diff options
Diffstat (limited to 'lib/asn1/test/asn1_SUITE_data/modified_x420')
11 files changed, 6511 insertions, 0 deletions
diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/AuthenticationFramework.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/AuthenticationFramework.asn new file mode 100644 index 0000000000..5cfa9062f0 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/AuthenticationFramework.asn @@ -0,0 +1,290 @@ +-- Module AuthenticationFramework (X.509:08/1997) + +AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + id-at, id-mr, informationFramework, upperBounds, selectedAttributeTypes, + basicAccessControl, certificateExtensions + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute + FROM InformationFramework informationFramework + ub-user-password + FROM UpperBounds upperBounds + AuthenticationLevel + FROM BasicAccessControl basicAccessControl + UniqueIdentifier, octetStringMatch + FROM SelectedAttributeTypes selectedAttributeTypes + certificateExactMatch, certificatePairExactMatch, certificateListExactMatch, + GeneralNames + FROM CertificateExtensions certificateExtensions; + +-- basic certificate definition +Certificate ::= + SIGNED + {SEQUENCE {version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- if present, version must be v2 or v3 + subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- if present, version must be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version must be v3 -- }} + +Version ::= INTEGER {v1(0), v2(1), v3(2)} + +CertificateSerialNumber ::= INTEGER + +AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id({SupportedAlgorithms}), + parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL +} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the parameters component of AlgorithmIdentifier. +SupportedAlgorithms ALGORITHM ::= +{...} + +Validity ::= SEQUENCE {notBefore Time, + notAfter Time +} + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING +} + +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} + +Extensions ::= SEQUENCE OF Extension + +-- For those extensions where ordering of individual extensions within the SEQUENCE is significant, the +-- specification of those individual extensions shall include the rules for the significance of the order therein +Extension ::= SEQUENCE { + extnId EXTENSION.&id({ExtensionSet}), + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING-- contains a DER encoding of a value of type &ExtnType +-- for the extension object identified by extnId +} + +ExtensionSet EXTENSION ::= + {...} + +EXTENSION ::= CLASS {&id OBJECT IDENTIFIER UNIQUE, + &ExtnType +}WITH SYNTAX {SYNTAX &ExtnType + IDENTIFIED BY &id +} + +-- other certificate constructs +Certificates ::= SEQUENCE { + userCertificate Certificate, + certificationPath ForwardCertificationPath OPTIONAL +} + +ForwardCertificationPath ::= SEQUENCE OF CrossCertificates + +CrossCertificates ::= SET OF Certificate + +CertificationPath ::= SEQUENCE { + userCertificate Certificate, + theCACertificates SEQUENCE OF CertificatePair OPTIONAL +} + +CertificatePair ::= SEQUENCE { + issuedByThisCA [0] Certificate OPTIONAL, + issuedToThisCA [1] Certificate OPTIONAL + -- at least one of the pair shall be present +} + +-- Certificate Revocation List (CRL) +CertificateList ::= + SIGNED + {SEQUENCE {version Version OPTIONAL, + -- if present, version must be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates + SEQUENCE OF + SEQUENCE {userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL} OPTIONAL, + crlExtensions [0] Extensions OPTIONAL}} + +-- attribute certificate +AttributeCertificationPath ::= SEQUENCE { + attributeCertificate AttributeCertificate, + acPath SEQUENCE OF ACPathData OPTIONAL +} + +ACPathData ::= SEQUENCE { + certificate [0] Certificate OPTIONAL, + attributeCertificate [1] AttributeCertificate OPTIONAL +} + +attributeCertificate ATTRIBUTE ::= { + WITH SYNTAX AttributeCertificate + EQUALITY MATCHING RULE attributeCertificateMatch + ID id-at-attributeCertificate +} + +AttributeCertificate ::= SIGNED{AttributeCertificateInfo} + +AttributeCertificateInfo ::= SEQUENCE { + version Version DEFAULT v1, + subject + CHOICE {baseCertificateID [0] IssuerSerial, -- associated with a Public Key Certificate-- + subjectName [1] GeneralNames}, -- associated with a name + issuer GeneralNames, -- CA issuing the attribute certificate + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL +} + +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL +} + +AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime +} + +attributeCertificateMatch MATCHING-RULE ::= { + SYNTAX AttributeCertificateAssertion + ID id-mr-attributeCertificateMatch +} + +AttributeCertificateAssertion ::= SEQUENCE { + subject + [0] CHOICE {baseCertificateID [0] IssuerSerial, + subjectName [1] Name} OPTIONAL, + issuer [1] Name OPTIONAL, + attCertValidity [2] GeneralizedTime OPTIONAL, + attType [3] SET OF AttributeType OPTIONAL +} + +-- At least one component of the sequence must be present +-- attribute types +userPassword ATTRIBUTE ::= { + WITH SYNTAX OCTET STRING(SIZE (0..ub-user-password)) + EQUALITY MATCHING RULE octetStringMatch + ID id-at-userPassword +} + +userCertificate ATTRIBUTE ::= { + WITH SYNTAX Certificate + EQUALITY MATCHING RULE certificateExactMatch + ID id-at-userCertificate +} + +cACertificate ATTRIBUTE ::= { + WITH SYNTAX Certificate + EQUALITY MATCHING RULE certificateExactMatch + ID id-at-cAcertificate +} + +crossCertificatePair ATTRIBUTE ::= { + WITH SYNTAX CertificatePair + EQUALITY MATCHING RULE certificatePairExactMatch + ID id-at-crossCertificatePair +} + +authorityRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-authorityRevocationList +} + +certificateRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-certificateRevocationList +} + +attributeCertificateRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + ID id-at-attributeCertificateRevocationList +} + +-- information object classes +ALGORITHM ::= TYPE-IDENTIFIER + +-- parameterized types +HASH{ToBeHashed} ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + hashValue + BIT STRING + (CONSTRAINED BY { + -- must be the result of applying a hashing procedure to the DER-encoded octets + -- of a value of -- ToBeHashed}) +} + +ENCRYPTED-HASH{ToBeSigned} ::= + BIT STRING + (CONSTRAINED BY { + -- must be the result of applying a hashing procedure to the DER-encoded octets + -- of a value of --ToBeSigned -- and then applying an encipherment procedure to those octets --}) + +ENCRYPTED{ToBeEnciphered} ::= + BIT STRING + (CONSTRAINED BY { + -- must be the result of applying an encipherment procedure + -- to the BER-encoded octets of a value of --ToBeEnciphered}) + +SIGNATURE{ToBeSigned} ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + encrypted ENCRYPTED-HASH{ToBeSigned} +} + +SIGNED{ToBeSigned} ::= SEQUENCE { + toBeSigned ToBeSigned, + COMPONENTS OF SIGNATURE{ToBeSigned} +} + +-- object identifier assignments +id-at-userPassword OBJECT IDENTIFIER ::= + {id-at 35} + +id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36} + +id-at-cAcertificate OBJECT IDENTIFIER ::= {id-at 37} + +id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38} + +id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39} + +id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40} + +id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} + +id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} + +id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/BasicAccessControl.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/BasicAccessControl.asn new file mode 100644 index 0000000000..d8b2b687ae --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/BasicAccessControl.asn @@ -0,0 +1,184 @@ +-- Module BasicAccessControl (X.501:08/1997) +BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3} +DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + id-aca, id-acScheme, informationFramework, upperBounds, + selectedAttributeTypes, directoryAbstractService + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion, + SubtreeSpecification, SupportedAttributes, MATCHING-RULE, + objectIdentifierMatch, Refinement + FROM InformationFramework informationFramework + Filter + FROM DirectoryAbstractService directoryAbstractService + ub-tag + FROM UpperBounds upperBounds + NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{} + FROM SelectedAttributeTypes selectedAttributeTypes; + +-- types +ACIItem ::= SEQUENCE { + identificationTag DirectoryString{ub-tag}, + precedence Precedence, + authenticationLevel AuthenticationLevel, + itemOrUserFirst + CHOICE {itemFirst + [0] SEQUENCE {protectedItems ProtectedItems, + itemPermissions SET OF ItemPermission}, + userFirst + [1] SEQUENCE {userClasses UserClasses, + userPermissions SET OF UserPermission}} +} + +Precedence ::= INTEGER(0..255) + +ProtectedItems ::= SEQUENCE { + entry [0] NULL OPTIONAL, + allUserAttributeTypes [1] NULL OPTIONAL, + attributeType + [2] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + allAttributeValues + [3] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + allUserAttributeTypesAndValues [4] NULL OPTIONAL, + attributeValue + [5] SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL, + selfValue + [6] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + rangeOfValues [7] Filter OPTIONAL, + maxValueCount + [8] SET SIZE (1..MAX) OF MaxValueCount OPTIONAL, + maxImmSub [9] INTEGER OPTIONAL, + restrictedBy + [10] SET SIZE (1..MAX) OF RestrictedValue OPTIONAL, + contexts + [11] SET SIZE (1..MAX) OF ContextAssertion OPTIONAL, + classes [12] Refinement OPTIONAL +} + +MaxValueCount ::= SEQUENCE {type AttributeType, + maxCount INTEGER +} + +RestrictedValue ::= SEQUENCE {type AttributeType, + valuesIn AttributeType +} + +UserClasses ::= SEQUENCE { + allUsers [0] NULL OPTIONAL, + thisEntry [1] NULL OPTIONAL, + name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, + userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, + -- dn component must be the name of an + -- entry of GroupOfUniqueNames + subtree [4] SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL +} + +ItemPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + userClasses UserClasses, + grantsAndDenials GrantsAndDenials +} + +UserPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + protectedItems ProtectedItems, + grantsAndDenials GrantsAndDenials +} + +AuthenticationLevel ::= CHOICE { + basicLevels + SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, + localQualifier INTEGER OPTIONAL, + signed BOOLEAN DEFAULT FALSE}, + other EXTERNAL +} + +GrantsAndDenials ::= BIT STRING { + -- permissions that may be used in conjunction + -- with any component of ProtectedItems + grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), + grantRead(4), denyRead(5), grantRemove(6), + denyRemove(7), + -- permissions that may be used only in conjunction + -- with the entry component + grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), + grantImport(12), denyImport(13), grantModify(14), denyModify(15), + grantRename(16), denyRename(17), grantReturnDN(18), + denyReturnDN(19), + -- permissions that may be used in conjunction + -- with any component, except entry, of ProtectedItems + grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), + grantInvoke(24), denyInvoke(25)} + +AttributeTypeAndValue ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + value ATTRIBUTE.&Type({SupportedAttributes}{@type}) +} + +-- attributes +accessControlScheme ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + USAGE directoryOperation + ID id-aca-accessControlScheme +} + +prescriptiveACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-prescriptiveACI +} + +entryACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-entryACI +} + +subentryACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-subentryACI +} + +-- object identifier assignments +-- attributes +id-aca-accessControlScheme OBJECT IDENTIFIER ::= + {id-aca 1} + +id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} + +id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} + +id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} + +-- access control schemes - +basicAccessControlScheme OBJECT IDENTIFIER ::= + {id-acScheme 1} + +simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} + +rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} + +rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} + +rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} + +END -- BasicAccessControl + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/CertificateExtensions.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/CertificateExtensions.asn new file mode 100644 index 0000000000..0daf2208e9 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/CertificateExtensions.asn @@ -0,0 +1,498 @@ +-- Module CertificateExtensions (X.509:08/1997) + +CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 0} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS ALL +IMPORTS + id-at, id-ce, id-mr, informationFramework, authenticationFramework, + selectedAttributeTypes, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE + FROM InformationFramework informationFramework + CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION, + Time + FROM AuthenticationFramework authenticationFramework + DirectoryString{} + FROM SelectedAttributeTypes selectedAttributeTypes + ub-name + FROM UpperBounds upperBounds + ORAddress + FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mts-abstract-service(1) version-1999(1)}; + +-- Unless explicitly noted otherwise, there is no significance to the ordering +-- of components of a SEQUENCE OF construct in this Specification. +-- Key and policy information extensions +authorityKeyIdentifier EXTENSION ::= { + SYNTAX AuthorityKeyIdentifier + IDENTIFIED BY id-ce-authorityKeyIdentifier +} + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL +} +(WITH COMPONENTS { + ..., + authorityCertIssuer PRESENT, + authorityCertSerialNumber PRESENT + } | + WITH COMPONENTS { + ..., + authorityCertIssuer ABSENT, + authorityCertSerialNumber ABSENT + }) + +KeyIdentifier ::= OCTET STRING + +subjectKeyIdentifier EXTENSION ::= { + SYNTAX SubjectKeyIdentifier + IDENTIFIED BY id-ce-subjectKeyIdentifier +} + +SubjectKeyIdentifier ::= KeyIdentifier + +keyUsage EXTENSION ::= {SYNTAX KeyUsage + IDENTIFIED BY id-ce-keyUsage +} + +KeyUsage ::= BIT STRING { + digitalSignature(0), nonRepudiation(1), keyEncipherment(2), + dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6), + encipherOnly(7), decipherOnly(8)} + +extKeyUsage EXTENSION ::= { + SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId + IDENTIFIED BY id-ce-extKeyUsage +} + +KeyPurposeId ::= OBJECT IDENTIFIER + +privateKeyUsagePeriod EXTENSION ::= { + SYNTAX PrivateKeyUsagePeriod + IDENTIFIED BY id-ce-privateKeyUsagePeriod +} + +PrivateKeyUsagePeriod ::= SEQUENCE { + notBefore [0] GeneralizedTime OPTIONAL, + notAfter [1] GeneralizedTime OPTIONAL +} +(WITH COMPONENTS { + ..., + notBefore PRESENT + } | WITH COMPONENTS { + ..., + notAfter PRESENT + }) + +certificatePolicies EXTENSION ::= { + SYNTAX CertificatePoliciesSyntax + IDENTIFIED BY id-ce-certificatePolicies +} + +CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +PolicyInformation ::= SEQUENCE { + policyIdentifier CertPolicyId, + policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL +} + +CertPolicyId ::= OBJECT IDENTIFIER + +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId CERT-POLICY-QUALIFIER.