1 //! Certificate Revocation List types 2 3 use crate::ext::Extensions; 4 use crate::name::Name; 5 use crate::serial_number::SerialNumber; 6 use crate::time::Time; 7 use crate::Version; 8 9 use alloc::vec::Vec; 10 11 use der::asn1::BitString; 12 use der::{Sequence, ValueOrd}; 13 use spki::AlgorithmIdentifierOwned; 14 15 /// `CertificateList` as defined in [RFC 5280 Section 5.1]. 16 /// 17 /// ```text 18 /// CertificateList ::= SEQUENCE { 19 /// tbsCertList TBSCertList, 20 /// signatureAlgorithm AlgorithmIdentifier, 21 /// signatureValue BIT STRING 22 /// } 23 /// ``` 24 /// 25 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1 26 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] 27 #[allow(missing_docs)] 28 pub struct CertificateList { 29 pub tbs_cert_list: TbsCertList, 30 pub signature_algorithm: AlgorithmIdentifierOwned, 31 pub signature: BitString, 32 } 33 34 /// Implicit intermediate structure from the ASN.1 definition of `TBSCertList`. 35 /// 36 /// This type is used for the `revoked_certificates` field of `TbsCertList`. 37 /// See [RFC 5280 Section 5.1]. 38 /// 39 /// ```text 40 /// RevokedCert ::= SEQUENCE { 41 /// userCertificate CertificateSerialNumber, 42 /// revocationDate Time, 43 /// crlEntryExtensions Extensions OPTIONAL 44 /// } 45 /// ``` 46 /// 47 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1 48 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] 49 #[allow(missing_docs)] 50 pub struct RevokedCert { 51 pub serial_number: SerialNumber, 52 pub revocation_date: Time, 53 pub crl_entry_extensions: Option<Extensions>, 54 } 55 56 /// `TbsCertList` as defined in [RFC 5280 Section 5.1]. 57 /// 58 /// ```text 59 /// TBSCertList ::= SEQUENCE { 60 /// version Version OPTIONAL, -- if present, MUST be v2 61 /// signature AlgorithmIdentifier, 62 /// issuer Name, 63 /// thisUpdate Time, 64 /// nextUpdate Time OPTIONAL, 65 /// revokedCertificates SEQUENCE OF SEQUENCE { 66 /// userCertificate CertificateSerialNumber, 67 /// revocationDate Time, 68 /// crlEntryExtensions Extensions OPTIONAL -- if present, version MUST be v2 69 /// } OPTIONAL, 70 /// crlExtensions [0] EXPLICIT Extensions OPTIONAL -- if present, version MUST be v2 71 /// } 72 /// ``` 73 /// 74 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1 75 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] 76 #[allow(missing_docs)] 77 pub struct TbsCertList { 78 pub version: Version, 79 pub signature: AlgorithmIdentifierOwned, 80 pub issuer: Name, 81 pub this_update: Time, 82 pub next_update: Option<Time>, 83 pub revoked_certificates: Option<Vec<RevokedCert>>, 84 85 #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")] 86 pub crl_extensions: Option<Extensions>, 87 } 88