osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dissectors/asn1/x509ce/CertificateExtensions.asn

745 lines
21 KiB
Groff
Raw Blame History

-- Module CertificateExtensions (X.509:08/2005)
CertificateExtensions {joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 5} DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS ALL
IMPORTS
id-at, id-ce, id-mr, informationFramework, authenticationFramework,
selectedAttributeTypes, upperBounds
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
usefulDefinitions(0) 5}
Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE
FROM InformationFramework informationFramework
CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION,
Time, PolicyID
FROM AuthenticationFramework authenticationFramework
DirectoryString{}
FROM SelectedAttributeTypes selectedAttributeTypes
ub-name
FROM UpperBounds upperBounds
ORAddress
FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
mts-abstract-service(1) version-1999(1)};
-- Unless explicitly noted otherwise, there is no significance to the ordering
-- of components of a SEQUENCE OF construct in this Specification.
-- public-key certificate and CRL extensions
authorityKeyIdentifier EXTENSION ::= {
SYNTAX AuthorityKeyIdentifier
IDENTIFIED BY id-ce-authorityKeyIdentifier
}
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
}
(WITH COMPONENTS {
...,
authorityCertIssuer PRESENT,
authorityCertSerialNumber PRESENT
} |
WITH COMPONENTS {
...,
authorityCertIssuer ABSENT,
authorityCertSerialNumber ABSENT
})
KeyIdentifier ::= OCTET STRING
subjectKeyIdentifier EXTENSION ::= {
SYNTAX SubjectKeyIdentifier
IDENTIFIED BY id-ce-subjectKeyIdentifier
}
SubjectKeyIdentifier ::= KeyIdentifier
keyUsage EXTENSION ::= {SYNTAX KeyUsage
IDENTIFIED BY id-ce-keyUsage
}
KeyUsage ::= BIT STRING {
digitalSignature(0), contentCommitment(1), keyEncipherment(2),
dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6),
encipherOnly(7), decipherOnly(8)}
extKeyUsage EXTENSION ::= {
SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId
IDENTIFIED BY id-ce-extKeyUsage
}
KeyPurposeId ::= OBJECT IDENTIFIER
KeyPurposeIDs ::= SEQUENCE OF KeyPurposeId
privateKeyUsagePeriod EXTENSION ::= {
SYNTAX PrivateKeyUsagePeriod
IDENTIFIED BY id-ce-privateKeyUsagePeriod
}
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL
}
(WITH COMPONENTS {
...,
notBefore PRESENT
} | WITH COMPONENTS {
...,
notAfter PRESENT
})
certificatePolicies EXTENSION ::= {
SYNTAX CertificatePoliciesSyntax
IDENTIFIED BY id-ce-certificatePolicies
}
CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
}
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId CERT-POLICY-QUALIFIER.&id({SupportedPolicyQualifiers}),
qualifier
CERT-POLICY-QUALIFIER.&Qualifier
({SupportedPolicyQualifiers}{@policyQualifierId}) OPTIONAL
}
SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::=
{...}
anyPolicy OBJECT IDENTIFIER ::= {2 5 29 32 0}
CERT-POLICY-QUALIFIER ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Qualifier OPTIONAL
}WITH SYNTAX {POLICY-QUALIFIER-ID &id
[QUALIFIER-TYPE &Qualifier]
}
policyMappings EXTENSION ::= {
SYNTAX PolicyMappingsSyntax
IDENTIFIED BY id-ce-policyMappings
}
PolicyMappingsSyntax ::=
SEQUENCE SIZE (1..MAX) OF
SEQUENCE {issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId}
subjectAltName EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-subjectAltName
}
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] -- INSTANCE OF OTHER-NAME-- OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER
}
-- OTHER-NAME ::= TYPE-IDENTIFIER
OtherName ::= SEQUENCE {
type-id OtherNameType,
