[apple/security.git] / OSX / include / security_asn1 / certExtensionTemplates.h

/*
 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 *
 * certExtensionTemplates.h - libnssasn1 structs and templates for cert and 
 *                            CRL extensions
 *
 */
 
#ifndef	_CERT_EXTENSION_TEMPLATES_H_
#define _CERT_EXTENSION_TEMPLATES_H_

#include <Security/X509Templates.h>

#ifdef	__cplusplus
extern "C" {
#endif

/*
 * Basic Constraints
 * NSS struct  : NSS_BasicConstraints
 * CDSA struct : CE_BasicConstraints
 */
typedef struct {
	SecAsn1Item		cA;					// BOOL
	SecAsn1Item		pathLenConstraint;	// INTEGER optional
} NSS_BasicConstraints;

extern const SecAsn1Template kSecAsn1BasicConstraintsTemplate[];

/* 
 * Key Usage
 * NSS struct  : SecAsn1Item, BIT STRING - length in bits
 * CDSA struct : CE_KeyUsage
 */
#define kSecAsn1KeyUsageTemplate		kSecAsn1BitStringTemplate

/*
 * Extended Key Usage
 * NSS struct  : NSS_ExtKeyUsage
 * CDSA struct : CE_ExtendedKeyUsage
 */
typedef struct {
	SecAsn1Oid	**purposes;
} NSS_ExtKeyUsage;
#define kSecAsn1ExtKeyUsageTemplate		kSecAsn1SequenceOfObjectIDTemplate

/*
 * Subject Key Identifier
 * NSS struct  : SecAsn1Item
 * CDSA struct : CE_SubjectKeyID, typedef'd to a SecAsn1Item
 */
#define kSecAsn1SubjectKeyIdTemplate	kSecAsn1OctetStringTemplate

/*
 * Authority Key Identifier
 * NSS struct  : NSS_AuthorityKeyId
 * CDSA struct : CE_AuthorityKeyID
 *
 * All fields are optional.
 * NOTE: due to an anomaly in the encoding module, if the first field
 * of a sequence is optional, it has to be a POINTER type. 
 */
typedef struct {
	SecAsn1Item			*keyIdentifier;		// octet string
	NSS_GeneralNames	genNames;	
	SecAsn1Item			serialNumber;		// integer
} NSS_AuthorityKeyId;

extern const SecAsn1Template kSecAsn1AuthorityKeyIdTemplate[];

/*
 * Certificate policies. 
 * NSS struct  : NSS_CertPolicies
 * CDSA struct : CE_CertPolicies
 */
typedef struct {
	SecAsn1Oid		policyQualifierId;	// CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE
	SecAsn1Item		qualifier;			// ASN_ANY, not interpreted here
} NSS_PolicyQualifierInfo;

extern const SecAsn1Template kSecAsn1PolicyQualifierTemplate[];

typedef struct {
	SecAsn1Oid				certPolicyId;
	NSS_PolicyQualifierInfo	**policyQualifiers;	// SEQUENCE OF
} NSS_PolicyInformation;

extern const SecAsn1Template kSecAsn1PolicyInformationTemplate[];

typedef struct {
	NSS_PolicyInformation	**policies;			// SEQUENCE OF
} NSS_CertPolicies;

extern const SecAsn1Template kSecAsn1CertPoliciesTemplate[];

/* 
 * netscape-cert-type
 * NSS struct  : SecAsn1Item, BIT STRING - length in bits
 * CDSA struct : CE_NetscapeCertType (a uint16)
 */
#define kSecAsn1NetscapeCertTypeTemplate		kSecAsn1BitStringTemplate

/*
 * CRL Distribution Points. 
 * NSS struct  : NSS_DistributionPoint, NSS_DistributionPoints
 * CDSA struct : CE_CRLDistributionPoint, CE_CRLDistributionPointSyntax
 */

typedef struct {
	SecAsn1Item			*distPointName;		// ASN_ANY, optional
	SecAsn1Item			reasons;			// BIT_STRING, optional
	NSS_GeneralNames	crlIssuer;			// optional
} NSS_DistributionPoint;

typedef struct {
	NSS_DistributionPoint	**distPoints;	// SEQUENCE OF
} NSS_CRLDistributionPoints;

extern const SecAsn1Template kSecAsn1DistributionPointTemplate[];
extern const SecAsn1Template kSecAsn1CRLDistributionPointsTemplate[];

/*
 * Resolving the NSS_DistributionPoint.distributionPoint option
 * involves inspecting the tag of the ASN_ANY and using one of
 * these templates. One the CDSA side the corresponding struct is
 * a CE_DistributionPointName.
 *
 * This one resolves to an NSS_GeneralNames:
 */
#define NSS_DIST_POINT_FULL_NAME_TAG	0
extern const SecAsn1Template kSecAsn1DistPointFullNameTemplate[];
 
