1 -- Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008,
2 -- 2009, 2010 Free Software Foundation, Inc.
4 -- This file is part of LIBTASN1.
6 -- This program is free software: you can redistribute it and/or modify
7 -- it under the terms of the GNU General Public License as published by
8 -- the Free Software Foundation, either version 3 of the License, or
9 -- (at your option) any later version.
11 -- This program is distributed in the hope that it will be useful,
12 -- but WITHOUT ANY WARRANTY; without even the implied warranty of
13 -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 -- GNU General Public License for more details.
16 -- You should have received a copy of the GNU General Public License
17 -- along with this program. If not, see <http://www.gnu.org/licenses/>.
19 PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1)
20 security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
22 DEFINITIONS IMPLICIT TAGS ::=
26 -- ISO arc for standard certificate and CRL extensions
28 id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
31 -- authority key identifier OID and syntax
33 id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
35 AuthorityKeyIdentifier ::= SEQUENCE {
36 keyIdentifier [0] KeyIdentifier OPTIONAL,
37 authorityCertIssuer [1] GeneralNames OPTIONAL,
38 authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
39 -- authorityCertIssuer and authorityCertSerialNumber shall both
40 -- be present or both be absgent
42 KeyIdentifier ::= OCTET STRING
44 -- subject key identifier OID and syntax
46 id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
48 SubjectKeyIdentifier ::= KeyIdentifier
50 -- key usage extension OID and syntax
52 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
54 KeyUsage ::= BIT STRING {
65 -- private key usage period extension OID and syntax
67 id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
69 PrivateKeyUsagePeriod ::= SEQUENCE {
70 notBefore [0] GeneralizedTime OPTIONAL,
71 notAfter [1] GeneralizedTime OPTIONAL }
72 -- either notBefore or notAfter shall be present
74 -- certificate policies extension OID and syntax
76 id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
78 CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
80 PolicyInformation ::= SEQUENCE {
81 policyIdentifier CertPolicyId,
82 policyQualifiers SEQUENCE SIZE (1..MAX) OF
83 PolicyQualifierInfo OPTIONAL }
85 CertPolicyId ::= OBJECT IDENTIFIER
87 PolicyQualifierInfo ::= SEQUENCE {
88 policyQualifierId PolicyQualifierId,
89 qualifier ANY DEFINED BY policyQualifierId }
91 -- Implementations that recognize additional policy qualifiers shall
92 -- augment the following definition for PolicyQualifierId
95 OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
97 -- CPS pointer qualifier
101 -- user notice qualifier
103 UserNotice ::= SEQUENCE {
104 noticeRef NoticeReference OPTIONAL,
105 explicitText DisplayText OPTIONAL}
107 NoticeReference ::= SEQUENCE {
108 organization DisplayText,
109 noticeNumbers SEQUENCE OF INTEGER }
111 DisplayText ::= CHOICE {
112 visibleString VisibleString (SIZE (1..200)),
113 bmpString BMPString (SIZE (1..200)),
114 utf8String UTF8String (SIZE (1..200)) }
116 -- policy mapping extension OID and syntax
118 id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
120 PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
121 issuerDomainPolicy CertPolicyId,
122 subjectDomainPolicy CertPolicyId }
124 -- subject alternative name extension OID and syntax
126 id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
128 SubjectAltName ::= GeneralNames
130 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
132 GeneralName ::= CHOICE {
133 otherName [0] AnotherName,
134 rfc822Name [1] IA5String,
135 dNSName [2] IA5String,
136 x400Address [3] ORAddress,
137 directoryName [4] Name,
138 ediPartyName [5] EDIPartyName,
139 uniformResourceIdentifier [6] IA5String,
140 iPAddress [7] OCTET STRING,
141 registeredID [8] OBJECT IDENTIFIER }
143 -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
144 -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
146 AnotherName ::= SEQUENCE {
147 type-id OBJECT IDENTIFIER,
148 value [0] EXPLICIT ANY DEFINED BY type-id }
150 EDIPartyName ::= SEQUENCE {
151 nameAssigner [0] DirectoryString OPTIONAL,
152 partyName [1] DirectoryString }
154 -- issuer alternative name extension OID and syntax
156 id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
158 IssuerAltName ::= GeneralNames
160 id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
162 SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
164 -- basic constraints extension OID and syntax
166 id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
168 BasicConstraints ::= SEQUENCE {
169 cA BOOLEAN DEFAULT FALSE,
170 pathLenConstraint INTEGER (0..MAX) OPTIONAL }
172 -- name constraints extension OID and syntax
174 id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
