| Class | Description |
|---|---|
| AccessDescription |
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
|
| AlgorithmIdentifier |
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
|
| AttCertIssuer |
AttCertIssuer ::= CHOICE {
v1Form GeneralNames, -- MUST NOT be used in this profile
v2Form [0] V2Form -- v2 only
}
|
| AttCertValidityPeriod |
AttCertValidityPeriod ::= SEQUENCE {
notBeforeTime GeneralizedTime,
notAfterTime GeneralizedTime
}
|
| Attribute |
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue
}
AttributeValue ::= ANY
|
| AttributeCertificate |
AttributeCertificate ::= SEQUENCE {
acinfo AttributeCertificateInfo,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING
}
|
| AttributeCertificateInfo |
AttributeCertificateInfo ::= SEQUENCE {
version AttCertVersion -- version is v2,
holder Holder,
issuer AttCertIssuer,
signature AlgorithmIdentifier,
serialNumber CertificateSerialNumber,
attrCertValidityPeriod AttCertValidityPeriod,
attributes SEQUENCE OF Attribute,
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions OPTIONAL
}
AttCertVersion ::= INTEGER { v2(1) }
UniqueIdentifier ::= BIT STRING
|
| Attributes |
Ref.
|
| AttributeValues |
Ref.
|
| AuthorityInformationAccess |
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
|
| AuthorityKeyIdentifier |
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL
}
KeyIdentifier ::= OCTET STRING
|
| BasicConstraints |
BasicConstraints := SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL
}
|
| Certificate |
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
|
| CertificateList |
RFC-2459:
|
| CertificatePair |
CertificatePair ::= SEQUENCE {
forward [0] Certificate OPTIONAL,
reverse [1] Certificate OPTIONAL,
-- at least one of the pair shall be present --
}
|
| CertificatePolicies |
CertificatePolicies ::= SEQUENCE SIZE {1..MAX} OF PolicyInformation
|
| CertificateSerialNumber | |
| CertPolicyId |
CertPolicyId ::= OBJECT IDENTIFIER
|
| CRLDistPoint |
CRLDistPoint ::= SEQUENCE SIZE {1..MAX} OF DistributionPoint
|
| CRLNumber |
CRLNumber::= INTEGER(0..MAX)
|
| CRLReason | |
| DhParameter | |
| DigestedObjectType | |
| DigestInfo |
DigestInfo::=SEQUENCE{
digestAlgorithm AlgorithmIdentifier,
digest OCTET STRING
}
|
| DirectoryString |
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX))
}
|
| DisplayText |
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200))
}
|
| DistributionPoint |
DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL
}
|
| DistributionPointName |
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RDN
}
|
| DSAParameter | |
| EDIPartyName |
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString
}
|
| ExtendedKeyUsage |
extendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
| Extension |
Ref.
|
| Extensions |
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE {
extnId EXTENSION.&id ({ExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
}
|
| GeneralName |
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER
}
|
| GeneralNames | |
| GeneralSubtree |
Ref.
|
| GeneralSubtrees | |
| Holder |
Holder ::= SEQUENCE {
baseCertificateID [0] IssuerSerial OPTIONAL,
-- the issuer and serial number of
-- the holder's Public Key Certificate
entityName [1] GeneralNames OPTIONAL,
-- the name of the claimant or role
objectDigestInfo [2] ObjectDigestInfo OPTIONAL
-- used to directly authenticate the holder,
-- for example, an executable
}
|
| IetfAttrSyntax |
Ref.
|
| IetfAttrSyntaxChoice |
Ref.
|
| IetfAttrSyntaxChoices | |
| IssuerSerial |
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serial CertificateSerialNumber,
issuerUID UniqueIdentifier OPTIONAL
}
|
| IssuingDistributionPoint |
IssuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE,
onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE
}
|
| KeyIdentifier |
KeyIdentifier ::= OCTET STRING
|
| KeyPurposeId |
KeyPurposeId ::= OBJECT IDENTIFIER
id-kp ::= OBJECT IDENTIFIER { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7) 3}
|
| KeyUsage | |
| NameConstraints | |
| NoticeNumbers |
noticeNumbers ::= SEQUENCE OF INTEGER }
|
| NoticeReference |
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER
}
|
| ObjectDigestInfo |
ObjectDigestInfo ::= SEQUENCE {
digestedObjectType ENUMERATED {
publicKey (0),
publicKeyCert (1),
otherObjectTypes (2) },
-- otherObjectTypes MUST NOT
-- be used in this profile
otherObjectTypeID OBJECT IDENTIFIER OPTIONAL,
digestAlgorithm AlgorithmIdentifier,
objectDigest BIT STRING
}
|
| OtherName |
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id
}
|
| PolicyConstraints |
Ref.
|
| PolicyInformation | |
| PolicyMapping |
Ref.
|
| PolicyMappings |
Ref.
|
| PolicyQualifierId |
id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
PolicyQualifierId ::=
OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice)
|
| PolicyQualifierInfo |
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId
}
PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
|
| PolicyQualifierInfos | |
| PrivateKeyUsagePeriod |
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL
}
|
| ReasonFlags | |
| RevokedCertificate |
Ref.
|
| RevokedCertificates |
Ref.
|
| RoleSyntax |
Ref.
|
| SubjectDirectoryAttributes |
Ref.
|
| SubjectKeyIdentifier |
SubjectKeyIdentifier::= OCTET STRING
|
| SubjectPublicKeyInfo |
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
|
| Target |
Ref.
|
| TargetCert |
TargetCert ::= SEQUENCE {
targetCertificate IssuerSerial,
targetName GeneralName OPTIONAL,
certDigestInfo ObjectDigestInfo OPTIONAL
}
|
| TargetInformation |
Ref.
|
| Targets |
Ref.
|
| TBSCertificate |
TBSCertificate ::= SEQUENCE {
version [ 0 ] Version DEFAULT v1(0),
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
extensions [ 3 ] Extensions OPTIONAL
}
|
| TBSCertList |
Ref.
|
| Time |
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime
}
|
| UserNotice |
UserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
|
| V2Form |
Produce an object suitable for an ASN1OutputStream.
|
Copyright © 2014–2019 The Apache Software Foundation. All rights reserved.