1-- From rfc2560 2-- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $ 3OCSP DEFINITIONS EXPLICIT TAGS::= 4 5BEGIN 6 7IMPORTS 8 Certificate, AlgorithmIdentifier, CRLReason, 9 Name, GeneralName, CertificateSerialNumber, Extensions 10 FROM rfc2459; 11 12OCSPVersion ::= INTEGER { ocsp-v1(0) } 13 14OCSPCertStatus ::= CHOICE { 15 good [0] IMPLICIT NULL, 16 revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE { 17 revocationTime GeneralizedTime, 18 revocationReason[0] EXPLICIT CRLReason OPTIONAL 19 }, 20 unknown [2] IMPLICIT NULL } 21 22OCSPCertID ::= SEQUENCE { 23 hashAlgorithm AlgorithmIdentifier, 24 issuerNameHash OCTET STRING, -- Hash of Issuer's DN 25 issuerKeyHash OCTET STRING, -- Hash of Issuers public key 26 serialNumber CertificateSerialNumber } 27 28OCSPSingleResponse ::= SEQUENCE { 29 certID OCSPCertID, 30 certStatus OCSPCertStatus, 31 thisUpdate GeneralizedTime, 32 nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 33 singleExtensions [1] EXPLICIT Extensions OPTIONAL } 34 35OCSPInnerRequest ::= SEQUENCE { 36 reqCert OCSPCertID, 37 singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 38 39OCSPTBSRequest ::= SEQUENCE { 40 version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, 41 requestorName [1] EXPLICIT GeneralName OPTIONAL, 42 requestList SEQUENCE OF OCSPInnerRequest, 43 requestExtensions [2] EXPLICIT Extensions OPTIONAL } 44 45OCSPSignature ::= SEQUENCE { 46 signatureAlgorithm AlgorithmIdentifier, 47 signature BIT STRING, 48 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 49 50OCSPRequest ::= SEQUENCE { 51 tbsRequest OCSPTBSRequest, 52 optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL } 53 54OCSPResponseBytes ::= SEQUENCE { 55 responseType OBJECT IDENTIFIER, 56 response OCTET STRING } 57 58OCSPResponseStatus ::= ENUMERATED { 59 successful (0), --Response has valid confirmations 60 malformedRequest (1), --Illegal confirmation request 61 internalError (2), --Internal error in issuer 62 tryLater (3), --Try again later 63 --(4) is not used 64 sigRequired (5), --Must sign the request 65 unauthorized (6) --Request unauthorized 66} 67 68OCSPResponse ::= SEQUENCE { 69 responseStatus OCSPResponseStatus, 70 responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL } 71 72OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 73 --(excluding the tag and length fields) 74 75OCSPResponderID ::= CHOICE { 76 byName [1] Name, 77 byKey [2] OCSPKeyHash } 78 79OCSPResponseData ::= SEQUENCE { 80 version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, 81 responderID OCSPResponderID, 82 producedAt GeneralizedTime, 83 responses SEQUENCE OF OCSPSingleResponse, 84 responseExtensions [1] EXPLICIT Extensions OPTIONAL } 85 86OCSPBasicOCSPResponse ::= SEQUENCE { 87 tbsResponseData OCSPResponseData, 88 signatureAlgorithm AlgorithmIdentifier, 89 signature BIT STRING, 90 certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 91 92-- ArchiveCutoff ::= GeneralizedTime 93 94-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER 95 96-- Object Identifiers 97 98id-pkix-ocsp OBJECT IDENTIFIER ::= { 99 iso(1) identified-organization(3) dod(6) internet(1) 100 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1 101} 102 103id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 104id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 105-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 } 106-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 } 107-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 108-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } 109-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 } 110 111 112END 113 114