2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-nistAlgorithm OBJECT IDENTIFIER ::= {
56 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
58 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
60 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
61 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
62 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
64 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
66 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
67 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
68 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
69 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
71 id-dhpublicnumber OBJECT IDENTIFIER ::= {
72 iso(1) member-body(2) us(840) ansi-x942(10046)
77 id-ecPublicKey OBJECT IDENTIFIER ::= {
78 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
80 id-ecDH OBJECT IDENTIFIER ::= {
81 iso(1) identified-organization(3) certicom(132) schemes(1)
84 id-ecMQV OBJECT IDENTIFIER ::= {
85 iso(1) identified-organization(3) certicom(132) schemes(1)
88 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
89 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
90 ecdsa-with-SHA2(3) 2 }
92 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
93 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
97 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
98 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
101 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
102 iso(1) identified-organization(3) certicom(132) 0 8 }
104 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 30 }
109 id-x9-57 OBJECT IDENTIFIER ::= {
110 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
112 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
113 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
117 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
119 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
120 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
121 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
122 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
123 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
124 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
125 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
126 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
127 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
128 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
129 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
130 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
131 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
132 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
134 id-Userid OBJECT IDENTIFIER ::=
135 { 0 9 2342 19200300 100 1 1 }
136 id-domainComponent OBJECT IDENTIFIER ::=
137 { 0 9 2342 19200300 100 1 25 }
142 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
144 AlgorithmIdentifier ::= SEQUENCE {
145 algorithm OBJECT IDENTIFIER,
146 parameters heim_any OPTIONAL
149 AttributeType ::= OBJECT IDENTIFIER
151 AttributeValue ::= heim_any
153 DirectoryString ::= CHOICE {
155 teletexString TeletexString,
156 printableString PrintableString,
157 universalString UniversalString,
158 utf8String UTF8String,
162 Attribute ::= SEQUENCE {
164 value SET OF -- AttributeValue -- heim_any
167 AttributeTypeAndValue ::= SEQUENCE {
169 value DirectoryString
172 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
174 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
177 rdnSequence RDNSequence
180 CertificateSerialNumber ::= INTEGER
184 generalTime GeneralizedTime
187 Validity ::= SEQUENCE {
192 UniqueIdentifier ::= BIT STRING
194 SubjectPublicKeyInfo ::= SEQUENCE {
195 algorithm AlgorithmIdentifier,
196 subjectPublicKey BIT STRING
199 Extension ::= SEQUENCE {
200 extnID OBJECT IDENTIFIER,
201 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
202 extnValue OCTET STRING
205 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
207 TBSCertificate ::= SEQUENCE {
208 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
209 serialNumber CertificateSerialNumber,
210 signature AlgorithmIdentifier,
214 subjectPublicKeyInfo SubjectPublicKeyInfo,
215 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
216 -- If present, version shall be v2 or v3
217 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
218 -- If present, version shall be v2 or v3
219 extensions [3] EXPLICIT Extensions OPTIONAL
220 -- If present, version shall be v3
223 Certificate ::= SEQUENCE {
224 tbsCertificate TBSCertificate,
225 signatureAlgorithm AlgorithmIdentifier,
226 signatureValue BIT STRING
229 Certificates ::= SEQUENCE OF Certificate
231 ValidationParms ::= SEQUENCE {
236 DomainParameters ::= SEQUENCE {
237 p INTEGER, -- odd prime, p=jq +1
238 g INTEGER, -- generator, g
239 q INTEGER, -- factor of p-1
240 j INTEGER OPTIONAL, -- subgroup factor
241 validationParms ValidationParms OPTIONAL -- ValidationParms
244 DHPublicKey ::= INTEGER
246 OtherName ::= SEQUENCE {
247 type-id OBJECT IDENTIFIER,
248 value [0] EXPLICIT heim_any
251 GeneralName ::= CHOICE {
252 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
253 type-id OBJECT IDENTIFIER,
254 value [0] EXPLICIT heim_any
256 rfc822Name [1] IMPLICIT IA5String,
257 dNSName [2] IMPLICIT IA5String,
258 -- x400Address [3] IMPLICIT ORAddress,--
259 directoryName [4] IMPLICIT -- Name -- CHOICE {
260 rdnSequence RDNSequence
262 -- ediPartyName [5] IMPLICIT EDIPartyName, --
263 uniformResourceIdentifier [6] IMPLICIT IA5String,
264 iPAddress [7] IMPLICIT OCTET STRING,
265 registeredID [8] IMPLICIT OBJECT IDENTIFIER
268 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
270 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
272 KeyUsage ::= BIT STRING {
273 digitalSignature (0),
276 dataEncipherment (3),
284 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
286 KeyIdentifier ::= OCTET STRING
288 AuthorityKeyIdentifier ::= SEQUENCE {
289 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
290 authorityCertIssuer [1] IMPLICIT -- GeneralName --
291 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
292 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
295 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
297 SubjectKeyIdentifier ::= KeyIdentifier
