oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

RFC2560 - Online Certificate Status Protocol

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16863 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-03-31 01:01:01 +00:00
parent f9160af5a1
commit 7677242d01
1 changed files with 110 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
lib/hx509/ocsp.asn1 Normal file
View File

@@ -0,0 +1,110 @@
-- From rfc2560
-- $Id$
OCSP DEFINITIONS EXPLICIT TAGS::=
BEGIN
IMPORTS
Certificate, AlgorithmIdentifier, CRLReason,
Name, GeneralName, CertificateSerialNumber, Extensions
FROM rfc2459;
OCSPVersion ::= INTEGER { ocsp-v1(0) }
OCSPCertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
revocationTime GeneralizedTime,
revocationReason[0] EXPLICIT CRLReason OPTIONAL
},
unknown [2] IMPLICIT NULL }
OCSPCertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
serialNumber CertificateSerialNumber }
OCSPSingleResponse ::= SEQUENCE {
certID OCSPCertID,
certStatus OCSPCertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
OCSPInnerRequest ::= SEQUENCE {
reqCert OCSPCertID,
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
OCSPTBSRequest ::= SEQUENCE {
version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF OCSPInnerRequest,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
OCSPSignature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
OCSPRequest ::= SEQUENCE {
tbsRequest OCSPTBSRequest,
optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL }
OCSPResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING }
OCSPResponseStatus ::= ENUMERATED {
successful (0), --Response has valid confirmations
malformedRequest (1), --Illegal confirmation request
internalError (2), --Internal error in issuer
tryLater (3), --Try again later
--(4) is not used
sigRequired (5), --Must sign the request
unauthorized (6) --Request unauthorized
}
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL }
OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
--(excluding the tag and length fields)
OCSPResponderID ::= CHOICE {
byName [1] Name,
byKey [2] OCSPKeyHash }
OCSPResponseData ::= SEQUENCE {
version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
responderID OCSPResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF OCSPSingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
OCSPBasicOCSPResponse ::= SEQUENCE {
tbsResponseData OCSPResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-- ArchiveCutoff ::= GeneralizedTime
-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-- Object Identifiers
-- id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
-- id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
-- id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
-- id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
END