-- This file is based on PKIX1Implicit93 definition in -- RFC2459 section b.2 -- --Appendix F of RFC2459 --Appendix F. Full Copyright Statement -- -- Copyright (C) The Internet Society (1999). All Rights Reserved. -- -- This document and translations of it may be copied and furnished to -- others, and derivative works that comment on or otherwise explain it -- or assist in its implementation may be prepared, copied, published -- and distributed, in whole or in part, without restriction of any -- kind, provided that the above copyright notice and this paragraph are -- included on all such copies and derivative works. However, this -- document itself may not be modified in any way, such as by removing -- the copyright notice or references to the Internet Society or other -- Internet organizations, except as needed for the purpose of -- developing Internet standards in which case the procedures for -- copyrights defined in the Internet Standards process must be -- followed, or as required to translate it into languages other than -- English. -- -- The limited permissions granted above are perpetual and will not be -- revoked by the Internet Society or its successors or assigns. -- -- This document and the information contained herein is provided on an -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- -- --NOTE: This ASN1 definition have been significantly modified from the original --version in RFC2459 in order to accomodate the featuresets available --in the Wireshark projects asn2wrs compiler. --It has also been modified and structures have been commented out that --are already implemented in the X509 dissectors. --Dissectors present already in the X509 dissectors should be implemented in --the template by hand as stubs that will just call the original --dissector functions in X509 in order not to duplicate code. -- --Structures and constructs in this definition are uncommented and --implemented on-demand when someone needs them. -- --If you export new types from this file, make sure to update the --pkix1implicit_exp.cnf file with the proper definitions PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)} DEFINITIONS IMPLICIT TAGS::= BEGIN --EXPORTS ALL IMPORTS id-pe, id-qt, id-kp, id-ad, id-qt-unotice, ORAddress, Name, RelativeDistinguishedName, CertificateSerialNumber, CertificateList, AlgorithmIdentifier, ub-name, DirectoryString, Attribute, EXTENSION FROM PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)} GeneralName FROM CertificateExtensions; -- Key and policy information extensions -- --authorityKeyIdentifier EXTENSION ::= { -- SYNTAX AuthorityKeyIdentifier -- IDENTIFIED BY id-ce-authorityKeyIdentifier } -- --AuthorityKeyIdentifier ::= SEQUENCE { -- keyIdentifier [0] KeyIdentifier OPTIONAL, -- authorityCertIssuer [1] GeneralNames OPTIONAL, -- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } -- ( WITH COMPONENTS {..., authorityCertIssuer PRESENT, -- authorityCertSerialNumber PRESENT} | -- WITH COMPONENTS {..., authorityCertIssuer ABSENT, -- authorityCertSerialNumber ABSENT} ) -- KeyIdentifier ::= OCTET STRING -- --subjectKeyIdentifier EXTENSION ::= { -- SYNTAX SubjectKeyIdentifier -- IDENTIFIED BY id-ce-subjectKeyIdentifier } -- --SubjectKeyIdentifier ::= KeyIdentifier -- --keyUsage EXTENSION ::= { -- SYNTAX KeyUsage -- IDENTIFIED BY id-ce-keyUsage } -- --KeyUsage ::= BIT STRING { -- digitalSignature (0), -- nonRepudiation (1), -- keyEncipherment (2), -- dataEncipherment (3), -- keyAgreement (4), -- keyCertSign (5), -- cRLSign (6), -- encipherOnly (7), -- decipherOnly (8) } -- --extendedKeyUsage EXTENSION ::= { -- SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId -- IDENTIFIED BY id-ce-extKeyUsage } -- Dummy ::= NULL --KeyPurposeId ::= OBJECT IDENTIFIER -- -- PKIX-defined extended key purpose OIDs --id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } --id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } --id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } --id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } --id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 } --id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 } --id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 } --id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } -- --privateKeyUsagePeriod EXTENSION ::= { -- SYNTAX