Google Git
Sign in
flutter / third_party / libtasn1 / 5305fd892b96955e4086cfec49f36263c0edab62 / . / tests / pkix.asn
blob: e3c10e325c10100af84bf2098c452466f8d39e9a [file] [log] [blame]
PKIX1 { }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
-- ISO arc for standard certificate and CRL extensions
id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
-- authority key identifier OID and syntax
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
-- authorityCertIssuer and authorityCertSerialNumber shall both
-- be present or both be absgent
KeyIdentifier ::= OCTET STRING
-- subject key identifier OID and syntax
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier
-- key usage extension OID and syntax
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
-- private key usage period extension OID and syntax
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL }
-- either notBefore or notAfter shall be present
-- certificate policies extension OID and syntax
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF
PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId }
-- Implementations that recognize additional policy qualifiers shall
-- augment the following definition for PolicyQualifierId
PolicyQualifierId ::=
OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
-- CPS pointer qualifier
CPSuri ::= IA5String
-- user notice qualifier
UserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
-- policy mapping extension OID and syntax
id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId }
-- subject alternative name extension OID and syntax
-- Directory string type --
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE(1..MAX)),
-- IA5String is added here to handle old UID encoded as ia5String --
-- See tests/userid/ for more information. It shouldn't be here, --
-- so if it causes problems, considering dropping it. --
ia5String IA5String (SIZE(1..MAX)) }
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
-- Changed to work with the libtasn1 parser.
directoryName [4] EXPLICIT RDNSequence, --Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
AnotherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
-- issuer alternative name extension OID and syntax
id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
IssuerAltName ::= GeneralNames
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-- basic constraints extension OID and syntax
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL }
-- name constraints extension OID and syntax
id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
NameConstraints ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL }
BaseDistance ::= INTEGER (0..MAX)
-- policy constraints extension OID and syntax
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
PolicyConstraints ::= SEQUENCE {
requireExplicitPolicy [0] SkipCerts OPTIONAL,
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
SkipCerts ::= INTEGER (0..MAX)
-- CRL distribution points extension OID and syntax
id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE {
distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL
}
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}
ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
privilegeWithdrawn (7),
aACompromise (8) }
-- extended key usage extension OID and syntax
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
-- extended key purpose OIDs
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
-- authority info access
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
-- CRL number extension OID and syntax
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
CRLNumber ::= INTEGER (0..MAX)
-- issuing distribution point extension OID and syntax
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE }
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
-- deltaCRLIndicator ::= BaseCRLNumber
BaseCRLNumber ::= CRLNumber
-- CRL reasons extension OID and syntax
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
CRLReason ::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8) }
-- certificate issuer CRL entry extension OID and syntax
id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
CertificateIssuer ::= GeneralNames
-- hold instruction extension OID and syntax
id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
HoldInstructionCode ::= OBJECT IDENTIFIER
-- ANSI x9 holdinstructions
-- ANSI x9 arc holdinstruction arc
holdInstruction OBJECT IDENTIFIER ::=
{joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
-- ANSI X9 holdinstructions referenced by this standard
id-holdinstruction-none OBJECT IDENTIFIER ::=
{holdInstruction 1} -- deprecated
id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
{holdInstruction 2}
id-holdinstruction-reject OBJECT IDENTIFIER ::=
{holdInstruction 3}
-- invalidity date CRL entry extension OID and syntax
id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
InvalidityDate ::= GeneralizedTime
-- --------------------------------------
-- EXPLICIT
-- --------------------------------------
-- UNIVERSAL Types defined in '93 and '98 ASN.1
-- but required by this specification
VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING
NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
-- UniversalString is defined in ASN.1:1993
BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
-- BMPString is the subtype of UniversalString and models
-- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
-- The content of this type conforms to RFC 2279.
-- PKIX specific OIDs
id-pkix OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) }
-- PKIX arcs
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
-- arc for private certificate extensions
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
-- arc for policy qualifier types
id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
-- arc for extended key purpose OIDS
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-- arc for access descriptors
-- policyQualifierIds for Internet policy qualifiers
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
-- OID for CPS qualifier
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
-- OID for user notice qualifier
-- access descriptor definitions
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-- attribute data types --
Attribute ::= SEQUENCE {
type AttributeType,
values SET OF AttributeValue
-- at least one value is required --
}
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY type
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
-- suggested naming attributes: Definition of the following
-- information object set may be augmented to meet local
-- requirements. Note that deleting members of the set may
-- prevent interoperability with conforming implementations.
