]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/Security/certExtensionTemplates.h
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / Security / certExtensionTemplates.h
1 /*
2 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * certExtensionTemplates.h - libnssasn1 structs and templates for cert and
24 * CRL extensions
25 *
26 */
27
28 #ifndef _CERT_EXTENSION_TEMPLATES_H_
29 #define _CERT_EXTENSION_TEMPLATES_H_
30
31 #include <Security/X509Templates.h>
32
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36
37 /*
38 * Basic Constraints
39 * NSS struct : NSS_BasicConstraints
40 * CDSA struct : CE_BasicConstraints
41 */
42 typedef struct {
43 SecAsn1Item cA; // BOOL
44 SecAsn1Item pathLenConstraint; // INTEGER optional
45 } NSS_BasicConstraints;
46
47 extern const SecAsn1Template kSecAsn1BasicConstraintsTemplate[];
48
49 /*
50 * Key Usage
51 * NSS struct : SecAsn1Item, BIT STRING - length in bits
52 * CDSA struct : CE_KeyUsage
53 */
54 #define kSecAsn1KeyUsageTemplate kSecAsn1BitStringTemplate
55
56 /*
57 * Extended Key Usage
58 * NSS struct : NSS_ExtKeyUsage
59 * CDSA struct : CE_ExtendedKeyUsage
60 */
61 typedef struct {
62 SecAsn1Oid **purposes;
63 } NSS_ExtKeyUsage;
64 #define kSecAsn1ExtKeyUsageTemplate kSecAsn1SequenceOfObjectIDTemplate
65
66 /*
67 * Subject Key Identifier
68 * NSS struct : SecAsn1Item
69 * CDSA struct : CE_SubjectKeyID, typedef'd to a SecAsn1Item
70 */
71 #define kSecAsn1SubjectKeyIdTemplate kSecAsn1OctetStringTemplate
72
73 /*
74 * Authority Key Identifier
75 * NSS struct : NSS_AuthorityKeyId
76 * CDSA struct : CE_AuthorityKeyID
77 *
78 * All fields are optional.
79 * NOTE: due to an anomaly in the encoding module, if the first field
80 * of a sequence is optional, it has to be a POINTER type.
81 */
82 typedef struct {
83 SecAsn1Item *keyIdentifier; // octet string
84 NSS_GeneralNames genNames;
85 SecAsn1Item serialNumber; // integer
86 } NSS_AuthorityKeyId;
87
88 extern const SecAsn1Template kSecAsn1AuthorityKeyIdTemplate[];
89
90 /*
91 * Certificate policies.
92 * NSS struct : NSS_CertPolicies
93 * CDSA struct : CE_CertPolicies
94 */
95 typedef struct {
96 SecAsn1Oid policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE
97 SecAsn1Item qualifier; // ASN_ANY, not interpreted here
98 } NSS_PolicyQualifierInfo;
99
100 extern const SecAsn1Template kSecAsn1PolicyQualifierTemplate[];
101
102 typedef struct {
103 SecAsn1Oid certPolicyId;
104 NSS_PolicyQualifierInfo **policyQualifiers; // SEQUENCE OF
105 } NSS_PolicyInformation;
106
107 extern const SecAsn1Template kSecAsn1PolicyInformationTemplate[];
108
109 typedef struct {
110 NSS_PolicyInformation **policies; // SEQUENCE OF
111 } NSS_CertPolicies;
112
113 extern const SecAsn1Template kSecAsn1CertPoliciesTemplate[];
114
115 /*
116 * netscape-cert-type
117 * NSS struct : SecAsn1Item, BIT STRING - length in bits
118 * CDSA struct : CE_NetscapeCertType (a uint16)
119 */
120 #define kSecAsn1NetscapeCertTypeTemplate kSecAsn1BitStringTemplate
121
122 /*
123 * CRL Distribution Points.
124 * NSS struct : NSS_DistributionPoint, NSS_DistributionPoints
125 * CDSA struct : CE_CRLDistributionPoint, CE_CRLDistributionPointSyntax
126 */
127
128 typedef struct {
129 SecAsn1Item *distPointName; // ASN_ANY, optional
130 SecAsn1Item reasons; // BIT_STRING, optional
131 NSS_GeneralNames crlIssuer; // optional
132 } NSS_DistributionPoint;
133
134 typedef struct {
135 NSS_DistributionPoint **distPoints; // SEQUENCE OF
136 } NSS_CRLDistributionPoints;
137
138 extern const SecAsn1Template kSecAsn1DistributionPointTemplate[];
139 extern const SecAsn1Template kSecAsn1CRLDistributionPointsTemplate[];
140
141 /*
142 * Resolving the NSS_DistributionPoint.distributionPoint option
143 * involves inspecting the tag of the ASN_ANY and using one of
144 * these templates. One the CDSA side the corresponding struct is
145 * a CE_DistributionPointName.
