2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
25 rsadsi(113549) pkcs(1) 2 }
26 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
27 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
28 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
30 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
31 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
33 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
34 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
35 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
37 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
38 rsadsi(113549) pkcs(1) 3 }
40 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
41 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
42 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
44 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
48 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
50 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
51 oiw(14) secsig(3) algorithm(2) 26 }
53 id-nistAlgorithm OBJECT IDENTIFIER ::= {
54 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
56 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
58 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
59 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
60 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
62 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
64 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
65 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
66 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
67 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
69 id-dhpublicnumber OBJECT IDENTIFIER ::= {
70 iso(1) member-body(2) us(840) ansi-x942(10046)
73 id-x9-57 OBJECT IDENTIFIER ::= {
74 iso(1) member-body(2) us(840) ansi-x942(10046)
77 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
78 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
82 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
84 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
85 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
86 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
87 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
88 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
89 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
90 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
91 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
92 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
93 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
94 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
95 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
96 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
97 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
99 id-Userid OBJECT IDENTIFIER ::=
100 { 0 9 2342 19200300 100 1 1 }
101 id-domainComponent OBJECT IDENTIFIER ::=
102 { 0 9 2342 19200300 100 1 25 }
107 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
109 AlgorithmIdentifier ::= SEQUENCE {
110 algorithm OBJECT IDENTIFIER,
111 parameters heim_any OPTIONAL
114 AttributeType ::= OBJECT IDENTIFIER
116 AttributeValue ::= heim_any
118 TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
120 DirectoryString ::= CHOICE {
122 teletexString TeletexStringx,
123 printableString PrintableString,
124 universalString UniversalString,
125 utf8String UTF8String,
129 Attribute ::= SEQUENCE {
131 value SET OF -- AttributeValue -- heim_any
134 AttributeTypeAndValue ::= SEQUENCE {
136 value DirectoryString
139 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
141 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
144 rdnSequence RDNSequence
147 CertificateSerialNumber ::= INTEGER
151 generalTime GeneralizedTime
154 Validity ::= SEQUENCE {
159 UniqueIdentifier ::= BIT STRING
161 SubjectPublicKeyInfo ::= SEQUENCE {
162 algorithm AlgorithmIdentifier,
163 subjectPublicKey BIT STRING
166 Extension ::= SEQUENCE {
167 extnID OBJECT IDENTIFIER,
168 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
169 extnValue OCTET STRING
172 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
174 TBSCertificate ::= SEQUENCE {
175 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
176 serialNumber CertificateSerialNumber,
177 signature AlgorithmIdentifier,
181 subjectPublicKeyInfo SubjectPublicKeyInfo,
182 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
183 -- If present, version shall be v2 or v3
184 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
185 -- If present, version shall be v2 or v3
186 extensions [3] EXPLICIT Extensions OPTIONAL
187 -- If present, version shall be v3
190 Certificate ::= SEQUENCE {
191 tbsCertificate TBSCertificate,
192 signatureAlgorithm AlgorithmIdentifier,
193 signatureValue BIT STRING
196 Certificates ::= SEQUENCE OF Certificate
198 ValidationParms ::= SEQUENCE {
203 DomainParameters ::= SEQUENCE {
204 p INTEGER, -- odd prime, p=jq +1
205 g INTEGER, -- generator, g
206 q INTEGER, -- factor of p-1
207 j INTEGER OPTIONAL, -- subgroup factor
208 validationParms ValidationParms OPTIONAL -- ValidationParms
211 DHPublicKey ::= INTEGER
213 OtherName ::= SEQUENCE {
214 type-id OBJECT IDENTIFIER,
215 value [0] EXPLICIT heim_any
218 GeneralName ::= CHOICE {
219 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
220 type-id OBJECT IDENTIFIER,
221 value [0] EXPLICIT heim_any
223 rfc822Name [1] IMPLICIT IA5String,
224 dNSName [2] IMPLICIT IA5String,
225 -- x400Address [3] IMPLICIT ORAddress,--
226 directoryName [4] IMPLICIT -- Name -- CHOICE {
227 rdnSequence RDNSequence
229 -- ediPartyName [5] IMPLICIT EDIPartyName, --
230 uniformResourceIdentifier [6] IMPLICIT IA5String,
231 iPAddress [7] IMPLICIT OCTET STRING,
232 registeredID [8] IMPLICIT OBJECT IDENTIFIER
235 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
237 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
239 KeyUsage ::= BIT STRING {
240 digitalSignature (0),
243 dataEncipherment (3),
251 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
253 KeyIdentifier ::= OCTET STRING
255 AuthorityKeyIdentifier ::= SEQUENCE {
256 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
257 authorityCertIssuer [1] IMPLICIT -- GeneralName --
