← Back to branch summary

~ubuntu-branches/debian/squeeze/erlang/squeeze

« back to all changes in this revision

Viewing changes to lib/public_key/asn1/PKIXAttributeCertificate.asn1

  • Committer: Bazaar Package Importer
  • Author(s): Sergei Golovan
  • Date: 2009-02-15 16:42:52 UTC
  • mfrom: (1.1.13 upstream)
  • Revision ID: james.westby@ubuntu.com-20090215164252-dxpjjuq108nz4noa
Tags: 1:12.b.5-dfsg-2
Upload to unstable after lenny is released.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/public_key/asn1/PKIXAttributeCertificate.asn1
 
1
   PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
 
2
                internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
 
3
                id-mod-attribute-cert(12)}
 
4
 
 
5
      DEFINITIONS IMPLICIT TAGS ::=
 
6
 
 
7
      BEGIN
 
8
 
 
9
      -- EXPORTS ALL --
 
10
 
 
11
      IMPORTS
 
12
 
 
13
            -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
 
14
            -- PKIX Certificate Extensions
 
15
               Attribute, AlgorithmIdentifier, CertificateSerialNumber,
 
16
               Extensions, UniqueIdentifier,
 
17
               id-pkix, id-pe, id-kp, id-ad, id-at
 
18
               FROM PKIX1Explicit88 {iso(1) identified-organization(3)
 
19
                        dod(6) internet(1) security(5) mechanisms(5)
 
20
                        pkix(7) id-mod(0) id-pkix1-explicit-88(1)}
 
21
 
 
22
               GeneralName, GeneralNames, id-ce
 
23
               FROM PKIX1Implicit88 {iso(1) identified-organization(3)
 
24
                        dod(6) internet(1) security(5) mechanisms(5)
 
25
                        pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ;
 
26
 
 
27
      id-pe-ac-auditIdentity       OBJECT IDENTIFIER ::= { id-pe 4 }
 
28
      id-pe-aaControls             OBJECT IDENTIFIER ::= { id-pe 6 }
 
29
      id-pe-ac-proxying            OBJECT IDENTIFIER ::= { id-pe 10 }
 
30
      id-ce-targetInformation      OBJECT IDENTIFIER ::= { id-ce 55 }
 
31
 
 
32
      id-aca                       OBJECT IDENTIFIER ::= { id-pkix 10 }
 
33
      id-aca-authenticationInfo    OBJECT IDENTIFIER ::= { id-aca 1 }
 
34
      id-aca-accessIdentity        OBJECT IDENTIFIER ::= { id-aca 2 }
 
35
      id-aca-chargingIdentity      OBJECT IDENTIFIER ::= { id-aca 3 }
 
36
      id-aca-group                 OBJECT IDENTIFIER ::= { id-aca 4 }
 
37
      -- { id-aca 5 } is reserved
 
38
      id-aca-encAttrs              OBJECT IDENTIFIER ::= { id-aca 6 }
 
39
 
 
40
      id-at-role                   OBJECT IDENTIFIER ::= { id-at 72}
 
41
      id-at-clearance              OBJECT IDENTIFIER ::=
 
42
                  { joint-iso-ccitt(2) ds(5) module(1)
 