146 *
147 * This one resolves to an NSS_GeneralNames:
148 */
149 #define NSS_DIST_POINT_FULL_NAME_TAG 0
150 extern const SecAsn1Template kSecAsn1DistPointFullNameTemplate[];
151
152 /*
153 * This one resolves to an NSS_RDN.
154 */
155 #define NSS_DIST_POINT_RDN_TAG 1
156 extern const SecAsn1Template kSecAsn1DistPointRDNTemplate[];
157
158 /*
159 * Issuing distribution point.
160 *
161 * NSS Struct : NSS_IssuingDistributionPoint
162 * CDSA struct : CE_IssuingDistributionPoint
163 *
164 * All fields optional; default for ASN_BOOLs is false.
165 */
166 typedef struct {
167 /* manually decode to a CE_DistributionPointName */
168 SecAsn1Item *distPointName; // ASN_ANY, optional
169
170 SecAsn1Item *onlyUserCerts; // ASN_BOOL
171 SecAsn1Item *onlyCACerts; // ASN_BOOL
172 SecAsn1Item *onlySomeReasons; // BIT STRING
173 SecAsn1Item *indirectCRL; // ASN_BOOL
174 } NSS_IssuingDistributionPoint;
175
176 extern const SecAsn1Template kSecAsn1IssuingDistributionPointTemplate[];
177
178 /*
179 * Authority Information Access, Subject Information Access.
180 *
181 * NSS Struct : NSS_AuthorityInfoAccess
182 * CDSA struct : CE_AuthorityInfoAccess
183 */
184 typedef struct {
185 SecAsn1Item accessMethod;
186
187 /* NSS encoder just can't handle direct inline of an NSS_GeneralName here.
188 * After decode and prior to encode this is an encoded GeneralName.
189 */
190 SecAsn1Item encodedAccessLocation;
191 } NSS_AccessDescription;
192
193 typedef struct {
194 NSS_AccessDescription **accessDescriptions;
195 } NSS_AuthorityInfoAccess;
196
197 extern const SecAsn1Template kSecAsn1AccessDescriptionTemplate[];
198 extern const SecAsn1Template kSecAsn1AuthorityInfoAccessTemplate[];
199
200 /*
201 * Qualified Certificate Statements support
202 */
203 typedef struct {
204 SecAsn1Oid *semanticsIdentifier; /* optional */
205 NSS_GeneralNames *nameRegistrationAuthorities; /* optional */
206 } NSS_SemanticsInformation;
207
208 typedef struct {
209 SecAsn1Oid statementId;
210 SecAsn1Item info; /* optional, ANY */
211 } NSS_QC_Statement;
212
213 typedef struct {
214 NSS_QC_Statement **qcStatements;
215 } NSS_QC_Statements;
216
217 extern const SecAsn1Template kSecAsn1SemanticsInformationTemplate[];
218 extern const SecAsn1Template kSecAsn1QC_StatementTemplate[];
219 extern const SecAsn1Template kSecAsn1QC_StatementsTemplate[];
220
221 /*
222 * NameConstraints support
223 */
224 typedef struct {
225 NSS_GeneralNames base;
226 SecAsn1Item minimum; // INTEGER default=0
227 SecAsn1Item maximum; // INTEGER optional
228 } NSS_GeneralSubtree;
229
230 typedef struct {
231 NSS_GeneralSubtree **subtrees; // SEQUENCE OF
232 } NSS_GeneralSubtrees;
233
234 typedef struct {
235 NSS_GeneralSubtrees *permittedSubtrees; // optional
236 NSS_GeneralSubtrees *excludedSubtrees; // optional
237 } NSS_NameConstraints;
238
239 extern const SecAsn1Template kSecAsn1NameConstraintsTemplate[];
240
241 /*
242 * PolicyMappings support
243 */
244 typedef struct {
245 SecAsn1Oid issuerDomainPolicy;
246 SecAsn1Oid subjectDomainPolicy;
247 } NSS_PolicyMapping;
248
249 typedef struct {
250 NSS_PolicyMapping **policyMappings; // SEQUENCE OF
251 } NSS_PolicyMappings;
252
253 extern const SecAsn1Template kSecAsn1PolicyMappingsTemplate[];
254
255 /*
256 * PolicyConstraints support
257 */
258 typedef struct {
259 SecAsn1Item requireExplicitPolicy; // INTEGER optional
260 SecAsn1Item inhibitPolicyMapping; // INTEGER optional
261 } NSS_PolicyConstraints;
262
263 extern const SecAsn1Template kSecAsn1PolicyConstraintsTemplate[];
264
265 /*
266 * InhibitAnyPolicy support
267 */
268 #define kSecAsn1InhibitAnyPolicyTemplate kSecAsn1IntegerTemplate;
269
270 #ifdef __cplusplus
271 }
272 #endif
273
274 #endif /* _CERT_EXTENSION_TEMPLATES_H_ */