2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-nistAlgorithm OBJECT IDENTIFIER ::= {
56 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
58 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
60 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
61 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
62 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
64 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
66 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
67 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
68 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
69 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
71 id-dhpublicnumber OBJECT IDENTIFIER ::= {
72 iso(1) member-body(2) us(840) ansi-x942(10046)
75 id-x9-57 OBJECT IDENTIFIER ::= {
76 iso(1) member-body(2) us(840) ansi-x942(10046)
79 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
80 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
84 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
86 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
87 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
88 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
89 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
90 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
91 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
92 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
93 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
94 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
95 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
96 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
97 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
98 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
99 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
101 id-Userid OBJECT IDENTIFIER ::=
102 { 0 9 2342 19200300 100 1 1 }
103 id-domainComponent OBJECT IDENTIFIER ::=
104 { 0 9 2342 19200300 100 1 25 }
109 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
111 AlgorithmIdentifier ::= SEQUENCE {
112 algorithm OBJECT IDENTIFIER,
113 parameters heim_any OPTIONAL
116 AttributeType ::= OBJECT IDENTIFIER
118 AttributeValue ::= heim_any
120 TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
122 DirectoryString ::= CHOICE {
124 teletexString TeletexStringx,
125 printableString PrintableString,
126 universalString UniversalString,
127 utf8String UTF8String,
131 Attribute ::= SEQUENCE {
133 value SET OF -- AttributeValue -- heim_any
136 AttributeTypeAndValue ::= SEQUENCE {
138 value DirectoryString
141 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
143 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
146 rdnSequence RDNSequence
149 CertificateSerialNumber ::= INTEGER
153 generalTime GeneralizedTime
156 Validity ::= SEQUENCE {
161 UniqueIdentifier ::= BIT STRING
163 SubjectPublicKeyInfo ::= SEQUENCE {
164 algorithm AlgorithmIdentifier,
165 subjectPublicKey BIT STRING
168 Extension ::= SEQUENCE {
169 extnID OBJECT IDENTIFIER,
170 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
171 extnValue OCTET STRING
174 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
176 TBSCertificate ::= SEQUENCE {
177 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
178 serialNumber CertificateSerialNumber,
179 signature AlgorithmIdentifier,
183 subjectPublicKeyInfo SubjectPublicKeyInfo,
184 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
185 -- If present, version shall be v2 or v3
186 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
187 -- If present, version shall be v2 or v3
188 extensions [3] EXPLICIT Extensions OPTIONAL
189 -- If present, version shall be v3
192 Certificate ::= SEQUENCE {
193 tbsCertificate TBSCertificate,
194 signatureAlgorithm AlgorithmIdentifier,
195 signatureValue BIT STRING
198 Certificates ::= SEQUENCE OF Certificate
200 ValidationParms ::= SEQUENCE {
205 DomainParameters ::= SEQUENCE {
206 p INTEGER, -- odd prime, p=jq +1
207 g INTEGER, -- generator, g
208 q INTEGER, -- factor of p-1
209 j INTEGER OPTIONAL, -- subgroup factor
210 validationParms ValidationParms OPTIONAL -- ValidationParms
213 DHPublicKey ::= INTEGER
215 OtherName ::= SEQUENCE {
216 type-id OBJECT IDENTIFIER,
217 value [0] EXPLICIT heim_any
220 GeneralName ::= CHOICE {
221 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
222 type-id OBJECT IDENTIFIER,
223 value [0] EXPLICIT heim_any
225 rfc822Name [1] IMPLICIT IA5String,
226 dNSName [2] IMPLICIT IA5String,
227 -- x400Address [3] IMPLICIT ORAddress,--
228 directoryName [4] IMPLICIT -- Name -- CHOICE {
229 rdnSequence RDNSequence
231 -- ediPartyName [5] IMPLICIT EDIPartyName, --
232 uniformResourceIdentifier [6] IMPLICIT IA5String,
233 iPAddress [7] IMPLICIT OCTET STRING,
234 registeredID [8] IMPLICIT OBJECT IDENTIFIER
237 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
239 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
241 KeyUsage ::= BIT STRING {
242 digitalSignature (0),
245 dataEncipherment (3),
253 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
255 KeyIdentifier ::= OCTET STRING
257 AuthorityKeyIdentifier ::= SEQUENCE {
258 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
259 authorityCertIssuer [1] IMPLICIT -- GeneralName --
260 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
261 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
264 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
266 SubjectKeyIdentifier ::= KeyIdentifier
268 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
270 BasicConstraints ::= SEQUENCE {
271 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
272 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
275 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
277 BaseDistance ::= INTEGER -- (0..MAX) --