value [0] EXPLICIT OtherNameValue
}
OtherNameType ::= OBJECT IDENTIFIER
OtherNameValue ::= ANY
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString{ub-name} OPTIONAL,
partyName [1] DirectoryString{ub-name}
}
issuerAltName EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-issuerAltName
}
subjectDirectoryAttributes EXTENSION ::= {
SYNTAX AttributesSyntax
IDENTIFIED BY id-ce-subjectDirectoryAttributes
}
AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute
basicConstraints EXTENSION ::= {
SYNTAX BasicConstraintsSyntax
IDENTIFIED BY id-ce-basicConstraints
}
BasicConstraintsSyntax ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER(0..MAX) OPTIONAL
}
nameConstraints EXTENSION ::= {
SYNTAX NameConstraintsSyntax
IDENTIFIED BY id-ce-nameConstraints
}
NameConstraintsSyntax ::= SEQUENCE {
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
excludedSubtrees [1] GeneralSubtrees OPTIONAL
}(-- ALL EXCEPT -- ({ --none; at least one component shall be present--}))
GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
minimum [0] BaseDistance DEFAULT 0,
maximum [1] BaseDistance OPTIONAL
}
BaseDistance ::= INTEGER(0..MAX)
policyConstraints EXTENSION ::= {
SYNTAX PolicyConstraintsSyntax
IDENTIFIED BY id-ce-policyConstraints
}
PolicyConstraintsSyntax ::= SEQUENCE {
requireExplicitPolicy [0] SkipCerts OPTIONAL,
inhibitPolicyMapping [1] SkipCerts OPTIONAL
}
SkipCerts ::= INTEGER(0..MAX)
cRLNumber EXTENSION ::= {
SYNTAX CRLNumber
IDENTIFIED BY id-ce-cRLNumber
}
CRLNumber ::= INTEGER(0..MAX)
reasonCode EXTENSION ::= {
SYNTAX CRLReason
IDENTIFIED BY id-ce-reasonCode
}
CRLReason ::= ENUMERATED {
unspecified(0), keyCompromise(1), cACompromise(2), affiliationChanged(3),
superseded(4), cessationOfOperation(5), certificateHold(6), removeFromCRL(8),
privilegeWithdrawn(9), aaCompromise(10)}
holdInstructionCode EXTENSION ::= {
SYNTAX HoldInstruction
IDENTIFIED BY id-ce-instructionCode
}
HoldInstruction ::= OBJECT IDENTIFIER
invalidityDate EXTENSION ::= {
SYNTAX GeneralizedTime
IDENTIFIED BY id-ce-invalidityDate
}
crlScope EXTENSION ::= {
SYNTAX CRLScopeSyntax
IDENTIFIED BY id-ce-cRLScope
}
CRLScopeSyntax ::= SEQUENCE SIZE (1..MAX) OF PerAuthorityScope
PerAuthorityScope ::= SEQUENCE {
authorityName [0] GeneralName OPTIONAL,
distributionPoint [1] DistributionPointName OPTIONAL,
onlyContains [2] OnlyCertificateTypes OPTIONAL,
onlySomeReasons [4] ReasonFlags OPTIONAL,
serialNumberRange [5] NumberRange OPTIONAL,
subjectKeyIdRange [6] NumberRange OPTIONAL,
nameSubtrees [7] GeneralNames OPTIONAL,
baseRevocationInfo [9] BaseRevocationInfo OPTIONAL
}
OnlyCertificateTypes ::= BIT STRING {user(0), authority(1), attribute(2)}
NumberRange ::= SEQUENCE {
startingNumber [0] INTEGER OPTIONAL,
endingNumber [1] INTEGER OPTIONAL,
modulus INTEGER OPTIONAL
}
BaseRevocationInfo ::= SEQUENCE {
cRLStreamIdentifier [0] CRLStreamIdentifier OPTIONAL,
cRLNumber [1] CRLNumber,
baseThisUpdate [2] GeneralizedTime
}
statusReferrals EXTENSION ::= {
SYNTAX StatusReferrals
IDENTIFIED BY id-ce-statusReferrals
}
StatusReferrals ::= SEQUENCE SIZE (1..MAX) OF StatusReferral
StatusReferral ::= CHOICE {
cRLReferral [0] CRLReferral
-- otherReferral [1] INSTANCE OF OTHER-REFERRAL
}
CRLReferral ::= SEQUENCE {
issuer [0] GeneralName OPTIONAL,
location [1] GeneralName OPTIONAL,
deltaRefInfo [2] DeltaRefInfo OPTIONAL,
cRLScope CRLScopeSyntax,
lastUpdate [3] GeneralizedTime OPTIONAL,
lastChangedCRL [4] GeneralizedTime OPTIONAL
}
DeltaRefInfo ::= SEQUENCE {
deltaLocation GeneralName,
lastDelta GeneralizedTime OPTIONAL
}
--OTHER-REFERRAL ::= TYPE-IDENTIFIER
--