176 NameConstraints ::= SEQUENCE {
177 permittedSubtrees [0] GeneralSubtrees OPTIONAL,
178 excludedSubtrees [1] GeneralSubtrees OPTIONAL }
180 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
182 GeneralSubtree ::= SEQUENCE {
184 minimum [0] BaseDistance DEFAULT 0,
185 maximum [1] BaseDistance OPTIONAL }
187 BaseDistance ::= INTEGER (0..MAX)
189 -- policy constraints extension OID and syntax
191 id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
193 PolicyConstraints ::= SEQUENCE {
194 requireExplicitPolicy [0] SkipCerts OPTIONAL,
195 inhibitPolicyMapping [1] SkipCerts OPTIONAL }
197 SkipCerts ::= INTEGER (0..MAX)
199 -- CRL distribution points extension OID and syntax
201 id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
203 CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
205 DistributionPoint ::= SEQUENCE {
206 distributionPoint [0] DistributionPointName OPTIONAL,
207 reasons [1] ReasonFlags OPTIONAL,
208 cRLIssuer [2] GeneralNames OPTIONAL }
210 DistributionPointName ::= CHOICE {
211 fullName [0] GeneralNames,
212 nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
216 ReasonFlags ::= BIT STRING {
220 affiliationChanged (3),
222 cessationOfOperation (5),
223 certificateHold (6) }
225 -- extended key usage extension OID and syntax
227 id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
229 ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
231 KeyPurposeId ::= OBJECT IDENTIFIER
233 -- extended key purpose OIDs
234 id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
235 id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
236 id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
237 id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
238 id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
239 id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
240 id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
241 id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
243 -- authority info access
245 id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
247 AuthorityInfoAccessSyntax ::=
248 SEQUENCE SIZE (1..MAX) OF AccessDescription
250 AccessDescription ::= SEQUENCE {
251 accessMethod OBJECT IDENTIFIER,
252 accessLocation GeneralName }
254 -- CRL number extension OID and syntax
256 id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
258 CRLNumber ::= INTEGER (0..MAX)
260 -- issuing distribution point extension OID and syntax
262 id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
264 IssuingDistributionPoint ::= SEQUENCE {
265 distributionPoint [0] DistributionPointName OPTIONAL,
266 onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
267 onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
268 onlySomeReasons [3] ReasonFlags OPTIONAL,
269 indirectCRL [4] BOOLEAN DEFAULT FALSE }
272 id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
274 -- deltaCRLIndicator ::= BaseCRLNumber
276 BaseCRLNumber ::= CRLNumber
278 -- CRL reasons extension OID and syntax
280 id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
282 CRLReason ::= ENUMERATED {
286 affiliationChanged (3),
288 cessationOfOperation (5),
292 -- certificate issuer CRL entry extension OID and syntax
294 id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
296 CertificateIssuer ::= GeneralNames
298 -- hold instruction extension OID and syntax
300 id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
302 HoldInstructionCode ::= OBJECT IDENTIFIER
304 -- ANSI x9 holdinstructions
306 -- ANSI x9 arc holdinstruction arc
307 holdInstruction OBJECT IDENTIFIER ::=
308 {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
310 -- ANSI X9 holdinstructions referenced by this standard
311 id-holdinstruction-none OBJECT IDENTIFIER ::=
312 {holdInstruction 1} -- deprecated
313 id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
315 id-holdinstruction-reject OBJECT IDENTIFIER ::=
318 -- invalidity date CRL entry extension OID and syntax
320 id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
322 InvalidityDate ::= GeneralizedTime
325 -- --------------------------------------
327 -- --------------------------------------
329 -- UNIVERSAL Types defined in '93 and '98 ASN.1
330 -- but required by this specification
332 VisibleString ::= [UNIVERSAL 26] IMPLICIT OCTET STRING
334 NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
336 IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
338 TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
340 PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
342 UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
343 -- UniversalString is defined in ASN.1:1993
345 BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
346 -- BMPString is the subtype of UniversalString and models
347 -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
349 UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
350 -- The content of this type conforms to RFC 2279.
