1c19800e8SDoug Rabson-- From rfc2560 2*ae771770SStanislav Sedov-- $Id$ 3c19800e8SDoug RabsonOCSP DEFINITIONS EXPLICIT TAGS::= 4c19800e8SDoug Rabson 5c19800e8SDoug RabsonBEGIN 6c19800e8SDoug Rabson 7c19800e8SDoug RabsonIMPORTS 8c19800e8SDoug Rabson Certificate, AlgorithmIdentifier, CRLReason, 9c19800e8SDoug Rabson Name, GeneralName, CertificateSerialNumber, Extensions 10c19800e8SDoug Rabson FROM rfc2459; 11c19800e8SDoug Rabson 12c19800e8SDoug RabsonOCSPVersion ::= INTEGER { ocsp-v1(0) } 13c19800e8SDoug Rabson 14c19800e8SDoug RabsonOCSPCertStatus ::= CHOICE { 15c19800e8SDoug Rabson good [0] IMPLICIT NULL, 16c19800e8SDoug Rabson revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE { 17c19800e8SDoug Rabson revocationTime GeneralizedTime, 18c19800e8SDoug Rabson revocationReason[0] EXPLICIT CRLReason OPTIONAL 19c19800e8SDoug Rabson }, 20c19800e8SDoug Rabson unknown [2] IMPLICIT NULL } 21c19800e8SDoug Rabson 22c19800e8SDoug RabsonOCSPCertID ::= SEQUENCE { 23c19800e8SDoug Rabson hashAlgorithm AlgorithmIdentifier, 24c19800e8SDoug Rabson issuerNameHash OCTET STRING, -- Hash of Issuer's DN 25c19800e8SDoug Rabson issuerKeyHash OCTET STRING, -- Hash of Issuers public key 26c19800e8SDoug Rabson serialNumber CertificateSerialNumber } 27c19800e8SDoug Rabson 28c19800e8SDoug RabsonOCSPSingleResponse ::= SEQUENCE { 29c19800e8SDoug Rabson certID OCSPCertID, 30c19800e8SDoug Rabson certStatus OCSPCertStatus, 31c19800e8SDoug Rabson thisUpdate GeneralizedTime, 32c19800e8SDoug Rabson nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 33c19800e8SDoug Rabson singleExtensions [1] EXPLICIT Extensions OPTIONAL } 34c19800e8SDoug Rabson 35c19800e8SDoug RabsonOCSPInnerRequest ::= SEQUENCE { 36c19800e8SDoug Rabson reqCert OCSPCertID, 37c19800e8SDoug Rabson singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 38c19800e8SDoug Rabson 39c19800e8SDoug RabsonOCSPTBSRequest ::= SEQUENCE { 40c19800e8SDoug Rabson version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, 41c19800e8SDoug Rabson requestorName [1] EXPLICIT GeneralName OPTIONAL, 42c19800e8SDoug Rabson requestList SEQUENCE OF OCSPInnerRequest, 43c19800e8SDoug Rabson requestExtensions [2] EXPLICIT Extensions OPTIONAL } 44c19800e8SDoug Rabson 45c19800e8SDoug RabsonOCSPSignature ::= SEQUENCE { 46c19800e8SDoug Rabson signatureAlgorithm AlgorithmIdentifier, 47c19800e8SDoug Rabson signature BIT STRING, 48c19800e8SDoug Rabson certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 49c19800e8SDoug Rabson 50c19800e8SDoug RabsonOCSPRequest ::= SEQUENCE { 51c19800e8SDoug Rabson tbsRequest OCSPTBSRequest, 52c19800e8SDoug Rabson optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL } 53c19800e8SDoug Rabson 54c19800e8SDoug RabsonOCSPResponseBytes ::= SEQUENCE { 55c19800e8SDoug Rabson responseType OBJECT IDENTIFIER, 56c19800e8SDoug Rabson response OCTET STRING } 57c19800e8SDoug Rabson 58c19800e8SDoug RabsonOCSPResponseStatus ::= ENUMERATED { 59c19800e8SDoug Rabson successful (0), --Response has valid confirmations 60c19800e8SDoug Rabson malformedRequest (1), --Illegal confirmation request 61c19800e8SDoug Rabson internalError (2), --Internal error in issuer 62c19800e8SDoug Rabson tryLater (3), --Try again later 63c19800e8SDoug Rabson --(4) is not used 64c19800e8SDoug Rabson sigRequired (5), --Must sign the request 65c19800e8SDoug Rabson unauthorized (6) --Request unauthorized 66c19800e8SDoug Rabson} 67c19800e8SDoug Rabson 68c19800e8SDoug RabsonOCSPResponse ::= SEQUENCE { 69c19800e8SDoug Rabson responseStatus OCSPResponseStatus, 70c19800e8SDoug Rabson responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL } 71c19800e8SDoug Rabson 72c19800e8SDoug RabsonOCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 73c19800e8SDoug Rabson --(excluding the tag and length fields) 74c19800e8SDoug Rabson 75c19800e8SDoug RabsonOCSPResponderID ::= CHOICE { 76c19800e8SDoug Rabson byName [1] Name, 77c19800e8SDoug Rabson byKey [2] OCSPKeyHash } 78c19800e8SDoug Rabson 79c19800e8SDoug RabsonOCSPResponseData ::= SEQUENCE { 80c19800e8SDoug Rabson version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, 81c19800e8SDoug Rabson responderID OCSPResponderID, 82c19800e8SDoug Rabson producedAt GeneralizedTime, 83c19800e8SDoug Rabson responses SEQUENCE OF OCSPSingleResponse, 84c19800e8SDoug Rabson responseExtensions [1] EXPLICIT Extensions OPTIONAL } 85c19800e8SDoug Rabson 86c19800e8SDoug RabsonOCSPBasicOCSPResponse ::= SEQUENCE { 87c19800e8SDoug Rabson tbsResponseData OCSPResponseData, 88c19800e8SDoug Rabson signatureAlgorithm AlgorithmIdentifier, 89c19800e8SDoug Rabson signature BIT STRING, 90c19800e8SDoug Rabson certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 91c19800e8SDoug Rabson 92c19800e8SDoug Rabson-- ArchiveCutoff ::= GeneralizedTime 93c19800e8SDoug Rabson 94c19800e8SDoug Rabson-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER 95c19800e8SDoug Rabson 96c19800e8SDoug Rabson-- Object Identifiers 97c19800e8SDoug Rabson 98c19800e8SDoug Rabsonid-pkix-ocsp OBJECT IDENTIFIER ::= { 99c19800e8SDoug Rabson iso(1) identified-organization(3) dod(6) internet(1) 100c19800e8SDoug Rabson security(5) mechanisms(5) pkix(7) pkix-ad(48) 1 101c19800e8SDoug Rabson} 102c19800e8SDoug Rabson 103c19800e8SDoug Rabsonid-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 104c19800e8SDoug Rabsonid-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 105c19800e8SDoug Rabson-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 } 106c19800e8SDoug Rabson-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 } 107c19800e8SDoug Rabson-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 108c19800e8SDoug Rabson-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } 109c19800e8SDoug Rabson-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 } 110c19800e8SDoug Rabson 111c19800e8SDoug Rabson 112c19800e8SDoug RabsonEND 113c19800e8SDoug Rabson 114