Security/libsecurity_asn1/lib/certExtensionTemplates.h

   1 /*
   2  * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  *
  23  * certExtensionTemplates.h - libnssasn1 structs and templates for cert and
  24  *                            CRL extensions
  25  *
  26  */
  27
  28 #ifndef _CERT_EXTENSION_TEMPLATES_H_
  29 #define _CERT_EXTENSION_TEMPLATES_H_
  30
  31 #include <Security/X509Templates.h>
  32
  33 #ifdef  __cplusplus
  34 extern "C" {
  35 #endif
  36
  37 /*
  38  * Basic Constraints
  39  * NSS struct  : NSS_BasicConstraints
  40  * CDSA struct : CE_BasicConstraints
  41  */
  42 typedef struct {
  43         SecAsn1Item             cA;                                     // BOOL
  44         SecAsn1Item             pathLenConstraint;      // INTEGER optional
  45 } NSS_BasicConstraints;
  46
  47 extern const SecAsn1Template kSecAsn1BasicConstraintsTemplate[];
  48
  49 /*
  50  * Key Usage
  51  * NSS struct  : SecAsn1Item, BIT STRING - length in bits
  52  * CDSA struct : CE_KeyUsage
  53  */
  54 #define kSecAsn1KeyUsageTemplate                kSecAsn1BitStringTemplate
  55
  56 /*
  57  * Extended Key Usage
  58  * NSS struct  : NSS_ExtKeyUsage
  59  * CDSA struct : CE_ExtendedKeyUsage
  60  */
  61 typedef struct {
  62         SecAsn1Oid      **purposes;
  63 } NSS_ExtKeyUsage;
  64 #define kSecAsn1ExtKeyUsageTemplate             kSecAsn1SequenceOfObjectIDTemplate
  65
  66 /*
  67  * Subject Key Identifier
  68  * NSS struct  : SecAsn1Item
  69  * CDSA struct : CE_SubjectKeyID, typedef'd to a SecAsn1Item
  70  */
  71 #define kSecAsn1SubjectKeyIdTemplate    kSecAsn1OctetStringTemplate
  72
  73 /*
  74  * Authority Key Identifier
  75  * NSS struct  : NSS_AuthorityKeyId
  76  * CDSA struct : CE_AuthorityKeyID
  77  *
  78  * All fields are optional.
  79  * NOTE: due to an anomaly in the encoding module, if the first field
  80  * of a sequence is optional, it has to be a POINTER type.
  81  */
  82 typedef struct {
  83         SecAsn1Item                     *keyIdentifier;         // octet string
  84         NSS_GeneralNames        genNames;
  85         SecAsn1Item                     serialNumber;           // integer
  86 } NSS_AuthorityKeyId;
  87
  88 extern const SecAsn1Template kSecAsn1AuthorityKeyIdTemplate[];
  89
  90 /*
  91  * Certificate policies.
  92  * NSS struct  : NSS_CertPolicies
  93  * CDSA struct : CE_CertPolicies
  94  */
  95 typedef struct {
  96         SecAsn1Oid              policyQualifierId;      // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE
  97         SecAsn1Item             qualifier;                      // ASN_ANY, not interpreted here
  98 } NSS_PolicyQualifierInfo;
  99
 100 extern const SecAsn1Template kSecAsn1PolicyQualifierTemplate[];
 101
 102 typedef struct {
 103         SecAsn1Oid                              certPolicyId;
 104         NSS_PolicyQualifierInfo **policyQualifiers;     // SEQUENCE OF
 105 } NSS_PolicyInformation;
 106
 107 extern const SecAsn1Template kSecAsn1PolicyInformationTemplate[];
 108
 109 typedef struct {
 110         NSS_PolicyInformation   **policies;                     // SEQUENCE OF
 111 } NSS_CertPolicies;
 112
 113 extern const SecAsn1Template kSecAsn1CertPoliciesTemplate[];
 114
 115 /*
 116  * netscape-cert-type
 117  * NSS struct  : SecAsn1Item, BIT STRING - length in bits
 118  * CDSA struct : CE_NetscapeCertType (a uint16)
 119  */
 120 #define kSecAsn1NetscapeCertTypeTemplate                kSecAsn1BitStringTemplate
 121
 122 /*
 123  * CRL Distribution Points.
 124  * NSS struct  : NSS_DistributionPoint, NSS_DistributionPoints
 125  * CDSA struct : CE_CRLDistributionPoint, CE_CRLDistributionPointSyntax
 126  */
 127
 128 typedef struct {
 129         SecAsn1Item                     *distPointName;         // ASN_ANY, optional
 130         SecAsn1Item                     reasons;                        // BIT_STRING, optional
 131         NSS_GeneralNames        crlIssuer;                      // optional
 132 } NSS_DistributionPoint;
 133
 134 typedef struct {
 135         NSS_DistributionPoint   **distPoints;   // SEQUENCE OF
 136 } NSS_CRLDistributionPoints;
 137
 138 extern const SecAsn1Template kSecAsn1DistributionPointTemplate[];
 139 extern const SecAsn1Template kSecAsn1CRLDistributionPointsTemplate[];
 140
 141 /*
 142  * Resolving the NSS_DistributionPoint.distributionPoint option
 143  * involves inspecting the tag of the ASN_ANY and using one of
 144  * these templates. One the CDSA side the corresponding struct is
 145  * a CE_DistributionPointName.
