Home | History | Annotate | Line # | Download | only in asn1
      1 -- Id --
      2 -- Definitions from rfc2459/rfc3280
      3 
      4 RFC2459 DEFINITIONS ::= BEGIN
      5 
      6 IMPORTS heim_any FROM heim;
      7 
      8 Version ::=  INTEGER {
      9 	rfc3280_version_1(0),
     10 	rfc3280_version_2(1),
     11 	rfc3280_version_3(2)
     12 }
     13 
     14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
     15 	rsadsi(113549) pkcs(1) 1 }
     16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=		{ id-pkcs-1 1 }
     17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 2 }
     18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 4 }
     19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 5 }
     20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 11 }
     21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 12 }
     22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 13 }
     23 
     24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1  2 752 43 16 1 }
     25 
     26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
     27 	rsadsi(113549) pkcs(1) 2 }
     28 id-pkcs2-md2 OBJECT IDENTIFIER ::=		{ id-pkcs-2 2 }
     29 id-pkcs2-md4 OBJECT IDENTIFIER ::=		{ id-pkcs-2 4 }
     30 id-pkcs2-md5 OBJECT IDENTIFIER ::=		{ id-pkcs-2 5 }
     31 
     32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
     33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
     34 
     35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
     36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
     37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
     38 
     39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
     40 	rsadsi(113549) pkcs(1) 3 }
     41 
     42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=		{ id-pkcs-3 2 }
     43 id-pkcs3-rc4     OBJECT IDENTIFIER ::=		{ id-pkcs-3 4 }
     44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-pkcs-3 7 }
     45 
     46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
     47 	rsadsi(113549) 3 }
     48 
     49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=		{ id-rsadsi-encalg 2 }
     50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-rsadsi-encalg 7 }
     51 
     52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
     53 	oiw(14) secsig(3) algorithm(2) 26 }
     54 
     55 id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
     56 	oiw(14) secsig(3) algorithm(2) 29 }
     57 
     58 id-nistAlgorithm OBJECT IDENTIFIER ::= {
     59    joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
     60   
     61 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
     62 
     63 id-aes-128-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 2 }
     64 id-aes-192-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 22 }
     65 id-aes-256-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 42 }
     66 
     67 id-nist-sha-algs OBJECT IDENTIFIER ::=		{ id-nistAlgorithm 2 }
     68 
     69 id-sha256 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 1 }
     70 id-sha224 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 4 }
     71 id-sha384 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 2 }
     72 id-sha512 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 3 }
     73 
     74 id-dhpublicnumber OBJECT IDENTIFIER ::= {
     75         iso(1) member-body(2) us(840) ansi-x942(10046)
     76         number-type(2) 1 }
     77 
     78 -- ECC
     79 
     80 id-ecPublicKey OBJECT IDENTIFIER ::= {
     81        iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
     82 
     83 id-ecDH OBJECT IDENTIFIER ::= {
     84        iso(1) identified-organization(3) certicom(132) schemes(1)
     85        ecdh(12) }
     86 
     87 id-ecMQV OBJECT IDENTIFIER ::= {
     88        iso(1) identified-organization(3) certicom(132) schemes(1)
     89        ecmqv(13) }
     90 
     91 id-ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
     92      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     93      ecdsa-with-SHA2(3) 4 }
     94 
     95 id-ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
     96      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     97      ecdsa-with-SHA2(3) 3 }
     98 
     99 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
