1/* Copyright (c) 2005-2009 Apple Inc. All Rights Reserved. */ 2 3/* 4 * DER_CertCrl.h - support for decoding X509 certificates and CRLs 5 * 6 * Created Nov. 4 2005 by dmitch 7 */ 8 9#ifndef _DER_CERT_CRL_H_ 10#define _DER_CERT_CRL_H_ 11 12#ifdef __cplusplus 13extern "C" { 14#endif 15 16#include <libDER/libDER.h> 17#include <libDER/DER_Decode.h> 18 19/* 20 * Top level cert or CRL - the two are identical at this level - three 21 * components. The tbs field is saved in full DER form for sig verify. 22 */ 23typedef struct { 24 DERItem tbs; /* sequence, DERTBSCert, DER_DEC_SAVE_DER */ 25 DERItem sigAlg; /* sequence, DERAlgorithmId */ 26 DERItem sig; /* bit string */ 27} DERSignedCertCrl; 28 29/* DERItemSpecs to decode into a DERSignedCertCrl */ 30extern const DERItemSpec DERSignedCertCrlItemSpecs[]; 31extern const DERSize DERNumSignedCertCrlItemSpecs; 32 33/* TBS cert components */ 34typedef struct { 35 DERItem version; /* integer, optional, EXPLICIT */ 36 DERItem serialNum; /* integer */ 37 DERItem tbsSigAlg; /* sequence, DERAlgorithmId */ 38 DERItem issuer; /* sequence, TBD */ 39 DERItem validity; /* sequence, DERValidity */ 40 DERItem subject; /* sequence, TBD */ 41 DERItem subjectPubKey; /* sequence, DERSubjPubKeyInfo */ 42 DERItem issuerID; /* bit string, optional */ 43 DERItem subjectID; /* bit string, optional */ 44 DERItem extensions; /* sequence, optional, EXPLICIT */ 45} DERTBSCert; 46 47/* DERItemSpecs to decode into a DERTBSCert */ 48extern const DERItemSpec DERTBSCertItemSpecs[]; 49extern const DERSize DERNumTBSCertItemSpecs; 50 51/* 52 * validity - components can be either UTC or generalized time. 53 * Both are ASN_ANY with DER_DEC_SAVE_DER. 54 */ 55typedef struct { 56 DERItem notBefore; 57 DERItem notAfter; 58} DERValidity; 59 60/* DERItemSpecs to decode into a DERValidity */ 61extern const DERItemSpec DERValidityItemSpecs[]; 62extern const DERSize DERNumValidityItemSpecs; 63 64/* AttributeTypeAndValue components. */ 65typedef struct { 66 DERItem type; 67 DERItem value; 68} DERAttributeTypeAndValue; 69 70/* DERItemSpecs to decode into DERAttributeTypeAndValue */ 71extern const DERItemSpec DERAttributeTypeAndValueItemSpecs[]; 72extern const DERSize DERNumAttributeTypeAndValueItemSpecs; 73 74/* Extension components */ 75typedef struct { 76 DERItem extnID; 77 DERItem critical; 78 DERItem extnValue; 79} DERExtension; 80 81/* DERItemSpecs to decode into DERExtension */ 82extern const DERItemSpec DERExtensionItemSpecs[]; 83extern const DERSize DERNumExtensionItemSpecs; 84 85/* BasicConstraints components. */ 86typedef struct { 87 DERItem cA; 88 DERItem pathLenConstraint; 89} DERBasicConstraints; 90 91/* DERItemSpecs to decode into DERBasicConstraints */ 92extern const DERItemSpec DERBasicConstraintsItemSpecs[]; 93extern const DERSize DERNumBasicConstraintsItemSpecs; 94 95/* PrivateKeyUsagePeriod components. */ 96typedef struct { 97 DERItem notBefore; 98 DERItem notAfter; 99} DERPrivateKeyUsagePeriod; 100 101/* DERItemSpecs to decode into a DERPrivateKeyUsagePeriod */ 102extern const DERItemSpec DERPrivateKeyUsagePeriodItemSpecs[]; 103extern const DERSize DERNumPrivateKeyUsagePeriodItemSpecs; 104 105/* DistributionPoint components. */ 106typedef struct { 107 DERItem distributionPoint; 108 DERItem reasons; 109 DERItem cRLIssuer; 110} DERDistributionPoint; 111 112/* DERItemSpecs to decode into a DERDistributionPoint */ 113extern const DERItemSpec DERDistributionPointItemSpecs[]; 114extern const DERSize DERNumDistributionPointItemSpecs; 115 116/* PolicyInformation components. */ 117typedef struct { 118 DERItem policyIdentifier; 119 DERItem policyQualifiers; 120} DERPolicyInformation; 121 122/* DERItemSpecs to decode into a DERPolicyInformation */ 123extern const