279 GeneralSubtree ::= SEQUENCE {
281 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
282 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
285 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
287 NameConstraints ::= SEQUENCE {
288 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
289 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
292 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
293 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
294 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
295 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
296 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
297 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
298 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
300 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
302 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
304 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
305 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
306 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
307 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
308 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
309 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
310 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
312 DistributionPointReasonFlags ::= BIT STRING {
316 affiliationChanged (3),
318 cessationOfOperation (5),
320 privilegeWithdrawn (7),
324 DistributionPointName ::= CHOICE {
325 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
326 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
329 DistributionPoint ::= SEQUENCE {
330 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
331 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
332 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
335 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
340 DSASigValue ::= SEQUENCE {
345 DSAPublicKey ::= INTEGER
347 DSAParams ::= SEQUENCE {
355 RSAPublicKey ::= SEQUENCE {
356 modulus INTEGER, -- n
357 publicExponent INTEGER -- e
360 RSAPrivateKey ::= SEQUENCE {
361 version INTEGER (0..4294967295),
362 modulus INTEGER, -- n
363 publicExponent INTEGER, -- e
364 privateExponent INTEGER, -- d
367 exponent1 INTEGER, -- d mod (p-1)
368 exponent2 INTEGER, -- d mod (q-1)
369 coefficient INTEGER -- (inverse of q) mod p
372 DigestInfo ::= SEQUENCE {
373 digestAlgorithm AlgorithmIdentifier,
379 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
381 -- UNICODESTRING (0x1E tag)
383 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
385 -- TemplateVersion ::= INTEGER (0..4294967295)
387 -- CertificateTemplate ::= SEQUENCE {
388 -- templateID OBJECT IDENTIFIER,
389 -- templateMajorVersion TemplateVersion,
390 -- templateMinorVersion TemplateVersion OPTIONAL
398 TBSCRLCertList ::= SEQUENCE {
399 version Version OPTIONAL, -- if present, MUST be v2
400 signature AlgorithmIdentifier,
403 nextUpdate Time OPTIONAL,
404 revokedCertificates SEQUENCE OF SEQUENCE {
405 userCertificate CertificateSerialNumber,
407 crlEntryExtensions Extensions OPTIONAL
408 -- if present, MUST be v2
410 crlExtensions [0] EXPLICIT Extensions OPTIONAL
411 -- if present, MUST be v2
415 CRLCertificateList ::= SEQUENCE {
416 tbsCertList TBSCRLCertList,
417 signatureAlgorithm AlgorithmIdentifier,
418 signatureValue BIT STRING
421 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
422 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
423 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
425 CRLReason ::= ENUMERATED {
429 affiliationChanged (3),
431 cessationOfOperation (5),
434 privilegeWithdrawn (9),
438 PKIXXmppAddr ::= UTF8String
440 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
441 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
443 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
444 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
445 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
447 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
448 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
449 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
450 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
451 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
452 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
454 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
456 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
458 AccessDescription ::= SEQUENCE {
459 accessMethod OBJECT IDENTIFIER,
460 accessLocation GeneralName
463 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
465 -- RFC 3820 Proxy Certificate Profile
467 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
469 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
471 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
472 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
473 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
475 ProxyPolicy ::= SEQUENCE {
476 policyLanguage OBJECT IDENTIFIER,
477 policy OCTET STRING OPTIONAL
480 ProxyCertInfo ::= SEQUENCE {
481 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
482 proxyPolicy ProxyPolicy
485 --- U.S. Federal PKI Common Policy Framework
486 -- Card Authentication key
487 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
488 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
490 --- Netscape extentions
492 id-netscape OBJECT IDENTIFIER ::=
493 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
494 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
498 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
499 { 1 3 6 1 4 1 311 20 2 }
501 id-ms-client-authentication OBJECT IDENTIFIER ::=
502 { 1 3 6 1 5 5 7 3 2 }
504 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
projects / FreeBSD / releng / 9.2.git / blob