PrivateKeyUsagePeriod -- IDENTIFIED BY { id-ce-privateKeyUsagePeriod } } -- --PrivateKeyUsagePeriod ::= SEQUENCE { -- notBefore [0] GeneralizedTime OPTIONAL, -- notAfter [1] GeneralizedTime OPTIONAL } -- ( WITH COMPONENTS {..., notBefore PRESENT} | -- WITH COMPONENTS {..., notAfter PRESENT} ) -- --certificatePolicies EXTENSION ::= { -- SYNTAX CertificatePoliciesSyntax -- IDENTIFIED BY id-ce-certificatePolicies } -- --CertificatePoliciesSyntax ::= -- SEQUENCE SIZE (1..MAX) OF PolicyInformation -- --PolicyInformation ::= SEQUENCE { -- policyIdentifier CertPolicyId, -- policyQualifiers SEQUENCE SIZE (1..MAX) OF -- PolicyQualifierInfo OPTIONAL } -- --CertPolicyId ::= OBJECT IDENTIFIER -- --PolicyQualifierInfo ::= SEQUENCE { -- policyQualifierId CERT-POLICY-QUALIFIER.&id -- ({SupportedPolicyQualifiers}), -- qualifier CERT-POLICY-QUALIFIER.&Qualifier -- ({SupportedPolicyQualifiers} -- {@policyQualifierId})OPTIONAL } -- --SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { noticeToUser | -- pointerToCPS } -- --CERT-POLICY-QUALIFIER ::= CLASS { -- &id OBJECT IDENTIFIER UNIQUE, -- &Qualifier OPTIONAL } --WITH SYNTAX { -- POLICY-QUALIFIER-ID &id -- [QUALIFIER-TYPE &Qualifier] } -- --policyMappings EXTENSION ::= { -- SYNTAX PolicyMappingsSyntax -- IDENTIFIED BY id-ce-policyMappings } -- --PolicyMappingsSyntax ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { -- issuerDomainPolicy CertPolicyId, -- subjectDomainPolicy CertPolicyId } -- -- Certificate subject and certificate issuer attributes extensions -- --subjectAltName EXTENSION ::= { -- SYNTAX GeneralNames -- IDENTIFIED BY id-ce-subjectAltName } -- --GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName -- --Imported from X509CE --GeneralName ::= CHOICE { -- otherName [0] INSTANCE OF OTHER-NAME, -- rfc822Name [1] IA5String, -- dNSName [2] IA5String, -- x400Address [3] ORAddress, -- directoryName [4] Name, -- ediPartyName [5] EDIPartyName, -- uniformResourceIdentifier [6] IA5String, -- iPAddress [7] OCTET STRING, -- registeredID [8] OBJECT IDENTIFIER --} --OTHER-NAME ::= TYPE-IDENTIFIER EDIPartyName ::= SEQUENCE { nameAssigner [0] DirectoryString OPTIONAL, partyName [1] DirectoryString } --issuerAltName EXTENSION ::= { -- SYNTAX GeneralNames -- IDENTIFIED BY id-ce-issuerAltName } -- --subjectDirectoryAttributes EXTENSION ::= { -- SYNTAX AttributesSyntax -- IDENTIFIED BY id-ce-subjectDirectoryAttributes } -- --AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute -- -- Certification path constraints extensions -- --basicConstraints EXTENSION ::= { -- SYNTAX BasicConstraintsSyntax -- IDENTIFIED BY id-ce-basicConstraints } -- --BasicConstraintsSyntax ::= SEQUENCE { -- cA BOOLEAN DEFAULT FALSE, -- pathLenConstraint INTEGER (0..MAX) OPTIONAL } -- --nameConstraints EXTENSION ::= { -- SYNTAX NameConstraintsSyntax -- IDENTIFIED BY id-ce-nameConstraints } -- --NameConstraintsSyntax ::= SEQUENCE { -- permittedSubtrees [0] GeneralSubtrees OPTIONAL, -- excludedSubtrees [1] GeneralSubtrees OPTIONAL } -- --GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree -- --GeneralSubtree ::= SEQUENCE { -- base GeneralName, -- minimum [0] BaseDistance DEFAULT 0, -- maximum [1] BaseDistance OPTIONAL } -- --BaseDistance ::= INTEGER (0..MAX) -- --policyConstraints EXTENSION ::= { -- SYNTAX PolicyConstraintsSyntax -- IDENTIFIED BY id-ce-policyConstraints } -- --PolicyConstraintsSyntax ::= SEQUENCE { -- requireExplicitPolicy [0] SkipCerts OPTIONAL, -- inhibitPolicyMapping [1] SkipCerts OPTIONAL } -- -- --SkipCerts ::= INTEGER (0..MAX) -- -- Basic CRL extensions -- --cRLNumber EXTENSION ::= { -- SYNTAX CRLNumber -- IDENTIFIED BY id-ce-cRLNumber } -- --CRLNumber ::= INTEGER (0..MAX) -- --reasonCode EXTENSION ::= { -- SYNTAX CRLReason -- IDENTIFIED BY id-ce-reasonCode } -- --CRLReason ::= ENUMERATED { -- unspecified (0), -- keyCompromise (1), -- cACompromise (2), -- affiliationChanged (3), -- superseded (4), -- cessationOfOperation (5), -- certificateHold (6), -- removeFromCRL (8) } -- --instructionCode EXTENSION ::= { -- SYNTAX HoldInstruction -- IDENTIFIED BY id-ce-instructionCode } -- --HoldInstruction ::= OBJECT IDENTIFIER -- -- holdinstructions described in this specification, from ANSI x9 -- -- ANSI x9 arc holdinstruction arc --holdInstruction OBJECT IDENTIFIER ::= { -- joint-iso-ccitt(2) member-body(2) us(840) x9cm(10040) 