    100      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
    101      ecdsa-with-SHA2(3) 2 }
    102 
    103 id-ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
    104      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
    105      ecdsa-with-SHA2(3) 1 }
    106 
    107 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
    108      iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
    109 
    110 -- some EC group ids
    111 
    112 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
    113        iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
    114        prime(1) 7 }
    115 
    116 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
    117        iso(1) identified-organization(3) certicom(132) 0 8 }
    118 
    119 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
    120        iso(1) identified-organization(3) certicom(132) 0 30 }
    121 
    122 id-ec-group-secp224r1 OBJECT IDENTIFIER ::= {
    123        iso(1) identified-organization(3) certicom(132) 0 33 }
    124 
    125 id-ec-group-secp384r1 OBJECT IDENTIFIER ::= {
    126        iso(1) identified-organization(3) certicom(132) 0 34 }
    127 
    128 id-ec-group-secp521r1 OBJECT IDENTIFIER ::= {
    129        iso(1) identified-organization(3) certicom(132) 0 35 }
    130 
    131 -- DSA
    132 
    133 id-x9-57 OBJECT IDENTIFIER ::= {
    134         iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
    135 
    136 id-dsa OBJECT IDENTIFIER ::=		{ id-x9-57 1 }
    137 id-dsa-with-sha1 OBJECT IDENTIFIER ::=		{ id-x9-57 3 }
    138 
    139 -- x.520 names types
    140 
    141 id-x520-at 	OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
    142 
    143 id-at-commonName		OBJECT IDENTIFIER ::= { id-x520-at 3 }
    144 id-at-surname			OBJECT IDENTIFIER ::= { id-x520-at 4 }
    145 id-at-serialNumber		OBJECT IDENTIFIER ::= { id-x520-at 5 }
    146 id-at-countryName		OBJECT IDENTIFIER ::= { id-x520-at 6 }
    147 id-at-localityName		OBJECT IDENTIFIER ::= { id-x520-at 7 }
    148 id-at-stateOrProvinceName	OBJECT IDENTIFIER ::= { id-x520-at 8 }
    149 id-at-streetAddress		OBJECT IDENTIFIER ::= { id-x520-at 9 }
    150 id-at-organizationName		OBJECT IDENTIFIER ::= { id-x520-at 10 }
    151 id-at-organizationalUnitName	OBJECT IDENTIFIER ::= { id-x520-at 11 }
    152 id-at-title			OBJECT IDENTIFIER ::= { id-x520-at 12 }
    153 id-at-description		OBJECT IDENTIFIER ::= { id-x520-at 13 }
    154 id-at-name			OBJECT IDENTIFIER ::= { id-x520-at 41 }
    155 id-at-givenName			OBJECT IDENTIFIER ::= { id-x520-at 42 }
    156 id-at-initials			OBJECT IDENTIFIER ::= { id-x520-at 43 }
    157 id-at-generationQualifier	OBJECT IDENTIFIER ::= { id-x520-at 44 }
    158 id-at-pseudonym			OBJECT IDENTIFIER ::= { id-x520-at 65 }
    159 -- RFC 2247
    160 id-Userid		      	OBJECT IDENTIFIER ::=
    161                           { 0 9 2342 19200300 100 1 1 }
    162 id-domainComponent      	OBJECT IDENTIFIER ::=
    163                           { 0 9 2342 19200300 100 1 25 }
    164 
    165 
    166 -- rfc3280
    167 
    168 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
    169 
    170 AlgorithmIdentifier ::= SEQUENCE {
    171 	algorithm	OBJECT IDENTIFIER,
    172 	parameters	heim_any OPTIONAL
    173 }
    174 
    175 AttributeType ::=   OBJECT IDENTIFIER
    176 
    177 AttributeValue ::=   heim_any
    178 
    179 DirectoryString ::= CHOICE {
    180 	ia5String	IA5String,
    181 	teletexString	TeletexString,
    182 	printableString	PrintableString,
    183 	universalString UniversalString,
    184 	utf8String	UTF8String,
    185 	bmpString	BMPString
    186 }
    187 
    188 Attribute ::= SEQUENCE {
    189         type    AttributeType,
    190         value   SET OF -- AttributeValue -- heim_any
    191 }
    192 
    193 AttributeTypeAndValue ::= SEQUENCE {
    194         type    AttributeType,
    195         value   DirectoryString
    196 }
    197 
    198 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
    199 
    200 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
    201 
    202 Name ::= CHOICE {
    203 	rdnSequence  RDNSequence
    204 }
    205 
    206 CertificateSerialNumber ::= INTEGER
    207 
    208 Time ::= CHOICE {
    209      utcTime        UTCTime,
    210      generalTime    GeneralizedTime
    211 }
    212 