DERItemSpec DERPolicyInformationItemSpecs[]; 124extern const DERSize DERNumPolicyInformationItemSpecs; 125 126/* PolicyQualifierInfo components. */ 127typedef struct { 128 DERItem policyQualifierID; 129 DERItem qualifier; 130} DERPolicyQualifierInfo; 131 132/* DERItemSpecs to decode into a DERPolicyQualifierInfo */ 133extern const DERItemSpec DERPolicyQualifierInfoItemSpecs[]; 134extern const DERSize DERNumPolicyQualifierInfoItemSpecs; 135 136/* UserNotice components. */ 137typedef struct { 138 DERItem noticeRef; 139 DERItem explicitText; 140} DERUserNotice; 141 142/* DERItemSpecs to decode into a DERUserNotice */ 143extern const DERItemSpec DERUserNoticeItemSpecs[]; 144extern const DERSize DERNumUserNoticeItemSpecs; 145 146/* NoticeReference components. */ 147typedef struct { 148 DERItem organization; 149 DERItem noticeNumbers; 150} DERNoticeReference; 151 152/* DERItemSpecs to decode into a DERNoticeReference */ 153extern const DERItemSpec DERNoticeReferenceItemSpecs[]; 154extern const DERSize DERNumNoticeReferenceItemSpecs; 155 156/* PolicyMapping components. */ 157typedef struct { 158 DERItem issuerDomainPolicy; 159 DERItem subjectDomainPolicy; 160} DERPolicyMapping; 161 162/* DERItemSpecs to decode into a DERPolicyMapping */ 163extern const DERItemSpec DERPolicyMappingItemSpecs[]; 164extern const DERSize DERNumPolicyMappingItemSpecs; 165 166/* AccessDescription components. */ 167typedef struct { 168 DERItem accessMethod; 169 DERItem accessLocation; 170} DERAccessDescription; 171 172/* DERItemSpecs to decode into a DERAccessDescription */ 173extern const DERItemSpec DERAccessDescriptionItemSpecs[]; 174extern const DERSize DERNumAccessDescriptionItemSpecs; 175 176/* AuthorityKeyIdentifier components. */ 177typedef struct { 178 DERItem keyIdentifier; 179 DERItem authorityCertIssuer; 180 DERItem authorityCertSerialNumber; 181} DERAuthorityKeyIdentifier; 182 183/* DERItemSpecs to decode into a DERAuthorityKeyIdentifier */ 184extern const DERItemSpec DERAuthorityKeyIdentifierItemSpecs[]; 185extern const DERSize DERNumAuthorityKeyIdentifierItemSpecs; 186 187/* OtherName components. */ 188typedef struct { 189 DERItem typeIdentifier; 190 DERItem value; 191} DEROtherName; 192 193/* DERItemSpecs to decode into a DEROtherName */ 194extern const DERItemSpec DEROtherNameItemSpecs[]; 195extern const DERSize DERNumOtherNameItemSpecs; 196 197/* PolicyConstraints components. */ 198typedef struct { 199 DERItem requireExplicitPolicy; 200 DERItem inhibitPolicyMapping; 201} DERPolicyConstraints; 202 203/* DERItemSpecs to decode into a DERPolicyConstraints */ 204extern const DERItemSpec DERPolicyConstraintsItemSpecs[]; 205extern const DERSize DERNumPolicyConstraintsItemSpecs; 206 207/* TBS CRL */ 208typedef struct { 209 DERItem version; /* integer, optional */ 210 DERItem tbsSigAlg; /* sequence, DERAlgorithmId */ 211 DERItem issuer; /* sequence, TBD */ 212 DERItem thisUpdate; /* ASN_ANY, SAVE_DER */ 213 DERItem nextUpdate; /* ASN_ANY, SAVE_DER */ 214 DERItem revokedCerts; /* sequence of DERRevokedCert, optional */ 215 DERItem extensions; /* sequence, optional, EXPLICIT */ 216} DERTBSCrl; 217 218/* DERItemSpecs to decode into a DERTBSCrl */ 219extern const DERItemSpec DERTBSCrlItemSpecs[]; 220extern const DERSize DERNumTBSCrlItemSpecs; 221 222typedef struct { 223 DERItem serialNum; /* integer */ 224 DERItem revocationDate; /* time - ASN_ANY, SAVE_DER */ 225 DERItem extensions; /* sequence, optional, EXPLICIT */ 226} DERRevokedCert; 227 228/* DERItemSpecs to decode into a DERRevokedCert */ 229extern const DERItemSpec DERRevokedCertItemSpecs[]; 230extern const DERSize DERNumRevokedCertItemSpecs; 231 232#ifdef __cplusplus 233} 234#endif 235 236#endif /* _DER_CERT_CRL_H_ */ 237 238