2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-nistAlgorithm OBJECT IDENTIFIER ::= {
56 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
58 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
60 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
61 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
62 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
64 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
66 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
67 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
68 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
69 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
71 id-dhpublicnumber OBJECT IDENTIFIER ::= {
72 iso(1) member-body(2) us(840) ansi-x942(10046)
77 id-ecPublicKey OBJECT IDENTIFIER ::= {
78 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
80 id-ecDH OBJECT IDENTIFIER ::= {
81 iso(1) identified-organization(3) certicom(132) schemes(1)
84 id-ecMQV OBJECT IDENTIFIER ::= {
85 iso(1) identified-organization(3) certicom(132) schemes(1)
88 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
89 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
90 ecdsa-with-SHA2(3) 2 }
92 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
93 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
97 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
98 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
101 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
102 iso(1) identified-organization(3) certicom(132) 0 8 }
104 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 30 }
109 id-x9-57 OBJECT IDENTIFIER ::= {
110 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
112 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
113 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
117 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
119 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
120 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
121 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
122 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
123 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
124 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
125 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
126 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
127 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
128 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
129 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
130 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
131 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
132 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
134 id-Userid OBJECT IDENTIFIER ::=
135 { 0 9 2342 19200300 100 1 1 }
136 id-domainComponent OBJECT IDENTIFIER ::=
137 { 0 9 2342 19200300 100 1 25 }
142 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
144 AlgorithmIdentifier ::= SEQUENCE {
145 algorithm OBJECT IDENTIFIER,
146 parameters heim_any OPTIONAL
149 AttributeType ::= OBJECT IDENTIFIER
151 AttributeValue ::= heim_any
153 TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
155 DirectoryString ::= CHOICE {
157 teletexString TeletexStringx,
158 printableString PrintableString,
159 universalString UniversalString,
160 utf8String UTF8String,
164 Attribute ::= SEQUENCE {
166 value SET OF -- AttributeValue -- heim_any
169 AttributeTypeAndValue ::= SEQUENCE {
171 value DirectoryString
174 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
176 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
179 rdnSequence RDNSequence
182 CertificateSerialNumber ::= INTEGER
186 generalTime GeneralizedTime
189 Validity ::= SEQUENCE {
194 UniqueIdentifier ::= BIT STRING
196 SubjectPublicKeyInfo ::= SEQUENCE {
197 algorithm AlgorithmIdentifier,
198 subjectPublicKey BIT STRING
201 Extension ::= SEQUENCE {
202 extnID OBJECT IDENTIFIER,
203 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
204 extnValue OCTET STRING
207 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
209 TBSCertificate ::= SEQUENCE {
210 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
211 serialNumber CertificateSerialNumber,
212 signature AlgorithmIdentifier,
216 subjectPublicKeyInfo SubjectPublicKeyInfo,
217 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
218 -- If present, version shall be v2 or v3
219 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
220 -- If present, version shall be v2 or v3
221 extensions [3] EXPLICIT Extensions OPTIONAL
222 -- If present, version shall be v3
225 Certificate ::= SEQUENCE {
226 tbsCertificate TBSCertificate,
227 signatureAlgorithm AlgorithmIdentifier,
228 signatureValue BIT STRING
231 Certificates ::= SEQUENCE OF Certificate
233 ValidationParms ::= SEQUENCE {
238 DomainParameters ::= SEQUENCE {
239 p INTEGER, -- odd prime, p=jq +1
240 g INTEGER, -- generator, g
241 q INTEGER, -- factor of p-1
242 j INTEGER OPTIONAL, -- subgroup factor
243 validationParms ValidationParms OPTIONAL -- ValidationParms
246 DHPublicKey ::= INTEGER
248 OtherName ::= SEQUENCE {
249 type-id OBJECT IDENTIFIER,
250 value [0] EXPLICIT heim_any
253 GeneralName ::= CHOICE {
254 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
255 type-id OBJECT IDENTIFIER,
256 value [0] EXPLICIT heim_any
258 rfc822Name [1] IMPLICIT IA5String,
259 dNSName [2] IMPLICIT IA5String,
260 -- x400Address [3] IMPLICIT ORAddress,--
261 directoryName [4] IMPLICIT -- Name -- CHOICE {
262 rdnSequence RDNSequence
264 -- ediPartyName [5] IMPLICIT EDIPartyName, --
265 uniformResourceIdentifier [6] IMPLICIT IA5String,
266 iPAddress [7] IMPLICIT OCTET STRING,
267 registeredID [8] IMPLICIT OBJECT IDENTIFIER
270 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
272 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
274 KeyUsage ::= BIT STRING {
275 digitalSignature (0),
278 dataEncipherment (3),
286 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
288 KeyIdentifier ::= OCTET STRING
290 AuthorityKeyIdentifier ::= SEQUENCE {
291 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
292 authorityCertIssuer [1] IMPLICIT -- GeneralName --
293 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
294 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
297 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