    213 Validity ::= SEQUENCE {
    214      notBefore      Time,
    215      notAfter       Time
    216 }
    217 
    218 UniqueIdentifier  ::=  BIT STRING
    219 
    220 SubjectPublicKeyInfo  ::=  SEQUENCE  {
    221      algorithm            AlgorithmIdentifier,
    222      subjectPublicKey     BIT STRING
    223 }
    224 
    225 Extension  ::=  SEQUENCE  {
    226      extnID      OBJECT IDENTIFIER,
    227      critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
    228      extnValue   OCTET STRING
    229 }
    230 
    231 Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
    232 
    233 TBSCertificate  ::=  SEQUENCE  {
    234      version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
    235      serialNumber         CertificateSerialNumber,
    236      signature            AlgorithmIdentifier,
    237      issuer               Name,
    238      validity             Validity,
    239      subject              Name,
    240      subjectPublicKeyInfo SubjectPublicKeyInfo,
    241      issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
    242                           -- If present, version shall be v2 or v3
    243      subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
    244                           -- If present, version shall be v2 or v3
    245      extensions      [3]  EXPLICIT Extensions OPTIONAL
    246                           -- If present, version shall be v3
    247 }
    248 
    249 Certificate  ::=  SEQUENCE  {
    250      tbsCertificate       TBSCertificate,
    251      signatureAlgorithm   AlgorithmIdentifier,
    252      signatureValue       BIT STRING
    253 }
    254 
    255 Certificates ::= SEQUENCE OF Certificate
    256 
    257 ValidationParms ::= SEQUENCE {
    258 	seed		BIT STRING,
    259 	pgenCounter	INTEGER
    260 }
    261 
    262 DomainParameters ::= SEQUENCE {
    263 	p		INTEGER, -- odd prime, p=jq +1
    264 	g		INTEGER, -- generator, g
    265 	q		INTEGER OPTIONAL, -- factor of p-1
    266 	j		INTEGER OPTIONAL, -- subgroup factor
    267 	validationParms	ValidationParms OPTIONAL -- ValidationParms
    268 }
    269 
    270 -- As defined by PKCS3
    271 DHParameter ::= SEQUENCE {
    272 	prime		INTEGER, -- odd prime, p=jq +1
    273 	base		INTEGER, -- generator, g
    274 	privateValueLength INTEGER OPTIONAL
    275 }
    276 
    277 DHPublicKey ::= INTEGER
    278 
    279 OtherName ::= SEQUENCE {
    280 	type-id    OBJECT IDENTIFIER,
    281 	value      [0] EXPLICIT heim_any
    282 }
    283 
    284 GeneralName ::= CHOICE {
    285 	otherName			[0]     IMPLICIT -- OtherName -- SEQUENCE {
    286 		type-id    OBJECT IDENTIFIER,
    287 		value      [0] EXPLICIT heim_any
    288 	},
    289 	rfc822Name			[1]     IMPLICIT IA5String,
    290 	dNSName				[2]     IMPLICIT IA5String,
    291 --	x400Address			[3]     IMPLICIT ORAddress,--
    292 	directoryName			[4]     IMPLICIT -- Name -- CHOICE {
    293 		rdnSequence  RDNSequence
    294 	},
    295 --	ediPartyName			[5]     IMPLICIT EDIPartyName, --
    296 	uniformResourceIdentifier	[6]     IMPLICIT IA5String,
    297 	iPAddress			[7]     IMPLICIT OCTET STRING,
    298 	registeredID			[8]     IMPLICIT OBJECT IDENTIFIER
    299 }
    300 
    301 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
    302 
    303 id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }
    304 
    305 KeyUsage ::= BIT STRING {
    306 	digitalSignature	(0),
    307 	nonRepudiation		(1),
    308 	keyEncipherment		(2),
    309 	dataEncipherment	(3),
    310 	keyAgreement		(4),
    311 	keyCertSign		(5),
    312 	cRLSign			(6),
    313 	encipherOnly		(7),
    314 	decipherOnly		(8)
    315 }
    316 
    317 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }
    318 
    319 KeyIdentifier ::= OCTET STRING
    320 
    321 AuthorityKeyIdentifier ::= SEQUENCE {
    322 	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
    323 	authorityCertIssuer       [1] IMPLICIT -- GeneralName --
    324 		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
    325 	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
    326 }
    327 
    328 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }
    329 
    330 SubjectKeyIdentifier ::= KeyIdentifier
    331 
    332 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }
    333 
    334 BasicConstraints ::= SEQUENCE {