-- presented in pairs: the AttributeType followed by the
-- type definition for the corresponding AttributeValue
-- Arc for standard naming attributes
id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
-- Attributes of type NameDirectoryString
id-at-initials AttributeType ::= { id-at 43 }
X520initials ::= DirectoryString
id-at-generationQualifier AttributeType ::= { id-at 44 }
X520generationQualifier ::= DirectoryString
id-at-surname AttributeType ::= { id-at 4 }
X520surName ::= DirectoryString
id-at-givenName AttributeType ::= { id-at 42 }
X520givenName ::= DirectoryString
id-at-name AttributeType ::= { id-at 41 }
X520name ::= DirectoryString
id-at-commonName AttributeType ::= {id-at 3}
X520CommonName ::= DirectoryString
id-at-localityName AttributeType ::= {id-at 7}
X520LocalityName ::= DirectoryString
id-at-stateOrProvinceName AttributeType ::= {id-at 8}
X520StateOrProvinceName ::= DirectoryString
id-at-organizationName AttributeType ::= {id-at 10}
X520OrganizationName ::= DirectoryString
id-at-organizationalUnitName AttributeType ::= {id-at 11}
X520OrganizationalUnitName ::= DirectoryString
id-at-title AttributeType ::= {id-at 12}
X520Title ::= DirectoryString
id-at-description AttributeType ::= {id-at 13}
X520Description ::= DirectoryString
id-at-dnQualifier AttributeType ::= {id-at 46}
X520dnQualifier ::= PrintableString
id-at-countryName AttributeType ::= {id-at 6}
X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
id-at-serialNumber AttributeType ::= {id-at 5}
X520serialNumber ::= PrintableString
id-at-telephoneNumber AttributeType ::= {id-at 20}
X520telephoneNumber ::= PrintableString
id-at-facsimileTelephoneNumber AttributeType ::= {id-at 23}
X520facsimileTelephoneNumber ::= PrintableString
id-at-pseudonym AttributeType ::= {id-at 65}
X520pseudonym ::= DirectoryString
id-at-name AttributeType ::= {id-at 41}
X520name ::= DirectoryString
id-at-streetAddress AttributeType ::= {id-at 9}
X520streetAddress ::= DirectoryString
id-at-postalAddress AttributeType ::= {id-at 16}
X520postalAddress ::= PostalAddress
PostalAddress ::= SEQUENCE OF DirectoryString
-- Legacy attributes
pkcs OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) }
pkcs-9 OBJECT IDENTIFIER ::=
{ pkcs 9 }
emailAddress AttributeType ::= { pkcs-9 1 }
Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
-- naming data types --
Name ::= CHOICE { -- only one possibility for now --
rdnSequence RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
DistinguishedName ::= RDNSequence
RelativeDistinguishedName ::=
SET SIZE (1 .. MAX) OF AttributeTypeAndValue
-- --------------------------------------------------------
-- certificate and CRL specific structures begin here
-- --------------------------------------------------------
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version shall be v3 --
}
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
-- ------------------------------------------
-- CRL structures
-- ------------------------------------------
CertificateList ::= SEQUENCE {
tbsCertList TBSCertList,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, shall be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate Time,
nextUpdate Time OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate Time,
crlEntryExtensions Extensions OPTIONAL
-- if present, shall be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, shall be v2 --
}
-- Version, Time, CertificateSerialNumber, and Extensions were
-- defined earlier for use in the certificate structure
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
-- contains a value of the type
-- registered for use with the
-- algorithm object identifier value
-- Algorithm OIDs and parameter structures
pkcs-1 OBJECT IDENTIFIER ::= {
pkcs 1 }
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER
}
dhpublicnumber OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor, j>= 2
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
id-dsa OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
-- x400 address syntax starts here
-- OR Names
ORAddress ::= SEQUENCE {
built-in-standard-attributes BuiltInStandardAttributes,
built-in-domain-defined-attributes
BuiltInDomainDefinedAttributes OPTIONAL,
-- see also teletex-domain-defined-attributes
extension-attributes ExtensionAttributes OPTIONAL }
-- The OR-address is semantically absent from the OR-name if the
-- built-in-standard-attribute sequence is empty and the
-- built-in-domain-defined-attributes and extension-attributes are
-- both omitted.
