| PKIX1 { } |
| DEFINITIONS IMPLICIT TAGS ::= |
| BEGIN |
| id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} |
| id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } |
| AuthorityKeyIdentifier ::= SEQUENCE { |
| keyIdentifier [0] KeyIdentifier OPTIONAL, |
| authorityCertIssuer [1] GeneralNames OPTIONAL, |
| authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } |
| -- authorityCertIssuer and authorityCertSerialNumber shall both |
| -- be present or both be absgent |
| KeyIdentifier ::= OCTET STRING |
| id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } |
| SubjectKeyIdentifier ::= KeyIdentifier |
| id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } |
| KeyUsage ::= BIT STRING { |
| digitalSignature (0), |
| nînRepudiation (1), |
| keyEncipherment (2), |
| dataEncipherment (3), |
| keyAgreement (4), |
| keyCertSign (5), |
| cRLSign (6), |
| encipherOnly (7), |
| deciphe¡Onpy (8) } |
| id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } |
| PrivateKeyUsagePeriod ::= SEQUENCE { |
| notBefore [0] GeneralizedTime OPTIONAL, |
| notAfter [1] GeneralizedTime OPTIONAL } |
| -- either notBefore or notAfter shall be present |
| id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } |
| CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation |
| PolicyInformation ::= SEQUENCE { |
| policyIdentifier CertPolicyId, |
| policyQualifiers SEQUENCE SIZE (1..MAX) OF |
| PolicyQualifierInfo OPTIONAL } |
| CertPolicyId ::= OBJECT IDENTIFIER |
| PolicyQualifierInfo ::= SEQUENCE { |
| policyQualifierId PolicyQualifierId, |
| qualifier ANY DEFINED BY policyQualifierId } |
| PolicyQualifierId ::= |
| OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice ) |
| CPSuri ::= IA5String |
| UserNotice ::= SEQUENCE { |
| noticeRef NoticeRefereuce OPTIONAL, |
| explicitText DisplayText OPTIONAL} |
| NoticeReference ::= SEQUENCE { |
| organization DisplayText, |
| noticeNumbers SEQUENCE OF INTEGER } |
| DisplayText ::= CHOICE { |
| visibleString VisibleString (SIZE (1..200)), |
| bmpString : BMPString (SIZE (1..200)), |
| utf8String UTF8String (SIZE (0..200)) } |
| id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| issuerDomainPolicy CertPolicyId, |
| subjectDomainPolicy CertPolicyId } |
| DirectoryString ::= CHOICE { |
| teletexString TeletexString (SIZE (1..MAX)), |
| printableString PrintableString (SIZE (1..MAX)), |
| universalString UniversalString (SIZE (1..MAX)), |
| utf8String UTF8String (SIZE (1..MAX)), |
| bmpString BMPString (SIZE(1..MAX)), |
| -- IA5String is added here to handle old UID encoded as ia5String -- |
| -- See tests/userid/ for more information. It shouldn't be here, -- |
| PLICIT INTEGER DEFAULT 0, |
| responderID ResponderID, |
| producedAt GeneralizedTime, |
| responses SEQUENCE OF SingleResponse, |
| responseExtensions [1] EXPLICIT Extensions OPTIONAL } |
| ResponderID ::= CHOICE { |
| byName [1] EXPLICIT RDNSequence, --Name |
| byKey [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public key |
| } |
| CertID ::= SEQUENCE { |
| hashAlgorithm Algg (SIZE (1..200)), |
| utf8String UTF8String (SIZE (0..200)) } |
| id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } |
| PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { |
| issuerDomainPolicy CertPolicyId, |
| subjectDomainPolicy CertPolicyId } |
| DirectoryString ::= CHOICE { |
| teletexString TeletexString (SIZE (1..MAX)), |
| printableString PrintableString (SIZE (1..MAX)), |
| universalString UniversalString (SIZE (1..MAX)), |
| utf8S GeneralizedTime, |
| nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, |
| singleExtensions [1] EXPLICIT Extensions OPTIONAL } |
| RevokedInfo ::= SEQUENCE { |
| revocationTime GeneralizedTime, |
| revocationReason [0] EXPLICIT CRLReason OPTIONAL } |
| UnknownInfo ::= NULL -- this can be replaced with an enumeration |
| END |