/*
 * This one resolves to an NSS_RDN.
 */
#define NSS_DIST_POINT_RDN_TAG			1
extern const SecAsn1Template kSecAsn1DistPointRDNTemplate[];

/*
 * Issuing distribution point.
 *
 * NSS Struct  : NSS_IssuingDistributionPoint
 * CDSA struct : CE_IssuingDistributionPoint
 *
 * All fields optional; default for ASN_BOOLs is false.
 */
typedef struct {
	/* manually decode to a CE_DistributionPointName */
	SecAsn1Item			*distPointName;		// ASN_ANY, optional
	
	SecAsn1Item			*onlyUserCerts;		// ASN_BOOL
	SecAsn1Item			*onlyCACerts;		// ASN_BOOL
	SecAsn1Item			*onlySomeReasons;	// BIT STRING
	SecAsn1Item			*indirectCRL;		// ASN_BOOL
} NSS_IssuingDistributionPoint;

extern const SecAsn1Template kSecAsn1IssuingDistributionPointTemplate[];

/* 
 * Authority Information Access, Subject Information Access.
 *
 * NSS Struct  : NSS_AuthorityInfoAccess
 * CDSA struct : CE_AuthorityInfoAccess
 */
typedef struct {
	SecAsn1Item				accessMethod;
	
	/* NSS encoder just can't handle direct inline of an NSS_GeneralName here.
	 * After decode and prior to encode this is an encoded GeneralName. 
	 */
	SecAsn1Item				encodedAccessLocation;
} NSS_AccessDescription;

typedef struct {
	NSS_AccessDescription	**accessDescriptions;
} NSS_AuthorityInfoAccess;

extern const SecAsn1Template kSecAsn1AccessDescriptionTemplate[];
extern const SecAsn1Template kSecAsn1AuthorityInfoAccessTemplate[];

/*
 * Qualified Certificate Statements support
 */
typedef struct {
	SecAsn1Oid				*semanticsIdentifier;			/* optional */
	NSS_GeneralNames		*nameRegistrationAuthorities;	/* optional */
} NSS_SemanticsInformation;

typedef struct {
	SecAsn1Oid				statementId;
	SecAsn1Item				info;		/* optional, ANY */
} NSS_QC_Statement;

typedef struct {
	NSS_QC_Statement		**qcStatements;
} NSS_QC_Statements; 

extern const SecAsn1Template kSecAsn1SemanticsInformationTemplate[];
extern const SecAsn1Template kSecAsn1QC_StatementTemplate[];
extern const SecAsn1Template kSecAsn1QC_StatementsTemplate[];

/*
 * NameConstraints support
 */
typedef struct {
	NSS_GeneralNames		base;
	SecAsn1Item				minimum;	// INTEGER default=0
	SecAsn1Item				maximum;	// INTEGER optional
} NSS_GeneralSubtree;

typedef struct {
	NSS_GeneralSubtree		**subtrees; // SEQUENCE OF
} NSS_GeneralSubtrees; 

typedef struct {
	NSS_GeneralSubtrees		*permittedSubtrees; // optional
	NSS_GeneralSubtrees		*excludedSubtrees;  // optional
} NSS_NameConstraints; 

extern const SecAsn1Template kSecAsn1NameConstraintsTemplate[];

/*
 * PolicyMappings support
 */
typedef struct {
	SecAsn1Oid				issuerDomainPolicy;
	SecAsn1Oid				subjectDomainPolicy;
} NSS_PolicyMapping;

typedef struct {
	NSS_PolicyMapping		**policyMappings; // SEQUENCE OF
} NSS_PolicyMappings; 

extern const SecAsn1Template kSecAsn1PolicyMappingsTemplate[];

/*
 * PolicyConstraints support
 */
typedef struct {
	SecAsn1Item				requireExplicitPolicy;	// INTEGER optional
	SecAsn1Item				inhibitPolicyMapping;	// INTEGER optional
} NSS_PolicyConstraints;

extern const SecAsn1Template kSecAsn1PolicyConstraintsTemplate[];

/*
 * InhibitAnyPolicy support
 */
#define kSecAsn1InhibitAnyPolicyTemplate	kSecAsn1IntegerTemplate;

