItemSpecs; 105 106/* BasicConstraints components. */ 107typedef struct { 108 DERItem cA; 109 DERItem pathLenConstraint; 110} DERBasicConstraints; 111 112/* DERItemSpecs to decode into DERBasicConstraints */ 113extern const DERItemSpec DERBasicConstraintsItemSpecs[]; 114extern const DERSize DERNumBasicConstraintsItemSpecs; 115 116/* PrivateKeyUsagePeriod components. */ 117typedef struct { 118 DERItem notBefore; 119 DERItem notAfter; 120} DERPrivateKeyUsagePeriod; 121 122/* DERItemSpecs to decode into a DERPrivateKeyUsagePeriod */ 123extern const DERItemSpec DERPrivateKeyUsagePeriodItemSpecs[]; 124extern const DERSize DERNumPrivateKeyUsagePeriodItemSpecs; 125 126/* DistributionPoint components. */ 127typedef struct { 128 DERItem distributionPoint; 129 DERItem reasons; 130 DERItem cRLIssuer; 131} DERDistributionPoint; 132 133/* DERItemSpecs to decode into a DERDistributionPoint */ 134extern const DERItemSpec DERDistributionPointItemSpecs[]; 135extern const DERSize DERNumDistributionPointItemSpecs; 136 137/* PolicyInformation components. */ 138typedef struct { 139 DERItem policyIdentifier; 140 DERItem policyQualifiers; 141} DERPolicyInformation; 142 143/* DERItemSpecs to decode into a DERPolicyInformation */ 144extern const DERItemSpec DERPolicyInformationItemSpecs[]; 145extern const DERSize DERNumPolicyInformationItemSpecs; 146 147/* PolicyQualifierInfo components. */ 148typedef struct { 149 DERItem policyQualifierID; 150 DERItem qualifier; 151} DERPolicyQualifierInfo; 152 153/* DERItemSpecs to decode into a DERPolicyQualifierInfo */ 154extern const DERItemSpec DERPolicyQualifierInfoItemSpecs[]; 155extern const DERSize DERNumPolicyQualifierInfoItemSpecs; 156 157/* UserNotice components. */ 158typedef struct { 159 DERItem noticeRef; 160 DERItem explicitText; 161} DERUserNotice; 162 163/* DERItemSpecs to decode into a DERUserNotice */ 164extern const DERItemSpec DERUserNoticeItemSpecs[]; 165extern const DERSize DERNumUserNoticeItemSpecs; 166 167/* NoticeReference components. */ 168typedef struct { 169 DERItem organization; 170 DERItem noticeNumbers; 171} DERNoticeReference; 172 173/* DERItemSpecs to decode into a DERNoticeReference */ 174extern const DERItemSpec DERNoticeReferenceItemSpecs[]; 175extern const DERSize DERNumNoticeReferenceItemSpecs; 176 177/* PolicyMapping components. */ 178typedef struct { 179 DERItem issuerDomainPolicy; 180 DERItem subjectDomainPolicy; 181} DERPolicyMapping; 182 183/* DERItemSpecs to decode into a DERPolicyMapping */ 184extern const DERItemSpec DERPolicyMappingItemSpecs[]; 185extern const DERSize DERNumPolicyMappingItemSpecs; 186 187/* AccessDescription components. */ 188typedef struct { 189 DERItem accessMethod; 190 DERItem accessLocation; 191} DERAccessDescription; 192 193/* DERItemSpecs to decode into a DERAccessDescription */ 194extern const DERItemSpec DERAccessDescriptionItemSpecs[]; 195extern const DERSize DERNumAccessDescriptionItemSpecs; 196 197/* AuthorityKeyIdentifier components. */ 198typedef struct { 199 DERItem keyIdentifier; 200 DERItem authorityCertIssuer; 201 DERItem authorityCertSerialNumber; 202} DERAuthorityKeyIdentifier; 203 204/* DERItemSpecs to decode into a DERAuthorityKeyIdentifier */ 205extern const DERItemSpec DERAuthorityKeyIdentifierItemSpecs[]; 206extern const DERSize DERNumAuthorityKeyIdentifierItemSpecs; 207 208/* OtherName components. */ 209typedef struct { 210 DERItem typeIdentifier; 211 DERItem value; 212} DEROtherName; 213 214/* DERItemSpecs to decode into a DEROtherName */ 215extern const DERItemSpec DEROtherNameItemSpecs[]; 216extern const DERSize DERNumOtherNameItemSpecs; 217 218/* PolicyConstraints components. */ 219typedef struct { 220 DERItem requireExplicitPolicy; 221 DERItem inhibitPolicyMapping; 222} DERPolicyConstraints; 223 224/* DERItemSpecs to decode into a DERPolicyConstraints */ 225extern const DERItemSpec DERPolicyConstraintsItemSpecs[]; 226extern const DERSize DERNumPolicyConstraintsItemSpecs; 227 228/* TBS CRL */ 229typedef struct { 230 DERItem version; /* integer, optional */ 231 DERItem tbsSigAlg; /* sequence, DERAlgorithmId */ 232 DERItem issuer; /* sequence, TBD */ 233 DERItem thisUpdate; /* ASN_ANY, SAVE_DER */ 234 DERItem nextUpdate; /* ASN_ANY, SAVE_DER */ 235 DERItem revokedCerts; /* sequence of DERRevokedCert, optional */ 236 DERItem extensions; /* sequence, optional, EXPLICIT */ 237} DERTBSCrl; 238 239/* DERItemSpecs to decode into a DERTBSCrl */ 240extern const DERItemSpec DERTBSCrlItemSpecs[]; 241extern const DERSize DERNumTBSCrlItemSpecs; 242 243typedef struct { 244 DERItem serialNum; /* integer */ 245 DERItem revocationDate; /* time - ASN_ANY, SAVE_DER */ 246 DERItem extensions; /* sequence, optional, EXPLICIT */ 247} DERRevokedCert; 248 249/* DERItemSpecs to decode into a DERRevokedCert */ 250extern const DERItemSpec DERRevokedCertItemSpecs[]; 251extern const DERSize DERNumRevokedCertItemSpecs; 252 253#ifdef __cplusplus 254} 255#endif 256 257#endif /* _DER_CERT_CRL_H_ */ 258 259