cRLStreamIdentifier EXTENSION ::= {
SYNTAX CRLStreamIdentifier
IDENTIFIED BY id-ce-cRLStreamIdentifier
}
CRLStreamIdentifier ::= INTEGER(0..MAX)
orderedList EXTENSION ::= {
SYNTAX OrderedListSyntax
IDENTIFIED BY id-ce-orderedList
}
OrderedListSyntax ::= ENUMERATED {ascSerialNum(0), ascRevDate(1)}
deltaInfo EXTENSION ::= {
SYNTAX DeltaInformation
IDENTIFIED BY id-ce-deltaInfo
}
DeltaInformation ::= SEQUENCE {
deltaLocation GeneralName,
nextDelta GeneralizedTime OPTIONAL
}
cRLDistributionPoints EXTENSION ::= {
SYNTAX CRLDistPointsSyntax
IDENTIFIED BY id-ce-cRLDistributionPoints
}
CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL
}
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}
ReasonFlags ::= BIT STRING {
unused(0), keyCompromise(1), cACompromise(2), affiliationChanged(3),
superseded(4), cessationOfOperation(5), certificateHold(6),
privilegeWithdrawn(7), aACompromise(8)}
issuingDistributionPoint EXTENSION ::= {
SYNTAX IssuingDistPointSyntax
IDENTIFIED BY id-ce-issuingDistributionPoint
}
IssuingDistPointSyntax ::= SEQUENCE {
-- If onlyContainsUserPublicKeyCerts and onlyContainsCACerts are both FALSE,
-- the CRL covers both certificate types
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserPublicKeyCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE
}
certificateIssuer EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-certificateIssuer
}
deltaCRLIndicator EXTENSION ::= {
SYNTAX BaseCRLNumber
IDENTIFIED BY id-ce-deltaCRLIndicator
}
BaseCRLNumber ::= CRLNumber
toBeRevoked EXTENSION ::= {
SYNTAX ToBeRevokedSyntax
IDENTIFIED BY id-ce-toBeRevoked
}
ToBeRevokedSyntax ::= SEQUENCE SIZE (1..MAX) OF ToBeRevokedGroup
ToBeRevokedGroup ::= SEQUENCE {
certificateIssuer [0] GeneralName OPTIONAL,
reasonInfo [1] ReasonInfo OPTIONAL,
revocationTime GeneralizedTime,
certificateGroup CertificateGroup
}
ReasonInfo ::= SEQUENCE {
reasonCode CRLReason,
holdInstructionCode HoldInstruction OPTIONAL
}
CertificateGroup ::= CHOICE {
serialNumbers [0] CertificateSerialNumbers,
serialNumberRange [1] CertificateGroupNumberRange,
nameSubtree [2] GeneralName
}
CertificateGroupNumberRange ::= SEQUENCE {
startingNumber [0] INTEGER,
endingNumber [1] INTEGER
}
CertificateSerialNumbers ::= SEQUENCE SIZE (1..MAX) OF CertificateSerialNumber
revokedGroups EXTENSION ::= {
SYNTAX RevokedGroupsSyntax
IDENTIFIED BY id-ce-RevokedGroups
}
RevokedGroupsSyntax ::= SEQUENCE SIZE (1..MAX) OF RevokedGroup
RevokedGroup ::= SEQUENCE {
certificateIssuer [0] GeneralName OPTIONAL,
reasonInfo [1] ReasonInfo OPTIONAL,
invalidityDate [2] GeneralizedTime OPTIONAL,
revokedcertificateGroup [3] RevokedCertificateGroup
}
RevokedCertificateGroup ::= CHOICE {
serialNumberRange NumberRange,
nameSubtree GeneralName
}
expiredCertsOnCRL EXTENSION ::= {
SYNTAX ExpiredCertsOnCRL
IDENTIFIED BY id-ce-expiredCertsOnCRL
}
ExpiredCertsOnCRL ::= GeneralizedTime
baseUpdateTime EXTENSION ::= {
SYNTAX GeneralizedTime
IDENTIFIED BY id-ce-baseUpdateTime
}
freshestCRL EXTENSION ::= {
SYNTAX CRLDistPointsSyntax
IDENTIFIED BY id-ce-freshestCRL
}
aAissuingDistributionPoint EXTENSION ::= {
SYNTAX AAIssuingDistPointSyntax
IDENTIFIED BY id-ce-aAissuingDistributionPoint
}
AAIssuingDistPointSyntax ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlySomeReasons [1] ReasonFlags OPTIONAL,
indirectCRL [2] BOOLEAN DEFAULT FALSE,
containsUserAttributeCerts [3] BOOLEAN DEFAULT TRUE,
containsAACerts [4] BOOLEAN DEFAULT TRUE,
containsSOAPublicKeyCerts [5] BOOLEAN DEFAULT TRUE
}
inhibitAnyPolicy EXTENSION ::= {
SYNTAX SkipCerts
IDENTIFIED BY id-ce-inhibitAnyPolicy
}
-- PKI matching rules