299 SubjectKeyIdentifier ::= KeyIdentifier
301 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
303 BasicConstraints ::= SEQUENCE {
304 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
305 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
308 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
310 BaseDistance ::= INTEGER -- (0..MAX) --
312 GeneralSubtree ::= SEQUENCE {
314 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
315 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
318 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
320 NameConstraints ::= SEQUENCE {
321 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
322 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
325 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
326 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
327 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
328 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
329 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
330 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
331 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
333 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
335 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
337 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
338 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
339 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
340 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
341 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
342 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
343 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
345 DistributionPointReasonFlags ::= BIT STRING {
349 affiliationChanged (3),
351 cessationOfOperation (5),
353 privilegeWithdrawn (7),
357 DistributionPointName ::= CHOICE {
358 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
359 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
362 DistributionPoint ::= SEQUENCE {
363 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
364 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
365 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
368 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
373 DSASigValue ::= SEQUENCE {
378 DSAPublicKey ::= INTEGER
380 DSAParams ::= SEQUENCE {
386 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
388 ECPoint ::= OCTET STRING
390 ECParameters ::= CHOICE {
391 namedCurve OBJECT IDENTIFIER
392 -- implicitCurve NULL
393 -- specifiedCurve SpecifiedECDomain
396 ECDSA-Sig-Value ::= SEQUENCE {
403 RSAPublicKey ::= SEQUENCE {
404 modulus INTEGER, -- n
405 publicExponent INTEGER -- e
408 RSAPrivateKey ::= SEQUENCE {
409 version INTEGER (0..4294967295),
410 modulus INTEGER, -- n
411 publicExponent INTEGER, -- e
412 privateExponent INTEGER, -- d
415 exponent1 INTEGER, -- d mod (p-1)
416 exponent2 INTEGER, -- d mod (q-1)
417 coefficient INTEGER -- (inverse of q) mod p
420 DigestInfo ::= SEQUENCE {
421 digestAlgorithm AlgorithmIdentifier,
427 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
429 -- UNICODESTRING (0x1E tag)
431 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
433 -- TemplateVersion ::= INTEGER (0..4294967295)
435 -- CertificateTemplate ::= SEQUENCE {
436 -- templateID OBJECT IDENTIFIER,
437 -- templateMajorVersion TemplateVersion,
438 -- templateMinorVersion TemplateVersion OPTIONAL
446 TBSCRLCertList ::= SEQUENCE {
447 version Version OPTIONAL, -- if present, MUST be v2
448 signature AlgorithmIdentifier,
451 nextUpdate Time OPTIONAL,
452 revokedCertificates SEQUENCE OF SEQUENCE {
453 userCertificate CertificateSerialNumber,
455 crlEntryExtensions Extensions OPTIONAL
456 -- if present, MUST be v2
458 crlExtensions [0] EXPLICIT Extensions OPTIONAL
459 -- if present, MUST be v2
463 CRLCertificateList ::= SEQUENCE {
464 tbsCertList TBSCRLCertList,
465 signatureAlgorithm AlgorithmIdentifier,
466 signatureValue BIT STRING
469 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
470 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
471 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
473 CRLReason ::= ENUMERATED {
477 affiliationChanged (3),
479 cessationOfOperation (5),
482 privilegeWithdrawn (9),
486 PKIXXmppAddr ::= UTF8String
488 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
489 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
491 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
492 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
493 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
495 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
496 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
497 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
498 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
499 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
500 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
502 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
504 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
506 AccessDescription ::= SEQUENCE {
507 accessMethod OBJECT IDENTIFIER,
508 accessLocation GeneralName
511 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
513 -- RFC 3820 Proxy Certificate Profile
515 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
517 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
519 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
520 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
521 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
523 ProxyPolicy ::= SEQUENCE {
524 policyLanguage OBJECT IDENTIFIER,
525 policy OCTET STRING OPTIONAL
528 ProxyCertInfo ::= SEQUENCE {
529 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
530 proxyPolicy ProxyPolicy
533 --- U.S. Federal PKI Common Policy Framework
534 -- Card Authentication key
535 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
536 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
538 --- Netscape extentions
540 id-netscape OBJECT IDENTIFIER ::=
541 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
542 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
546 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
547 { 1 3 6 1 4 1 311 20 2 }
549 id-ms-client-authentication OBJECT IDENTIFIER ::=
550 { 1 3 6 1 5 5 7 3 2 }
552 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72