From cb4c9b305391e2c511afd2e80fe38c7c85aad993 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 29 Oct 2015 22:33:02 +0100 Subject: Solve build problem --- asn1/CertificateExtensions.asn | 622 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 622 insertions(+) create mode 100644 asn1/CertificateExtensions.asn (limited to 'asn1/CertificateExtensions.asn') diff --git a/asn1/CertificateExtensions.asn b/asn1/CertificateExtensions.asn new file mode 100644 index 0000000..aeb5125 --- /dev/null +++ b/asn1/CertificateExtensions.asn @@ -0,0 +1,622 @@ +-- Module CertificateExtensions (X.509:03/2000) +-- A.2 Certificate extensions module +CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 4} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS ALL +IMPORTS + id-at, id-ce, id-mr, informationFramework, authenticationFramework, + selectedAttributeTypes, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION, + Time, PolicyID + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4} + DirectoryString + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + ub-name + FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4} + ORAddress + FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mts-abstract-service(1) version-1999(1)}; + +-- Unless explicitly noted otherwise, there is no significance to the ordering +-- of components of a SEQUENCE OF construct in this Specification. +-- public-key certificate and CRL extensions +aAissuingDistributionPoint EXTENSION ::= { + SYNTAX AAIssuingDistPointSyntax + IDENTIFIED BY id-ce-AAissuingDistributionPoint +} + +AAIssuingDistPointSyntax ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlySomeReasons [1] ReasonFlags OPTIONAL, + indirectCRL [2] BOOLEAN DEFAULT FALSE, + containsUserAttributeCerts [3] BOOLEAN DEFAULT TRUE, + containsAACerts [4] BOOLEAN DEFAULT TRUE, + containsSOAPublicKeyCerts [5] BOOLEAN DEFAULT TRUE +} + +authorityKeyIdentifier EXTENSION ::= { + SYNTAX AuthorityKeyIdentifier + IDENTIFIED BY id-ce-authorityKeyIdentifier +} + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL +} +(WITH COMPONENTS { + ..., + authorityCertIssuer PRESENT, + authorityCertSerialNumber PRESENT + } | + WITH COMPONENTS { + ..., + authorityCertIssuer ABSENT, + authorityCertSerialNumber ABSENT + }) + +KeyIdentifier ::= OCTET STRING + +subjectKeyIdentifier EXTENSION ::= { + SYNTAX SubjectKeyIdentifier + IDENTIFIED BY id-ce-subjectKeyIdentifier +} + +SubjectKeyIdentifier ::= KeyIdentifier + +keyUsage EXTENSION ::= {SYNTAX KeyUsage + IDENTIFIED BY id-ce-keyUsage +} + +KeyUsage ::= BIT STRING { + digitalSignature(0), contentCommitment(1), keyEncipherment(2), + dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6), + encipherOnly(7), decipherOnly(8)} + +extKeyUsage EXTENSION ::= { + SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId + IDENTIFIED BY id-ce-extKeyUsage +} + +anyExtendedKeyUsage OBJECT IDENTIFIER ::= {2 5 29 37 0} + +KeyPurposeId ::= OBJECT IDENTIFIER + +privateKeyUsagePeriod EXTENSION ::= { + SYNTAX PrivateKeyUsagePeriod + IDENTIFIED BY id-ce-privateKeyUsagePeriod +} + +PrivateKeyUsagePeriod ::= SEQUENCE { + notBefore [0] GeneralizedTime OPTIONAL, + notAfter [1] GeneralizedTime OPTIONAL +} +(WITH COMPONENTS { + ..., + notBefore PRESENT + } | WITH COMPONENTS { + ..., + notAfter PRESENT + }) + +certificatePolicies EXTENSION ::= { + SYNTAX CertificatePoliciesSyntax + IDENTIFIED BY id-ce-certificatePolicies +} + +CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +PolicyInformation ::= SEQUENCE { + policyIdentifier CertPolicyId, + policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL +} + +CertPolicyId ::= OBJECT IDENTIFIER + +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId CERT-POLICY-QUALIFIER.&id({SupportedPolicyQualifiers}), + qualifier + CERT-POLICY-QUALIFIER.&Qualifier + ({SupportedPolicyQualifiers}{@policyQualifierId}) OPTIONAL +} + +SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= + {...