SecurityASN1/asn/sm_x509af.asn

   1 -- @(#) sm_x509af.asn 1.2 2/24/98 13:40:34
   2 AuthenticationFramework
   3 --
   4 -- oid defined in sm_x501ud.asn
   5 --
   6 -- {joint-iso-ccitt ds(5) module(1) authenticationFramework(7) 3}
   7
   8 DEFINITIONS ::=
   9
  10 BEGIN
  11
  12 -- EXPORTS All --
  13 -- The types and values defined in this module are exported for use in the
  14 -- other ASN.1 modules contained
  15 -- within the Directory Specifications, and for the use of other applications
  16 -- which will use them to access Directory services. Other applications may
  17 -- use them for their own purposes, but this will not constrain
  18 -- extensions and modifications needed to maintain or improve the Directory
  19 -- service.
  20
  21 IMPORTS
  22
  23    BigIntegerStr
  24    FROM VdaEnhancedTypes
  25
  26    id-at, informationFramework, upperBounds, selectedAttributeTypes,
  27    basicAccessControl, certificateExtensions
  28       FROM UsefulDefinitions { usefulDefinitions }
  29
  30    Name, Attribute, AttributeType
  31       FROM InformationFramework  { informationFramework }
  32
  33    ub-password-length
  34       FROM UpperBounds  { upperBounds }
  35
  36 -- not used
  37 --   AuthenticationLevel
  38 --     FROM BasicAccessControl { basicAccessControl }
  39
  40 --   GeneralNames
  41 --      FROM CertificateExtensions { certificateExtensions }
  42
  43    GeneralNames
  44         FROM CommonX509Definitions
  45
  46    UniqueIdentifier
  47       FROM SelectedAttributeTypes  { selectedAttributeTypes } ;
  48
  49 -- basic certificate definition
  50
  51 Certificate ::= SEQUENCE {
  52     certificateToSign    CertificateToSign,
  53     algorithmIdentifier  AlgorithmIdentifier,
  54     signatureValue       BIT STRING }
  55
  56 CertificateToSign ::=  SEQUENCE {
  57    version           [0]  Version DEFAULT v1,
  58    serialNumber           CertificateSerialNumber,
  59    signature              AlgorithmIdentifier,
  60    issuer                 Name,
  61    validity               Validity,
  62    subject                Name,
  63    subjectPublicKeyInfo   SubjectPublicKeyInfo,
  64                         -- if present, version must be v2 or v3
  65    issuerUniqueIdentifier   [1]   IMPLICIT UniqueIdentifier OPTIONAL,
  66                         -- if present, version must be v2 or v3
  67    subjectUniqueIdentifier  [2]   IMPLICIT UniqueIdentifier OPTIONAL,
  68                         -- If present, version must be v3
  69    extensions         [3]   Extensions OPTIONAL }
  70
  71 Version            ::=   INTEGER { v1(0), v2(1), v3(2) }
  72
  73 -- CertificateSerialNumber   ::=   INTEGER
  74
  75 CertificateSerialNumber ::= BigIntegerStr
  76
  77
  78 AlgorithmIdentifier      ::=   SEQUENCE {
  79    algorithm       OBJECT IDENTIFIER,
  80    parameters      ANY OPTIONAL }
  81
  82 Validity            ::=   SEQUENCE {
  83    notBefore   Time,
  84    notAfter    Time }
  85
  86 SubjectPublicKeyInfo   ::=   SEQUENCE {
  87    algorithm          AlgorithmIdentifier,
  88    subjectPublicKey   BIT STRING }
  89
  90 Time  ::=  CHOICE {
  91    utcTime       UTCTime,
  92    generalizedTime   GeneralizedTime }
  93
  94 Extensions ::= SEQUENCE OF Extension
  95
  96 -- For those extensions where ordering of individual extensions within the
  97 -- SEQUENCE is significant, the specification of those individual extensions
  98 --  shall include the rules for the significance of the order therein
  99
 100 Extension ::= SEQUENCE {
 101    extnId      OBJECT IDENTIFIER,
 102    critical    BOOLEAN DEFAULT FALSE,
 103                -- extnValue contains a DER encoding
 104    extnValue   OCTET STRING }
 105
 106 -- other certifiate constructs
 107
 108 Certificates            ::=   SEQUENCE {
 109    userCertificate      Certificate,
 110    certificationPath    ForwardCertificationPath OPTIONAL }
 111
 112 ForwardCertificationPath ::=   SEQUENCE OF CrossCertificates
 113
 114 CrossCertificates ::=   SET OF Certificate
 115
 116 CertificationPath ::=   SEQUENCE {