certificateExactMatch MATCHING-RULE ::= {
SYNTAX CertificateExactAssertion
ID id-mr-certificateExactMatch
}
CertificateExactAssertion ::= SEQUENCE {
serialNumber CertificateSerialNumber,
issuer Name
}
certificateMatch MATCHING-RULE ::= {
SYNTAX CertificateAssertion
ID id-mr-certificateMatch
}
CertificateAssertion ::= SEQUENCE {
serialNumber [0] CertificateSerialNumber OPTIONAL,
issuer [1] Name OPTIONAL,
subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL,
authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
certificateValid [4] Time OPTIONAL,
privateKeyValid [5] GeneralizedTime OPTIONAL,
subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL,
keyUsage [7] KeyUsage OPTIONAL,
subjectAltName [8] AltNameType OPTIONAL,
policy [9] CertPolicySet OPTIONAL,
pathToName [10] Name OPTIONAL,
subject [11] Name OPTIONAL,
nameConstraints [12] NameConstraintsSyntax OPTIONAL
}
AltNameType ::= CHOICE {
builtinNameForm
ENUMERATED {rfc822Name(1), dNSName(2), x400Address(3), directoryName(4),
ediPartyName(5), uniformResourceIdentifier(6), iPAddress(7),
registeredId(8)},
otherNameForm OBJECT IDENTIFIER
}
CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId
certificatePairExactMatch MATCHING-RULE ::= {
SYNTAX CertificatePairExactAssertion
ID id-mr-certificatePairExactMatch
}
CertificatePairExactAssertion ::= SEQUENCE {
issuedToThisCAAssertion [0] CertificateExactAssertion OPTIONAL,
issuedByThisCAAssertion [1] CertificateExactAssertion OPTIONAL
}
(WITH COMPONENTS {
...,
issuedToThisCAAssertion PRESENT
} | WITH COMPONENTS {
...,
issuedByThisCAAssertion PRESENT
})
certificatePairMatch MATCHING-RULE ::= {
SYNTAX CertificatePairAssertion
ID id-mr-certificatePairMatch
}
CertificatePairAssertion ::= SEQUENCE {
issuedToThisCAAssertion [0] CertificateAssertion OPTIONAL,
issuedByThisCAAssertion [1] CertificateAssertion OPTIONAL
}
(WITH COMPONENTS {
...,
issuedToThisCAAssertion PRESENT
} | WITH COMPONENTS {
...,
issuedByThisCAAssertion PRESENT
})
certificateListExactMatch MATCHING-RULE ::= {
SYNTAX CertificateListExactAssertion
ID id-mr-certificateListExactMatch
}
CertificateListExactAssertion ::= SEQUENCE {
issuer Name,
thisUpdate Time,
distributionPoint DistributionPointName OPTIONAL
}
certificateListMatch MATCHING-RULE ::= {
SYNTAX CertificateListAssertion
ID id-mr-certificateListMatch
}
CertificateListAssertion ::= SEQUENCE {
issuer Name OPTIONAL,
minCRLNumber [0] CRLNumber OPTIONAL,
maxCRLNumber [1] CRLNumber OPTIONAL,
reasonFlags ReasonFlags OPTIONAL,
dateAndTime Time OPTIONAL,
distributionPoint [2] DistributionPointName OPTIONAL,
authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL
}
algorithmIdentifierMatch MATCHING-RULE ::= {
SYNTAX AlgorithmIdentifier
ID id-mr-algorithmIdentifierMatch
}
policyMatch MATCHING-RULE ::= {SYNTAX PolicyID
ID id-mr-policyMatch
}
pkiPathMatch MATCHING-RULE ::= {
SYNTAX PkiPathMatchSyntax
ID id-mr-pkiPathMatch
}
PkiPathMatchSyntax ::= SEQUENCE {firstIssuer Name,
lastSubject Name
}
enhancedCertificateMatch MATCHING-RULE ::= {
SYNTAX EnhancedCertificateAssertion
ID id-mr-enhancedCertificateMatch
}
EnhancedCertificateAssertion ::= SEQUENCE {
serialNumber [0] CertificateSerialNumber OPTIONAL,
issuer [1] Name OPTIONAL,
subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL,
authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
certificateValid [4] Time OPTIONAL,
privateKeyValid [5] GeneralizedTime OPTIONAL,
subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL,
keyUsage [7] KeyUsage OPTIONAL,
subjectAltName [8] AltName OPTIONAL,
policy [9] CertPolicySet OPTIONAL,
pathToName [10] GeneralNames OPTIONAL,
