x509_cert/ext/pkix/certpolicy.rs
1//! PKIX Certificate Policies extension
2
3use alloc::{string::String, vec::Vec};
4
5use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES;
6use const_oid::AssociatedOid;
7use der::asn1::{GeneralizedTime, Ia5String, ObjectIdentifier, Uint};
8use der::{Any, Choice, Sequence, ValueOrd};
9
10/// CertificatePolicies as defined in [RFC 5280 Section 4.2.1.4].
11///
12/// ```text
13/// CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
14/// ```
15///
16/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
17// If this extension is
18// critical, the path validation software MUST be able to interpret this
19// extension (including the optional qualifier), or MUST reject the
20// certificate.
21#[derive(Clone, Debug, PartialEq, Eq)]
22pub struct CertificatePolicies(pub Vec<PolicyInformation>);
23
24impl AssociatedOid for CertificatePolicies {
25 const OID: ObjectIdentifier = ID_CE_CERTIFICATE_POLICIES;
26}
27
28impl_newtype!(CertificatePolicies, Vec<PolicyInformation>);
29impl_extension!(CertificatePolicies);
30
31/// PolicyInformation as defined in [RFC 5280 Section 4.2.1.4].
32///
33/// ```text
34/// PolicyInformation ::= SEQUENCE {
35/// policyIdentifier CertPolicyId,
36/// policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
37/// }
38///
39/// CertPolicyId ::= OBJECT IDENTIFIER
40/// ```
41///
42/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
43#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
44#[allow(missing_docs)]
45pub struct PolicyInformation {
46 pub policy_identifier: ObjectIdentifier,
47 pub policy_qualifiers: Option<Vec<PolicyQualifierInfo>>,
48}
49
50/// PolicyQualifierInfo as defined in [RFC 5280 Section 4.2.1.4].
51///
52/// ```text
53/// PolicyQualifierInfo ::= SEQUENCE {
54/// policyQualifierId PolicyQualifierId,
55/// qualifier ANY DEFINED BY policyQualifierId
56/// }
57/// ```
58///
59/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
60#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
61#[allow(missing_docs)]
62pub struct PolicyQualifierInfo {
63 pub policy_qualifier_id: ObjectIdentifier,
64 pub qualifier: Option<Any>,
65}
66
67/// CpsUri as defined in [RFC 5280 Section 4.2.1.4].
68///
69/// ```text
70/// CPSuri ::= IA5String
71/// ```
72///
73/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
74pub type CpsUri = Ia5String;
75
76/// UserNotice as defined in [RFC 5280 Section 4.2.1.4].
77///
78/// ```text
79/// UserNotice ::= SEQUENCE {
80/// noticeRef NoticeReference OPTIONAL,
81/// explicitText DisplayText OPTIONAL
82/// }
83/// ```
84///
85/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
86#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
87#[allow(missing_docs)]
88pub struct UserNotice {
89 pub notice_ref: Option<GeneralizedTime>,
90 pub explicit_text: Option<DisplayText>,
91}
92
93/// NoticeReference as defined in [RFC 5280 Section 4.2.1.4].
94///
95/// ```text
96/// NoticeReference ::= SEQUENCE {
97/// organization DisplayText,
98/// noticeNumbers SEQUENCE OF INTEGER }
99/// ```
100///
101/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
102#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
103#[allow(missing_docs)]
104pub struct NoticeReference {
105 pub organization: DisplayText,
106 pub notice_numbers: Option<Vec<Uint>>,
107}
108
109/// DisplayText as defined in [RFC 5280 Section 4.2.1.4].
110///
111/// ```text
112/// DisplayText ::= CHOICE {
113/// ia5String IA5String (SIZE (1..200)),
114/// visibleString VisibleString (SIZE (1..200)),
115/// bmpString BMPString (SIZE (1..200)),
116/// utf8String UTF8String (SIZE (1..200))
117/// }
118/// ```
119///
120/// Only the ia5String and utf8String options are currently supported.
121///
122/// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
123#[derive(Choice, Clone, Debug, Eq, PartialEq)]
124#[allow(missing_docs)]
125pub enum DisplayText {
126 #[asn1(type = "IA5String")]
127 Ia5String(Ia5String),
128
129 #[asn1(type = "UTF8String")]
130 Utf8String(String),
131}