projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| b1ab9ed8 | 1 | /* |
| d8f41ccd | 2 | * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved. |
| b1ab9ed8 A |
3 | * |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | * | |
| 23 | * X509Templates.h - X.509 Certificate and CRL ASN1 templates | |
| 24 | */ | |
| 25 | ||
| 26 | #ifndef _NSS_X509_TEMPLATES_H_ | |
| 27 | #define _NSS_X509_TEMPLATES_H_ | |
| 28 | ||
| 29 | #include <Security/SecAsn1Types.h> | |
| 30 | #include <Security/nameTemplates.h> | |
| 31 | ||
| 32 | /* | |
| 33 | * Arrays of SecAsn1Templates are always associated with a specific | |
| 34 | * C struct. We attempt to use C structs which are defined in CDSA | |
| 35 | * if at all possible; these always start with the CSSM_ prefix. | |
| 36 | * Otherwise we define the struct here, with an NSS_ prefix. | |
| 37 | * In either case, the name of the C struct is listed in comments | |
| 38 | * along with the extern declaration of the SecAsn1Template array. | |
| 39 | */ | |
| 40 | ||
| 41 | #ifdef __cplusplus | |
| 42 | extern "C" { | |
| 43 | #endif | |
| 44 | ||
| 427c49bc | 45 | // MARK: --- X509 Validity support --- |
| b1ab9ed8 A |
46 | |
| 47 | /* | |
| 48 | * ASN Class : Validity | |
| 49 | * C struct : NSS_Validity | |
| 50 | * | |
| 51 | * The low-level Time values, which are CHOICE of generalized | |
| 52 | * time or UTC time, still DER-encoded upon decoding of this object. | |
| 53 | */ | |
| 54 | /* | |
| 55 | * The low-level time values are eitehr Generalized Time | |
| 56 | * (SEC_ASN1_GENERALIZED_TIME) or UTC time (SEC_ASN1_UTC_TIME). | |
| 57 | */ | |
| 58 | typedef NSS_TaggedItem NSS_Time; | |
| 59 | ||
| 60 | typedef struct { | |
| 61 | NSS_Time notBefore; | |
| 62 | NSS_Time notAfter; | |
| 63 | } NSS_Validity; | |
| 64 | ||
| 65 | extern const SecAsn1Template kSecAsn1ValidityTemplate[]; | |
| 66 | ||
| 427c49bc | 67 | // MARK: --- Certificate --- |
| b1ab9ed8 A |
68 | |
| 69 | /* | |
| 70 | * X509 cert extension | |
| 71 | * ASN Class : Extension | |
| 72 | * C struct : NSS_CertExtension | |
| 73 | * | |
| 74 | * With a nontrivial amount of extension-specific processing, | |
| 75 | * this maps to a CSSM_X509_EXTENSION. | |
| 76 | */ | |
| 77 | typedef struct { | |
| 78 | SecAsn1Item extnId; | |
| 79 | SecAsn1Item critical; // optional, default = false | |
| 80 | SecAsn1Item value; // OCTET string whose decoded value is | |
| 81 | // an id-specific DER-encoded thing | |
| 82 | } NSS_CertExtension; | |
| 83 | ||
| 84 | extern const SecAsn1Template kSecAsn1CertExtensionTemplate[]; | |
| 85 | extern const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate[]; | |
| 86 | ||
| 87 | /* | |
| 88 | * X.509 certificate object (the unsigned form) | |
| 89 | * | |
| 90 | * ASN class : TBSCertificate | |
| 91 | * C struct : NSS_TBSCertificate | |
| 92 | */ | |
| 93 | typedef struct { | |
| 94 | SecAsn1Item version; // optional | |
| 95 | SecAsn1Item serialNumber; | |
| 96 | SecAsn1AlgId signature; | |
| 97 | NSS_Name issuer; | |
| 98 | NSS_Validity validity; | |
| 99 | NSS_Name subject; | |
| 100 | SecAsn1PubKeyInfo subjectPublicKeyInfo; | |
| 101 | SecAsn1Item issuerID; // optional, BITS | |
| 102 | SecAsn1Item subjectID; // optional, BITS | |
| 103 | NSS_CertExtension **extensions; // optional | |