} + +anyPolicy OBJECT IDENTIFIER ::= {2 5 29 32 0} + +CERT-POLICY-QUALIFIER ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Qualifier OPTIONAL +}WITH SYNTAX {POLICY-QUALIFIER-ID &id + [QUALIFIER-TYPE &Qualifier] +} + +policyMappings EXTENSION ::= { + SYNTAX PolicyMappingsSyntax + IDENTIFIED BY id-ce-policyMappings +} + +PolicyMappingsSyntax ::= + SEQUENCE SIZE (1..MAX) OF + SEQUENCE {issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId} + +subjectAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-subjectAltName +} + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] INSTANCE OF OTHER-NAME, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER +} + +OTHER-NAME ::= TYPE-IDENTIFIER + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString{ub-name} OPTIONAL, + partyName [1] DirectoryString{ub-name} +} + +issuerAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-issuerAltName +} + +subjectDirectoryAttributes EXTENSION ::= { + SYNTAX AttributesSyntax + IDENTIFIED BY id-ce-subjectDirectoryAttributes +} + +AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute + +basicConstraints EXTENSION ::= { + SYNTAX BasicConstraintsSyntax + IDENTIFIED BY id-ce-basicConstraints +} + +BasicConstraintsSyntax ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER(0..MAX) OPTIONAL +} + +nameConstraints EXTENSION ::= { + SYNTAX NameConstraintsSyntax + IDENTIFIED BY id-ce-nameConstraints +} + +NameConstraintsSyntax ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL +}(ALL EXCEPT ({ --none; at least one component shall be present--})) + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL +} + +BaseDistance ::= INTEGER(0..MAX) + +policyConstraints EXTENSION ::= { + SYNTAX PolicyConstraintsSyntax + IDENTIFIED BY id-ce-policyConstraints +} + +PolicyConstraintsSyntax ::= SEQUENCE { + requireExplicitPolicy [0] SkipCerts OPTIONAL, + inhibitPolicyMapping [1] SkipCerts OPTIONAL +} + +SkipCerts ::= INTEGER(0..MAX) + +cRLNumber EXTENSION ::= { + SYNTAX CRLNumber + IDENTIFIED BY id-ce-cRLNumber +} + +CRLNumber ::= INTEGER(0..MAX) + +reasonCode EXTENSION ::= { + SYNTAX CRLReason + IDENTIFIED BY id-ce-reasonCode +} + +CRLReason ::= ENUMERATED { + unspecified(0), keyCompromise(1), cACompromise(2), affiliationChanged(3), + superseded(4), cessationOfOperation(5), certificateHold(6), removeFromCRL(8), + privilegeWithdrawn(9), aaCompromise(10)} + +holdInstructionCode EXTENSION ::= { + SYNTAX HoldInstruction + IDENTIFIED BY id-ce-instructionCode +} + +HoldInstruction ::= OBJECT IDENTIFIER + +invalidityDate EXTENSION ::= { + SYNTAX GeneralizedTime + IDENTIFIED BY id-ce-invalidityDate +} + +crlScope EXTENSION ::= { + SYNTAX CRLScopeSyntax + IDENTIFIED BY id-ce-cRLScope +} + +CRLScopeSyntax ::= SEQUENCE SIZE (1..MAX) OF PerAuthorityScope + +PerAuthorityScope ::= SEQUENCE { + authorityName [0] GeneralName OPTIONAL, + distributionPoint [1] DistributionPointName OPTIONAL, + onlyContains [2] OnlyCertificateTypes OPTIONAL, + onlySomeReasons [4] ReasonFlags OPTIONAL, + serialNumberRange [5] NumberRange OPTIONAL, + subjectKeyIdRange [6] NumberRange OPTIONAL, + nameSubtrees [7] GeneralNames OPTIONAL, + baseRevocationInfo [9] BaseRevocationInfo OPTIONAL +} + +OnlyCertificateTypes ::= BIT STRING {user(0), authority(1), attribute(2)} + +NumberRange ::= SEQUENCE { + startingNumber [0] INTEGER OPTIONAL, + endingNumber [1] INTEGER OPTIONAL, + modulus INTEGER OPTIONAL +} + +BaseRevocationInfo ::= SEQUENCE { + cRLStreamIdentifier [0] CRLStreamIdentifier OPTIONAL, + cRLNumber [1] CRLNumber, + baseThisUpdate [2] GeneralizedTime +} + +statusReferrals EXTENSION ::= { + SYNTAX StatusReferrals + IDENTIFIED BY id-ce-statusReferrals +} + +StatusReferrals ::= SEQUENCE SIZE (1..MAX) OF StatusReferral + +StatusReferral ::= CHOICE { + cRLReferral [0] CRLReferral, + otherReferral [1] INSTANCE OF OTHER-REFERRAL +} + +CRLReferral ::= SEQUENCE { + issuer [0] GeneralName OPTIONAL, + location [1] GeneralName OPTIONAL, + deltaRefInfo [2] DeltaRefInfo OPTIONAL, + cRLScope CRLScopeSyntax, + lastUpdate [3] GeneralizedTime OPTIONAL, + lastChangedCRL [4] GeneralizedTime OPTIONAL +} + +DeltaRefInfo ::= SEQUENCE { + deltaLocation GeneralName, + lastDelta GeneralizedTime OPTIONAL +} + +OTHER-REFERRAL ::= TYPE-IDENTIFIER + +cRLStreamIdentifier EXTENSION ::= { + SYNTAX CRLStreamIdentifier + IDENTIFIED BY id-ce-cRLStreamIdentifier +} + +CRLStreamIdentifier ::= INTEGER(0..MAX) + +orderedList EXTENSION ::= { + SYNTAX OrderedListSyntax + IDENTIFIED BY id-ce-orderedList +} + +OrderedListSyntax ::= ENUMERATED {ascSerialNum(0), ascRevDate(1)} + +deltaInfo EXTENSION ::= { + SYNTAX DeltaInformation + IDENTIFIED BY id-ce-deltaInfo +} + +DeltaInformation ::= SEQUENCE { + deltaLocation GeneralName, + nextDelta GeneralizedTime OPTIONAL +} + +cRLDistributionPoints EXTENSION ::= { + SYNTAX CRLDistPointsSyntax + IDENTIFIED BY id-ce-cRLDistributionPoints +} + +CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL +} + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName +} + +ReasonFlags ::= BIT STRING { + unused(0), keyCompromise(1), cACompromise(2), affiliationChanged(3), + superseded(4), cessationOfOperation(5), certificateHold(6), + privilegeWithdrawn(7), aACompromise(8)} + +issuingDistributionPoint EXTENSION ::= { + SYNTAX IssuingDistPointSyntax + IDENTIFIED BY id-ce-issuingDistributionPoint +} + +IssuingDistPointSyntax ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlyContainsUserPublicKeyCerts [1] BOOLEAN DEFAULT FALSE, + onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + onlySomeReasons [3] ReasonFlags OPTIONAL, + indirectCRL [4] BOOLEAN DEFAULT FALSE +} + +certificateIssuer EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-certificateIssuer +} + +deltaCRLIndicator EXTENSION ::= { + SYNTAX BaseCRLNumber + IDENTIFIED BY id-ce-deltaCRLIndicator +} + +BaseCRLNumber ::= CRLNumber + +baseUpdateTime EXTENSION ::= { + SYNTAX GeneralizedTime + IDENTIFIED BY id-ce-baseUpdateTime +} + +freshestCRL EXTENSION ::= { + SYNTAX CRLDistPointsSyntax + IDENTIFIED BY id-ce-freshestCRL +} + +inhibitAnyPolicy EXTENSION ::= { + SYNTAX SkipCerts + IDENTIFIED BY id-ce-inhibitAnyPolicy +} + +-- PKI matching rules +certificateExactMatch MATCHING-RULE ::= { + SYNTAX CertificateExactAssertion + ID id-mr-certificateExactMatch +} + +CertificateExactAssertion ::= SEQUENCE { + serialNumber CertificateSerialNumber, + issuer Name +} + +certificateMatch MATCHING-RULE ::= { + SYNTAX CertificateAssertion + ID id-mr-certificateMatch +} + +CertificateAssertion ::= SEQUENCE { + serialNumber [0] CertificateSerialNumber OPTIONAL, + issuer [1] Name OPTIONAL, + subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL, + authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL, + certificateValid [4] Time OPTIONAL, + privateKeyValid [5] GeneralizedTime OPTIONAL, + subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL, + keyUsage [7] KeyUsage OPTIONAL, + subjectAltName [8] AltNameType OPTIONAL, + policy [9] CertPolicySet OPTIONAL, + pathToName [10] Name OPTIONAL, + subject [11] Name OPTIONAL, + nameConstraints [12] NameConstraintsSyntax OPTIONAL +} + +AltNameType ::= CHOICE { + builtinNameForm + ENUMERATED {rfc822Name(1), dNSName(2), x400Address(3), directoryName(4), + ediPartyName(5), uniformResourceIdentifier(6), iPAddress(7), + registeredId(8)}, + otherNameForm OBJECT IDENTIFIER +} + +CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId + +certificatePairExactMatch MATCHING-RULE ::= { + SYNTAX CertificatePairExactAssertion + ID id-mr-certificatePairExactMatch +} + +CertificatePairExactAssertion ::= SEQUENCE { + issuedToThisCAAssertion [0] CertificateExactAssertion OPTIONAL, + issuedByThisCAAssertion [1] CertificateExactAssertion OPTIONAL +} +(WITH COMPONENTS { + ..., + issuedToThisCAAssertion PRESENT + } | WITH COMPONENTS { + ..., + issuedByThisCAAssertion PRESENT + }) + +certificatePairMatch MATCHING-RULE ::= { + SYNTAX CertificatePairAssertion + ID id-mr-certificatePairMatch +} + +CertificatePairAssertion ::= SEQUENCE { + issuedToThisCAAssertion [0] CertificateAssertion OPTIONAL, + issuedByThisCAAssertion [1] CertificateAssertion OPTIONAL +} +(WITH COMPONENTS { + ..., + issuedToThisCAAssertion PRESENT + } | WITH COMPONENTS { + ..., + issuedByThisCAAssertion PRESENT + }) + +certificateListExactMatch MATCHING-RULE ::= { + SYNTAX CertificateListExactAssertion + ID id-mr-certificateListExactMatch +} + +CertificateListExactAssertion ::= SEQUENCE { + issuer Name, + thisUpdate Time, + distributionPoint DistributionPointName OPTIONAL +} + +certificateListMatch MATCHING-RULE ::= { + SYNTAX CertificateListAssertion + ID id-mr-certificateListMatch +} + +CertificateListAssertion ::= SEQUENCE { + issuer Name OPTIONAL, + minCRLNumber [0] CRLNumber OPTIONAL, + maxCRLNumber [1] CRLNumber OPTIONAL, + reasonFlags ReasonFlags OPTIONAL, + dateAndTime Time OPTIONAL, + distributionPoint [2] DistributionPointName OPTIONAL, + authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL +} + +algorithmIdentifierMatch MATCHING-RULE ::= { + SYNTAX AlgorithmIdentifier + ID id-mr-algorithmIdentifierMatch +} + +policyMatch MATCHING-RULE ::= {SYNTAX PolicyID + ID id-mr-policyMatch +} + +pkiPathMatch MATCHING-RULE ::= { + SYNTAX PkiPathMatchSyntax + ID id-mr-pkiPathMatch +} + +PkiPathMatchSyntax ::= SEQUENCE {firstIssuer Name, + lastSubject Name +} + +-- Object identifier assignments +id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= + {id-ce 9} + +id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14} + +id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15} + +id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16} + +id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17} + +id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18} + +id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19} + +id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20} + +id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21} + +id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23} + +id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24} + +id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27} + +id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28} + +id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29} + +id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30} + +id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} + +id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32} + +id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33} + +-- deprecated OBJECT IDENTIFIER ::= {id-ce 34} +id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= + {id-ce 35} + +id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36} + +id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} + +id-ce-cRLStreamIdentifier OBJECT IDENTIFIER ::= {id-ce 40} + +id-ce-cRLScope OBJECT IDENTIFIER ::= {id-ce 44} + +id-ce-statusReferrals OBJECT IDENTIFIER ::= {id-ce 45} + +id-ce-freshestCRL OBJECT IDENTIFIER ::= {id-ce 46} + +id-ce-orderedList OBJECT IDENTIFIER ::= {id-ce 47} + +id-ce-baseUpdateTime OBJECT IDENTIFIER ::= {id-ce 51} + +id-ce-deltaInfo OBJECT IDENTIFIER ::= {id-ce 53} + +id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54} + +id-ce-AAissuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 55} + +-- matching rule OIDs +id-mr-certificateExactMatch OBJECT IDENTIFIER ::= + {id-mr 34} + +id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35} + +id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36} + +id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37} + +id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38} + +id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39} + +id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40} + +id-mr-policyMatch OBJECT IDENTIFIER ::= {id-mr 60} + +id-mr-pkiPathMatch OBJECT IDENTIFIER ::= {id-mr 62} + +-- The following OBJECT IDENTIFIERS are not used by this Specification: +-- {id-ce 2}, {id-ce 3}, {id-ce 4}, {id-ce 5}, {id-ce 6}, {id-ce 7}, +-- {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13}, +-- {id-ce 22}, {id-ce 25}, {id-ce 26} + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + -- cgit v1.2.3