| PKIX1 { } |
| DEFINITIONS IMPLICIT TAGS ::= |
| BEGIN |
| id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} |
| id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } |
| AuthorityKeyIdentifier ::= SEQUENCE { |
| keyIdentifier [0] KeyIdentifier OPTIONAL, |
| authorityCertIssuer [1] GeneralNames OPTIONAL, |
| authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
| -- authorityCertIssuer and authorityCertSerialNumber shall both |
| -- be present or both be absgent |
| KeyIdentifier ::= OCTET STRING |
| id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } |
| SubjectKeyIdentifier ::= KeyIdentifier |
| id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } |
| KeyUsage ::= BIT STRING { |
| digitalSignature (0), |
| nonRepudiation (1), |
| keyEncipherment (2), |
| dataEncipherment (3), |
| keyAgreement (4), |
| keyCertSign f present, version shall be v3 -- |
| } |
| Version ::= INTEGER { v1(0), v2(1), v3(2) } |
| CertificateSerialNumber ::= INTEGER |
| Validity ::= SEQUENCE { |
| notBefore Time, |
| notAfter Time } |
| Time ::= CHOICE { |
| utcTime UTCTime, |
| generalTime GeneralizedTime } |
| UniqueIdentifier ::= BIT STRING |
| SubjectPublicKeyInfo ::= SEQUENCE { |
| algorithm AlgorithmIdentifier, |
| subjectPublicKey BIT STRING } |
| Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension |
| Extension ::= SEQUENCE { |
| extnID OBJECT IDENTIFIER, |
| critical BOOLEAN DEFAULT FALSE, |
| extnValue OCTET STRING } |
| CertificateList ::= SEQUENCE { |
| tbsCertList TBSCertList, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature BIT STRING } |
| TBSCertList ::= SEQUENCE { |
| version Version OPTIONAL, |
| -- if present, shall be v2 |
| signature AlgorithmIdentifier, |
| issuer Name, |
| thisUpdate Time, |
| nextUpdate Time OPTIONAL, |
| revokedCertificates SEQUENCE OF SEQUENCE { |
| userCertificate CertificateSerialNumber, |
| revocationDate Time, |
| crlEntryExtensions Extensions OPTIONAL |
| -- if present, shall be v2 |
| untry Code |
| id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 } |
| id-ppl-inheritAll OBJECT IDENTIFIER ::= ù id-pkix 21 1 } |
| id-ppl-independent OBJECT IDENTIFIER ::= { id-pkix 21 2 } |
| ProxyCertInfo ::= SEQUENCE { |
| pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, |
| proxyPolicy ProxyPolicy } |
| ProxyPolicy ::= SEQUENCE { |
| policyLanguage OBJECT IDENTIFIER, |
| policy OCTET STRING OPTIONAL } |
| id-on OBJECT IDENTIFIER ::= { id-pkix 8 } -- other name forms |
| id-on-xmppAddr OBJECT IDENTIFIER ::= { id-on 5 } |
| XmppAddr ::= UTF8String |
| BasicOCSPResponse ::= SEQUENCE { |
| tbsResponseData ResponseData, |
| signatureAlgorithm AlgorithmIdentifier, |
| signature BIT STRING, |
| certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } |
| ResponseData ::= SEQUENCE { |
| version [0] EXPLICIT INTEGER DEFAULT 0, |
| responderID ResponderID, |
| producedAt GeneralizedTime, |
| responses SEQUENCE OF SingleResponse, |
| responseExtensions [1] EXPLICIT Extensions OPTIONAL } |
| ResponderID ::= CHOICE { |
| byName [1] EXPLICIT RDNSequence, --Name |
| byKey [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public oey |
| } |
| CertID ::= SEQUENCE { |
| hashAlgorithm AlgorithmIdentifier, |
| issuer²meHash OCTET STRING, -- Hash of Issuer's DN |
| issuerKeyHash OCTET STRING, -- Hash of Issuers public key |
| serialNumber CertificateSerialNumber } |
| CertStatus ::= CHOICE { |
| good [0] IMPLICIT NULL, |
| revoked [1] IMPLICIT RevokedInfo, |
| unknown [2] IMPLICIT UnknownInfo } |
| Sin |