-- Built-in Standard Attributes
BuiltInStandardAttributes ::= SEQUENCE {
country-name CountryName OPTIONAL,
administration-domain-name AdministrationDomainName OPTIONAL,
network-address [0] EXPLICIT NetworkAddress OPTIONAL,
-- see also extended-network-address
terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL,
private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL,
organization-name [3] EXPLICIT OrganizationName OPTIONAL,
-- see also teletex-organization-name
numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL,
personal-name [5] EXPLICIT PersonalName OPTIONAL,
-- see also teletex-personal-name
organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL
-- see also teletex-organizational-unit-names --
}
CountryName ::= [APPLICATION 1] CHOICE {
x121-dcc-code NumericString
(SIZE (ub-country-name-numeric-length)),
iso-3166-alpha2-code PrintableString
(SIZE (ub-country-name-alpha-length)) }
AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE {
numeric NumericString (SIZE (0..ub-domain-name-length)),
printable PrintableString (SIZE (0..ub-domain-name-length)) }
NetworkAddress ::= X121Address -- see also extended-network-address
X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
PrivateDomainName ::= CHOICE {
numeric NumericString (SIZE (1..ub-domain-name-length)),
printable PrintableString (SIZE (1..ub-domain-name-length)) }
OrganizationName ::= PrintableString
(SIZE (1..ub-organization-name-length))
-- see also teletex-organization-name
NumericUserIdentifier ::= NumericString
(SIZE (1..ub-numeric-user-id-length))
PersonalName ::= SET {
surname [0] PrintableString (SIZE (1..ub-surname-length)),
given-name [1] PrintableString
(SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] PrintableString
(SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
-- see also teletex-personal-name
OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
OF OrganizationalUnitName
-- see also teletex-organizational-unit-names
OrganizationalUnitName ::= PrintableString (SIZE
(1..ub-organizational-unit-name-length))
-- Built-in Domain-defined Attributes
BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
(1..ub-domain-defined-attributes) OF
BuiltInDomainDefinedAttribute
BuiltInDomainDefinedAttribute ::= SEQUENCE {
type PrintableString (SIZE
(1..ub-domain-defined-attribute-type-length)),
value PrintableString (SIZE
(1..ub-domain-defined-attribute-value-length))}
-- Extension Attributes
ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
ExtensionAttribute
ExtensionAttribute ::= SEQUENCE {
extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes),
extension-attribute-value [1] EXPLICIT
ANY DEFINED BY extension-attribute-type }
-- Extension types and attribute values
--
common-name INTEGER ::= 1
CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
teletex-common-name INTEGER ::= 2
TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
teletex-organization-name INTEGER ::= 3
TeletexOrganizationName ::=
TeletexString (SIZE (1..ub-organization-name-length))
teletex-personal-name INTEGER ::= 4
TeletexPersonalName ::= SET {
surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)),
given-name [1] EXPLICIT TeletexString
(SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] EXPLICIT TeletexString (SIZE
(1..ub-generation-qualifier-length)) OPTIONAL }
teletex-organizational-unit-names INTEGER ::= 5
TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
(1..ub-organizational-units) OF TeletexOrganizationalUnitName
TeletexOrganizationalUnitName ::= TeletexString
(SIZE (1..ub-organizational-unit-name-length))
pds-name INTEGER ::= 7
PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
physical-delivery-country-name INTEGER ::= 8
PhysicalDeliveryCountryName ::= CHOICE {
x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
iso-3166-alpha2-code PrintableString
(SIZE (ub-country-name-alpha-length)) }
postal-code INTEGER ::= 9
PostalCode ::= CHOICE {
numeric-code NumericString (SIZE (1..ub-postal-code-length)),
printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
physical-delivery-office-name INTEGER ::= 10
