From dd10ccee1e3721329cb04b67ebf94e745d37481c Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 29 Oct 2015 22:22:17 +0100 Subject: Fix naming, remove include --- asn1include/AttributeCertificateDefinitions.asn1 | 500 +++++++++++++++++++++++ 1 file changed, 500 insertions(+) create mode 100644 asn1include/AttributeCertificateDefinitions.asn1 (limited to 'asn1include/AttributeCertificateDefinitions.asn1') diff --git a/asn1include/AttributeCertificateDefinitions.asn1 b/asn1include/AttributeCertificateDefinitions.asn1 new file mode 100644 index 0000000..d976ed9 --- /dev/null +++ b/asn1include/AttributeCertificateDefinitions.asn1 @@ -0,0 +1,500 @@ +-- Module AttributeCertificateDefinitions (X.509:03/2000) +AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1) + attributeCertificateDefinitions(32) 4} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS ALL +IMPORTS + id-at, id-ce, id-mr, informationFramework, authenticationFramework, + selectedAttributeTypes, upperBounds, id-oc, certificateExtensions + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE, + AttributeType, OBJECT-CLASS, top + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION, + SIGNED{}, InfoSyntax, PolicySyntax, Extensions, Certificate + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4} + DirectoryString{}, TimeSpecification, UniqueIdentifier + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + GeneralName, GeneralNames, NameConstraintsSyntax, certificateListExactMatch + FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 4} + ub-name + FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4} + UserNotice + FROM PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)} + ORAddress + FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mts-abstract-service(1) version-1999(1)}; + +-- Unless explicitly noted otherwise, there is no significance to the ordering +-- of components of a SEQUENCE OF construct in this Specification. +-- attribute certificate constructs +AttributeCertificate ::= + SIGNED{AttributeCertificateInfo} + +AttributeCertificateInfo ::= SEQUENCE { + version AttCertVersion, -- version is v2 + holder Holder, + issuer AttCertIssuer, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attrCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL +} + +AttCertVersion ::= INTEGER {v1(0), v2(1)} + +Holder ::= SEQUENCE { + baseCertificateID [0] IssuerSerial OPTIONAL, + -- the issuer and serial number of the holder's Public Key Certificate + entityName [1] GeneralNames OPTIONAL, + -- the name of the entity or role + objectDigestInfo [2] ObjectDigestInfo OPTIONAL-- used to directly authenticate the holder, e.g. an executable +-- at least one of baseCertificateID, entityName or objectDigestInfo shall be present +} + +ObjectDigestInfo ::= SEQUENCE { + digestedObjectType + ENUMERATED {publicKey(0), publicKeyCert(1), otherObjectTypes(2)}, + otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, + digestAlgorithm AlgorithmIdentifier, + objectDigest BIT STRING +} + +AttCertIssuer ::= [0] SEQUENCE { + issuerName GeneralNames OPTIONAL, + baseCertificateID [0] IssuerSerial OPTIONAL, + objectDigestInfo [1] ObjectDigestInfo OPTIONAL +} +-- At least one component shall be present +(WITH COMPONENTS { + ..., + issuerName PRESENT + } | WITH COMPONENTS { + ..., + baseCertificateID PRESENT + } | WITH COMPONENTS { + ..., + objectDigestInfo