&id({SupportedPolicyQualifiers}), + qualifier + CERT-POLICY-QUALIFIER.&Qualifier + ({SupportedPolicyQualifiers}{@policyQualifierId}) OPTIONAL +} + +SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= + {...} + +CERT-POLICY-QUALIFIER ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Qualifier OPTIONAL +}WITH SYNTAX {POLICY-QUALIFIER-ID &id + [QUALIFIER-TYPE &Qualifier] +} + +policyMappings EXTENSION ::= { + SYNTAX PolicyMappingsSyntax + IDENTIFIED BY id-ce-policyMappings +} + +PolicyMappingsSyntax ::= + SEQUENCE SIZE (1..MAX) OF + SEQUENCE {issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId} + +supportedAlgorithms ATTRIBUTE ::= { + WITH SYNTAX SupportedAlgorithm + EQUALITY MATCHING RULE algorithmIdentifierMatch + ID id-at-supportedAlgorithms +} + +SupportedAlgorithm ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + intendedUsage [0] KeyUsage OPTIONAL, + intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL +} + +-- Certificate subject and certificate issuer attributes extensions +subjectAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-subjectAltName +} + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] INSTANCE OF OTHER-NAME, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER +} + +OTHER-NAME ::= TYPE-IDENTIFIER + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString{ub-name} OPTIONAL, + partyName [1] DirectoryString{ub-name} +} + +issuerAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-issuerAltName +} + +subjectDirectoryAttributes EXTENSION ::= { + SYNTAX AttributesSyntax + IDENTIFIED BY id-ce-subjectDirectoryAttributes +} + +AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute + +-- Certification path constraints extensions +basicConstraints EXTENSION ::= { + SYNTAX BasicConstraintsSyntax + IDENTIFIED BY id-ce-basicConstraints +} + +BasicConstraintsSyntax ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER(0..MAX) OPTIONAL +} + +nameConstraints EXTENSION ::= { + SYNTAX NameConstraintsSyntax + IDENTIFIED BY id-ce-nameConstraint +} + +NameConstraintsSyntax ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL, + requiredNameForms [2] NameForms OPTIONAL +} + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL +} + +BaseDistance ::= INTEGER(0..MAX) + +NameForms ::= SEQUENCE { + basicNameForms [0] BasicNameForms OPTIONAL, + otherNameForms [1] SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL +}(ALL EXCEPT ({ --none; i.e.:at least one component shall be present--})) + +BasicNameForms ::= BIT STRING { + rfc822Name(0), dNSName(1), x400Address(2), directoryName(3), ediPartyName(4), + uniformResourceIdentifier(5), iPAddress(6), registeredID(7)}(SIZE (1..MAX)) + +policyConstraints EXTENSION ::= { + SYNTAX PolicyConstraintsSyntax + IDENTIFIED BY id-ce-policyConstraints +} + +PolicyConstraintsSyntax ::= SEQUENCE { + requireExplicitPolicy [0] SkipCerts OPTIONAL, + inhibitPolicyMapping [1] SkipCerts OPTIONAL +} + +SkipCerts ::= INTEGER(0..MAX) + +CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId + +-- Basic CRL extensions +cRLNumber EXTENSION ::= { + SYNTAX CRLNumber + IDENTIFIED BY id-ce-cRLNumber +} + +CRLNumber ::= INTEGER(0..MAX) + +reasonCode EXTENSION ::= { + SYNTAX CRLReason + IDENTIFIED BY id-ce-reasonCode +} + +CRLReason ::= ENUMERATED { + unspecified(0), keyCompromise(1), cACompromise(2), affiliationChanged(3), + superseded(4), cessationOfOperation(5), certificateHold(6), removeFromCRL(8) +} + +instructionCode EXTENSION ::= { + SYNTAX HoldInstruction + IDENTIFIED BY id-ce-instructionCode +} + +HoldInstruction ::= OBJECT IDENTIFIER + +invalidityDate EXTENSION ::= { + SYNTAX GeneralizedTime + IDENTIFIED BY id-ce-invalidityDate +} + +-- CRL distribution points and delta-CRL extensions +cRLDistributionPoints EXTENSION ::= { + SYNTAX CRLDistPointsSyntax + IDENTIFIED BY id-ce-cRLDistributionPoints +} + +CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL +} + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName +} + +ReasonFlags ::= BIT STRING { + unused(0), keyCompromise(1), caCompromise(2), affiliationChanged(3), + superseded(4), cessationOfOperation(5), certificateHold(6)} + +issuingDistributionPoint EXTENSION ::= { + SYNTAX IssuingDistPointSyntax + IDENTIFIED BY id-ce-issuingDistributionPoint +} + +IssuingDistPointSyntax ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + onlySomeReasons [3] ReasonFlags OPTIONAL, + indirectCRL [4] BOOLEAN DEFAULT FALSE +} + +certificateIssuer EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-certificateIssuer +} + +deltaCRLIndicator EXTENSION ::= { + SYNTAX BaseCRLNumber + IDENTIFIED BY id-ce-deltaCRLIndicator +} + +BaseCRLNumber ::= CRLNumber + +deltaRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-deltaRevocationList +} + +-- Matching rules +certificateExactMatch MATCHING-RULE ::= { + SYNTAX CertificateExactAssertion + ID id-mr-certificateExactMatch +} + +CertificateExactAssertion ::= SEQUENCE { + serialNumber CertificateSerialNumber, + issuer Name +} + +certificateMatch MATCHING-RULE ::= { + SYNTAX CertificateAssertion + ID id-mr-certificateMatch +} + +CertificateAssertion ::= SEQUENCE { + serialNumber [0] CertificateSerialNumber OPTIONAL, + issuer [1] Name OPTIONAL, + subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL, + authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL, + certificateValid [4] Time OPTIONAL, + privateKeyValid [5] GeneralizedTime OPTIONAL, + subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL, + keyUsage [7] KeyUsage OPTIONAL, + subjectAltName [8] AltNameType OPTIONAL, + policy [9] CertPolicySet OPTIONAL, + pathToName [10] Name OPTIONAL +} + +AltNameType ::= CHOICE { + builtinNameForm + ENUMERATED {rfc822Name(1), dNSName(2), x400Address(3), directoryName(4), + ediPartyName(5), uniformResourceIdentifier(6), iPAddress(7), + registeredId(8)}, + otherNameForm OBJECT IDENTIFIER +} + +certificatePairExactMatch MATCHING-RULE ::= { + SYNTAX CertificatePairExactAssertion + ID id-mr-certificatePairExactMatch +} + +CertificatePairExactAssertion ::= SEQUENCE { + forwardAssertion [0] CertificateExactAssertion OPTIONAL, + reverseAssertion [1] CertificateExactAssertion OPTIONAL +} +(WITH COMPONENTS { + ..., + forwardAssertion PRESENT + } | WITH COMPONENTS { + ..., + reverseAssertion PRESENT + }) + +certificatePairMatch MATCHING-RULE ::= { + SYNTAX CertificatePairAssertion + ID id-mr-certificatePairMatch +} + +CertificatePairAssertion ::= SEQUENCE { + forwardAssertion [0] CertificateAssertion OPTIONAL, + reverseAssertion [1] CertificateAssertion OPTIONAL +} +(WITH COMPONENTS { + ..., + forwardAssertion PRESENT + } | WITH COMPONENTS { + ..., + reverseAssertion PRESENT + }) + +certificateListExactMatch MATCHING-RULE ::= { + SYNTAX CertificateListExactAssertion + ID id-mr-certificateListExactMatch +} + +CertificateListExactAssertion ::= SEQUENCE { + issuer Name, + thisUpdate Time, + distributionPoint DistributionPointName OPTIONAL +} + +certificateListMatch MATCHING-RULE ::= { + SYNTAX CertificateListAssertion + ID id-mr-certificateListMatch +} + +CertificateListAssertion ::= SEQUENCE { + issuer Name OPTIONAL, + minCRLNumber [0] CRLNumber OPTIONAL, + maxCRLNumber [1] CRLNumber OPTIONAL, + reasonFlags ReasonFlags OPTIONAL, + dateAndTime Time OPTIONAL, + distributionPoint [2] DistributionPointName OPTIONAL +} + +algorithmIdentifierMatch MATCHING-RULE ::= { + SYNTAX AlgorithmIdentifier + ID id-mr-algorithmIdentifierMatch +} + +-- Object identifier assignments +id-at-supportedAlgorithms OBJECT IDENTIFIER ::= + {id-at 52} + +id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53} + +id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9} + +id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14} + +id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15} + +id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16} + +id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17} + +id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18} + +id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19} + +id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20} + +id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21} + +id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23} + +id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24} + +id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27} + +id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28} + +id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29} + +id-ce-nameConstraint OBJECT IDENTIFIER ::= {id-ce 30 1} + +id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} + +id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32} + +id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33} + +-- deprecated OBJECT IDENTIFIER ::= {id-ce 34} +id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= + {id-ce 35} + +id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36} + +id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} + +id-mr-certificateExactMatch OBJECT IDENTIFIER ::= {id-mr 34} + +id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35} + +id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36} + +id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37} + +id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38} + +id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39} + +id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40} + +id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54} + +-- The following OBJECT IDENTIFIERS are not used by this Specification: +-- {id-ce 2}, {id-ce 3}, {id-ce 4}, {id-ce 5}, {id-ce 6}, {id-ce 7}, +-- {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13}, +-- {id-ce 22}, {id-ce 25}, {id-ce 26}, {id-ce 30} +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/InformationFramework.