1 //! Certificate Revocation List types
2 
3 use crate::ext::Extensions;
4 use crate::name::Name;
5 use crate::serial_number::SerialNumber;
6 use crate::time::Time;
7 use crate::Version;
8 
9 use alloc::vec::Vec;
10 
11 use der::asn1::BitString;
12 use der::{Sequence, ValueOrd};
13 use spki::AlgorithmIdentifierOwned;
14 
15 /// `CertificateList` as defined in [RFC 5280 Section 5.1].
16 ///
17 /// ```text
18 /// CertificateList  ::=  SEQUENCE  {
19 ///     tbsCertList          TBSCertList,
20 ///     signatureAlgorithm   AlgorithmIdentifier,
21 ///     signatureValue       BIT STRING
22 /// }
23 /// ```
24 ///
25 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
26 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
27 #[allow(missing_docs)]
28 pub struct CertificateList {
29     pub tbs_cert_list: TbsCertList,
30     pub signature_algorithm: AlgorithmIdentifierOwned,
31     pub signature: BitString,
32 }
33 
34 /// Implicit intermediate structure from the ASN.1 definition of `TBSCertList`.
35 ///
36 /// This type is used for the `revoked_certificates` field of `TbsCertList`.
37 /// See [RFC 5280 Section 5.1].
38 ///
39 /// ```text
40 /// RevokedCert ::= SEQUENCE {
41 ///     userCertificate         CertificateSerialNumber,
42 ///     revocationDate          Time,
43 ///     crlEntryExtensions      Extensions OPTIONAL
44 /// }
45 /// ```
46 ///
47 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
48 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
49 #[allow(missing_docs)]
50 pub struct RevokedCert {
51     pub serial_number: SerialNumber,
52     pub revocation_date: Time,
53     pub crl_entry_extensions: Option<Extensions>,
54 }
55 
56 /// `TbsCertList` as defined in [RFC 5280 Section 5.1].
57 ///
58 /// ```text
59 /// TBSCertList  ::=  SEQUENCE  {
60 ///      version                 Version OPTIONAL, -- if present, MUST be v2
61 ///      signature               AlgorithmIdentifier,
62 ///      issuer                  Name,
63 ///      thisUpdate              Time,
64 ///      nextUpdate              Time OPTIONAL,
65 ///      revokedCertificates     SEQUENCE OF SEQUENCE  {
66 ///           userCertificate         CertificateSerialNumber,
67 ///           revocationDate          Time,
68 ///           crlEntryExtensions      Extensions OPTIONAL -- if present, version MUST be v2
69 ///      }  OPTIONAL,
70 ///      crlExtensions           [0]  EXPLICIT Extensions OPTIONAL -- if present, version MUST be v2
71 /// }
72 /// ```
73 ///
74 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
75 #[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
76 #[allow(missing_docs)]
77 pub struct TbsCertList {
78     pub version: Version,
79     pub signature: AlgorithmIdentifierOwned,
80     pub issuer: Name,
81     pub this_update: Time,
82     pub next_update: Option<Time>,
83     pub revoked_certificates: Option<Vec<RevokedCert>>,
84 
85     #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")]
86     pub crl_extensions: Option<Extensions>,
87 }
88