From 9654cf5d6fe794d8abc4164d2460e08775e7b2e1 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 29 Oct 2015 21:42:01 +0100 Subject: Get rebar working --- asn1include/AuthenticationFramework.asn | 363 ++++++++++++++++++++++++++++++++ 1 file changed, 363 insertions(+) create mode 100644 asn1include/AuthenticationFramework.asn (limited to 'asn1include/AuthenticationFramework.asn') diff --git a/asn1include/AuthenticationFramework.asn b/asn1include/AuthenticationFramework.asn new file mode 100644 index 0000000..35b8164 --- /dev/null +++ b/asn1include/AuthenticationFramework.asn @@ -0,0 +1,363 @@ +-- Module AuthenticationFramework (X.509:03/2000) +AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + id-at, id-nf, id-oc, informationFramework, upperBounds, + selectedAttributeTypes, basicAccessControl, certificateExtensions + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + Name, ATTRIBUTE, OBJECT-CLASS, NAME-FORM, top + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + ub-user-password, ub-content + FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4} + UniqueIdentifier, octetStringMatch, DirectoryString{}, commonName + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + certificateExactMatch, certificatePairExactMatch, certificateListExactMatch, + KeyUsage, GeneralNames, CertificatePoliciesSyntax, + algorithmIdentifierMatch, CertPolicyId + FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 4}; + +-- public-key certificate definition +Certificate ::= + SIGNED + {SEQUENCE {version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- if present, version shall be v2 or v3 + subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- if present, version shall be v2 or v3 + extensions [3] Extensions OPTIONAL + }} -- If present, version shall be v3 + +Version ::= INTEGER {v1(0), v2(1), v3(2)} + +CertificateSerialNumber ::= INTEGER + +AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id({SupportedAlgorithms}), + parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL +} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the parameters component of AlgorithmIdentifier. +SupportedAlgorithms ALGORITHM ::= + {...} + +Validity ::= SEQUENCE {notBefore Time, + notAfter Time +} + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING +} + +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} + +Extensions ::= SEQUENCE OF Extension + +-- For those extensions where ordering of individual extensions within the SEQUENCE is significant, the +-- specification of those individual extensions shall include the rules for the significance of the order therein +Extension ::= SEQUENCE { + extnId EXTENSION.&id({ExtensionSet}), + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING +} + +-- contains a DER encoding of a value of type &ExtnType +-- for the extension object identified by extnId +ExtensionSet EXTENSION ::= + {...} + +EXTENSION ::= CLASS {&id OBJECT IDENTIFIER UNIQUE, + &ExtnType +}WITH SYNTAX {SYNTAX &ExtnType + IDENTIFIED BY &id +} + +-- other PKI certificate constructs +Certificates ::= SEQUENCE { + userCertificate Certificate, + certificationPath ForwardCertificationPath OPTIONAL +} + +ForwardCertificationPath ::= SEQUENCE OF CrossCertificates + +CrossCertificates ::= SET OF Certificate + +CertificationPath ::= SEQUENCE { + userCertificate Certificate, + theCACertificates SEQUENCE OF CertificatePair OPTIONAL +} + +CertificatePair ::= SEQUENCE { + forward [0] Certificate OPTIONAL, + reverse [1] Certificate OPTIONAL +} +-- at least one of the pair shall be present +(WITH COMPONENTS { + ..., + forward PRESENT + } | WITH COMPONENTS { + ..., + reverse PRESENT + }) + +-- certificate revocation list (CRL) +CertificateList ::= + SIGNED + {SEQUENCE {version Version OPTIONAL, + -- if present, version shall be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates + SEQUENCE OF + SEQUENCE {serialNumber CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL} OPTIONAL, + crlExtensions [0] Extensions OPTIONAL}} + +-- information object classes +ALGORITHM ::= TYPE-IDENTIFIER + +-- parameterized types +HASH{ToBeHashed} ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + hashValue + BIT STRING + (CONSTRAINED BY { + -- shall be the result of applying a hashing procedure to the DER-encoded octets + -- of a value of -- ToBeHashed}) +} + +ENCRYPTED-HASH{ToBeSigned} ::= + BIT STRING + (CONSTRAINED BY { + -- shall be the result of applying a hashing procedure to the DER-encoded (see 6.1) octets + -- of a value of --ToBeSigned -- and then applying an encipherment procedure to those octets --}) + +ENCRYPTED{ToBeEnciphered} ::= + BIT