#ifdef	__cplusplus
}
#endif

#endif	/* _CERT_EXTENSION_TEMPLATES_H_ */
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*
	23	* certExtensionTemplates.h - libnssasn1 structs and templates for cert and
	24	* CRL extensions
	25	*
	26	*/
	27
	28	#ifndef _CERT_EXTENSION_TEMPLATES_H_
	29	#define _CERT_EXTENSION_TEMPLATES_H_
	30
	31	#include <Security/X509Templates.h>
	32
	33	#ifdef __cplusplus
	34	extern "C" {
	35	#endif
	36
	37	/*
	38	* Basic Constraints
	39	* NSS struct : NSS_BasicConstraints
	40	* CDSA struct : CE_BasicConstraints
	41	*/
	42	typedef struct {
	43	SecAsn1Item cA; // BOOL
	44	SecAsn1Item pathLenConstraint; // INTEGER optional
	45	} NSS_BasicConstraints;
	46
	47	extern const SecAsn1Template kSecAsn1BasicConstraintsTemplate[];
	48
	49	/*
	50	* Key Usage
	51	* NSS struct : SecAsn1Item, BIT STRING - length in bits
	52	* CDSA struct : CE_KeyUsage
	53	*/
	54	#define kSecAsn1KeyUsageTemplate kSecAsn1BitStringTemplate
	55
	56	/*
	57	* Extended Key Usage
	58	* NSS struct : NSS_ExtKeyUsage
	59	* CDSA struct : CE_ExtendedKeyUsage
	60	*/
	61	typedef struct {
	62	SecAsn1Oid **purposes;
	63	} NSS_ExtKeyUsage;
	64	#define kSecAsn1ExtKeyUsageTemplate kSecAsn1SequenceOfObjectIDTemplate
	65
	66	/*
67	* Subject Key Identifier
68	* NSS struct : SecAsn1Item
69	* CDSA struct : CE_SubjectKeyID, typedef'd to a SecAsn1Item
70	*/
71	#define kSecAsn1SubjectKeyIdTemplate kSecAsn1OctetStringTemplate
72
73	/*
74	* Authority Key Identifier
75	* NSS struct : NSS_AuthorityKeyId
76	* CDSA struct : CE_AuthorityKeyID
77	*
78	* All fields are optional.
79	* NOTE: due to an anomaly in the encoding module, if the first field
80	* of a sequence is optional, it has to be a POINTER type.
81	*/
82	typedef struct {
83	SecAsn1Item *keyIdentifier; // octet string
84	NSS_GeneralNames genNames;
85	SecAsn1Item serialNumber; // integer
86	} NSS_AuthorityKeyId;
87
88	extern const SecAsn1Template kSecAsn1AuthorityKeyIdTemplate[];
89
90	/*
91	* Certificate policies.
92	* NSS struct : NSS_CertPolicies
93	* CDSA struct : CE_CertPolicies
94	*/
95	typedef struct {
96	SecAsn1Oid policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE
97	SecAsn1Item qualifier; // ASN_ANY, not interpreted here
98	} NSS_PolicyQualifierInfo;
99
100	extern const SecAsn1Template kSecAsn1PolicyQualifierTemplate[];
101
102	typedef struct {
103	SecAsn1Oid certPolicyId;
104	NSS_PolicyQualifierInfo **policyQualifiers; // SEQUENCE OF
105	} NSS_PolicyInformation;
106
107	extern const SecAsn1Template kSecAsn1PolicyInformationTemplate[];
108
109	typedef struct {
110	NSS_PolicyInformation **policies; // SEQUENCE OF
111	} NSS_CertPolicies;
112
113	extern const SecAsn1Template kSecAsn1CertPoliciesTemplate[];
114
115	/*
116	* netscape-cert-type
117	* NSS struct : SecAsn1Item, BIT STRING - length in bits
118	* CDSA struct : CE_NetscapeCertType (a uint16)
119	*/
120	#define kSecAsn1NetscapeCertTypeTemplate kSecAsn1BitStringTemplate
121
122	/*
123	* CRL Distribution Points.
124	* NSS struct : NSS_DistributionPoint, NSS_DistributionPoints
125	* CDSA struct : CE_CRLDistributionPoint, CE_CRLDistributionPointSyntax
126	*/
127
128	typedef struct {
129	SecAsn1Item *distPointName; // ASN_ANY, optional
130	SecAsn1Item reasons; // BIT_STRING, optional
131	NSS_GeneralNames crlIssuer; // optional
132	} NSS_DistributionPoint;
133
134	typedef struct {
135	NSS_DistributionPoint **distPoints; // SEQUENCE OF
136	} NSS_CRLDistributionPoints;
137
138	extern const SecAsn1Template kSecAsn1DistributionPointTemplate[];
139	extern const SecAsn1Template kSecAsn1CRLDistributionPointsTemplate[];
140
141	/*
142	* Resolving the NSS_DistributionPoint.distributionPoint option
143	* involves inspecting the tag of the ASN_ANY and using one of
144	* these templates. One the CDSA side the corresponding struct is
