| blob | 0ec3b695ebebeb9c50a6015e9e25c4f226bf2f1a |
1 -- $Id$ --
2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
8 Version ::= INTEGER {
9 rfc3280_version_1(0),
10 rfc3280_version_2(1),
11 rfc3280_version_3(2)
12 }
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
25 rsadsi(113549) pkcs(1) 2 }
26 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
27 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
28 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
30 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
31 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
33 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
34 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
35 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
37 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
38 rsadsi(113549) pkcs(1) 3 }
40 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
41 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
42 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
44 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
45 rsadsi(113549) 3 }
47 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
48 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
50 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
51 oiw(14) secsig(3) algorithm(2) 26 }
53 id-nistAlgorithm OBJECT IDENTIFIER ::= {
54 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
56 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
58 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
59 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
60 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
62 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
64 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
65 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
66 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
67 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
69 id-dhpublicnumber OBJECT IDENTIFIER ::= {
70 iso(1) member-body(2) us(840) ansi-x942(10046)
71 number-type(2) 1 }
73 id-x9-57 OBJECT IDENTIFIER ::= {
74 iso(1) member-body(2) us(840) ansi-x942(10046)
75 4 }
77 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
78 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
80 -- x.520 names types
82 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
84 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
85 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
86 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
87 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
88 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
89 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
90 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
91 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
92 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
93 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
94 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
95 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
96 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
97 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
98 -- RFC 2247
99 id-Userid OBJECT IDENTIFIER ::=
100 { 0 9 2342 19200300 100 1 1 }
101 id-domainComponent OBJECT IDENTIFIER ::=
102 { 0 9 2342 19200300 100 1 25 }
105 -- rfc3280
107 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
109 AlgorithmIdentifier ::= SEQUENCE {
110 algorithm OBJECT IDENTIFIER,
111 parameters heim_any OPTIONAL
112 }
114 AttributeType ::= OBJECT IDENTIFIER
116 AttributeValue ::= heim_any
118 TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
120 DirectoryString ::= CHOICE {
121 ia5String IA5String,
122 teletexString TeletexStringx,
123 printableString PrintableString,
124 universalString UniversalString,
125 utf8String UTF8String,
126 bmpString BMPString
127 }
129 Attribute ::= SEQUENCE {
130 type AttributeType,
131 value SET OF -- AttributeValue -- heim_any
132 }
134 AttributeTypeAndValue ::= SEQUENCE {
135 type AttributeType,
136 value DirectoryString
137 }
139 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
141 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
143 Name ::= CHOICE {
144 rdnSequence RDNSequence
145 }
147 CertificateSerialNumber ::= INTEGER
149 Time ::= CHOICE {
150 utcTime UTCTime,
151 generalTime GeneralizedTime
152 }
154 Validity ::= SEQUENCE {
155 notBefore Time,
156 notAfter Time
157 }
159 UniqueIdentifier ::= BIT STRING
161 SubjectPublicKeyInfo ::= SEQUENCE {
162 algorithm AlgorithmIdentifier,
163 subjectPublicKey BIT STRING
164 }
166 Extension ::= SEQUENCE {
167 extnID OBJECT IDENTIFIER,
168 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
169 extnValue OCTET STRING
170 }
172 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
174 TBSCertificate ::= SEQUENCE {
175 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
176 serialNumber CertificateSerialNumber,
177 signature AlgorithmIdentifier,
178 issuer Name,
179 validity Validity,
180 subject Name,
181 subjectPublicKeyInfo SubjectPublicKeyInfo,
182 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
183 -- If present, version shall be v2 or v3
184 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
185 -- If present, version shall be v2 or v3
186 extensions [3] EXPLICIT Extensions OPTIONAL
187 -- If present, version shall be v3
188 }
190 Certificate ::= SEQUENCE {
191 tbsCertificate TBSCertificate,
192 signatureAlgorithm AlgorithmIdentifier,
193 signatureValue BIT STRING
194 }
196 Certificates ::= SEQUENCE OF Certificate
198 ValidationParms ::= SEQUENCE {
199 seed BIT STRING,
200 pgenCounter INTEGER
201 }
203 DomainParameters ::= SEQUENCE {
204 p INTEGER, -- odd prime, p=jq +1
205 g INTEGER, -- generator, g
206 q INTEGER, -- factor of p-1
207 j INTEGER OPTIONAL, -- subgroup factor
208 validationParms ValidationParms OPTIONAL -- ValidationParms
209 }
211 DHPublicKey ::= INTEGER
213 OtherName ::= SEQUENCE {
214 type-id OBJECT IDENTIFIER,
215 value [0] EXPLICIT heim_any
216 }
218 GeneralName ::= CHOICE {
219 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
220 type-id OBJECT IDENTIFIER,
221 value [0] EXPLICIT heim_any
222 },
223 rfc822Name [1] IMPLICIT IA5String,
224 dNSName [2] IMPLICIT IA5String,
225 -- x400Address [3] IMPLICIT ORAddress,--
226 directoryName [4] IMPLICIT -- Name -- CHOICE {
227 rdnSequence RDNSequence
228 },
229 -- ediPartyName [5] IMPLICIT EDIPartyName, --
230 uniformResourceIdentifier [6] IMPLICIT IA5String,
231 iPAddress [7] IMPLICIT OCTET STRING,
232 registeredID [8] IMPLICIT OBJECT IDENTIFIER
233 }
235 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
237 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
239 KeyUsage ::= BIT STRING {
240 digitalSignature (0),
241 nonRepudiation (1),
242 keyEncipherment (2),
243 dataEncipherment (3),
244 keyAgreement (4),
245 keyCertSign (5),
246 cRLSign (6),
247 encipherOnly (7),
248 decipherOnly (8)
249 }
251 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
253 KeyIdentifier ::= OCTET STRING
255 AuthorityKeyIdentifier ::= SEQUENCE {
256 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