    335 	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
    336 	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL
    337 }
    338 
    339 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }
    340 
    341 BaseDistance ::= INTEGER -- (0..MAX) --
    342 
    343 GeneralSubtree ::= SEQUENCE {
    344 	base			GeneralName,
    345 	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
    346 	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
    347 }
    348 
    349 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
    350 
    351 NameConstraints ::= SEQUENCE {
    352 	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
    353 	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
    354 }
    355 
    356 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
    357 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
    358 id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
    359 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
    360 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
    361 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
    362 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }
    363 
    364 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
    365 
    366 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
    367 
    368 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
    369 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
    370 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
    371 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
    372 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
    373 id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
    374 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
    375 
    376 DistributionPointReasonFlags ::= BIT STRING {
    377 	unused                  (0),
    378 	keyCompromise           (1),
    379 	cACompromise            (2),
    380 	affiliationChanged      (3),
    381 	superseded              (4),
    382 	cessationOfOperation    (5),
    383 	certificateHold         (6),
    384 	privilegeWithdrawn      (7),
    385 	aACompromise            (8)
    386 }
    387 
    388 DistributionPointName ::= CHOICE {
    389 	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
    390 	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
    391 }
    392 
    393 DistributionPoint ::= SEQUENCE {
    394 	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
    395 	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
    396 	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
    397 }
    398 
    399 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
    400 
    401 
    402 -- rfc3279
    403 
    404 DSASigValue  ::=  SEQUENCE {
    405 	r	INTEGER,
    406 	s	INTEGER
    407 }
    408 
    409 DSAPublicKey ::= INTEGER
    410 
    411 DSAParams  ::=  SEQUENCE {
    412 	p	INTEGER,
    413 	q	INTEGER,
    414 	g	INTEGER
    415 }
    416 
    417 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
    418 
    419 ECPoint ::= OCTET STRING
    420 
    421 ECParameters ::= CHOICE {
    422 	namedCurve         OBJECT IDENTIFIER
    423 	-- implicitCurve   NULL
    424 	-- specifiedCurve  SpecifiedECDomain
    425 }
    426 
    427 ECDSA-Sig-Value ::= SEQUENCE {
    428      r  INTEGER,
    429      s  INTEGER
    430 }
    431 
    432 -- really pkcs1
    433 
    434 RSAPublicKey ::= SEQUENCE {
    435 	modulus INTEGER, -- n
    436 	publicExponent INTEGER -- e
    437 }
    438 
    439 RSAPrivateKey ::= SEQUENCE {
    440 	version INTEGER (0..4294967295),
    441 	modulus INTEGER, -- n
    442 	publicExponent INTEGER, -- e
    443 	privateExponent INTEGER, -- d
    444 	prime1 INTEGER, -- p
    445 	prime2 INTEGER, -- q
    446 	exponent1 INTEGER, -- d mod (p-1)
    447 	exponent2 INTEGER, -- d mod (q-1)
    448 	coefficient INTEGER -- (inverse of q) mod p
    449 }
    450 
    451 DigestInfo ::= SEQUENCE {
    452 	digestAlgorithm AlgorithmIdentifier,
    453 	digest OCTET STRING
    454 }
    455 
    456 -- some ms ext
    457 
    458 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
    459 
    460 -- UNICODESTRING (0x1E tag)
    461 
    462 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
    463 
    464 -- TemplateVersion ::= INTEGER (0..4294967295)