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/InformationFramework.asn new file mode 100644 index 0000000000..5c26febd5b --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/InformationFramework.asn @@ -0,0 +1,868 @@ +-- Module InformationFramework (X.501:08/1997) +InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) + 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All - +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + id-oc, id-at, id-mr, id-oa, id-sc, id-ar, id-nf, selectedAttributeTypes, + directoryAbstractService, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + commonName, generalizedTimeMatch, generalizedTimeOrderingMatch, booleanMatch, + integerMatch, integerOrderingMatch, objectIdentifierFirstComponentMatch, + integerFirstComponentMatch, DirectoryString{} + FROM SelectedAttributeTypes selectedAttributeTypes +-- TypeAndContextAssertion, ServiceControlOptions, SearchControlOptions, +-- HierarchySelections, FamilyGrouping, FamilyReturn +-- FROM DirectoryAbstractService directoryAbstractService + ub-search + FROM UpperBounds upperBounds; + +-- attribute data types +Attribute ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + values + SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}), + valuesWithContext + SET SIZE (1..MAX) OF + SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}), + contextList SET SIZE (1..MAX) OF Context} OPTIONAL +} + +AttributeType ::= ATTRIBUTE.&id + +AttributeValue ::= ATTRIBUTE.&Type + +Context ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValues + SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}), + fallback BOOLEAN DEFAULT FALSE +} + +AttributeValueAssertion ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + assertion + ATTRIBUTE.&equality-match.&AssertionType({SupportedAttributes}{@type}), + assertedContexts + CHOICE {allContexts [0] NULL, + selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion + } OPTIONAL +} + +ContextAssertion ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValues + SET SIZE (1..MAX) OF CONTEXT.&Assertion({SupportedContexts}{@contextType}) +} + +AttributeTypeAssertion ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL +} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the values component of Attribute, the value component +-- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion. +SupportedAttributes ATTRIBUTE ::= + {objectClass | aliasedEntryName, ...} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the context specifications +SupportedContexts CONTEXT ::= + {...} + +-- naming data types +Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence +} + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +DistinguishedName ::= RDNSequence + +RelativeDistinguishedName ::= + SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue + +AttributeTypeAndDistinguishedValue ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + value ATTRIBUTE.&Type({SupportedAttributes}{@type}), + primaryDistinguished BOOLEAN DEFAULT TRUE, + valuesWithContext + SET SIZE (1..MAX) OF + SEQUENCE {distingAttrValue + [0] ATTRIBUTE.&Type({SupportedAttributes}{@type}) OPTIONAL, + contextList SET SIZE (1..MAX) OF Context} OPTIONAL +} + +-- subtree data types +SubtreeSpecification ::= SEQUENCE { + base [0] LocalName DEFAULT {}, + COMPONENTS OF ChopSpecification, + specificationFilter [4] Refinement OPTIONAL +} + +-- empty sequence specifies whole administrative area +LocalName ::= RDNSequence + +ChopSpecification ::= SEQUENCE { + specificExclusions + [1] SET SIZE (1..MAX) OF + CHOICE {chopBefore [0] LocalName, + chopAfter [1] LocalName} OPTIONAL, + minimum [2] BaseDistance DEFAULT 0, + maximum [3] BaseDistance OPTIONAL +} + +BaseDistance ::= INTEGER(0..MAX) + +Refinement ::= CHOICE { + item [0] OBJECT-CLASS.&id, + and [1] SET OF Refinement, + or [2] SET OF Refinement, + not [3] Refinement +} + +-- OBJECT-CLASS information object class specification +OBJECT-CLASS ::= CLASS { + &Superclasses OBJECT-CLASS OPTIONAL, + &kind ObjectClassKind DEFAULT structural, + &MandatoryAttributes ATTRIBUTE OPTIONAL, + &OptionalAttributes ATTRIBUTE OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [SUBCLASS OF &Superclasses] + [KIND &kind] + [MUST CONTAIN &MandatoryAttributes] + [MAY CONTAIN &OptionalAttributes] + ID &id +} + +ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)} + +-- object classes +top OBJECT-CLASS ::= { + KIND abstract + MUST CONTAIN {objectClass} + ID id-oc-top +} + +alias OBJECT-CLASS ::= { + SUBCLASS OF {top} + MUST CONTAIN {aliasedEntryName} + ID id-oc-alias +} + +parent OBJECT-CLASS ::= {KIND abstract + ID id-oc-parent +} + +child OBJECT-CLASS ::= {KIND auxiliary + ID id-oc-child +} + +-- ATTRIBUTE information object class specification +ATTRIBUTE ::= CLASS { + &derivation ATTRIBUTE OPTIONAL, + &Type OPTIONAL, -- either &Type or &derivation required + &equality-match MATCHING-RULE OPTIONAL, + &ordering-match MATCHING-RULE OPTIONAL, + &substrings-match MATCHING-RULE OPTIONAL, + &single-valued BOOLEAN DEFAULT FALSE, + &collective BOOLEAN DEFAULT FALSE, + -- operational extensions + &no-user-modification BOOLEAN DEFAULT FALSE, + &usage AttributeUsage DEFAULT userApplications, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [SUBTYPE OF &derivation] + [WITH SYNTAX &Type] + [EQUALITY MATCHING RULE &equality-match] + [ORDERING MATCHING RULE &ordering-match] + [SUBSTRINGS MATCHING RULE &substrings-match] + [SINGLE VALUE &single-valued] + [COLLECTIVE &collective] + [NO USER MODIFICATION &no-user-modification] + [USAGE &usage] + ID &id +} + +AttributeUsage ::= ENUMERATED { + userApplications(0), directoryOperation(1), distributedOperation(2), + dSAOperation(3)} + +-- attributes +objectClass ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-at-objectClass +} + +aliasedEntryName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + ID id-at-aliasedEntryName +} + +-- MATCHING-RULE information object class specification +MATCHING-RULE ::= CLASS { + &ParentMatchingRules MATCHING-RULE.&id OPTIONAL, + &AssertionType OPTIONAL, + &uniqueMatchIndicator ATTRIBUTE.&id OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [PARENT &ParentMatchingRules] + [SYNTAX &AssertionType] + [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator] + ID &id +} + +-- matching rules +objectIdentifierMatch MATCHING-RULE ::= { + SYNTAX OBJECT IDENTIFIER + ID id-mr-objectIdentifierMatch +} + +distinguishedNameMatch MATCHING-RULE ::= { + SYNTAX DistinguishedName + ID id-mr-distinguishedNameMatch +} + +MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult, + OBJECT IDENTIFIER:matchingRule} ::= CLASS { + &selectBy SelectedBy OPTIONAL, + &ApplicableTo ATTRIBUTE, + &subtypesIncluded BOOLEAN DEFAULT TRUE, + &combinable BOOLEAN(combinable), + &mappingResults MappingResult OPTIONAL, + &userControl BOOLEAN DEFAULT FALSE, + &exclusive BOOLEAN DEFAULT TRUE, + &matching-rule MATCHING-RULE.&id(matchingRule), + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + [SELECT BY &selectBy] + APPLICABLE TO &ApplicableTo + [SUBTYPES INCLUDED &subtypesIncluded] + COMBINABLE &combinable + [MAPPING RESULTS &mappingResults] + [USER CONTROL &userControl] + [EXCLUSIVE &exclusive] + MATCHING RULE &matching-rule + ID &id +} + +-- NAME-FORM information object class specification +NAME-FORM ::= CLASS { + &namedObjectClass OBJECT-CLASS, + &MandatoryAttributes ATTRIBUTE, + &OptionalAttributes ATTRIBUTE OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} +WITH SYNTAX { + NAMES &namedObjectClass + WITH ATTRIBUTES &MandatoryAttributes + [AND OPTIONALLY &OptionalAttributes] + ID &id +} + +-- STRUCTURE-RULE class and DIT structure rule data types +STRUCTURE-RULE ::= CLASS { + &nameForm NAME-FORM, + &SuperiorStructureRules STRUCTURE-RULE OPTIONAL, + &id RuleIdentifier +} +WITH SYNTAX { + NAME FORM &nameForm + [SUPERIOR RULES &SuperiorStructureRules] + ID &id +} + +DITStructureRule ::= SEQUENCE { + ruleIdentifier RuleIdentifier, + -- must be unique within the scope of the subschema + nameForm NAME-FORM.&id, + superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL +} + +RuleIdentifier ::= INTEGER + +-- CONTENT-RULE class and DIT content rule data types +CONTENT-RULE ::= CLASS { + &structuralClass OBJECT-CLASS.&id UNIQUE, + &Auxiliaries OBJECT-CLASS OPTIONAL, + &Mandatory ATTRIBUTE OPTIONAL, + &Optional ATTRIBUTE OPTIONAL, + &Precluded ATTRIBUTE OPTIONAL +} +WITH SYNTAX { + STRUCTURAL OBJECT-CLASS &structuralClass + [AUXILIARY OBJECT-CLASSES &Auxiliaries] + [MUST CONTAIN &Mandatory] + [MAY CONTAIN &Optional] + [MUST-NOT CONTAIN &Precluded] +} + +DITContentRule ::= SEQUENCE { + structuralObjectClass OBJECT-CLASS.&id, + auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL, + mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, + optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, + precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL +} + +CONTEXT ::= CLASS { + &Type , + &Assertion OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +}WITH SYNTAX {WITH SYNTAX &Type + [ASSERTED AS &Assertion] + ID &id +} + +DITContextUse ::= SEQUENCE { + attributeType ATTRIBUTE.&id, + mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL, + optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL +} + +DIT-CONTEXT-USE-RULE ::= CLASS { + &attributeType ATTRIBUTE.&id UNIQUE, + &Mandatory CONTEXT OPTIONAL, + &Optional CONTEXT OPTIONAL +} +WITH SYNTAX { + ATTRIBUTE TYPE &attributeType + [MANDATORY CONTEXTS &Mandatory] + [OPTIONAL CONTEXTS &Optional] +} + +-- system schema information objects +-- object classes +subentry OBJECT-CLASS ::= { + SUBCLASS OF {top} + KIND structural + MUST CONTAIN {commonName | subtreeSpecification} + ID id-sc-subentry +} + +subentryNameForm NAME-FORM ::= { + NAMES subentry + WITH ATTRIBUTES {commonName} + ID id-nf-subentryNameForm +} + +accessControlSubentry OBJECT-CLASS ::= { + KIND auxiliary + ID id-sc-accessControlSubentry +} + +collectiveAttributeSubentry OBJECT-CLASS ::= { + KIND auxiliary + ID id-sc-collectiveAttributeSubentry +} + +--contextAssertionSubentry OBJECT-CLASS ::= { +-- KIND auxiliary +-- MUST CONTAIN {contextAssertionDefaults} +-- ID