257 authorityCertIssuer [1] IMPLICIT -- GeneralName --
258 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
259 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
260 }
262 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
264 SubjectKeyIdentifier ::= KeyIdentifier
266 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
268 BasicConstraints ::= SEQUENCE {
269 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
270 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
271 }
273 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
275 BaseDistance ::= INTEGER -- (0..MAX) --
277 GeneralSubtree ::= SEQUENCE {
278 base GeneralName,
279 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
280 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
281 }
283 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
285 NameConstraints ::= SEQUENCE {
286 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
287 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
288 }
290 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
291 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
292 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
293 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
294 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
295 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
296 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
298 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
300 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
302 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
303 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
304 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
305 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
306 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
307 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
308 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
310 DistributionPointReasonFlags ::= BIT STRING {
311 unused (0),
312 keyCompromise (1),
313 cACompromise (2),
314 affiliationChanged (3),
315 superseded (4),
316 cessationOfOperation (5),
317 certificateHold (6),
318 privilegeWithdrawn (7),
319 aACompromise (8)
320 }
322 DistributionPointName ::= CHOICE {
323 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
324 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
325 }
327 DistributionPoint ::= SEQUENCE {
328 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
329 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
330 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
331 }
333 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
336 -- rfc3279
338 DSASigValue ::= SEQUENCE {
339 r INTEGER,
340 s INTEGER
341 }
343 DSAPublicKey ::= INTEGER
345 DSAParams ::= SEQUENCE {
346 p INTEGER,
347 q INTEGER,
348 g INTEGER
349 }
351 -- really pkcs1
353 RSAPublicKey ::= SEQUENCE {
354 modulus INTEGER, -- n
355 publicExponent INTEGER -- e
356 }
358 RSAPrivateKey ::= SEQUENCE {
359 version INTEGER (0..4294967295),
360 modulus INTEGER, -- n
361 publicExponent INTEGER, -- e
362 privateExponent INTEGER, -- d
363 prime1 INTEGER, -- p
364 prime2 INTEGER, -- q
365 exponent1 INTEGER, -- d mod (p-1)
366 exponent2 INTEGER, -- d mod (q-1)
367 coefficient INTEGER -- (inverse of q) mod p
368 }
370 DigestInfo ::= SEQUENCE {
371 digestAlgorithm AlgorithmIdentifier,
372 digest OCTET STRING
373 }
375 -- some ms ext
377 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
379 -- UNICODESTRING (0x1E tag)
381 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
383 -- TemplateVersion ::= INTEGER (0..4294967295)
385 -- CertificateTemplate ::= SEQUENCE {
386 -- templateID OBJECT IDENTIFIER,
387 -- templateMajorVersion TemplateVersion,
388 -- templateMinorVersion TemplateVersion OPTIONAL
389 -- }
392 --
393 -- CRL
394 --
396 TBSCRLCertList ::= SEQUENCE {
397 version Version OPTIONAL, -- if present, MUST be v2
398 signature AlgorithmIdentifier,
399 issuer Name,
400 thisUpdate Time,
401 nextUpdate Time OPTIONAL,
402 revokedCertificates SEQUENCE OF SEQUENCE {
403 userCertificate CertificateSerialNumber,
404 revocationDate Time,
405 crlEntryExtensions Extensions OPTIONAL
406 -- if present, MUST be v2
407 } OPTIONAL,
408 crlExtensions [0] EXPLICIT Extensions OPTIONAL
409 -- if present, MUST be v2
410 }
413 CRLCertificateList ::= SEQUENCE {
414 tbsCertList TBSCRLCertList,
415 signatureAlgorithm AlgorithmIdentifier,
416 signatureValue BIT STRING
417 }
419 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
420 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
421 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
423 CRLReason ::= ENUMERATED {
424 unspecified (0),
425 keyCompromise (1),
426 cACompromise (2),
427 affiliationChanged (3),
428 superseded (4),
429 cessationOfOperation (5),
430 certificateHold (6),
431 removeFromCRL (8),
432 privilegeWithdrawn (9),
433 aACompromise (10)
434 }
436 PKIXXmppAddr ::= UTF8String
438 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
439 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
441 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
442 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
443 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
445 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
446 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
447 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
448 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
449 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
450 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
452 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
454 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
456 AccessDescription ::= SEQUENCE {
457 accessMethod OBJECT IDENTIFIER,
458 accessLocation GeneralName
459 }
461 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
463 -- RFC 3820 Proxy Certificate Profile
465 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
467 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
469 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
470 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
471 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
473 ProxyPolicy ::= SEQUENCE {
474 policyLanguage OBJECT IDENTIFIER,
475 policy OCTET STRING OPTIONAL
476 }
478 ProxyCertInfo ::= SEQUENCE {
479 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
480 proxyPolicy ProxyPolicy
481 }
483 --- U.S. Federal PKI Common Policy Framework
484 -- Card Authentication key
485 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
486 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
488 --- Netscape extentions
490 id-netscape OBJECT IDENTIFIER ::=
491 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
492 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
494 --- MS extentions
496 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
497 { 1 3 6 1 4 1 311 20 2 }
499 id-ms-client-authentication OBJECT IDENTIFIER ::=
500 { 1 3 6 1 5 5 7 3 2 }
502 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
504 END