2} -- -- ANSI X9 holdinstructions referenced by this standard --id-holdinstruction-none OBJECT IDENTIFIER ::= {holdInstruction 1} --id-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2} --id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3} -- --invalidityDate EXTENSION ::= { -- SYNTAX GeneralizedTime -- IDENTIFIED BY id-ce-invalidityDate } -- -- CRL distribution points and delta-CRL extensions -- --cRLDistributionPoints EXTENSION ::= { -- -- SYNTAX CRLDistPointsSyntax -- IDENTIFIED BY id-ce-cRLDistributionPoints } -- --CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint -- --DistributionPoint ::= SEQUENCE { -- distributionPoint [0] DistributionPointName OPTIONAL, -- reasons [1] ReasonFlags OPTIONAL, -- cRLIssuer [2] GeneralNames OPTIONAL } -- --DistributionPointName ::= CHOICE { -- fullName [0] GeneralNames, -- nameRelativeToCRLIssuer [1] RelativeDistinguishedName } -- --ReasonFlags ::= BIT STRING { -- unused (0), -- keyCompromise (1), -- caCompromise (2), -- affiliationChanged (3), -- superseded (4), -- cessationOfOperation (5), -- certificateHold (6) } -- --issuingDistributionPoint EXTENSION ::= { -- SYNTAX IssuingDistPointSyntax -- IDENTIFIED BY id-ce-issuingDistributionPoint } -- --IssuingDistPointSyntax ::= SEQUENCE { -- distributionPoint [0] DistributionPointName OPTIONAL, -- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, -- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, -- onlySomeReasons [3] ReasonFlags OPTIONAL, -- indirectCRL [4] BOOLEAN DEFAULT FALSE } -- --certificateIssuer EXTENSION ::= { -- SYNTAX GeneralNames -- IDENTIFIED BY id-ce-certificateIssuer } -- --deltaCRLIndicator EXTENSION ::= { -- SYNTAX BaseCRLNumber -- IDENTIFIED BY id-ce-deltaCRLIndicator } -- --BaseCRLNumber ::= CRLNumber -- -- Object identifier assignments for ISO certificate extensions --id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} -- --id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9} -- --id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14} --id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15} --id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16} --id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17} --id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18} --id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19} --id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20} --id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21} --id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23} --id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24} --id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27} --id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28} --id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29} --id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30} --id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} --id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32} --id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33} --id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36} --id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35} --id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} -- -- PKIX 1 extensions -- --authorityInfoAccess EXTENSION ::= { -- SYNTAX AuthorityInfoAccessSyntax -- IDENTIFIED BY id-pe-authorityInfoAccess } AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription AccessDescription ::= SEQUENCE { accessMethod OBJECT IDENTIFIER, accessLocation GeneralName } --id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } -- --id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } --id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } -- -- PKIX policy qualifier definitions -- --noticeToUser CERT-POLICY-QUALIFIER ::= { -- POLICY-QUALIFIER-ID id-qt-cps QUALIFIER-TYPE CPSuri} -- --pointerToCPS CERT-POLICY-QUALIFIER ::= { -- POLICY-QUALIFIER-ID id-qt-unotice QUALIFIER-TYPE UserNotice} -- --id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } -- --id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } -- --CPSuri ::= IA5String -- UserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL} NoticeReference ::= SEQUENCE { organization DisplayText, noticeNumbers SEQUENCE OF INTEGER } DisplayText ::= CHOICE { ia5String IA5String, visibleString VisibleString, bmpString BMPString, utf8String UTF8String } END