fixeria
/
pycrate
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pycrate/pycrate_asn1dir/IETF_PKI_RFC5912/PKIX1Implicit-2009.asn

448 lines
16 KiB
Groff
Raw Blame History

PKIX1Implicit-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
AttributeSet{}, EXTENSION, ATTRIBUTE
FROM PKIX-CommonTypes-2009 {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
id-pe, id-kp, id-qt-unotice, id-qt-cps, ORAddress, Name,
RelativeDistinguishedName, CertificateSerialNumber,
DirectoryString{}, SupportedAttributes
FROM PKIX1Explicit-2009 {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) };
CertExtensions EXTENSION ::= {
ext-AuthorityKeyIdentifier | ext-SubjectKeyIdentifier |
ext-KeyUsage | ext-PrivateKeyUsagePeriod |
ext-CertificatePolicies | ext-PolicyMappings |
ext-SubjectAltName | ext-IssuerAltName |
ext-SubjectDirectoryAttributes |
ext-BasicConstraints | ext-NameConstraints |
ext-PolicyConstraints | ext-ExtKeyUsage |
ext-CRLDistributionPoints | ext-InhibitAnyPolicy |
ext-FreshestCRL | ext-AuthorityInfoAccess |
ext-SubjectInfoAccessSyntax, ... }
CrlExtensions EXTENSION ::= {
ext-AuthorityKeyIdentifier | ext-IssuerAltName |
ext-CRLNumber | ext-DeltaCRLIndicator |
ext-IssuingDistributionPoint | ext-FreshestCRL, ... }
CrlEntryExtensions EXTENSION ::= {
ext-CRLReason | ext-CertificateIssuer |
ext-HoldInstructionCode | ext-InvalidityDate, ... }
-- Shared arc for standard certificate and CRL extensions
id-ce OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 29 }
-- authority key identifier OID and syntax
ext-AuthorityKeyIdentifier EXTENSION ::= { SYNTAX
AuthorityKeyIdentifier IDENTIFIED BY
id-ce-authorityKeyIdentifier }
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
(WITH COMPONENTS {
...,
authorityCertIssuer PRESENT,
authorityCertSerialNumber PRESENT
} |
WITH COMPONENTS {
...,
authorityCertIssuer ABSENT,
authorityCertSerialNumber ABSENT
})
KeyIdentifier ::= OCTET STRING
-- subject key identifier OID and syntax
ext-SubjectKeyIdentifier EXTENSION ::= { SYNTAX
KeyIdentifier IDENTIFIED BY id-ce-subjectKeyIdentifier }
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
-- key usage extension OID and syntax
ext-KeyUsage EXTENSION ::= { SYNTAX
KeyUsage IDENTIFIED BY id-ce-keyUsage }
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to
-- contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8)
}
-- private key usage period extension OID and syntax
ext-PrivateKeyUsagePeriod EXTENSION ::= { SYNTAX
PrivateKeyUsagePeriod IDENTIFIED BY id-ce-privateKeyUsagePeriod }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL }
(WITH COMPONENTS {..., notBefore PRESENT } |
WITH COMPONENTS {..., notAfter PRESENT })
-- certificate policies extension OID and syntax
ext-CertificatePolicies EXTENSION ::= { SYNTAX
CertificatePolicies IDENTIFIED BY id-ce-certificatePolicies}
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF
PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
CERT-POLICY-QUALIFIER ::= TYPE-IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId CERT-POLICY-QUALIFIER.&id({PolicyQualifierId}),
qualifier CERT-POLICY-QUALIFIER.&Type({PolicyQualifierId}{@policyQualifierId})}
-- Implementations that recognize additional policy qualifiers MUST
-- augment the following definition for PolicyQualifierId
PolicyQualifierId CERT-POLICY-QUALIFIER ::=
{ pqid-cps | pqid-unotice, ... }
pqid-cps CERT-POLICY-QUALIFIER ::= { CPSuri IDENTIFIED BY id-qt-cps }
pqid-unotice CERT-POLICY-QUALIFIER ::= { UserNotice
IDENTIFIED BY id-qt-unotice }
-- CPS pointer qualifier
CPSuri ::= IA5String
-- user notice qualifier
UserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
--
-- This is not made explicit in the text
--
-- {WITH COMPONENTS {..., noticeRef PRESENT} |
-- WITH COMPONENTS {..., DisplayText PRESENT }}
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
-- policy mapping extension OID and syntax
ext-PolicyMappings EXTENSION ::= { SYNTAX
PolicyMappings IDENTIFIED BY id-ce-policyMappings }
id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId
}
-- subject alternative name extension OID and syntax
ext-SubjectAltName EXTENSION ::= { SYNTAX
GeneralNames IDENTIFIED BY id-ce-subjectAltName }
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] INSTANCE OF OTHER-NAME,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER
}
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
OTHER-NAME ::= TYPE-IDENTIFIER
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString {ubMax} OPTIONAL,
partyName [1] DirectoryString {ubMax}
}
-- issuer alternative name extension OID and syntax
ext-IssuerAltName EXTENSION ::= { SYNTAX
GeneralNames IDENTIFIED BY id-ce-issuerAltName }
id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
ext-SubjectDirectoryAttributes EXTENSION ::= { SYNTAX
SubjectDirectoryAttributes IDENTIFIED BY
id-ce-subjectDirectoryAttributes }
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF
AttributeSet{{SupportedAttributes}}
-- basic constraints extension OID and syntax
ext-BasicConstraints EXTENSION ::= { SYNTAX
BasicConstraints IDENTIFIED BY id-ce-basicConstraints }
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL
}
-- name constraints extension OID and syntax
ext-NameConstraints EXTENSION ::= { SYNTAX
NameConstraints IDENTIFIED BY id-ce-nameConstraints }
id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
NameConstraints ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL
}
--
-- This is a constraint in the issued certificates by CAs, but is
-- not a requirement on EEs.