353 -- PKIX specific OIDs
355 id-pkix OBJECT IDENTIFIER ::=
356 { iso(1) identified-organization(3) dod(6) internet(1)
357 security(5) mechanisms(5) pkix(7) }
361 id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
362 -- arc for private certificate extensions
363 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
364 -- arc for policy qualifier types
365 id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
366 -- arc for extended key purpose OIDS
367 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
368 -- arc for access descriptors
370 -- policyQualifierIds for Internet policy qualifiers
372 id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
373 -- OID for CPS qualifier
374 id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
375 -- OID for user notice qualifier
377 -- access descriptor definitions
379 id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
380 id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
382 -- attribute data types --
384 Attribute ::= SEQUENCE {
386 values SET OF AttributeValue
387 -- at least one value is required --
390 AttributeType ::= OBJECT IDENTIFIER
392 AttributeValue ::= ANY
394 AttributeTypeAndValue ::= SEQUENCE {
396 value AttributeValue }
398 -- suggested naming attributes: Definition of the following
399 -- information object set may be augmented to meet local
400 -- requirements. Note that deleting members of the set may
401 -- prevent interoperability with conforming implementations.
402 -- presented in pairs: the AttributeType followed by the
403 -- type definition for the corresponding AttributeValue
405 -- Arc for standard naming attributes
406 id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
408 -- Attributes of type NameDirectoryString
409 id-at-name AttributeType ::= {id-at 41}
410 id-at-surname AttributeType ::= {id-at 4}
411 id-at-givenName AttributeType ::= {id-at 42}
412 id-at-initials AttributeType ::= {id-at 43}
413 id-at-generationQualifier AttributeType ::= {id-at 44}
415 X520name ::= CHOICE {
416 teletexString TeletexString (SIZE (1..ub-name)),
417 printableString PrintableString (SIZE (1..ub-name)),
418 universalString UniversalString (SIZE (1..ub-name)),
419 utf8String UTF8String (SIZE (1..ub-name)),
420 bmpString BMPString (SIZE(1..ub-name)) }
424 id-at-commonName AttributeType ::= {id-at 3}
426 X520CommonName ::= CHOICE {
427 teletexString TeletexString (SIZE (1..ub-common-name)),
428 printableString PrintableString (SIZE (1..ub-common-name)),
429 universalString UniversalString (SIZE (1..ub-common-name)),
430 utf8String UTF8String (SIZE (1..ub-common-name)),
431 bmpString BMPString (SIZE(1..ub-common-name)) }
435 id-at-localityName AttributeType ::= {id-at 7}
437 X520LocalityName ::= CHOICE {
438 teletexString TeletexString (SIZE (1..ub-locality-name)),
439 printableString PrintableString (SIZE (1..ub-locality-name)),
440 universalString UniversalString (SIZE (1..ub-locality-name)),
441 utf8String UTF8String (SIZE (1..ub-locality-name)),
442 bmpString BMPString (SIZE(1..ub-locality-name)) }
446 id-at-stateOrProvinceName AttributeType ::= {id-at 8}
448 X520StateOrProvinceName ::= CHOICE {
449 teletexString TeletexString (SIZE (1..ub-state-name)),
450 printableString PrintableString (SIZE (1..ub-state-name)),
451 universalString UniversalString (SIZE (1..ub-state-name)),
452 utf8String UTF8String (SIZE (1..ub-state-name)),
453 bmpString BMPString (SIZE(1..ub-state-name)) }
457 id-at-organizationName AttributeType ::= {id-at 10}
459 X520OrganizationName ::= CHOICE {
460 teletexString TeletexString (SIZE (1..ub-organization-name)),
461 printableString PrintableString (SIZE (1..ub-organization-name)),
462 universalString UniversalString (SIZE (1..ub-organization-name)),
463 utf8String UTF8String (SIZE (1..ub-organization-name)),