PhysicalDeliveryOfficeName ::= PDSParameter
physical-delivery-office-number INTEGER ::= 11
PhysicalDeliveryOfficeNumber ::= PDSParameter
extension-OR-address-components INTEGER ::= 12
ExtensionORAddressComponents ::= PDSParameter
physical-delivery-personal-name INTEGER ::= 13
PhysicalDeliveryPersonalName ::= PDSParameter
physical-delivery-organization-name INTEGER ::= 14
PhysicalDeliveryOrganizationName ::= PDSParameter
extension-physical-delivery-address-components INTEGER ::= 15
ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
unformatted-postal-address INTEGER ::= 16
UnformattedPostalAddress ::= SET {
printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
teletex-string TeletexString
(SIZE (1..ub-unformatted-address-length)) OPTIONAL }
street-address INTEGER ::= 17
StreetAddress ::= PDSParameter
post-office-box-address INTEGER ::= 18
PostOfficeBoxAddress ::= PDSParameter
poste-restante-address INTEGER ::= 19
PosteRestanteAddress ::= PDSParameter
unique-postal-name INTEGER ::= 20
UniquePostalName ::= PDSParameter
local-postal-attributes INTEGER ::= 21
LocalPostalAttributes ::= PDSParameter
PDSParameter ::= SET {
printable-string PrintableString
(SIZE(1..ub-pds-parameter-length)) OPTIONAL,
teletex-string TeletexString
(SIZE(1..ub-pds-parameter-length)) OPTIONAL }
extended-network-address INTEGER ::= 22
ExtendedNetworkAddress ::= CHOICE {
e163-4-address SEQUENCE {
number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)),
sub-address [1] EXPLICIT NumericString
(SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
psap-address [0] EXPLICIT PresentationAddress }
PresentationAddress ::= SEQUENCE {
pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
terminal-type INTEGER ::= 23
TerminalType ::= INTEGER {
telex (3),
teletex (4),
g3-facsimile (5),
g4-facsimile (6),
ia5-terminal (7),
videotex (8) } -- (0..ub-integer-options)
-- Extension Domain-defined Attributes
teletex-domain-defined-attributes INTEGER ::= 6
TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
(1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
TeletexDomainDefinedAttribute ::= SEQUENCE {
type TeletexString
(SIZE (1..ub-domain-defined-attribute-type-length)),
value TeletexString
(SIZE (1..ub-domain-defined-attribute-value-length)) }
-- specifications of Upper Bounds shall be regarded as mandatory
-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
-- Upper Bounds
-- Upper Bounds
ub-name INTEGER ::= 32768
ub-common-name INTEGER ::= 64
ub-locality-name INTEGER ::= 128
ub-state-name INTEGER ::= 128
ub-organization-name INTEGER ::= 64
ub-organizational-unit-name INTEGER ::= 64
ub-title INTEGER ::= 64
ub-match INTEGER ::= 128
ub-emailaddress-length INTEGER ::= 128
ub-common-name-length INTEGER ::= 64
ub-country-name-alpha-length INTEGER ::= 2
ub-country-name-numeric-length INTEGER ::= 3
ub-domain-defined-attributes INTEGER ::= 4
ub-domain-defined-attribute-type-length INTEGER ::= 8
ub-domain-defined-attribute-value-length INTEGER ::= 128
ub-domain-name-length INTEGER ::= 16
ub-extension-attributes INTEGER ::= 256
ub-e163-4-number-length INTEGER ::= 15
ub-e163-4-sub-address-length INTEGER ::= 40
ub-generation-qualifier-length INTEGER ::= 3
ub-given-name-length INTEGER ::= 16
ub-initials-length INTEGER ::= 5
ub-integer-options INTEGER ::= 256
ub-numeric-user-id-length INTEGER ::= 32
ub-organization-name-length INTEGER ::= 64
ub-organizational-unit-name-length INTEGER ::= 32
ub-organizational-units INTEGER ::= 4
ub-pds-name-length INTEGER ::= 16
ub-pds-parameter-length INTEGER ::= 30
ub-pds-physical-address-lines INTEGER ::= 6
ub-postal-code-length INTEGER ::= 16
ub-surname-length INTEGER ::= 40
ub-terminal-id-length INTEGER ::= 24
ub-unformatted-address-length INTEGER ::= 180
ub-x121-address-length INTEGER ::= 16
-- Note - upper bounds on string types, such as TeletexString, are
-- measured in characters. Excepting PrintableString or IA5String, a
-- significantly greater number of octets will be required to hold
-- such a value. As a minimum, 16 octets, or twice the specified upper
-- bound, whichever is the larger, should be allowed for TeletexString.
