-- Module OCSP (X.843:10/2000)
-- See also ITU-T X.843 (10/2000)
-- See also the index of all ASN.1 assignments needed in this document
OCSP DEFINITIONS EXPLICIT TAGS ::=
BEGIN
IMPORTS
-- Directory Information Framework (X.501)
Name
FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
informationFramework(1) 3}
-- Directory Authentication Framework (X.509)
AlgorithmIdentifier, Certificate, CertificateSerialNumber, Extensions
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 3}
-- Directory Certificate Extensions (X.509)
CRLReason, GeneralName
FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 0}
-- PKIX (RFC 2459)
AuthorityInfoAccessSyntax
FROM PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)}
id-kp, id-ad
FROM PKIX1Explicit93 {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit-93(3)};
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest,
optionalSignature [0] Signature OPTIONAL
}
TBSRequest ::= SEQUENCE {
version [0] Version DEFAULT v1,
requestorName [1] GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] Extensions OPTIONAL
}
Signature ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] SEQUENCE OF Certificate OPTIONAL
}
Version ::= INTEGER {v1(0)}
Request ::= SEQUENCE {
reqCert CertID,
singleRequestExtensions [0] Extensions OPTIONAL
}
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
issuerKeyHash OCTET STRING, -- Hash of Issuer's public key
serialNumber CertificateSerialNumber
}
OCSPResponse ::= SEQUENCE {
responseStatus OCSPResponseStatus,
responseBytes [0] ResponseBytes OPTIONAL
}
OCSPResponseStatus ::= ENUMERATED {
successful(0), --Response has valid confirmations
malformedRequest(1), --Illegal confirmation request
internalError(2), --Internal error in issuer
tryLater(3), --Try again later
--(4) is not used
sigRequired(5), --Must sign the request
unauthorized(6) --Request unauthorized--}
ResponseBytes ::= SEQUENCE {
responseType OBJECT IDENTIFIER,
response OCTET STRING
}
BasicOCSPResponse ::= SEQUENCE {
tbsResponseData ResponseData,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING,
certs [0] SEQUENCE OF Certificate OPTIONAL
}
ResponseData ::= SEQUENCE {
version [0] Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] Extensions OPTIONAL
}
ResponderID ::= CHOICE {byName [1] Name,
byKey [2] KeyHash
}
KeyHash ::= OCTET STRING --SHA-1 hash of TTP's public key
--(excluding the tag and length fields)
SingleResponse ::= SEQUENCE {
certID CertID,
certStatus CertStatus,
thisUpdate GeneralizedTime,
nextUpdate [0] GeneralizedTime OPTIONAL,
singleExtensions [1] Extensions OPTIONAL
}
CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo
}
RevokedInfo ::= SEQUENCE {
revocationTime GeneralizedTime,
revocationReason [0] CRLReason OPTIONAL
}
UnknownInfo ::= NULL
ArchiveCutoff ::= GeneralizedTime
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
ServiceLocator ::= SEQUENCE {issuer Name,
locator AuthorityInfoAccessSyntax
}
-- Object Identifiers
id-kp-OCSPSigning OBJECT IDENTIFIER ::= {id-kp 9}
id-pkix-ocsp OBJECT IDENTIFIER ::= {id-ad}
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= {id-pkix-ocsp 1}
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= {id-pkix-ocsp 2}
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= {id-pkix-ocsp 3}
id-pkix-ocsp-response OBJECT IDENTIFIER ::= {id-pkix-ocsp 4}
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= {id-pkix-ocsp 5}
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= {id-pkix-ocsp 6}
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= {id-pkix-ocsp 7}
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D