xref: /freebsd/crypto/heimdal/lib/hx509/ocsp.asn1 (revision b2d2a78ad80ec68d4a17f5aef97d21686cb1e29b)
1-- From rfc2560
2-- $Id$
3OCSP DEFINITIONS EXPLICIT TAGS::=
4
5BEGIN
6
7IMPORTS
8	Certificate, AlgorithmIdentifier, CRLReason,
9	Name, GeneralName, CertificateSerialNumber, Extensions
10	FROM rfc2459;
11
12OCSPVersion  ::=  INTEGER {  ocsp-v1(0) }
13
14OCSPCertStatus ::= CHOICE {
15    good                [0]     IMPLICIT NULL,
16    revoked             [1]     IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
17    			revocationTime		GeneralizedTime,
18			revocationReason[0]	EXPLICIT CRLReason OPTIONAL
19    },
20    unknown             [2]     IMPLICIT NULL }
21
22OCSPCertID ::= SEQUENCE {
23    hashAlgorithm            AlgorithmIdentifier,
24    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
25    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
26    serialNumber       CertificateSerialNumber }
27
28OCSPSingleResponse ::= SEQUENCE {
29   certID                       OCSPCertID,
30   certStatus                   OCSPCertStatus,
31   thisUpdate                   GeneralizedTime,
32   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
33   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
34
35OCSPInnerRequest ::=     SEQUENCE {
36    reqCert                    OCSPCertID,
37    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
38
39OCSPTBSRequest      ::=     SEQUENCE {
40    version             [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
41    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
42    requestList             SEQUENCE OF OCSPInnerRequest,
43    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
44
45OCSPSignature       ::=     SEQUENCE {
46    signatureAlgorithm   AlgorithmIdentifier,
47    signature            BIT STRING,
48    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
49
50OCSPRequest     ::=     SEQUENCE {
51    tbsRequest                  OCSPTBSRequest,
52    optionalSignature   [0]     EXPLICIT OCSPSignature OPTIONAL }
53
54OCSPResponseBytes ::=       SEQUENCE {
55    responseType   OBJECT IDENTIFIER,
56    response       OCTET STRING }
57
58OCSPResponseStatus ::= ENUMERATED {
59    successful            (0),      --Response has valid confirmations
60    malformedRequest      (1),      --Illegal confirmation request
61    internalError         (2),      --Internal error in issuer
62    tryLater              (3),      --Try again later
63                                    --(4) is not used
64    sigRequired           (5),      --Must sign the request
65    unauthorized          (6)       --Request unauthorized
66}
67
68OCSPResponse ::= SEQUENCE {
69   responseStatus         OCSPResponseStatus,
70   responseBytes          [0] EXPLICIT OCSPResponseBytes OPTIONAL }
71
72OCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
73                         --(excluding the tag and length fields)
74
75OCSPResponderID ::= CHOICE {
76   byName   [1] Name,
77   byKey    [2] OCSPKeyHash }
78
79OCSPResponseData ::= SEQUENCE {
80   version              [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
81   responderID              OCSPResponderID,
82   producedAt               GeneralizedTime,
83   responses                SEQUENCE OF OCSPSingleResponse,
84   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
85
86OCSPBasicOCSPResponse       ::= SEQUENCE {
87   tbsResponseData      OCSPResponseData,
88   signatureAlgorithm   AlgorithmIdentifier,
89   signature            BIT STRING,
90   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
91
92-- ArchiveCutoff ::= GeneralizedTime
93
94-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
95
96-- Object Identifiers
97
98id-pkix-ocsp         OBJECT IDENTIFIER ::= {
99 	 iso(1) identified-organization(3) dod(6) internet(1)
100	 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
101}
102
103id-pkix-ocsp-basic		OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
104id-pkix-ocsp-nonce		OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
105-- id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
106-- id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
107-- id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
108-- id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
109-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
110
111
112END
113
114