summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/asn1/pkixac/PKIXAttributeCertificate.asn
blob: 5a99c7ddb1a322eed0c1a9671f7083d0d1f448aa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6)
          internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
          id-mod-attribute-cert(12)}

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

-- EXPORTS ALL --

IMPORTS

      -- IMPORTed module OIDs MAY change if [PKIXPROF] changes
      -- PKIX Certificate Extensions
         Attribute, AlgorithmIdentifier, CertificateSerialNumber,
         Extensions, UniqueIdentifier,
         id-pkix, id-pe, id-kp, id-ad, id-at
         FROM PKIX1Explicit88 {iso(1) identified-organization(3)
                  dod(6) internet(1) security(5) mechanisms(5)
                  pkix(7) id-mod(0) id-pkix1-explicit-88(1)}

         GeneralName, GeneralNames, id-ce
         FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
                  certificateExtensions(26) 5} ;
--         FROM PKIX1Implicit88 {iso(1) identified-organization(3)
--                  dod(6) internet(1) security(5) mechanisms(5)
--                  pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ;

id-pe-ac-auditIdentity       OBJECT IDENTIFIER ::= { id-pe 4 }
id-pe-aaControls             OBJECT IDENTIFIER ::= { id-pe 6 }
id-pe-ac-proxying            OBJECT IDENTIFIER ::= { id-pe 10 }
id-ce-targetInformation      OBJECT IDENTIFIER ::= { id-ce 55 }

id-aca                       OBJECT IDENTIFIER ::= { id-pkix 10 }
id-aca-authenticationInfo    OBJECT IDENTIFIER ::= { id-aca 1 }
id-aca-accessIdentity        OBJECT IDENTIFIER ::= { id-aca 2 }
id-aca-chargingIdentity      OBJECT IDENTIFIER ::= { id-aca 3 }
id-aca-group                 OBJECT IDENTIFIER ::= { id-aca 4 }
-- { id-aca 5 } is reserved
id-aca-encAttrs              OBJECT IDENTIFIER ::= { id-aca 6 }

id-at-role                   OBJECT IDENTIFIER ::= { id-at 72}
id-at-clearance              OBJECT IDENTIFIER ::=
            { joint-iso-ccitt(2) ds(5) module(1)
              selected-attribute-types(5) clearance (55) }

       -- Uncomment this if using a 1988 level ASN.1 compiler
       -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING

       AttributeCertificate ::= SEQUENCE {
             acinfo               AttributeCertificateInfo,
             signatureAlgorithm   AlgorithmIdentifier,
             signatureValue       BIT STRING
       }

       AttributeCertificateInfo ::= SEQUENCE {
          version        AttCertVersion,  -- version is v2
          holder         Holder,
          issuer         AttCertIssuer,
          signature      AlgorithmIdentifier,
          serialNumber   CertificateSerialNumber,
          attrCertValidityPeriod   AttCertValidityPeriod,
          attributes     SEQUENCE OF Attribute,
          issuerUniqueID UniqueIdentifier OPTIONAL,
          extensions     Extensions     OPTIONAL
       }

       AttCertVersion ::= INTEGER { v2(1) }

       Holder ::= SEQUENCE {
             baseCertificateID   [0] IssuerSerial OPTIONAL,
                       -- the issuer and serial number of
                       -- the holder's Public Key Certificate
             entityName          [1] GeneralNames OPTIONAL,
                       -- the name of the claimant or role
             objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                       -- used to directly authenticate the
                       -- holder, for example, an executable
       }

       ObjectDigestInfo    ::= SEQUENCE {
             digestedObjectType  ENUMERATED {
                  publicKey            (0),
                  publicKeyCert        (1),
                  otherObjectTypes     (2) },
                          -- otherObjectTypes MUST NOT
                          -- MUST NOT be used in this profile
             otherObjectTypeID   OBJECT IDENTIFIER  OPTIONAL,
             digestAlgorithm     AlgorithmIdentifier,
             objectDigest        BIT STRING
       }

       AttCertIssuer ::= CHOICE {
             v1Form   GeneralNames,  -- MUST NOT be used in this
                                     -- profile
             v2Form   [0] V2Form     -- v2 only
       }

       V2Form ::= SEQUENCE {
             issuerName            GeneralNames  OPTIONAL,
             baseCertificateID     [0] IssuerSerial  OPTIONAL,
             objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
                -- issuerName MUST be present in this profile
                -- baseCertificateID and objectDigestInfo MUST
                -- NOT be present in this profile
       }

       IssuerSerial  ::=  SEQUENCE {
             issuer         GeneralNames,
             serial         CertificateSerialNumber,
             issuerUID      UniqueIdentifier OPTIONAL
       }

       AttCertValidityPeriod  ::= SEQUENCE {
             notBeforeTime  GeneralizedTime,
             notAfterTime   GeneralizedTime
       }

       Targets ::= SEQUENCE OF Target

       Target  ::= CHOICE {
             targetName     [0] GeneralName,
             targetGroup    [1] GeneralName,
             targetCert     [2] TargetCert
       }

       TargetCert  ::= SEQUENCE {
             targetCertificate  IssuerSerial,
             targetName         GeneralName OPTIONAL,
             certDigestInfo     ObjectDigestInfo OPTIONAL
       }

       IetfAttrSyntax ::= SEQUENCE {
            policyAuthority[0] GeneralNames    OPTIONAL,
            values         SEQUENCE OF CHOICE {
                           octets    OCTET STRING,
                           oid       OBJECT IDENTIFIER,
                           string    UTF8String
           }
       }

       SvceAuthInfo ::=    SEQUENCE {
             service       GeneralName,
             ident         GeneralName,
             authInfo      OCTET STRING OPTIONAL
       }

       RoleSyntax ::= SEQUENCE {
             roleAuthority  [0] GeneralNames OPTIONAL,
             roleName       [1] GeneralName
       }

       Clearance  ::=  SEQUENCE {
             policyId       OBJECT IDENTIFIER,
             classList      ClassList DEFAULT {unclassified},
             securityCategories
                            SET OF SecurityCategory  OPTIONAL
       }

       RFC3281Clearance  ::=  SEQUENCE {
             policyId       [0] OBJECT IDENTIFIER,
             classList      [1] ClassList DEFAULT {unclassified},
             securityCategories
                            [2] SET OF SecurityCategory  OPTIONAL
       }


       ClassList  ::=  BIT STRING {
             unmarked       (0),
             unclassified   (1),
             restricted     (2),
             confidential   (3),
             secret         (4),
             topSecret      (5)
       }

       SecurityCategory ::= SEQUENCE {
             type      [0]  IMPLICIT OBJECT IDENTIFIER,
             value     [1]  ANY DEFINED BY type
       }

       AAControls ::= SEQUENCE {
             pathLenConstraint INTEGER (0..MAX) OPTIONAL,
             permittedAttrs    [0] AttrSpec OPTIONAL,
             excludedAttrs     [1] AttrSpec OPTIONAL,
             permitUnSpecified BOOLEAN DEFAULT TRUE
       }

       AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER

       ACClearAttrs ::= SEQUENCE {
             acIssuer          GeneralName,
             acSerial          INTEGER,
             attrs             SEQUENCE OF Attribute
       }

       ProxyInfo ::= SEQUENCE OF Targets

END