-- For UTF8String or UniversalString at least four times the upper
-- bound should be allowed.
-- END of PKIX1Implicit88
-- BEGIN of RFC2630
-- Cryptographic Message Syntax
pkcs-7-ContentInfo ::= SEQUENCE {
contentType OBJECT IDENTIFIER,
content [0] EXPLICIT ANY DEFINED BY contentType }
pkcs-7-DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING
}
pkcs-7-SignedData ::= SEQUENCE {
version INTEGER,
digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
encapContentInfo pkcs-7-EncapsulatedContentInfo,
certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
signerInfos pkcs-7-SignerInfos
}
pkcs-7-DigestAlgorithmIdentifiers ::= SET OF AlgorithmIdentifier
-- rfc5652: eContent [0] EXPLICIT OCTET STRING OPTIONAL
-- rfc2315: content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
eContentType OBJECT IDENTIFIER,
eContent [0] EXPLICIT ANY OPTIONAL }
-- We don't use CertificateList here since we only want
-- to read the raw data.
pkcs-7-CertificateRevocationLists ::= SET OF ANY
pkcs-7-CertificateChoices ::= CHOICE {
-- Although the paper uses Certificate type, we
-- don't use it since, we don't need to parse it.
-- We only need to read and store it.
certificate ANY
}
pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serialNumber CertificateSerialNumber
}
pkcs-7-SignerInfo ::= SEQUENCE {
version INTEGER,
sid SignerIdentifier,
digestAlgorithm AlgorithmIdentifier,
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
signatureAlgorithm AlgorithmIdentifier,
signature OCTET STRING,
unsignedAttrs [1] IMPLICIT SignedAttributes OPTIONAL }
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier
}
pkcs-7-SignerInfos ::= SET OF pkcs-7-SignerInfo
-- BEGIN of RFC2986
-- Certificate requests
pkcs-10-CertificationRequestInfo ::= SEQUENCE {
version INTEGER { v1(0) },
subject Name,
subjectPKInfo SubjectPublicKeyInfo,
attributes [0] Attributes
}
Attributes ::= SET OF Attribute
pkcs-10-CertificationRequest ::= SEQUENCE {
certificationRequestInfo pkcs-10-CertificationRequestInfo,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
-- stuff from PKCS#9
pkcs-9-ub-challengePassword INTEGER ::= 255
pkcs-9-certTypes OBJECT IDENTIFIER ::= {pkcs-9 22}
pkcs-9-crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23}
pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7}
pkcs-9-challengePassword ::= CHOICE {
printableString PrintableString (SIZE (1..pkcs-9-ub-challengePassword)),
utf8String UTF8String (SIZE (1..pkcs-9-ub-challengePassword)) }
pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21}
pkcs-9-localKeyId ::= OCTET STRING
pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20}
pkcs-9-friendlyName ::= BMPString (SIZE (1..255))
-- PKCS #8 stuff
-- Private-key information syntax
pkcs-8-PrivateKeyInfo ::= SEQUENCE {
version pkcs-8-Version,
privateKeyAlgorithm AlgorithmIdentifier,
privateKey pkcs-8-PrivateKey,
attributes [0] Attributes OPTIONAL }
pkcs-8-Version ::= INTEGER {v1(0)}
pkcs-8-PrivateKey ::= OCTET STRING
pkcs-8-Attributes ::= SET OF Attribute
-- Encrypted private-key information syntax
pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier,
encryptedData pkcs-8-EncryptedData
}
pkcs-8-EncryptedData ::= OCTET STRING
-- PKCS #5 stuff
pkcs-5 OBJECT IDENTIFIER ::=
{ pkcs 5 }
pkcs-5-encryptionAlgorithm OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) 3 }
pkcs-5-des-EDE3-CBC OBJECT IDENTIFIER ::= {pkcs-5-encryptionAlgorithm 7}
pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
pkcs-5-id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
pkcs-5-PBES2-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier,
encryptionScheme AlgorithmIdentifier }
-- PBKDF2
pkcs-5-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
-- pkcs-5-id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) 2 7}
-- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
-- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
pkcs-5-PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
}
-- PKCS #12 stuff
pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12}
pkcs-12-PFX ::= SEQUENCE {
version INTEGER {v3(3)},
authSafe pkcs-7-ContentInfo,
macData pkcs-12-MacData OPTIONAL
}
pkcs-12-PbeParams ::= SEQUENCE {
salt OCTET STRING,
iterations INTEGER
}
pkcs-12-MacData ::= SEQUENCE {
mac pkcs-7-DigestInfo,
macSalt OCTET STRING,
iterations INTEGER DEFAULT 1
-- Note: The default is for historical reasons and its use is
-- deprecated. A higher value, like 1024 is recommended.
