rfc2459.asn1

samba最新软件

KeyIdentifier ::= OCTET STRING

AuthorityKeyIdentifier ::= SEQUENCE {
	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
	authorityCertIssuer       [1] IMPLICIT -- GeneralName -- 
		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 
	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
}

id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }

SubjectKeyIdentifier ::= KeyIdentifier

id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }

BasicConstraints ::= SEQUENCE {
	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL 
}

id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }

BaseDistance ::= INTEGER -- (0..MAX) --

GeneralSubtree ::= SEQUENCE {
	base			GeneralName,
	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
}

GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree

NameConstraints ::= SEQUENCE {
	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
}

id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }

id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}

ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER

id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }

DistributionPointReasonFlags ::= BIT STRING {
	unused                  (0),
	keyCompromise           (1),
	cACompromise            (2),
	affiliationChanged      (3),
	superseded              (4),
	cessationOfOperation    (5),
	certificateHold         (6),
	privilegeWithdrawn      (7),
	aACompromise            (8)
}

DistributionPointName ::= CHOICE {
	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
}

DistributionPoint ::= SEQUENCE {
	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
}

CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint


-- rfc3279

DSASigValue  ::=  SEQUENCE {
	r	INTEGER,
	s	INTEGER
}

DSAPublicKey ::= INTEGER

DSAParams  ::=  SEQUENCE {
	p	INTEGER,
	q	INTEGER,
	g	INTEGER
}

-- really pkcs1

RSAPublicKey ::= SEQUENCE {
	modulus INTEGER, -- n
	publicExponent INTEGER -- e
}

RSAPrivateKey ::= SEQUENCE {
	version INTEGER (0..4294967295),
	modulus INTEGER, -- n
	publicExponent INTEGER, -- e
	privateExponent INTEGER, -- d
	prime1 INTEGER, -- p
	prime2 INTEGER, -- q
	exponent1 INTEGER, -- d mod (p-1)
	exponent2 INTEGER, -- d mod (q-1)
	coefficient INTEGER -- (inverse of q) mod p
}

DigestInfo ::= SEQUENCE {
	digestAlgorithm AlgorithmIdentifier,
	digest OCTET STRING
}

-- some ms ext

-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a

-- UNICODESTRING (0x1E tag)

-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:

-- TemplateVersion ::= INTEGER (0..4294967295) 

-- CertificateTemplate ::= SEQUENCE {
--	templateID OBJECT IDENTIFIER,
--	templateMajorVersion TemplateVersion,
--	templateMinorVersion TemplateVersion OPTIONAL
-- }


--
-- CRL
-- 

TBSCRLCertList ::=  SEQUENCE  {
	version			Version OPTIONAL, -- if present, MUST be v2
	signature		AlgorithmIdentifier,
	issuer			Name,
	thisUpdate		Time,
	nextUpdate		Time OPTIONAL,
	revokedCertificates     SEQUENCE OF SEQUENCE  {
		userCertificate         CertificateSerialNumber,
		revocationDate          Time,
		crlEntryExtensions      Extensions OPTIONAL
						-- if present, MUST be v2
	} OPTIONAL,
	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
						-- if present, MUST be v2
}


CRLCertificateList ::=  SEQUENCE  {
	tbsCertList          TBSCRLCertList,
	signatureAlgorithm   AlgorithmIdentifier,
	signatureValue       BIT STRING
}

id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }

CRLReason ::= ENUMERATED {
	unspecified             (0),
	keyCompromise           (1),
	cACompromise            (2),
	affiliationChanged      (3),
	superseded              (4),
	cessationOfOperation    (5),
	certificateHold         (6),
	removeFromCRL           (8),
	privilegeWithdrawn      (9),
	aACompromise           (10)
}

PKIXXmppAddr ::= UTF8String

id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }

id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }

id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }

id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }

id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }

AccessDescription  ::=  SEQUENCE {
	accessMethod          OBJECT IDENTIFIER,
	accessLocation        GeneralName
}

AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription

-- RFC 3820 Proxy Certificate Profile

id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }

id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }

id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }

ProxyPolicy ::= SEQUENCE {
	policyLanguage		OBJECT IDENTIFIER,
	policy			OCTET STRING OPTIONAL
}

ProxyCertInfo ::= SEQUENCE {
	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
	proxyPolicy		ProxyPolicy
}

--- U.S. Federal PKI Common Policy Framework
-- Card Authentication key
id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }

--- Netscape extentions

id-netscape OBJECT IDENTIFIER ::= 
    { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }

--- MS extentions

id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= 
    { 1 3 6 1 4 1 311 20 2 }

id-ms-client-authentication OBJECT IDENTIFIER ::= 
 { 1 3 6 1 5 5 7 3 2 }

-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72

END