source: trunk/server/source4/heimdal/lib/hx509/ocsp.asn1

Last change on this file was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import
File size: 4.0 KB
Line 
1-- From rfc2560
2-- $Id$
3OCSP DEFINITIONS EXPLICIT TAGS::=
4
5BEGIN
6
7IMPORTS
8 Certificate, AlgorithmIdentifier, CRLReason,
9 Name, GeneralName, CertificateSerialNumber, Extensions
10 FROM rfc2459;
11
12OCSPVersion ::= INTEGER { ocsp-v1(0) }
13
14OCSPCertStatus ::= CHOICE {
15 good [0] IMPLICIT NULL,
16 revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
17 revocationTime GeneralizedTime,
18 revocationReason[0] EXPLICIT CRLReason OPTIONAL
19 },
20 unknown [2] IMPLICIT NULL }
21
22OCSPCertID ::= SEQUENCE {
23 hashAlgorithm AlgorithmIdentifier,
24 issuerNameHash OCTET STRING, -- Hash of Issuer's DN
25 issuerKeyHash OCTET STRING, -- Hash of Issuers public key
26 serialNumber CertificateSerialNumber }
27
28OCSPSingleResponse ::= SEQUENCE {
29 certID OCSPCertID,
30 certStatus OCSPCertStatus,
31 thisUpdate GeneralizedTime,
32 nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
33 singleExtensions [1] EXPLICIT Extensions OPTIONAL }
34
35OCSPInnerRequest ::= SEQUENCE {
36 reqCert OCSPCertID,
37 singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
38
39OCSPTBSRequest ::= SEQUENCE {
40 version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
41 requestorName [1] EXPLICIT GeneralName OPTIONAL,
42 requestList SEQUENCE OF OCSPInnerRequest,
43 requestExtensions [2] EXPLICIT Extensions OPTIONAL }
44
45OCSPSignature ::= SEQUENCE {
46 signatureAlgorithm AlgorithmIdentifier,
47 signature BIT STRING,
48 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
49
50OCSPRequest ::= SEQUENCE {
51 tbsRequest OCSPTBSRequest,
52 optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL }
53
54OCSPResponseBytes ::= SEQUENCE {
55 responseType OBJECT IDENTIFIER,
56 response OCTET STRING }
57
58OCSPResponseStatus ::= ENUMERATED {
59 successful (0), --Response has valid confirmations
60 malformedRequest (1), --Illegal confirmation request
61 internalError (2), --Internal error in issuer
62 tryLater (3), --Try again later
63 --(4) is not used
64 sigRequired (5), --Must sign the request
65 unauthorized (6) --Request unauthorized
66}
67
68OCSPResponse ::= SEQUENCE {
69 responseStatus OCSPResponseStatus,
70 responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL }
71
72OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
73 --(excluding the tag and length fields)
74
75OCSPResponderID ::= CHOICE {
76 byName [1] Name,
77 byKey [2] OCSPKeyHash }
78
79OCSPResponseData ::= SEQUENCE {
80 version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
81 responderID OCSPResponderID,
82 producedAt GeneralizedTime,
83 responses SEQUENCE OF OCSPSingleResponse,
84 responseExtensions [1] EXPLICIT Extensions OPTIONAL }
85
86OCSPBasicOCSPResponse ::= SEQUENCE {
87 tbsResponseData OCSPResponseData,
88 signatureAlgorithm AlgorithmIdentifier,
89 signature BIT STRING,
90 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
91
92-- ArchiveCutoff ::= GeneralizedTime
93
94-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
95
96-- Object Identifiers
97
98id-pkix-ocsp OBJECT IDENTIFIER ::= {
99 iso(1) identified-organization(3) dod(6) internet(1)
100 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
101}
102
103id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
104id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
105-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
106-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
107-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
108-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
109-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
110
111
112END
113
Note: See TracBrowser for help on using the repository browser.