--
-- (WITH COMPONENTS { ..., permittedSubtrees PRESENT} |
-- WITH COMPONENTS { ..., excludedSubtrees PRESENT }}
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL
}
BaseDistance ::= INTEGER (0..MAX)
-- policy constraints extension OID and syntax
ext-PolicyConstraints EXTENSION ::= { SYNTAX
PolicyConstraints IDENTIFIED BY id-ce-policyConstraints }
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
PolicyConstraints ::= SEQUENCE {
requireExplicitPolicy [0] SkipCerts OPTIONAL,
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
--
-- This is a constraint in the issued certificates by CAs,
-- but is not a requirement for EEs
--
-- (WITH COMPONENTS { ..., requireExplicitPolicy PRESENT} |
-- WITH COMPONENTS { ..., inhibitPolicyMapping PRESENT})
SkipCerts ::= INTEGER (0..MAX)
-- CRL distribution points extension OID and syntax
ext-CRLDistributionPoints EXTENSION ::= { SYNTAX
CRLDistributionPoints IDENTIFIED BY id-ce-cRLDistributionPoints}
id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL
}
--
-- This is not a requirement in the text, but it seems as if it
-- should be
--
--(WITH COMPONENTS {..., distributionPoint PRESENT} |
-- WITH COMPONENTS {..., cRLIssuer PRESENT})
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}
ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
privilegeWithdrawn (7),
aACompromise (8)
}
-- extended key usage extension OID and syntax
ext-ExtKeyUsage EXTENSION ::= { SYNTAX
ExtKeyUsageSyntax IDENTIFIED BY id-ce-extKeyUsage }
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
KeyPurposeId ::= OBJECT IDENTIFIER
-- permit unspecified key uses
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
-- extended key purpose OIDs
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
-- inhibit any policy OID and syntax
ext-InhibitAnyPolicy EXTENSION ::= {SYNTAX
SkipCerts IDENTIFIED BY id-ce-inhibitAnyPolicy }
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
-- freshest (delta)CRL extension OID and syntax
ext-FreshestCRL EXTENSION ::= {SYNTAX
CRLDistributionPoints IDENTIFIED BY id-ce-freshestCRL }
id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
-- authority info access
ext-AuthorityInfoAccess EXTENSION ::= { SYNTAX
AuthorityInfoAccessSyntax IDENTIFIED BY
id-pe-authorityInfoAccess }
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
-- subject info access
ext-SubjectInfoAccessSyntax EXTENSION ::= { SYNTAX
SubjectInfoAccessSyntax IDENTIFIED BY id-pe-subjectInfoAccess }
id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
SubjectInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
-- CRL number extension OID and syntax
ext-CRLNumber EXTENSION ::= {SYNTAX
INTEGER (0..MAX) IDENTIFIED BY id-ce-cRLNumber }
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
CRLNumber ::= INTEGER (0..MAX)
-- issuing distribution point extension OID and syntax
ext-IssuingDistributionPoint EXTENSION ::= { SYNTAX
IssuingDistributionPoint IDENTIFIED BY
id-ce-issuingDistributionPoint }
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE,
onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE
}
-- at most one of onlyContainsUserCerts, onlyContainsCACerts,
-- or onlyContainsAttributeCerts may be set to TRUE.
ext-DeltaCRLIndicator EXTENSION ::= { SYNTAX
CRLNumber IDENTIFIED BY id-ce-deltaCRLIndicator }
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
-- CRL reasons extension OID and syntax
ext-CRLReason EXTENSION ::= { SYNTAX
CRLReason IDENTIFIED BY id-ce-cRLReasons }
id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
CRLReason ::= ENUMERATED {
unspecified (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6),
removeFromCRL (8),
privilegeWithdrawn (9),
aACompromise (10)
}
-- certificate issuer CRL entry extension OID and syntax
ext-CertificateIssuer EXTENSION ::= { SYNTAX
GeneralNames IDENTIFIED BY id-ce-certificateIssuer }
id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
-- hold instruction extension OID and syntax
ext-HoldInstructionCode EXTENSION ::= { SYNTAX
OBJECT IDENTIFIER IDENTIFIED BY id-ce-holdInstructionCode }
id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
-- ANSI x9 holdinstructions
holdInstruction OBJECT IDENTIFIER ::=
{joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
id-holdinstruction-none OBJECT IDENTIFIER ::=
{holdInstruction 1} -- deprecated
id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
{holdInstruction 2}
id-holdinstruction-reject OBJECT IDENTIFIER ::=
{holdInstruction 3}
-- invalidity date CRL entry extension OID and syntax
ext-InvalidityDate EXTENSION ::= { SYNTAX
GeneralizedTime IDENTIFIED BY id-ce-invalidityDate }
id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
-- Upper bounds
ubMax INTEGER ::= 32768
END
Reference in New Issue View Git Blame Copy Permalink