258 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
259 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
262 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
264 SubjectKeyIdentifier ::= KeyIdentifier
266 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
268 BasicConstraints ::= SEQUENCE {
269 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
270 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
273 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
275 BaseDistance ::= INTEGER -- (0..MAX) --
277 GeneralSubtree ::= SEQUENCE {
279 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
280 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
283 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
285 NameConstraints ::= SEQUENCE {
286 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
287 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
290 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
291 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
292 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
293 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
294 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
295 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
296 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
298 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
300 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
302 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
303 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
304 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
305 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
306 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
307 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
308 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
310 DistributionPointReasonFlags ::= BIT STRING {
314 affiliationChanged (3),
316 cessationOfOperation (5),
318 privilegeWithdrawn (7),
322 DistributionPointName ::= CHOICE {
323 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
324 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
327 DistributionPoint ::= SEQUENCE {
328 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
329 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
330 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
333 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
338 DSASigValue ::= SEQUENCE {
343 DSAPublicKey ::= INTEGER
345 DSAParams ::= SEQUENCE {
353 RSAPublicKey ::= SEQUENCE {
354 modulus INTEGER, -- n
355 publicExponent INTEGER -- e
358 RSAPrivateKey ::= SEQUENCE {
359 version INTEGER (0..4294967295),
360 modulus INTEGER, -- n
361 publicExponent INTEGER, -- e
362 privateExponent INTEGER, -- d
365 exponent1 INTEGER, -- d mod (p-1)
366 exponent2 INTEGER, -- d mod (q-1)
367 coefficient INTEGER -- (inverse of q) mod p
370 DigestInfo ::= SEQUENCE {
371 digestAlgorithm AlgorithmIdentifier,
377 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
379 -- UNICODESTRING (0x1E tag)
381 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
383 -- TemplateVersion ::= INTEGER (0..4294967295)
385 -- CertificateTemplate ::= SEQUENCE {
386 -- templateID OBJECT IDENTIFIER,
387 -- templateMajorVersion TemplateVersion,
388 -- templateMinorVersion TemplateVersion OPTIONAL
396 TBSCRLCertList ::= SEQUENCE {
397 version Version OPTIONAL, -- if present, MUST be v2
398 signature AlgorithmIdentifier,
401 nextUpdate Time OPTIONAL,
402 revokedCertificates SEQUENCE OF SEQUENCE {
403 userCertificate CertificateSerialNumber,
405 crlEntryExtensions Extensions OPTIONAL
406 -- if present, MUST be v2
408 crlExtensions [0] EXPLICIT Extensions OPTIONAL
409 -- if present, MUST be v2
413 CRLCertificateList ::= SEQUENCE {
414 tbsCertList TBSCRLCertList,
415 signatureAlgorithm AlgorithmIdentifier,
416 signatureValue BIT STRING
419 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
420 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
421 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
423 CRLReason ::= ENUMERATED {
427 affiliationChanged (3),
429 cessationOfOperation (5),
432 privilegeWithdrawn (9),
436 PKIXXmppAddr ::= UTF8String
438 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
439 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
441 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
442 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
443 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
445 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
446 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
447 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
448 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
449 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
450 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
452 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
454 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
456 AccessDescription ::= SEQUENCE {
457 accessMethod OBJECT IDENTIFIER,
458 accessLocation GeneralName
461 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
463 -- RFC 3820 Proxy Certificate Profile
465 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
467 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
469 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
470 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
471 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
473 ProxyPolicy ::= SEQUENCE {
474 policyLanguage OBJECT IDENTIFIER,
475 policy OCTET STRING OPTIONAL
478 ProxyCertInfo ::= SEQUENCE {
479 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
480 proxyPolicy ProxyPolicy
483 --- U.S. Federal PKI Common Policy Framework
484 -- Card Authentication key
485 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
486 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
488 --- Netscape extentions
490 id-netscape OBJECT IDENTIFIER ::=
491 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
492 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
496 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
497 { 1 3 6 1 4 1 311 20 2 }
499 id-ms-client-authentication OBJECT IDENTIFIER ::=
500 { 1 3 6 1 5 5 7 3 2 }
502 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72