145	* a CE_DistributionPointName.
146	*
147	* This one resolves to an NSS_GeneralNames:
148	*/
149	#define NSS_DIST_POINT_FULL_NAME_TAG 0
150	extern const SecAsn1Template kSecAsn1DistPointFullNameTemplate[];
151
152	/*
153	* This one resolves to an NSS_RDN.
154	*/
155	#define NSS_DIST_POINT_RDN_TAG 1
156	extern const SecAsn1Template kSecAsn1DistPointRDNTemplate[];
157
158	/*
159	* Issuing distribution point.
160	*
161	* NSS Struct : NSS_IssuingDistributionPoint
162	* CDSA struct : CE_IssuingDistributionPoint
163	*
164	* All fields optional; default for ASN_BOOLs is false.
165	*/
166	typedef struct {
167	/* manually decode to a CE_DistributionPointName */
168	SecAsn1Item *distPointName; // ASN_ANY, optional
169
170	SecAsn1Item *onlyUserCerts; // ASN_BOOL
171	SecAsn1Item *onlyCACerts; // ASN_BOOL
172	SecAsn1Item *onlySomeReasons; // BIT STRING
173	SecAsn1Item *indirectCRL; // ASN_BOOL
174	} NSS_IssuingDistributionPoint;
175
176	extern const SecAsn1Template kSecAsn1IssuingDistributionPointTemplate[];
177
178	/*
179	* Authority Information Access, Subject Information Access.
180	*
181	* NSS Struct : NSS_AuthorityInfoAccess
182	* CDSA struct : CE_AuthorityInfoAccess
183	*/
184	typedef struct {
185	SecAsn1Item accessMethod;
186
187	/* NSS encoder just can't handle direct inline of an NSS_GeneralName here.
188	* After decode and prior to encode this is an encoded GeneralName.
189	*/
190	SecAsn1Item encodedAccessLocation;
191	} NSS_AccessDescription;
192
193	typedef struct {
194	NSS_AccessDescription **accessDescriptions;
195	} NSS_AuthorityInfoAccess;
196
197	extern const SecAsn1Template kSecAsn1AccessDescriptionTemplate[];
198	extern const SecAsn1Template kSecAsn1AuthorityInfoAccessTemplate[];
199
200	/*
201	* Qualified Certificate Statements support
202	*/
203	typedef struct {
204	SecAsn1Oid semanticsIdentifier; / optional */
205	NSS_GeneralNames nameRegistrationAuthorities; / optional */
206	} NSS_SemanticsInformation;
207
208	typedef struct {
209	SecAsn1Oid statementId;
210	SecAsn1Item info; /* optional, ANY */
211	} NSS_QC_Statement;
212
213	typedef struct {
214	NSS_QC_Statement **qcStatements;
215	} NSS_QC_Statements;
216
217	extern const SecAsn1Template kSecAsn1SemanticsInformationTemplate[];
218	extern const SecAsn1Template kSecAsn1QC_StatementTemplate[];
219	extern const SecAsn1Template kSecAsn1QC_StatementsTemplate[];
220
221	/*
222	* NameConstraints support
223	*/
224	typedef struct {
225	NSS_GeneralNames base;
226	SecAsn1Item minimum; // INTEGER default=0
227	SecAsn1Item maximum; // INTEGER optional
228	} NSS_GeneralSubtree;
229
230	typedef struct {
231	NSS_GeneralSubtree **subtrees; // SEQUENCE OF
232	} NSS_GeneralSubtrees;
233
234	typedef struct {
235	NSS_GeneralSubtrees *permittedSubtrees; // optional
236	NSS_GeneralSubtrees *excludedSubtrees; // optional
237	} NSS_NameConstraints;
238
239	extern const SecAsn1Template kSecAsn1NameConstraintsTemplate[];
240
241	/*
242	* PolicyMappings support
243	*/
244	typedef struct {
245	SecAsn1Oid issuerDomainPolicy;
246	SecAsn1Oid subjectDomainPolicy;
247	} NSS_PolicyMapping;
248
249	typedef struct {
250	NSS_PolicyMapping **policyMappings; // SEQUENCE OF
251	} NSS_PolicyMappings;
252
253	extern const SecAsn1Template kSecAsn1PolicyMappingsTemplate[];
254
255	/*
256	* PolicyConstraints support
257	*/
258	typedef struct {
259	SecAsn1Item requireExplicitPolicy; // INTEGER optional
260	SecAsn1Item inhibitPolicyMapping; // INTEGER optional
261	} NSS_PolicyConstraints;
262
263	extern const SecAsn1Template kSecAsn1PolicyConstraintsTemplate[];
264
265	/*
266	* InhibitAnyPolicy support
267	*/
268	#define kSecAsn1InhibitAnyPolicyTemplate kSecAsn1IntegerTemplate;
269
270	#ifdef __cplusplus
271	}
272	#endif
273
274	#endif /* _CERT_EXTENSION_TEMPLATES_H_ */