STRING + (CONSTRAINED BY { + -- shall be the result of applying an encipherment procedure + -- to the BER-encoded octets of a value of --ToBeEnciphered}) + +SIGNATURE{ToBeSigned} ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + encrypted ENCRYPTED-HASH{ToBeSigned} +} + +SIGNED{ToBeSigned} ::= SEQUENCE { + toBeSigned ToBeSigned, + COMPONENTS OF SIGNATURE{ToBeSigned} +} + +-- PKI object classes +pkiUser OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {userCertificate} + ID id-oc-pkiUser +} + +pkiCA OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN + {cACertificate | certificateRevocationList | authorityRevocationList | + crossCertificatePair} + ID id-oc-pkiCA +} + +cRLDistributionPoint OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND structural + MUST CONTAIN {commonName} + MAY CONTAIN + {certificateRevocationList | authorityRevocationList | deltaRevocationList} + ID id-oc-cRLDistributionPoint +} + +cRLDistPtNameForm NAME-FORM ::= { + NAMES cRLDistributionPoint + WITH ATTRIBUTES {commonName} + ID id-nf-cRLDistPtNameForm +} + +deltaCRL OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {deltaRevocationList} + ID id-oc-deltaCRL +} + +cpCps OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {certificatePolicy | certificationPracticeStmt} + ID id-oc-cpCps +} + +pkiCertPath OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND auxiliary + MAY CONTAIN {pkiPath} + ID id-oc-pkiCertPath +} + +-- PKI directory attributes +userCertificate ATTRIBUTE ::= { + WITH SYNTAX Certificate + EQUALITY MATCHING RULE certificateExactMatch + ID id-at-userCertificate +} + +cACertificate ATTRIBUTE ::= { + WITH SYNTAX Certificate + EQUALITY MATCHING RULE certificateExactMatch + ID id-at-cAcertificate +} + +crossCertificatePair ATTRIBUTE ::= { + WITH SYNTAX CertificatePair + EQUALITY MATCHING RULE certificatePairExactMatch + ID id-at-crossCertificatePair +} + +certificateRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-certificateRevocationList +} + +authorityRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-authorityRevocationList +} + +deltaRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-deltaRevocationList +} + +supportedAlgorithms ATTRIBUTE ::= { + WITH SYNTAX SupportedAlgorithm + EQUALITY MATCHING RULE algorithmIdentifierMatch + ID id-at-supportedAlgorithms +} + +SupportedAlgorithm ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + intendedUsage [0] KeyUsage OPTIONAL, + intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL +} + +certificationPracticeStmt ATTRIBUTE ::= { + WITH SYNTAX InfoSyntax + ID id-at-certificationPracticeStmt +} + +InfoSyntax ::= CHOICE { + content DirectoryString{ub-content}, + pointer SEQUENCE {name GeneralNames, + hash HASH{HashedPolicyInfo} OPTIONAL} +} + +POLICY ::= TYPE-IDENTIFIER + +HashedPolicyInfo ::= POLICY.&Type({Policies}) + +Policies POLICY ::= + {...} -- Defined by implementors + +certificatePolicy ATTRIBUTE ::= { + WITH SYNTAX PolicySyntax + ID id-at-certificatePolicy +} + +PolicySyntax ::= SEQUENCE { + policyIdentifier PolicyID, + policySyntax InfoSyntax +} + +PolicyID ::= CertPolicyId + +pkiPath ATTRIBUTE ::= {WITH SYNTAX PkiPath + ID id-at-pkiPath +} + +PkiPath ::= SEQUENCE OF CrossCertificates + +userPassword ATTRIBUTE ::= { + WITH SYNTAX OCTET STRING(SIZE (0..ub-user-password)) + EQUALITY MATCHING RULE octetStringMatch + ID id-at-userPassword +} + +-- object identifier assignments +-- object classes +id-oc-cRLDistributionPoint OBJECT IDENTIFIER ::= + {id-oc 19} + +id-oc-pkiUser OBJECT IDENTIFIER ::= {id-oc 21} + +id-oc-pkiCA OBJECT IDENTIFIER ::= {id-oc 22} + +id-oc-deltaCRL OBJECT IDENTIFIER ::= {id-oc 23} + +id-oc-cpCps OBJECT IDENTIFIER ::= {id-oc 30} + +id-oc-pkiCertPath OBJECT IDENTIFIER ::= {id-oc 31} + +--name forms +id-nf-cRLDistPtNameForm OBJECT IDENTIFIER ::= {id-nf 14} + +--directory attributes +id-at-userPassword OBJECT IDENTIFIER ::= {id-at 35} + +id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36} + +id-at-cAcertificate OBJECT IDENTIFIER ::= {id-at 37} + +id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38} + +id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39} + +id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40} + +id-at-supportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52} + +id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53} + +id-at-certificationPracticeStmt OBJECT IDENTIFIER ::= {id-at 68} + +id-at-certificatePolicy OBJECT IDENTIFIER ::= {id-at 69} + +id-at-pkiPath OBJECT IDENTIFIER ::= {id-at 70} + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + -- cgit v1.2.3