PRESENT + }) + +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL +} + +AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime +} + +AttributeCertificationPath ::= SEQUENCE { + attributeCertificate AttributeCertificate, + acPath SEQUENCE OF ACPathData OPTIONAL +} + +ACPathData ::= SEQUENCE { + certificate [0] Certificate OPTIONAL, + attributeCertificate [1] AttributeCertificate OPTIONAL +} + +PrivilegePolicy ::= OBJECT IDENTIFIER + +-- privilege attributes +role ATTRIBUTE ::= {WITH SYNTAX RoleSyntax + ID id-at-role +} + +RoleSyntax ::= SEQUENCE { + roleAuthority [0] GeneralNames OPTIONAL, + roleName [1] GeneralName +} + +-- PMI object classes +pmiUser OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {attributeCertificateAttribute} + ID id-oc-pmiUser +} + +pmiAA OBJECT-CLASS ::= { + -- a PMI AA + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN + {aACertificate | attributeCertificateRevocationList | + attributeAuthorityRevocationList} + ID id-oc-pmiAA +} + +pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN + {attributeCertificateRevocationList | attributeAuthorityRevocationList | + attributeDescriptorCertificate} + ID id-oc-pmiSOA +} + +attCertCRLDistributionPt OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN + {attributeCertificateRevocationList | attributeAuthorityRevocationList} + ID id-oc-attCertCRLDistributionPts +} + +pmiDelegationPath OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {delegationPath} + ID id-oc-pmiDelegationPath +} + +privilegePolicy OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {privPolicy} + ID id-oc-privilegePolicy +} + +-- PMI directory attributes +attributeCertificateAttribute ATTRIBUTE ::= { + WITH SYNTAX AttributeCertificate + EQUALITY MATCHING RULE attributeCertificateExactMatch + ID id-at-attributeCertificate +} + +aACertificate ATTRIBUTE ::= { + WITH SYNTAX AttributeCertificate + EQUALITY MATCHING RULE attributeCertificateExactMatch + ID id-at-aACertificate +} + +attributeDescriptorCertificate ATTRIBUTE ::= { + WITH SYNTAX AttributeCertificate + EQUALITY MATCHING RULE attributeCertificateExactMatch + ID id-at-attributeDescriptorCertificate +} + +attributeCertificateRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-attributeCertificateRevocationList +} + +attributeAuthorityRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-attributeAuthorityRevocationList +} + +delegationPath ATTRIBUTE ::= { + WITH SYNTAX AttCertPath + ID id-at-delegationPath +} + +AttCertPath ::= SEQUENCE OF AttributeCertificate + +privPolicy ATTRIBUTE ::= { + WITH SYNTAX PolicySyntax + ID id-at-privPolicy +} + +--Attribute certificate extensions and matching rules +attributeCertificateExactMatch MATCHING-RULE ::= { + SYNTAX AttributeCertificateExactAssertion + ID id-mr-attributeCertificateExactMatch +} + +AttributeCertificateExactAssertion ::= SEQUENCE { + serialNumber CertificateSerialNumber, + issuer AttCertIssuer +} + +attributeCertificateMatch MATCHING-RULE ::= { + SYNTAX AttributeCertificateAssertion + ID id-mr-attributeCertificateMatch +} + +AttributeCertificateAssertion ::= SEQUENCE { + holder + [0] CHOICE {baseCertificateID [0] IssuerSerial, + holderName [1] GeneralNames} OPTIONAL, + issuer [1] GeneralNames OPTIONAL, + attCertValidity [2] GeneralizedTime OPTIONAL, + attType [3] SET OF AttributeType OPTIONAL +} + +-- At least one component of the sequence shall