1use crate::{
2 AlgorithmIdentifier, Attribute, CertificateSerialNumber, Extensions, GeneralName, GeneralNames,
3 UniqueIdentifier,
4};
5use rasn::prelude::*;
6
7pub type Targets = SequenceOf<Target>;
8pub type AttrSpec = SequenceOf<ObjectIdentifier>;
9pub type ProxyInfo = SequenceOf<Targets>;
10
11pub const AUDIT_IDENTITY: &Oid =
12 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_PE_AUDIT_IDENTIFY;
13pub const AA_CONTROLS: &Oid =
14 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_PE_AA_CONTROLS;
15pub const AC_PROXYING: &Oid =
16 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_PE_AC_PROXYING;
17pub const TARGET_INFORMATION: &Oid =
18 Oid::JOINT_ISO_ITU_T_DS_CERTIFICATE_EXTENSION_TARGET_INFORMATION;
19pub const AUTHENTICATION_INFO: &Oid =
20 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_ACA_AUTHENTICATION_INFO;
21pub const ACCESS_IDENTITY: &Oid =
22 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_ACA_ACCESS_IDENTITY;
23pub const CHARGING_IDENTITY: &Oid =
24 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_ACA_CHARGING_IDENTITY;
25pub const GROUP: &Oid =
26 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_ACA_GROUP;
27pub const ENC_ATTRIBUTES: &Oid =
28 Oid::ISO_IDENTIFIED_ORGANISATION_DOD_INTERNET_SECURITY_MECHANISMS_PKIX_ACA_ENC_ATTRIBUTES;
29pub const ROLE: &Oid = Oid::JOINT_ISO_ITU_T_DS_ATTRIBUTE_TYPE_ROLE;
30pub const CLEARANCE: &Oid = Oid::JOINT_ISO_ITU_T_DS_ATTRIBUTE_TYPE_CLEARANCE;
31
32#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
33pub struct AttributeCertificate {
34 pub info: AttributeCertificateInfo,
35 pub signature_algorithm: AlgorithmIdentifier,
36 pub signature_value: BitString,
37}
38
39#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
40pub struct AttributeCertificateInfo {
41 pub version: AttributeCertificateVersion,
42 pub holder: Holder,
43 pub issuer: Issuer,
44 pub signature: AlgorithmIdentifier,
45 pub serial_number: CertificateSerialNumber,
46 pub attr_cert_validity_period: AttributeCertificateValidityPeriod,
47 pub attributes: SequenceOf<Attribute>,
48 pub issuer_unique_id: Option<UniqueIdentifier>,
49 pub extensions: Option<Extensions>,
50}
51
52#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
53#[rasn(delegate)]
54pub struct AttributeCertificateVersion(pub Integer);
55
56impl AttributeCertificateVersion {
57 pub const V2: u8 = 1;
58}
59
60#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
61pub struct Holder {
62 #[rasn(tag(0))]
64 pub base_certificate_id: Option<IssuerSerial>,
65 #[rasn(tag(1))]
67 pub entity_name: Option<GeneralNames>,
68 #[rasn(tag(2))]
70 pub object_digest_info: Option<ObjectDigestInfo>,
71}
72
73#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
74pub struct ObjectDigestInfo {
75 pub digested_object_type: DisgestedObjectType,
76 pub other_object_type_id: Option<ObjectIdentifier>,
77 pub digest_algorithm: AlgorithmIdentifier,
78 pub object_digest: BitString,
79}
80
81#[derive(AsnType, Clone, Copy, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
82#[rasn(enumerated)]
83pub enum DisgestedObjectType {
84 PublicKey = 0,
85 PublicKeyCert = 1,
86 OtherObjectTypes = 2,
87}
88
89#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
90#[rasn(choice)]
91pub enum Issuer {
92 V1(GeneralNames),
93 #[rasn(tag(0))]
94 V2(V2Form),
95}
96
97#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
98pub struct V2Form {
99 pub issuer_name: Option<GeneralNames>,
100 #[rasn(tag(0))]
101 pub base_certificate_id: Option<IssuerSerial>,