464 bmpString BMPString (SIZE(1..ub-organization-name)) }
468 id-at-organizationalUnitName AttributeType ::= {id-at 11}
470 X520OrganizationalUnitName ::= CHOICE {
471 teletexString TeletexString (SIZE (1..ub-organizational-unit-name)),
472 printableString PrintableString
473 (SIZE (1..ub-organizational-unit-name)),
474 universalString UniversalString
475 (SIZE (1..ub-organizational-unit-name)),
476 utf8String UTF8String (SIZE (1..ub-organizational-unit-name)),
477 bmpString BMPString (SIZE(1..ub-organizational-unit-name)) }
481 id-at-title AttributeType ::= {id-at 12}
483 X520Title ::= CHOICE {
484 teletexString TeletexString (SIZE (1..ub-title)),
485 printableString PrintableString (SIZE (1..ub-title)),
486 universalString UniversalString (SIZE (1..ub-title)),
487 utf8String UTF8String (SIZE (1..ub-title)),
488 bmpString BMPString (SIZE(1..ub-title)) }
492 id-at-dnQualifier AttributeType ::= {id-at 46}
493 X520dnQualifier ::= PrintableString
495 id-at-countryName AttributeType ::= {id-at 6}
496 X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
500 pkcs-9 OBJECT IDENTIFIER ::=
501 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
503 emailAddress AttributeType ::= { pkcs-9 1 }
505 Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
507 -- naming data types --
509 Name ::= CHOICE { -- only one possibility for now --
510 rdnSequence RDNSequence }
512 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
514 DistinguishedName ::= RDNSequence
516 RelativeDistinguishedName ::=
517 SET SIZE (1 .. MAX) OF AttributeTypeAndValue
519 -- Directory string type --
521 DirectoryString ::= CHOICE {
522 teletexString TeletexString (SIZE (1..MAX)),
523 printableString PrintableString (SIZE (1..MAX)),
524 universalString UniversalString (SIZE (1..MAX)),
525 utf8String UTF8String (SIZE (1..MAX)),
526 bmpString BMPString (SIZE(1..MAX)) }
529 -- --------------------------------------------------------
530 -- certificate and CRL specific structures begin here
531 -- --------------------------------------------------------
533 Certificate ::= SEQUENCE {
534 tbsCertificate TBSCertificate,
535 signatureAlgorithm AlgorithmIdentifier,
536 signature BIT STRING }
538 TBSCertificate ::= SEQUENCE {
539 version [0] EXPLICIT Version DEFAULT v1,
540 serialNumber CertificateSerialNumber,
541 signature AlgorithmIdentifier,
545 subjectPublicKeyInfo SubjectPublicKeyInfo,
546 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
547 -- If present, version shall be v2 or v3
548 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
549 -- If present, version shall be v2 or v3
550 extensions [3] EXPLICIT Extensions OPTIONAL
551 -- If present, version shall be v3 --
554 Version ::= INTEGER { v1(0), v2(1), v3(2) }
556 CertificateSerialNumber ::= INTEGER
558 Validity ::= SEQUENCE {
564 generalTime GeneralizedTime }
566 UniqueIdentifier ::= BIT STRING
568 SubjectPublicKeyInfo ::= SEQUENCE {
569 algorithm AlgorithmIdentifier,
570 subjectPublicKey BIT STRING }
572 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
574 Extension ::= SEQUENCE {
575 extnID OBJECT IDENTIFIER,
576 critical BOOLEAN DEFAULT FALSE,
577 extnValue OCTET STRING }
580 -- ------------------------------------------
582 -- ------------------------------------------
584 CertificateList ::= SEQUENCE {
585 tbsCertList TBSCertList,
586 signatureAlgorithm AlgorithmIdentifier,
587 signature BIT STRING }
589 TBSCertList ::= SEQUENCE {
590 version Version OPTIONAL,
591 -- if present, shall be v2
592 signature AlgorithmIdentifier,
595 nextUpdate Time OPTIONAL,
596 revokedCertificates SEQUENCE OF SEQUENCE {
597 userCertificate CertificateSerialNumber,
599 crlEntryExtensions Extensions OPTIONAL
600 -- if present, shall be v2
602 crlExtensions [0] EXPLICIT Extensions OPTIONAL
603 -- if present, shall be v2 --