be present +holderIssuerMatch MATCHING-RULE ::= { + SYNTAX HolderIssuerAssertion + ID id-mr-holderIssuerMatch +} + +HolderIssuerAssertion ::= SEQUENCE { + holder [0] Holder OPTIONAL, + issuer [1] AttCertIssuer OPTIONAL +} + +delegationPathMatch MATCHING-RULE ::= { + SYNTAX DelMatchSyntax + ID id-mr-delegationPathMatch +} + +DelMatchSyntax ::= SEQUENCE {firstIssuer AttCertIssuer, + lastHolder Holder +} + +sOAIdentifier EXTENSION ::= { + SYNTAX NULL + IDENTIFIED BY id-ce-sOAIdentifier +} + +authorityAttributeIdentifier EXTENSION ::= { + SYNTAX AuthorityAttributeIdentifierSyntax + IDENTIFIED BY {id-ce-authorityAttributeIdentifier} +} + +AuthorityAttributeIdentifierSyntax ::= SEQUENCE SIZE (1..MAX) OF AuthAttId + +AuthAttId ::= IssuerSerial + +authAttIdMatch MATCHING-RULE ::= { + SYNTAX AuthorityAttributeIdentifierSyntax + ID id-mr-authAttIdMatch +} + +roleSpecCertIdentifier EXTENSION ::= { + SYNTAX RoleSpecCertIdentifierSyntax + IDENTIFIED BY {id-ce-roleSpecCertIdentifier} +} + +RoleSpecCertIdentifierSyntax ::= + SEQUENCE SIZE (1..MAX) OF RoleSpecCertIdentifier + +RoleSpecCertIdentifier ::= SEQUENCE { + roleName [0] GeneralName, + roleCertIssuer [1] GeneralName, + roleCertSerialNumber [2] CertificateSerialNumber OPTIONAL, + roleCertLocator [3] GeneralNames OPTIONAL +} + +roleSpecCertIdMatch MATCHING-RULE ::= { + SYNTAX RoleSpecCertIdentifierSyntax + ID id-mr-roleSpecCertIdMatch +} + +basicAttConstraints EXTENSION ::= { + SYNTAX BasicAttConstraintsSyntax + IDENTIFIED BY {id-ce-basicAttConstraints} +} + +BasicAttConstraintsSyntax ::= SEQUENCE { + authority BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER(0..MAX) OPTIONAL +} + +basicAttConstraintsMatch MATCHING-RULE ::= { + SYNTAX BasicAttConstraintsSyntax + ID id-mr-basicAttConstraintsMatch +} + +delegatedNameConstraints EXTENSION ::= { + SYNTAX NameConstraintsSyntax + IDENTIFIED BY id-ce-delegatedNameConstraints +} + +delegatedNameConstraintsMatch MATCHING-RULE ::= { + SYNTAX NameConstraintsSyntax + ID id-mr-delegatedNameConstraintsMatch +} + +timeSpecification EXTENSION ::= { + SYNTAX TimeSpecification + IDENTIFIED BY id-ce-timeSpecification +} + +timeSpecificationMatch MATCHING-RULE ::= { + SYNTAX TimeSpecification + ID id-mr-timeSpecMatch +} + +acceptableCertPolicies EXTENSION ::= { + SYNTAX AcceptableCertPoliciesSyntax + IDENTIFIED BY id-ce-acceptableCertPolicies +} + +AcceptableCertPoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId + +CertPolicyId ::= OBJECT IDENTIFIER + +acceptableCertPoliciesMatch MATCHING-RULE ::= { + SYNTAX AcceptableCertPoliciesSyntax + ID id-mr-acceptableCertPoliciesMatch +} + +attributeDescriptor EXTENSION ::= { + SYNTAX AttributeDescriptorSyntax + IDENTIFIED BY {id-ce-attributeDescriptor} +} + +AttributeDescriptorSyntax ::= SEQUENCE { + identifier AttributeIdentifier, + attributeSyntax OCTET STRING(SIZE (1..MAX)), + name [0] AttributeName OPTIONAL, + description [1] AttributeDescription OPTIONAL, + dominationRule PrivilegePolicyIdentifier +} + +AttributeIdentifier ::= ATTRIBUTE.&id({AttributeIDs}) + +AttributeIDs ATTRIBUTE ::= + {...