| 104 | ||
| 105 | /* | |
| 106 | * Additional DER-encoded fields copied (via SEC_ASN1_SAVE) | |
| 107 | * during decoding. | |
| 108 | */ | |
| 109 | SecAsn1Item derIssuer; | |
| 110 | SecAsn1Item derSubject; | |
| 111 | } NSS_TBSCertificate; | |
| 112 | ||
| 113 | extern const SecAsn1Template kSecAsn1TBSCertificateTemplate[]; | |
| 114 | ||
| 115 | /* | |
| 116 | * Fully specified signed certificate. | |
| 117 | * | |
| 118 | * ASN class : Certificate | |
| 119 | * C struct : NSS_Certificate | |
| 120 | */ | |
| 121 | typedef struct { | |
| 122 | NSS_TBSCertificate tbs; | |
| 123 | SecAsn1AlgId signatureAlgorithm; | |
| 124 | SecAsn1Item signature;// BIT STRING, length in bits | |
| 125 | } NSS_Certificate; | |
| 126 | ||
| 127 | extern const SecAsn1Template kSecAsn1SignedCertTemplate[]; | |
| 128 | ||
| 427c49bc | 129 | // MARK: --- CRL --- |
| b1ab9ed8 A |
130 | |
| 131 | /* | |
| 132 | * ASN class : revokedCertificate | |
| 133 | * C struct : NSS_RevokedCert | |
| 134 | */ | |
| 135 | typedef struct { | |
| 136 | SecAsn1Item userCertificate; // serial number | |
| 137 | NSS_Time revocationDate; | |
| 138 | NSS_CertExtension **extensions; // optional | |
| 139 | } NSS_RevokedCert; | |
| 140 | ||
| 141 | extern const SecAsn1Template kSecAsn1RevokedCertTemplate[]; | |
| 142 | extern const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate[]; | |
| 143 | ||
| 144 | /* | |
| 145 | * X509 Cert Revocation List (the unsigned form) | |
| 146 | * ASN class : TBSCertList | |
| 147 | * C struct : NSS_TBSCrl | |
| 148 | */ | |
| 149 | typedef struct { | |
| 150 | SecAsn1Item version; // optional | |
| 151 | SecAsn1AlgId signature; | |
| 152 | NSS_Name issuer; | |
| 153 | NSS_Time thisUpdate; | |
| 154 | NSS_Time nextUpdate; // optional | |
| 155 | NSS_RevokedCert **revokedCerts; // optional | |
| 156 | NSS_CertExtension **extensions; // optional | |
| 157 | ||
| 158 | /* | |
| 159 | * Additional DER-encoded fields copied (via SEC_ASN1_SAVE) | |
| 160 | * during decoding. | |
| 161 | */ | |
| 162 | SecAsn1Item derIssuer; | |
| 163 | ||
| 164 | } NSS_TBSCrl; | |
| 165 | ||
| 166 | extern const SecAsn1Template kSecAsn1TBSCrlTemplate[]; | |
| 167 | ||
| 168 | /* | |
| 169 | * Fully specified signed CRL. | |
| 170 | * | |
| 171 | * ASN class : CertificateList | |
| 172 | * C struct : NSS_CRL | |
| 173 | */ | |
| 174 | typedef struct { | |
| 175 | NSS_TBSCrl tbs; | |
| 176 | SecAsn1AlgId signatureAlgorithm; | |
| 177 | SecAsn1Item signature;// BIT STRING, length in bits | |
| 178 | } NSS_Crl; | |
| 179 | ||
| 180 | extern const SecAsn1Template kSecAsn1SignedCrlTemplate[]; | |
| 181 | ||
| 182 | /* | |
| 183 | * signed data - top-level view of a signed Cert or CRL, for | |
| 184 | * signing and verifying only. Treats the TBS and AlgId portions | |
| 185 | * as opaque ASN_ANY blobs. | |
| 186 | */ | |
| 187 | typedef struct { | |
| 188 | SecAsn1Item tbsBlob; // ANY, DER encoded cert or CRL | |
| 189 | SecAsn1Item signatureAlgorithm; | |
| 190 | SecAsn1Item signature;// BIT STRING, length in bits | |
| 191 | } NSS_SignedCertOrCRL; | |
| 192 | ||
| 193 | extern const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate[]; | |
| 194 | ||
| 195 | #ifdef __cplusplus | |
| 196 | } | |
| 197 | #endif | |
| 198 | ||
| 199 | #endif /* _NSS_X509_TEMPLATES_H_ */ |