102 #[rasn(tag(1))]
103 pub object_digest_info: Option<ObjectDigestInfo>,
104}
105
106#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
107pub struct IssuerSerial {
108 pub issuer: GeneralNames,
109 pub serial: CertificateSerialNumber,
110 pub issuer_uid: Option<UniqueIdentifier>,
111}
112
113#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
114pub struct AttributeCertificateValidityPeriod {
115 pub not_before: GeneralizedTime,
116 pub not_after: GeneralizedTime,
117}
118
119#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
120#[rasn(choice)]
121pub enum Target {
122 #[rasn(tag(0))]
123 Name(GeneralName),
124 #[rasn(tag(1))]
125 Group(GeneralName),
126 #[rasn(tag(2))]
127 Cert(TargetCert),
128}
129
130#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
131pub struct TargetCert {
132 pub target_certificate: IssuerSerial,
133 pub target_name: Option<GeneralName>,
134 pub cert_digest_info: Option<ObjectDigestInfo>,
135}
136
137#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
138pub struct IetfAttrSyntax {
139 #[rasn(tag(0))]
140 pub policy_authority: Option<GeneralNames>,
141 pub values: SequenceOf<IetfAttrSyntaxValue>,
142}
143
144#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
145#[rasn(choice)]
146pub enum IetfAttrSyntaxValue {
147 Octets(OctetString),
148 Oid(ObjectIdentifier),
149 String(Utf8String),
150}
151
152#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
153pub struct SvceAuthInfo {
154 pub service: GeneralName,
155 pub ident: GeneralName,
156 pub auth_info: Option<OctetString>,
157}
158
159#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
160pub struct RoleSyntax {
161 #[rasn(tag(0))]
162 role_authority: Option<GeneralNames>,
163 #[rasn(tag(1))]
164 role_name: GeneralName,
165}
166
167#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
168pub struct Clearance {
169 policy_id: ObjectIdentifier,
170 #[rasn(default = "ClassList::unclassified")]
171 class_list: ClassList,
172 security_categories: Option<SetOf<SecurityCategory>>,
173}
174
175#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
176#[rasn(delegate)]
177pub struct ClassList(pub BitString);
178
179impl ClassList {
180 pub fn unmarked() -> Self {
181 Self(BitString::from_element(0))
182 }
183
184 pub fn unclassified() -> Self {
185 Self(BitString::from_element(1))
186 }
187
188 pub fn restricted() -> Self {
189 Self(BitString::from_element(2))
190 }
191
192 pub fn confidential() -> Self {
193 Self(BitString::from_element(3))
194 }
195
196 pub fn secret() -> Self {
197 Self(BitString::from_element(4))
198 }
199
200 pub fn top_secret() -> Self {
201 Self(BitString::from_element(5))
202 }
203}
204
205#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
206pub struct SecurityCategory {
207 #[rasn(tag(0))]
208 r#type: ObjectIdentifier,
209 #[rasn(tag(explicit(1)))]
210 value: Any,
211}
212
213#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
214pub struct AaControls {
215 path_len_constraint: Option<Integer>,
216 #[rasn(tag(0))]
217 permitted_attrs: Option<AttrSpec>,
218 #[rasn(tag(1))]
219 excluded_attrs: Option<AttrSpec>,
220 #[rasn(default = "true_bool")]
221 permit_unspecified: bool,
222}
223
224fn true_bool() -> bool {
225 true
226}
227
228#[derive(AsnType, Clone, Debug, Decode, Encode, PartialEq, Eq, PartialOrd, Ord, Hash)]
229pub struct AttributeCertificateClearAttributes {
230 pub issuer: GeneralName,
231 pub serial: Integer,
232 pub attrs: SequenceOf<Attribute>,
233}