606 -- Version, Time, CertificateSerialNumber, and Extensions were
607 -- defined earlier for use in the certificate structure
609 AlgorithmIdentifier ::= SEQUENCE {
610 algorithm OBJECT IDENTIFIER,
611 parameters ANY DEFINED BY algorithm OPTIONAL }
612 -- contains a value of the type
613 -- registered for use with the
614 -- algorithm object identifier value
616 -- Algorithm OIDs and parameter structures
618 pkcs-1 OBJECT IDENTIFIER ::= {
619 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
621 rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
623 md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
625 md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
627 sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
629 id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
630 iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
632 Dss-Sig-Value ::= SEQUENCE {
636 dhpublicnumber OBJECT IDENTIFIER ::= {
637 iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
639 DomainParameters ::= SEQUENCE {
640 p INTEGER, -- odd prime, p=jq +1
641 g INTEGER, -- generator, g
642 q INTEGER, -- factor of p-1
643 j INTEGER OPTIONAL, -- subgroup factor, j>= 2
644 validationParms ValidationParms OPTIONAL }
646 ValidationParms ::= SEQUENCE {
648 pgenCounter INTEGER }
650 id-dsa OBJECT IDENTIFIER ::= {
651 iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
653 Dss-Parms ::= SEQUENCE {
658 -- x400 address syntax starts here
661 ORAddress ::= SEQUENCE {
662 built-in-standard-attributes BuiltInStandardAttributes,
663 built-in-domain-defined-attributes
664 BuiltInDomainDefinedAttributes OPTIONAL,
665 -- see also teletex-domain-defined-attributes
666 extension-attributes ExtensionAttributes OPTIONAL }
667 -- The OR-address is semantically absent from the OR-name if the
668 -- built-in-standard-attribute sequence is empty and the
669 -- built-in-domain-defined-attributes and extension-attributes are
672 -- Built-in Standard Attributes
674 BuiltInStandardAttributes ::= SEQUENCE {
675 country-name CountryName OPTIONAL,
676 administration-domain-name AdministrationDomainName OPTIONAL,
677 network-address [0] EXPLICIT NetworkAddress OPTIONAL,
678 -- see also extended-network-address
679 terminal-identifier [1] EXPLICIT TerminalIdentifier OPTIONAL,
680 private-domain-name [2] EXPLICIT PrivateDomainName OPTIONAL,
681 organization-name [3] EXPLICIT OrganizationName OPTIONAL,
682 -- see also teletex-organization-name
683 numeric-user-identifier [4] EXPLICIT NumericUserIdentifier OPTIONAL,
684 personal-name [5] EXPLICIT PersonalName OPTIONAL,
685 -- see also teletex-personal-name
686 organizational-unit-names [6] EXPLICIT OrganizationalUnitNames OPTIONAL
687 -- see also teletex-organizational-unit-names --
690 CountryName ::= [APPLICATION 1] CHOICE {
691 x121-dcc-code NumericString
692 (SIZE (ub-country-name-numeric-length)),
693 iso-3166-alpha2-code PrintableString
694 (SIZE (ub-country-name-alpha-length)) }
696 AdministrationDomainName ::= [APPLICATION 2] EXPLICIT CHOICE {
697 numeric NumericString (SIZE (0..ub-domain-name-length)),
698 printable PrintableString (SIZE (0..ub-domain-name-length)) }
700 NetworkAddress ::= X121Address -- see also extended-network-address
702 X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
704 TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length))
706 PrivateDomainName ::= CHOICE {
707 numeric NumericString (SIZE (1..ub-domain-name-length)),
708 printable PrintableString (SIZE (1..ub-domain-name-length)) }
710 OrganizationName ::= PrintableString
711 (SIZE (1..ub-organization-name-length))
712 -- see also teletex-organization-name
714 NumericUserIdentifier ::= NumericString
715 (SIZE (1..ub-numeric-user-id-length))
717 PersonalName ::= SET {
718 surname [0] PrintableString (SIZE (1..ub-surname-length)),
