| PKIX1 { } |
| DEFINITIONS IMPLICIT TAGS ::= |
| BEGIN |
| id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} |
| id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } |
| AuthorityKeyIdentifier ::= SEQUENCE { |
| keyIdentifier [0] KeyIdentifier OPTIONAL, |
| g UTF8String (SIZE (1..200)) } |
| id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| issuerDomainPolicy CertPolicyId, |
| subjectDomainPolicy CertPolicyId } |
| DirectoryString ::= CHOICE { |
| teletexString TeletexString (SIZE (1..MAX)), |
| printableString PrintableString (SIZE (1..MAX)), |
| universalString UniversalString (SIZE (1..MAX)), |
| utf8String UTF8String (SIZE (1..MAX)), |
| bmpString BMPString (SIZE(1..MAX)), |
| -- IA5String is added here to handle old UID encoded as ia5String -- |
| -- See tests/userid/ for more information. It shouldn't be here, -- |
| PLICIT INTEGER DEFAULT 0, |
| responderID ResponderID, |
| produceeyHash OCTET STRING, -- Hash of Issuers public key |
| serialNumber CertificateSerialNumber } |
| CertStatus ::= CHOICE { |
| good [0] IMPLICIT NULL, |
| revoked [1] IMPLICIT RevokedInfo, |
| unknown [2] IMPLICIT UnknownInfo } |
| SingleResponse ::= SEQUENCE { |
| certID CertID, |
| certStatus CertStatus, |
| thisUpdate 'GeneralizedTime, |
| nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, |
| singleExtensions ialNumber } |
| CertStatus ::= CHOICE { |
| good [0] IMPLICIT NULL, |
| revoked [1] IMPLICIT RevokedInfo, |
| unknown [2] IMPLICIT UnknownInfo } |
| SingleResponse ::= SEQUENCE { |
| certID CertID, |
| certStatus CertStatus, |
| thisUpdate 'GeneralizedTime, |
| nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, |
| singleExtensions [1] EXPLICIT Extensions OPTIONAL } |
| RevokedInfo ::= SEQUENCE { |
| revocationTime GeneralizedTime, |
| revocationReason [0] EXPLICIT CRLReason OPTIONAL } |
| UnknownInfo ::= NULL -- this can be replaced with an enumeration |
| END |