 146  *
 147  * This one resolves to an NSS_GeneralNames:
 148  */
 149 #define NSS_DIST_POINT_FULL_NAME_TAG    0
 150 extern const SecAsn1Template kSecAsn1DistPointFullNameTemplate[];
 151
 152 /*
 153  * This one resolves to an NSS_RDN.
 154  */
 155 #define NSS_DIST_POINT_RDN_TAG                  1
 156 extern const SecAsn1Template kSecAsn1DistPointRDNTemplate[];
 157
 158 /*
 159  * Issuing distribution point.
 160  *
 161  * NSS Struct  : NSS_IssuingDistributionPoint
 162  * CDSA struct : CE_IssuingDistributionPoint
 163  *
 164  * All fields optional; default for ASN_BOOLs is false.
 165  */
 166 typedef struct {
 167         /* manually decode to a CE_DistributionPointName */
 168         SecAsn1Item                     *distPointName;         // ASN_ANY, optional
 169
 170         SecAsn1Item                     *onlyUserCerts;         // ASN_BOOL
 171         SecAsn1Item                     *onlyCACerts;           // ASN_BOOL
 172         SecAsn1Item                     *onlySomeReasons;       // BIT STRING
 173         SecAsn1Item                     *indirectCRL;           // ASN_BOOL
 174 } NSS_IssuingDistributionPoint;
 175
 176 extern const SecAsn1Template kSecAsn1IssuingDistributionPointTemplate[];
 177
 178 /*
 179  * Authority Information Access, Subject Information Access.
 180  *
 181  * NSS Struct  : NSS_AuthorityInfoAccess
 182  * CDSA struct : CE_AuthorityInfoAccess
 183  */
 184 typedef struct {
 185         SecAsn1Item                             accessMethod;
 186
 187         /* NSS encoder just can't handle direct inline of an NSS_GeneralName here.
 188          * After decode and prior to encode this is an encoded GeneralName.
 189          */
 190         SecAsn1Item                             encodedAccessLocation;
 191 } NSS_AccessDescription;
 192
 193 typedef struct {
 194         NSS_AccessDescription   **accessDescriptions;
 195 } NSS_AuthorityInfoAccess;
 196
 197 extern const SecAsn1Template kSecAsn1AccessDescriptionTemplate[];
 198 extern const SecAsn1Template kSecAsn1AuthorityInfoAccessTemplate[];
 199
 200 /*
 201  * Qualified Certificate Statements support
 202  */
 203 typedef struct {
 204         SecAsn1Oid                              *semanticsIdentifier;                   /* optional */
 205         NSS_GeneralNames                *nameRegistrationAuthorities;   /* optional */
 206 } NSS_SemanticsInformation;
 207
 208 typedef struct {
 209         SecAsn1Oid                              statementId;
 210         SecAsn1Item                             info;           /* optional, ANY */
 211 } NSS_QC_Statement;
 212
 213 typedef struct {
 214         NSS_QC_Statement                **qcStatements;
 215 } NSS_QC_Statements;
 216
 217 extern const SecAsn1Template kSecAsn1SemanticsInformationTemplate[];
 218 extern const SecAsn1Template kSecAsn1QC_StatementTemplate[];
 219 extern const SecAsn1Template kSecAsn1QC_StatementsTemplate[];
 220
 221 /*
 222  * NameConstraints support
 223  */
 224 typedef struct {
 225         NSS_GeneralNames                base;
 226         SecAsn1Item                             minimum;        // INTEGER default=0
 227         SecAsn1Item                             maximum;        // INTEGER optional
 228 } NSS_GeneralSubtree;
 229
 230 typedef struct {
 231         NSS_GeneralSubtree              **subtrees; // SEQUENCE OF
 232 } NSS_GeneralSubtrees;
 233
 234 typedef struct {
 235         NSS_GeneralSubtrees             *permittedSubtrees; // optional
 236         NSS_GeneralSubtrees             *excludedSubtrees;  // optional
 237 } NSS_NameConstraints;
 238
 239 extern const SecAsn1Template kSecAsn1NameConstraintsTemplate[];
 240
 241 /*
 242  * PolicyMappings support
 243  */
 244 typedef struct {
 245         SecAsn1Oid                              issuerDomainPolicy;
 246         SecAsn1Oid                              subjectDomainPolicy;
 247 } NSS_PolicyMapping;
 248
 249 typedef struct {
 250         NSS_PolicyMapping               **policyMappings; // SEQUENCE OF
 251 } NSS_PolicyMappings;
 252
 253 extern const SecAsn1Template kSecAsn1PolicyMappingsTemplate[];
 254
 255 /*
 256  * PolicyConstraints support
 257  */
 258 typedef struct {
 259         SecAsn1Item                             requireExplicitPolicy;  // INTEGER optional
 260         SecAsn1Item                             inhibitPolicyMapping;   // INTEGER optional
 261 } NSS_PolicyConstraints;
 262
 263 extern const SecAsn1Template kSecAsn1PolicyConstraintsTemplate[];
 264
 265 /*
 266  * InhibitAnyPolicy support
 267  */
 268 #define kSecAsn1InhibitAnyPolicyTemplate        kSecAsn1IntegerTemplate;
 269
 270 #ifdef  __cplusplus
 271 }
 272 #endif
 273
 274 #endif  /* _CERT_EXTENSION_TEMPLATES_H_ */