719 given-name [1] PrintableString
720 (SIZE (1..ub-given-name-length)) OPTIONAL,
721 initials [2] PrintableString (SIZE (1..ub-initials-length)) OPTIONAL,
722 generation-qualifier [3] PrintableString
723 (SIZE (1..ub-generation-qualifier-length)) OPTIONAL }
724 -- see also teletex-personal-name
726 OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
727 OF OrganizationalUnitName
728 -- see also teletex-organizational-unit-names
730 OrganizationalUnitName ::= PrintableString (SIZE
731 (1..ub-organizational-unit-name-length))
733 -- Built-in Domain-defined Attributes
735 BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
736 (1..ub-domain-defined-attributes) OF
737 BuiltInDomainDefinedAttribute
739 BuiltInDomainDefinedAttribute ::= SEQUENCE {
740 type PrintableString (SIZE
741 (1..ub-domain-defined-attribute-type-length)),
742 value PrintableString (SIZE
743 (1..ub-domain-defined-attribute-value-length))}
745 -- Extension Attributes
747 ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
750 ExtensionAttribute ::= SEQUENCE {
751 extension-attribute-type [0] EXPLICIT INTEGER (0..ub-extension-attributes),
752 extension-attribute-value [1] EXPLICIT
753 ANY DEFINED BY extension-attribute-type }
755 -- Extension types and attribute values
758 common-name INTEGER ::= 1
760 CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
762 teletex-common-name INTEGER ::= 2
764 TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
766 teletex-organization-name INTEGER ::= 3
768 TeletexOrganizationName ::=
769 TeletexString (SIZE (1..ub-organization-name-length))
771 teletex-personal-name INTEGER ::= 4
773 TeletexPersonalName ::= SET {
774 surname [0] EXPLICIT TeletexString (SIZE (1..ub-surname-length)),
775 given-name [1] EXPLICIT TeletexString
776 (SIZE (1..ub-given-name-length)) OPTIONAL,
777 initials [2] EXPLICIT TeletexString (SIZE (1..ub-initials-length)) OPTIONAL,
778 generation-qualifier [3] EXPLICIT TeletexString (SIZE
779 (1..ub-generation-qualifier-length)) OPTIONAL }
781 teletex-organizational-unit-names INTEGER ::= 5
783 TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
784 (1..ub-organizational-units) OF TeletexOrganizationalUnitName
786 TeletexOrganizationalUnitName ::= TeletexString
787 (SIZE (1..ub-organizational-unit-name-length))
789 pds-name INTEGER ::= 7
791 PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
793 physical-delivery-country-name INTEGER ::= 8
795 PhysicalDeliveryCountryName ::= CHOICE {
796 x121-dcc-code NumericString (SIZE (ub-country-name-numeric-length)),
797 iso-3166-alpha2-code PrintableString
798 (SIZE (ub-country-name-alpha-length)) }
800 postal-code INTEGER ::= 9
802 PostalCode ::= CHOICE {
803 numeric-code NumericString (SIZE (1..ub-postal-code-length)),
804 printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
806 physical-delivery-office-name INTEGER ::= 10
808 PhysicalDeliveryOfficeName ::= PDSParameter
810 physical-delivery-office-number INTEGER ::= 11
812 PhysicalDeliveryOfficeNumber ::= PDSParameter
814 extension-OR-address-components INTEGER ::= 12
816 ExtensionORAddressComponents ::= PDSParameter
818 physical-delivery-personal-name INTEGER ::= 13
820 PhysicalDeliveryPersonalName ::= PDSParameter
822 physical-delivery-organization-name INTEGER ::= 14
824 PhysicalDeliveryOrganizationName ::= PDSParameter
826 extension-physical-delivery-address-components INTEGER ::= 15
828 ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
830 unformatted-postal-address INTEGER ::= 16
832 UnformattedPostalAddress ::= SET {
833 printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF
834 PrintableString (SIZE (1..ub-pds-parameter-length)) OPTIONAL,
835 teletex-string TeletexString
836 (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
838 street-address INTEGER ::= 17