} + +AttributeName ::= UTF8String(SIZE (1..MAX)) + +AttributeDescription ::= UTF8String(SIZE (1..MAX)) + +PrivilegePolicyIdentifier ::= SEQUENCE { + privilegePolicy PrivilegePolicy, + privPolSyntax InfoSyntax +} + +attDescriptor MATCHING-RULE ::= { + SYNTAX AttributeDescriptorSyntax + ID id-mr-attDescriptorMatch +} + +userNotice EXTENSION ::= { + SYNTAX SEQUENCE SIZE (1..MAX) OF UserNotice + IDENTIFIED BY id-ce-userNotice +} + +targetingInformation EXTENSION ::= { + SYNTAX SEQUENCE SIZE (1..MAX) OF Targets + IDENTIFIED BY id-ce-targetInformation +} + +Targets ::= SEQUENCE SIZE (1..MAX) OF Target + +Target ::= CHOICE { + targetName [0] GeneralName, + targetGroup [1] GeneralName, + targetCert [2] TargetCert +} + +TargetCert ::= SEQUENCE { + targetCertificate IssuerSerial, + targetName GeneralName OPTIONAL, + certDigestInfo ObjectDigestInfo OPTIONAL +} + +noRevAvail EXTENSION ::= {SYNTAX NULL + IDENTIFIED BY id-ce-noRevAvail +} + +acceptablePrivilegePolicies EXTENSION ::= { + SYNTAX AcceptablePrivilegePoliciesSyntax + IDENTIFIED BY id-ce-acceptablePrivilegePolicies +} + +AcceptablePrivilegePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PrivilegePolicy + +-- object identifier assignments +-- object classes +id-oc-pmiUser OBJECT IDENTIFIER ::= + {id-oc 24} + +id-oc-pmiAA OBJECT IDENTIFIER ::= {id-oc 25} + +id-oc-pmiSOA OBJECT IDENTIFIER ::= {id-oc 26} + +id-oc-attCertCRLDistributionPts OBJECT IDENTIFIER ::= {id-oc 27} + +id-oc-privilegePolicy OBJECT IDENTIFIER ::= {id-oc 32} + +id-oc-pmiDelegationPath OBJECT IDENTIFIER ::= {id-oc 33} + +-- directory attributes +id-at-attributeCertificate OBJECT IDENTIFIER ::= + {id-at 58} + +id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} + +id-at-aACertificate OBJECT IDENTIFIER ::= {id-at 61} + +id-at-attributeDescriptorCertificate OBJECT IDENTIFIER ::= {id-at 62} + +id-at-attributeAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 63} + +id-at-privPolicy OBJECT IDENTIFIER ::= {id-at 71} + +id-at-role OBJECT IDENTIFIER ::= {id-at 72} + +id-at-delegationPath OBJECT IDENTIFIER ::= {id-at 73} + +--attribute certificate extensions +id-ce-authorityAttributeIdentifier OBJECT IDENTIFIER ::= + {id-ce 38} + +id-ce-roleSpecCertIdentifier OBJECT IDENTIFIER ::= {id-ce 39} + +id-ce-basicAttConstraints OBJECT IDENTIFIER ::= {id-ce 41} + +id-ce-delegatedNameConstraints OBJECT IDENTIFIER ::= {id-ce 42} + +id-ce-timeSpecification OBJECT IDENTIFIER ::= {id-ce 43} + +id-ce-attributeDescriptor OBJECT IDENTIFIER ::= {id-ce 48} + +id-ce-userNotice OBJECT IDENTIFIER ::= {id-ce 49} + +id-ce-sOAIdentifier OBJECT IDENTIFIER ::= {id-ce 50} + +id-ce-acceptableCertPolicies OBJECT IDENTIFIER ::= {id-ce 52} + +id-ce-targetInformation OBJECT IDENTIFIER ::= {id-ce 55} + +id-ce-noRevAvail OBJECT IDENTIFIER ::= {id-ce 56} + +id-ce-acceptablePrivilegePolicies OBJECT IDENTIFIER ::= {id-ce 57} + +-- PMI matching rules +id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= + {id-mr 42} + +id-mr-attributeCertificateExactMatch OBJECT IDENTIFIER ::= {id-mr 45} + +id-mr-holderIssuerMatch OBJECT IDENTIFIER ::= {id-mr 46} + +id-mr-authAttIdMatch OBJECT IDENTIFIER ::= {id-mr 53} + +id-mr-roleSpecCertIdMatch OBJECT IDENTIFIER ::= {id-mr 54} + +id-mr-basicAttConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 55} + +id-mr-delegatedNameConstraintsMatch OBJECT IDENTIFIER ::= {id-mr 56} + +id-mr-timeSpecMatch OBJECT IDENTIFIER ::= {id-mr 57} + +id-mr-attDescriptorMatch OBJECT IDENTIFIER ::= {id-mr 58} + +id-mr-acceptableCertPoliciesMatch OBJECT IDENTIFIER ::= {id-mr 59} + +id-mr-delegationPathMatch OBJECT IDENTIFIER ::= {id-mr 61} + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + -- cgit v1.2.3