Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

ocsp.asn1@ 9

Last change on this file since 9 was 1, checked in by Paul Smedley, 10 years ago
Initial commit of Heimdal 1.5.3
File size: 4.0 KB

Line
1	-- From rfc2560
2	-- $Id$
3	OCSP DEFINITIONS EXPLICIT TAGS::=
4
5	BEGIN
6
7	IMPORTS
8	Certificate, AlgorithmIdentifier, CRLReason,
9	Name, GeneralName, CertificateSerialNumber, Extensions
10	FROM rfc2459;
11
12	OCSPVersion ::= INTEGER { ocsp-v1(0) }
13
14	OCSPCertStatus ::= CHOICE {
15	good [0] IMPLICIT NULL,
16	revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
17	revocationTime GeneralizedTime,
18	revocationReason[0] EXPLICIT CRLReason OPTIONAL
19	},
20	unknown [2] IMPLICIT NULL }
21
22	OCSPCertID ::= SEQUENCE {
23	hashAlgorithm AlgorithmIdentifier,
24	issuerNameHash OCTET STRING, -- Hash of Issuer's DN
25	issuerKeyHash OCTET STRING, -- Hash of Issuers public key
26	serialNumber CertificateSerialNumber }
27
28	OCSPSingleResponse ::= SEQUENCE {
29	certID OCSPCertID,
30	certStatus OCSPCertStatus,
31	thisUpdate GeneralizedTime,
32	nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
33	singleExtensions [1] EXPLICIT Extensions OPTIONAL }
34
35	OCSPInnerRequest ::= SEQUENCE {
36	reqCert OCSPCertID,
37	singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
38
39	OCSPTBSRequest ::= SEQUENCE {
40	version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
41	requestorName [1] EXPLICIT GeneralName OPTIONAL,
42	requestList SEQUENCE OF OCSPInnerRequest,
43	requestExtensions [2] EXPLICIT Extensions OPTIONAL }
44
45	OCSPSignature ::= SEQUENCE {
46	signatureAlgorithm AlgorithmIdentifier,
47	signature BIT STRING,
48	certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
49
50	OCSPRequest ::= SEQUENCE {
51	tbsRequest OCSPTBSRequest,
52	optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL }
53
54	OCSPResponseBytes ::= SEQUENCE {
55	responseType OBJECT IDENTIFIER,
56	response OCTET STRING }
57
58	OCSPResponseStatus ::= ENUMERATED {
59	successful (0), --Response has valid confirmations
60	malformedRequest (1), --Illegal confirmation request
61	internalError (2), --Internal error in issuer
62	tryLater (3), --Try again later
63	--(4) is not used
64	sigRequired (5), --Must sign the request
65	unauthorized (6) --Request unauthorized
66	}
67
68	OCSPResponse ::= SEQUENCE {
69	responseStatus OCSPResponseStatus,
70	responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL }
71
72	OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
73	--(excluding the tag and length fields)
74
75	OCSPResponderID ::= CHOICE {
76	byName [1] Name,
77	byKey [2] OCSPKeyHash }
78
79	OCSPResponseData ::= SEQUENCE {
80	version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
81	responderID OCSPResponderID,
82	producedAt GeneralizedTime,
83	responses SEQUENCE OF OCSPSingleResponse,
84	responseExtensions [1] EXPLICIT Extensions OPTIONAL }
85
86	OCSPBasicOCSPResponse ::= SEQUENCE {
87	tbsResponseData OCSPResponseData,
88	signatureAlgorithm AlgorithmIdentifier,
89	signature BIT STRING,
90	certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
91
92	-- ArchiveCutoff ::= GeneralizedTime
93
94	-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
95
96	-- Object Identifiers
97
98	id-pkix-ocsp OBJECT IDENTIFIER ::= {
99	iso(1) identified-organization(3) dod(6) internet(1)
100	security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
101	}
102
103	id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
104	id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
105	-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
106	-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
107	-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
108	-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
109	-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
110
111
112	END
113

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format