840 StreetAddress ::= PDSParameter
842 post-office-box-address INTEGER ::= 18
844 PostOfficeBoxAddress ::= PDSParameter
846 poste-restante-address INTEGER ::= 19
848 PosteRestanteAddress ::= PDSParameter
850 unique-postal-name INTEGER ::= 20
852 UniquePostalName ::= PDSParameter
854 local-postal-attributes INTEGER ::= 21
856 LocalPostalAttributes ::= PDSParameter
858 PDSParameter ::= SET {
859 printable-string PrintableString
860 (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
861 teletex-string TeletexString
862 (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
864 extended-network-address INTEGER ::= 22
866 ExtendedNetworkAddress ::= CHOICE {
867 e163-4-address SEQUENCE {
868 number [0] EXPLICIT NumericString (SIZE (1..ub-e163-4-number-length)),
869 sub-address [1] EXPLICIT NumericString
870 (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL },
871 psap-address [0] EXPLICIT PresentationAddress }
873 PresentationAddress ::= SEQUENCE {
874 pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
875 sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
876 tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
877 nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
879 terminal-type INTEGER ::= 23
881 TerminalType ::= INTEGER {
887 videotex (8) } (0..ub-integer-options)
889 -- Extension Domain-defined Attributes
891 teletex-domain-defined-attributes INTEGER ::= 6
893 TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
894 (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
896 TeletexDomainDefinedAttribute ::= SEQUENCE {
898 (SIZE (1..ub-domain-defined-attribute-type-length)),
900 (SIZE (1..ub-domain-defined-attribute-value-length)) }
902 -- specifications of Upper Bounds shall be regarded as mandatory
903 -- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
907 ub-name INTEGER ::= 32768
908 ub-common-name INTEGER ::= 64
909 ub-locality-name INTEGER ::= 128
910 ub-state-name INTEGER ::= 128
911 ub-organization-name INTEGER ::= 64
912 ub-organizational-unit-name INTEGER ::= 64
913 ub-title INTEGER ::= 64
914 ub-match INTEGER ::= 128
916 ub-emailaddress-length INTEGER ::= 128
918 ub-common-name-length INTEGER ::= 64
919 ub-country-name-alpha-length INTEGER ::= 2
920 ub-country-name-numeric-length INTEGER ::= 3
921 ub-domain-defined-attributes INTEGER ::= 4
922 ub-domain-defined-attribute-type-length INTEGER ::= 8
923 ub-domain-defined-attribute-value-length INTEGER ::= 128
924 ub-domain-name-length INTEGER ::= 16
925 ub-extension-attributes INTEGER ::= 256
926 ub-e163-4-number-length INTEGER ::= 15
927 ub-e163-4-sub-address-length INTEGER ::= 40
928 ub-generation-qualifier-length INTEGER ::= 3
929 ub-given-name-length INTEGER ::= 16
930 ub-initials-length INTEGER ::= 5
931 ub-integer-options INTEGER ::= 256
932 ub-numeric-user-id-length INTEGER ::= 32
933 ub-organization-name-length INTEGER ::= 64
934 ub-organizational-unit-name-length INTEGER ::= 32
935 ub-organizational-units INTEGER ::= 4
936 ub-pds-name-length INTEGER ::= 16
937 ub-pds-parameter-length INTEGER ::= 30
938 ub-pds-physical-address-lines INTEGER ::= 6
939 ub-postal-code-length INTEGER ::= 16
940 ub-surname-length INTEGER ::= 40
941 ub-terminal-id-length INTEGER ::= 24
942 ub-unformatted-address-length INTEGER ::= 180
943 ub-x121-address-length INTEGER ::= 16
945 -- Note - upper bounds on string types, such as TeletexString, are
946 -- measured in characters. Excepting PrintableString or IA5String, a
947 -- significantly greater number of octets will be required to hold
948 -- such a value. As a minimum, 16 octets, or twice the specified upper
949 -- bound, whichever is the larger, should be allowed for TeletexString.
950 -- For UTF8String or UniversalString at least four times the upper
951 -- bound should be allowed.