subject [11] Name OPTIONAL,
nameConstraints [12] NameConstraintsSyntax OPTIONAL
}(--ALL EXCEPT-- ({ -- none; at least one component shall be present --}))
AltName ::= SEQUENCE {
altnameType AltNameType,
altNameValue GeneralName OPTIONAL
}
-- Object identifier assignments
id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=
{id-ce 9}
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14}
id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15}
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16}
id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17}
id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18}
id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19}
id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20}
id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21}
id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23}
id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24}
id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27}
id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28}
id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29}
id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30}
id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32}
id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33}
-- deprecated OBJECT IDENTIFIER ::= {id-ce 34}
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=
{id-ce 35}
id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36}
id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
id-ce-cRLStreamIdentifier OBJECT IDENTIFIER ::= {id-ce 40}
id-ce-cRLScope OBJECT IDENTIFIER ::= {id-ce 44}
id-ce-statusReferrals OBJECT IDENTIFIER ::= {id-ce 45}
id-ce-freshestCRL OBJECT IDENTIFIER ::= {id-ce 46}
id-ce-orderedList OBJECT IDENTIFIER ::= {id-ce 47}
id-ce-baseUpdateTime OBJECT IDENTIFIER ::= {id-ce 51}
id-ce-deltaInfo OBJECT IDENTIFIER ::= {id-ce 53}
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54}
id-ce-toBeRevoked OBJECT IDENTIFIER ::= {id-ce 58}
id-ce-RevokedGroups OBJECT IDENTIFIER ::= {id-ce 59}
id-ce-expiredCertsOnCRL OBJECT IDENTIFIER ::= {id-ce 60}
id-ce-aAissuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 63}
-- matching rule OIDs
id-mr-certificateExactMatch OBJECT IDENTIFIER ::=
{id-mr 34}
id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35}
id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36}
id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37}
id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38}
id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39}
id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40}
id-mr-policyMatch OBJECT IDENTIFIER ::= {id-mr 60}
id-mr-pkiPathMatch OBJECT IDENTIFIER ::= {id-mr 62}
id-mr-enhancedCertificateMatch OBJECT IDENTIFIER ::= {id-mr 65}
-- The following OBJECT IDENTIFIERS are not used by this Specification:
-- {id-ce 2}, {id-ce 3}, {id-ce 4}, {id-ce 5}, {id-ce 6}, {id-ce 7},
-- {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13},
-- {id-ce 22}, {id-ce 25}, {id-ce 26}
-- Microsoft Certificate Extension
CertificateTemplate ::= SEQUENCE {
templateID OBJECT IDENTIFIER,
templateMajorVersion INTEGER,
templateMinorVersion INTEGER OPTIONAL
}
-- Entrust Certificate Extension
EntrustVersionInfo ::= SEQUENCE {
entrustVers GeneralString,
entrustVersInfoFlags EntrustInfoFlags OPTIONAL
}
EntrustInfoFlags ::= BIT STRING {
keyUpdateAllowed(0),
newExtensions(1),
pKIXCertificate(2),
enterpriseCategory(3),
webCategory(4),
sETCategory(5)
}
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
Reference in New Issue View Git Blame Copy Permalink