}
pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
-- Data if unencrypted
-- EncryptedData if password-encrypted
-- EnvelopedData if public key-encrypted
pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
pkcs-12-SafeBag ::= SEQUENCE {
bagId OBJECT IDENTIFIER,
bagValue [0] EXPLICIT ANY DEFINED BY badId,
bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
}
-- Bag types
pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1}
pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2}
pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3}
pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4}
pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
-- Shrouded KeyBag
pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
-- CertBag
pkcs-12-CertBag ::= SEQUENCE {
certId OBJECT IDENTIFIER,
certValue [0] EXPLICIT ANY DEFINED BY certId
}
-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
-- DER-encoded X.509 certificate stored in OCTET STRING
pkcs-12-CRLBag ::= SEQUENCE {
crlId OBJECT IDENTIFIER,
crlValue [0] EXPLICIT ANY DEFINED BY crlId
}
-- x509CRL BAG-TYPE ::=
-- {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
-- DER-encoded X.509 CRL stored in OCTET STRING
pkcs-12-PKCS12Attribute ::= Attribute
-- PKCS #7 stuff (needed in PKCS 12)
pkcs-7-Data ::= OCTET STRING
pkcs-7-EncryptedData ::= SEQUENCE {
version INTEGER,
encryptedContentInfo pkcs-7-EncryptedContentInfo,
unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
contentType OBJECT IDENTIFIER,
contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL }
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
-- LDAP stuff
-- may not be correct
id-at-ldap-DC AttributeType ::= { 0 9 2342 19200300 100 1 25 }
ldap-DC ::= IA5String
id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 }
ldap-UID ::= DirectoryString
-- rfc3039
id-pda OBJECT IDENTIFIER ::= { id-pkix 9 }
id-pda-dateOfBirth AttributeType ::= { id-pda 1 }
DateOfBirth ::= GeneralizedTime
id-pda-placeOfBirth AttributeType ::= { id-pda 2 }
PlaceOfBirth ::= DirectoryString
id-pda-gender AttributeType ::= { id-pda 3 }
Gender ::= PrintableString (SIZE(1))
-- "M", "F", "m" or "f"
id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 }
CountryOfCitizenship ::= PrintableString (SIZE (2))
-- ISO 3166 Country Code
id-pda-countryOfResidence AttributeType ::= { id-pda 5 }
CountryOfResidence ::= PrintableString (SIZE (2))
-- ISO 3166 Country Code
-- rfc3820
id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 }
id-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix 21 1 }
id-ppl-independent OBJECT IDENTIFIER ::= { id-pkix 21 2 }
ProxyCertInfo ::= SEQUENCE {
pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
proxyPolicy ProxyPolicy }
ProxyPolicy ::= SEQUENCE {
policyLanguage OBJECT IDENTIFIER,
policy OCTET STRING OPTIONAL }
-- rfc3920 section 5.1.1
id-on OBJECT IDENTIFIER ::= { id-pkix 8 } -- other name forms
id-on-xmppAddr OBJECT IDENTIFIER ::= { id-on 5 }
XmppAddr ::= UTF8String
-- ocsp
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
version [0] EXPLICIT INTEGER DEFAULT 0,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
-- Changed to work with the libtasn1 parser.
byName [1] EXPLICIT RDNSequence, --Name
byKey [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public key
}
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
UnknownInfo ::= NULL -- this can be replaced with an enumeration
END
-- Copyright (C) 2002-2014 Free Software Foundation, Inc.
--
-- This file is part of LIBTASN1.
--
-- This program is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.