-- $Id$ --

X509 DEFINITIONS ::= BEGIN

IMPORTS heim_any FROM heim;

Version ::=  INTEGER --  {  v1(0), v2(1), v3(2)  } --

AlgorithmIdentifier ::= OBJECT IDENTIFIER

AttributeType ::=   OBJECT IDENTIFIER

AttributeValue ::=   heim_any

Attribute ::= SEQUENCE {
        type    AttributeType,
        value   AttributeValue
}

RelativeDistinguishedName ::= SET OF Attribute

RDNSequence ::=   SEQUENCE OF RelativeDistinguishedName

DistinguishedName ::=   RDNSequence

Name ::=   CHOICE { -- only one possibility for now --
	rdnSequence  RDNSequence
}

CertificateSerialNumber ::= INTEGER

Time ::= CHOICE {
     utcTime        UTCTime,
     generalTime    GeneralizedTime
}

Validity ::= SEQUENCE {
     notBefore      Time,
     notAfter       Time
}

UniqueIdentifier  ::=  BIT STRING

SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING
}

Extension  ::=  SEQUENCE  {
     extnID      OBJECT IDENTIFIER,
     critical    BOOLEAN DEFAULT FALSE,
     extnValue   OCTET STRING
}

Extensions  ::=  SEQUENCE OF Extension --  SIZE (1..MAX) 

TBSCertificate  ::=  SEQUENCE  {
     version         [0]  EXPLICIT Version DEFAULT 1,
     serialNumber         CertificateSerialNumber,
     signature            AlgorithmIdentifier,
     issuer               Name,
     validity             Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version shall be v2 or v3
     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version shall be v2 or v3
     extensions      [3]  EXPLICIT Extensions OPTIONAL
                          -- If present, version shall be v3
}

Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signatureValue       BIT STRING
}

END