299 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
301 BasicConstraints ::= SEQUENCE {
302 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
303 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
306 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
308 BaseDistance ::= INTEGER -- (0..MAX) --
310 GeneralSubtree ::= SEQUENCE {
312 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
313 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
316 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
318 NameConstraints ::= SEQUENCE {
319 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
320 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
323 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
324 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
325 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
326 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
327 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
328 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
329 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
331 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
333 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
335 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
336 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
337 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
338 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
339 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
340 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
341 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
343 DistributionPointReasonFlags ::= BIT STRING {
347 affiliationChanged (3),
349 cessationOfOperation (5),
351 privilegeWithdrawn (7),
355 DistributionPointName ::= CHOICE {
356 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
357 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
360 DistributionPoint ::= SEQUENCE {
361 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
362 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
363 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
366 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
371 DSASigValue ::= SEQUENCE {
376 DSAPublicKey ::= INTEGER
378 DSAParams ::= SEQUENCE {
384 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
386 ECPoint ::= OCTET STRING
388 ECParameters ::= CHOICE {
389 namedCurve OBJECT IDENTIFIER
390 -- implicitCurve NULL
391 -- specifiedCurve SpecifiedECDomain
394 ECDSA-Sig-Value ::= SEQUENCE {
401 RSAPublicKey ::= SEQUENCE {
402 modulus INTEGER, -- n
403 publicExponent INTEGER -- e
406 RSAPrivateKey ::= SEQUENCE {
407 version INTEGER (0..4294967295),
408 modulus INTEGER, -- n
409 publicExponent INTEGER, -- e
410 privateExponent INTEGER, -- d
413 exponent1 INTEGER, -- d mod (p-1)
414 exponent2 INTEGER, -- d mod (q-1)
415 coefficient INTEGER -- (inverse of q) mod p
418 DigestInfo ::= SEQUENCE {
419 digestAlgorithm AlgorithmIdentifier,
425 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
427 -- UNICODESTRING (0x1E tag)
429 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
431 -- TemplateVersion ::= INTEGER (0..4294967295)
433 -- CertificateTemplate ::= SEQUENCE {
434 -- templateID OBJECT IDENTIFIER,
435 -- templateMajorVersion TemplateVersion,
436 -- templateMinorVersion TemplateVersion OPTIONAL
444 TBSCRLCertList ::= SEQUENCE {
445 version Version OPTIONAL, -- if present, MUST be v2
446 signature AlgorithmIdentifier,
449 nextUpdate Time OPTIONAL,
450 revokedCertificates SEQUENCE OF SEQUENCE {
451 userCertificate CertificateSerialNumber,
453 crlEntryExtensions Extensions OPTIONAL
454 -- if present, MUST be v2
456 crlExtensions [0] EXPLICIT Extensions OPTIONAL
457 -- if present, MUST be v2
461 CRLCertificateList ::= SEQUENCE {
462 tbsCertList TBSCRLCertList,
463 signatureAlgorithm AlgorithmIdentifier,
464 signatureValue BIT STRING
467 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
468 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
469 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
471 CRLReason ::= ENUMERATED {
475 affiliationChanged (3),
477 cessationOfOperation (5),
480 privilegeWithdrawn (9),
484 PKIXXmppAddr ::= UTF8String
486 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
487 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
489 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
490 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
491 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
493 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
494 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
495 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
496 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
497 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
498 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
500 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
502 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
504 AccessDescription ::= SEQUENCE {
505 accessMethod OBJECT IDENTIFIER,
506 accessLocation GeneralName
509 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
511 -- RFC 3820 Proxy Certificate Profile
513 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
515 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
517 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
518 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
519 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
521 ProxyPolicy ::= SEQUENCE {
522 policyLanguage OBJECT IDENTIFIER,
523 policy OCTET STRING OPTIONAL
526 ProxyCertInfo ::= SEQUENCE {
527 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
528 proxyPolicy ProxyPolicy
531 --- U.S. Federal PKI Common Policy Framework
532 -- Card Authentication key
533 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
534 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
536 --- Netscape extentions
538 id-netscape OBJECT IDENTIFIER ::=
539 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
540 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
544 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
545 { 1 3 6 1 4 1 311 20 2 }
547 id-ms-client-authentication OBJECT IDENTIFIER ::=
548 { 1 3 6 1 5 5 7 3 2 }
550 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72