    465 
    466 -- CertificateTemplate ::= SEQUENCE {
    467 --	templateID OBJECT IDENTIFIER,
    468 --	templateMajorVersion TemplateVersion,
    469 --	templateMinorVersion TemplateVersion OPTIONAL
    470 -- }
    471 
    472 
    473 --
    474 -- CRL
    475 --
    476 
    477 TBSCRLCertList ::=  SEQUENCE  {
    478 	version			Version OPTIONAL, -- if present, MUST be v2
    479 	signature		AlgorithmIdentifier,
    480 	issuer			Name,
    481 	thisUpdate		Time,
    482 	nextUpdate		Time OPTIONAL,
    483 	revokedCertificates     SEQUENCE OF SEQUENCE  {
    484 		userCertificate         CertificateSerialNumber,
    485 		revocationDate          Time,
    486 		crlEntryExtensions      Extensions OPTIONAL
    487 						-- if present, MUST be v2
    488 	} OPTIONAL,
    489 	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
    490 						-- if present, MUST be v2
    491 }
    492 
    493 
    494 CRLCertificateList ::=  SEQUENCE  {
    495 	tbsCertList          TBSCRLCertList,
    496 	signatureAlgorithm   AlgorithmIdentifier,
    497 	signatureValue       BIT STRING
    498 }
    499 
    500 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
    501 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
    502 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
    503 
    504 CRLReason ::= ENUMERATED {
    505 	unspecified             (0),
    506 	keyCompromise           (1),
    507 	cACompromise            (2),
    508 	affiliationChanged      (3),
    509 	superseded              (4),
    510 	cessationOfOperation    (5),
    511 	certificateHold         (6),
    512 	removeFromCRL           (8),
    513 	privilegeWithdrawn      (9),
    514 	aACompromise           (10)
    515 }
    516 
    517 PKIXXmppAddr ::= UTF8String
    518 
    519 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
    520             dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
    521 
    522 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
    523 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
    524 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
    525 
    526 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
    527 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
    528 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
    529 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
    530 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
    531 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
    532 
    533 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
    534 
    535 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
    536 
    537 AccessDescription  ::=  SEQUENCE {
    538 	accessMethod          OBJECT IDENTIFIER,
    539 	accessLocation        GeneralName
    540 }
    541 
    542 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
    543 
    544 -- RFC 3820 Proxy Certificate Profile
    545 
    546 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
    547 
    548 id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }
    549 
    550 id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
    551 id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
    552 id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
    553 
    554 ProxyPolicy ::= SEQUENCE {
    555 	policyLanguage		OBJECT IDENTIFIER,
    556 	policy			OCTET STRING OPTIONAL
    557 }
    558 
    559 ProxyCertInfo ::= SEQUENCE {
    560 	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
    561 	proxyPolicy		ProxyPolicy
    562 }
    563 
    564 --- U.S. Federal PKI Common Policy Framework
    565 -- Card Authentication key
    566 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
    567 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
    568 
    569 --- Netscape extentions
    570 
    571 id-netscape OBJECT IDENTIFIER ::=
    572     { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
    573 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
    574 
    575 --- MS extentions
    576 
    577 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
    578     { 1 3 6 1 4 1 311 20 2 }
    579 
    580 id-ms-client-authentication OBJECT IDENTIFIER ::=
    581  { 1 3 6 1 5 5 7 3 2 }
    582 
    583 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
    584 
    585 END
    586