 117    userCertificate      Certificate,
 118    theCACertificates    SEQUENCE OF CertificatePair OPTIONAL }
 119
 120 CertificatePair ::=   SEQUENCE {
 121    -- at least one of the pair shall be present
 122    forward      [0]   Certificate OPTIONAL,
 123    reverse      [1]   Certificate OPTIONAL }
 124
 125 -- certificate revocation list (CRL)
 126
 127 CertificateList ::= SEQUENCE {
 128    crlToSign           CRLToSign,
 129    algorithmIdentifier AlgorithmIdentifier,
 130    signatureValue      BIT STRING }
 131
 132 CRLToSign ::= SEQUENCE {
 133    version           Version OPTIONAL, -- if present, version must be v2
 134    signature         AlgorithmIdentifier,
 135    issuer            Name,
 136    thisUpdate        Time,
 137    nextUpdate        Time OPTIONAL,
 138    revokedCertificates   SEQUENCE OF SEQUENCE {
 139          userCertificate      CertificateSerialNumber,
 140          revocationDate       Time,
 141          crlEntryExtensions   Extensions OPTIONAL } OPTIONAL,
 142    crlExtensions   [0]  Extensions OPTIONAL }
 143
 144 -- attribute certificate
 145 AttributeCertificationPath  ::=  SEQUENCE {
 146    attributeCertificate   AttributeCertificate,
 147    acPath      SEQUENCE OF ACPathData OPTIONAL }
 148
 149 ACPathData  ::=  SEQUENCE {
 150    certificate            [0]  Certificate  OPTIONAL,
 151    attributeCertificate   [1]  AttributeCertificate  OPTIONAL }
 152
 153 AttributeCertificate ::= SEQUENCE {
 154    attributeCertificateInfo AttributeCertificateInfo,
 155    algorithmIdentifier      AlgorithmIdentifier,
 156    signatureValue           BIT STRING }
 157
 158 AttributeCertificateInfo ::= SEQUENCE {
 159    version         Version DEFAULT v1,
 160    subject   CHOICE {
 161       baseCertificateID [0] IssuerSerial,    -- associated  with a Public Key
 162                                              -- Certificate
 163       subjectName       [1] GeneralNames },  -- associated  with a name
 164    issuer                 GeneralNames, -- CA issuing the attribute certificate
 165    signature              AlgorithmIdentifier,
 166    serialNumber           CertificateSerialNumber,
 167    attCertValidityPeriod  AttCertValidityPeriod,
 168    attributes      SEQUENCE OF Attribute,
 169    issuerUniqueID   UniqueIdentifier OPTIONAL,
 170    extensions      Extensions OPTIONAL }
 171
 172 IssuerSerial  ::= SEQUENCE {
 173    issuer       GeneralNames,
 174    serial       CertificateSerialNumber,
 175    issuerUID    UniqueIdentifier OPTIONAL}
 176
 177 AttCertValidityPeriod ::= SEQUENCE {
 178    notBeforeTime   GeneralizedTime,
 179    notAfterTime   GeneralizedTime }
 180
 181 AttributeCertificateAssertion  ::=  SEQUENCE  {
 182    -- At least one component of the sequence must be present
 183    subject      [0]   CHOICE {
 184       baseCertificateID   [0]  IssuerSerial,
 185       subjectName         [1]  Name } OPTIONAL,
 186    issuer          [1]   Name OPTIONAL,
 187    attCertValidity [2]   GeneralizedTime OPTIONAL,
 188    attType         [3]   SET OF AttributeType OPTIONAL }
 189
 190 -- attribute types --
 191
 192 UserPassword ::= OCTET STRING (SIZE (0..ub-password-length))
 193
 194 UserCertificate ::= Certificate
 195
 196 CACertificate ::= Certificate
 197
 198 CrossCertificatePair ::= CertificatePair
 199
 200 AuthorityRevocationList ::= CertificateList
 201
 202 CertificateRevocationList ::= CertificateList
 203
 204 AttributeCertificateRevocationList ::= CertificateList
 205
 206 -- object identifier assignments --
 207 id-at-userPassword      OBJECT IDENTIFIER   ::=   {id-at 35}
 208 id-at-userCertificate      OBJECT IDENTIFIER   ::=   {id-at 36}
 209 id-at-cAcertificate         OBJECT IDENTIFIER   ::=   {id-at 37}
 210 id-at-authorityRevocationList   OBJECT IDENTIFIER   ::=   {id-at 38}
 211 id-at-certificateRevocationList   OBJECT IDENTIFIER   ::=   {id-at 39}
 212 id-at-crossCertificatePair      OBJECT IDENTIFIER   ::=   {id-at 40}
 213 id-at-attributeCertificate      OBJECT IDENTIFIER   ::=   {id-at 58}
 214
 215 END