43
                    selected-attribute-types(5) clearance (55) }
 
44
 
 
45
             -- Uncomment this if using a 1988 level ASN.1 compiler
 
46
             -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
 
47
 
 
48
             AttributeCertificate ::= SEQUENCE {
 
49
                   acinfo               AttributeCertificateInfo,
 
50
                   signatureAlgorithm   AlgorithmIdentifier,
 
51
                   signatureValue       BIT STRING
 
52
             }
 
53
 
 
54
             AttributeCertificateInfo ::= SEQUENCE {
 
55
                version        AttCertVersion,  -- version is v2
 
56
                holder         Holder,
 
57
                issuer         AttCertIssuer,
 
58
                signature      AlgorithmIdentifier,
 
59
                serialNumber   CertificateSerialNumber,
 
60
                attrCertValidityPeriod   AttCertValidityPeriod,
 
61
                attributes     SEQUENCE OF Attribute,
 
62
                issuerUniqueID UniqueIdentifier OPTIONAL,
 
63
                extensions     Extensions     OPTIONAL
 
64
             }
 
65
 
 
66
             AttCertVersion ::= INTEGER { v2(1) }
 
67
 
 
68
             Holder ::= SEQUENCE {
 
69
                   baseCertificateID   [0] IssuerSerial OPTIONAL,
 
70
                             -- the issuer and serial number of
 
71
                             -- the holder's Public Key Certificate
 
72
                   entityName          [1] GeneralNames OPTIONAL,
 
73
                             -- the name of the claimant or role
 
74
                   objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
 
75
                             -- used to directly authenticate the
 
76
                             -- holder, for example, an executable
 
77
             }
 
78
 
 
79
             ObjectDigestInfo    ::= SEQUENCE {
 
80
                   digestedObjectType  ENUMERATED {
 
81
                        publicKey            (0),
 
82
                        publicKeyCert        (1),
 
83
                        otherObjectTypes     (2) },
 
84
                                -- otherObjectTypes MUST NOT
 
85
                                -- MUST NOT be used in this profile
 
86
                   otherObjectTypeID   OBJECT IDENTIFIER  OPTIONAL,
 
87
                   digestAlgorithm     AlgorithmIdentifier,
 
88
                   objectDigest        BIT STRING
 
89
             }
 
90
 
 
91
             AttCertIssuer ::= CHOICE {
 
92
                   v1Form   GeneralNames,  -- MUST NOT be used in this
 
93
                                           -- profile
 
94
                   v2Form   [0] V2Form     -- v2 only
 
95
             }
 
96
 
 
97
             V2Form ::= SEQUENCE {
 
98
                   issuerName            GeneralNames  OPTIONAL,
 
99
                   baseCertificateID     [0] IssuerSerial  OPTIONAL,
 
100
                   objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
 
101
                      -- issuerName MUST be present in this profile
 
102
                      -- baseCertificateID and objectDigestInfo MUST
 
103
                      -- NOT be present in this profile
 
104
             }
 
105
 
 
106
             IssuerSerial  ::=  SEQUENCE {
 
107
                   issuer         GeneralNames,
 
108
                   serial         CertificateSerialNumber,
 
109
                   issuerUID      UniqueIdentifier OPTIONAL
 
110
             }
 
111
 
 
112
             AttCertValidityPeriod  ::= SEQUENCE {
 
113
                   notBeforeTime  GeneralizedTime,
 
114
                   notAfterTime   GeneralizedTime
 
115
             }
 
116
 
 
117
             Targets ::= SEQUENCE OF Target
 
118
 
 
119
             Target  ::= CHOICE {
 
120
                   targetName     [0] GeneralName,
 
121
                   targetGroup    [1] GeneralName,
 
122
                   targetCert     [2] TargetCert
 
123
             }
 
124
 
 
125
             TargetCert  ::= SEQUENCE {
 
126
                   targetCertificate  IssuerSerial,
 
127
                   targetName         GeneralName OPTIONAL,
 
128
                   certDigestInfo     ObjectDigestInfo OPTIONAL
 
129
             }
 
130
 
 
131
             IetfAttrSyntax ::= SEQUENCE {
 
132
                  policyAuthority[0] GeneralNames    OPTIONAL,
 
133
                  values         SEQUENCE OF CHOICE {
 
134
                                 octets    OCTET STRING,
 
135
                                 oid       OBJECT IDENTIFIER,
 
136
                                 string    UTF8String
 
137
                 }
 
138
             }
 
139
 
 
140
             SvceAuthInfo ::=    SEQUENCE {
 
141
                   service       GeneralName,
 
142
                   ident         GeneralName,
 
143
                   authInfo      OCTET STRING OPTIONAL
 
144
             }
 
145
 
 
146
             RoleSyntax ::= SEQUENCE {
 
147
                   roleAuthority  [0] GeneralNames OPTIONAL,
 
148
                   roleName       [1] GeneralName
 
149
             }
 
150
 
 
151
             Clearance  ::=  SEQUENCE {
 
152
                   policyId       [0] OBJECT IDENTIFIER,
 
153
                   classList      [1] ClassList DEFAULT {unclassified},
 
154
                   securityCategories
 
155
                                  [2] SET OF SecurityCategory  OPTIONAL
 
156
             }
 
157
 
 
158
             ClassList  ::=  BIT STRING {
 
159
                   unmarked       (0),
 
160
                   unclassified   (1),
 
161
                   restricted     (2),
 
162
                   confidential   (3),
 
163
                   secret         (4),
 
164
                   topSecret      (5)
 
165
             }
 
166
 
 
167
             SecurityCategory ::= SEQUENCE {
 
168
                   type      [0]  IMPLICIT OBJECT IDENTIFIER,
 
169
                   value     [1]  ANY DEFINED BY type
 
170
             }
 
171
 
 
172
             AAControls ::= SEQUENCE {
 
173
                   pathLenConstraint INTEGER (0..MAX) OPTIONAL,
 
174
                   permittedAttrs    [0] AttrSpec OPTIONAL,
 
175
                   excludedAttrs     [1] AttrSpec OPTIONAL,
 
176
                   permitUnSpecified BOOLEAN DEFAULT TRUE
 
177
             }
 
178
 
 
179
             AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER
 
180
 
 
181
             ACClearAttrs ::= SEQUENCE {
 
182
                   acIssuer          GeneralName,
 
183
                   acSerial          INTEGER,
 
184
                   attrs             SEQUENCE OF Attribute
 
185
             }
 
186
 
 
187
             ProxyInfo ::= SEQUENCE OF Targets
 
188
 
 
189
      END