id-sc-contextAssertionSubentry +--} + +-- serviceAdminSubentry OBJECT-CLASS ::= { +-- KIND auxiliary +-- MUST CONTAIN {searchRules} +-- ID id-sc-serviceAdminSubentry +-- } + +-- attributes +createTimestamp ATTRIBUTE ::= { + WITH SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + EQUALITY MATCHING RULE generalizedTimeMatch + ORDERING MATCHING RULE generalizedTimeOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-createTimestamp +} + +modifyTimestamp ATTRIBUTE ::= { + WITH SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + EQUALITY MATCHING RULE generalizedTimeMatch + ORDERING MATCHING RULE generalizedTimeOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-modifyTimestamp +} + +subschemaTimestamp ATTRIBUTE ::= { + WITH SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec.X. 680 | ISO/IEC 8824-1 + EQUALITY MATCHING RULE generalizedTimeMatch + ORDERING MATCHING RULE generalizedTimeOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-subschemaTimestamp +} + +creatorsName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-creatorsName +} + +modifiersName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-modifiersName +} + +subschemaSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-subschemaSubentryList +} + +accessControlSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-accessControlSubentryList +} + +collectiveAttributeSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-collectiveAttributeSubentryList +} + +contextDefaultSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-contextDefaultSubentryList +} + +serviceAdminSubentryList ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-serviceAdminSubentryList +} + +hasSubordinates ATTRIBUTE ::= { + WITH SYNTAX BOOLEAN + EQUALITY MATCHING RULE booleanMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-hasSubordinates +} + +administrativeRole ATTRIBUTE ::= { + WITH SYNTAX OBJECT-CLASS.&id + EQUALITY MATCHING RULE objectIdentifierMatch + USAGE directoryOperation + ID id-oa-administrativeRole +} + +subtreeSpecification ATTRIBUTE ::= { + WITH SYNTAX SubtreeSpecification + USAGE directoryOperation + ID id-oa-subtreeSpecification +} + +collectiveExclusions ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + USAGE directoryOperation + ID id-oa-collectiveExclusions +} + +-- contextAssertionDefaults ATTRIBUTE ::= { +-- WITH SYNTAX TypeAndContextAssertion +-- EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch +-- USAGE directoryOperation +-- ID id-oa-contextAssertionDefault +-- } + +-- searchRules ATTRIBUTE ::= { +-- WITH SYNTAX SearchRuleDescription +-- EQUALITY MATCHING RULE integerFirstComponentMatch +-- USAGE directoryOperation +-- ID id-oa-searchRules +-- } + +-- SearchRuleDescription ::= SEQUENCE { +-- COMPONENTS OF SearchRule, +-- name [28] SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL, +-- description [29] DirectoryString{ub-search} OPTIONAL, +-- obsolete [30] BOOLEAN DEFAULT FALSE +-- } + +hierarchyLevel ATTRIBUTE ::= { + WITH SYNTAX INTEGER + EQUALITY MATCHING RULE integerMatch + ORDERING MATCHING RULE integerOrderingMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-hierarchyLevel +} + +hierarchyBelow ATTRIBUTE ::= { + WITH SYNTAX BOOLEAN + EQUALITY MATCHING RULE booleanMatch + SINGLE VALUE TRUE + NO USER MODIFICATION TRUE + USAGE directoryOperation + ID id-oa-hierarchyBelow +} + +hierarchyParent ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + SINGLE VALUE TRUE + USAGE directoryOperation + ID id-oa-hierarchyParent +} + +-- SearchRule ::= SEQUENCE { +-- COMPONENTS OF SearchRuleId, +-- serviceType [1] OBJECT IDENTIFIER OPTIONAL, +-- userClass [2] INTEGER OPTIONAL, +-- inputAttributeTypes +-- [3] SEQUENCE SIZE (1..MAX) OF RequestAttribute OPTIONAL, +-- attributeCombination [4] AttributeCombination DEFAULT and:{}, +-- outputAttributeTypes [5] SEQUENCE SIZE (1..MAX) OF ResultAttribute OPTIONAL, +-- defaultControls [6] ControlOptions OPTIONAL, +-- mandatoryControls [7] ControlOptions OPTIONAL, +-- searchRuleControls [8] ControlOptions OPTIONAL, +-- familyGrouping [9] FamilyGrouping OPTIONAL, +-- familyReturn [10] FamilyReturn OPTIONAL, +-- relaxation [11] RelaxationPolicy OPTIONAL, +-- additionalControl [12] SEQUENCE SIZE (1..MAX) OF AttributeType OPTIONAL, +-- allowedSubset [13] AllowedSubset DEFAULT '111'B, +-- imposedSubset [14] ImposedSubset OPTIONAL, +-- entryLimit [15] EntryLimit OPTIONAL +-- } + +SearchRuleId ::= SEQUENCE {id INTEGER, + dmdId [0] OBJECT IDENTIFIER +} + +AllowedSubset ::= BIT STRING {baseObject(0), oneLevel(1), wholeSubtree(2)} + +ImposedSubset ::= ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)} + +RequestAttribute ::= SEQUENCE { + attributeType ATTRIBUTE.&id({SupportedAttributes}), + includeSubtypes [0] BOOLEAN DEFAULT FALSE, + selectedValues + [1] SEQUENCE SIZE (0..MAX) OF + ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) OPTIONAL, + defaultValues + [2] SEQUENCE SIZE (0..MAX) OF + SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL, + values + SEQUENCE OF + ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) + } OPTIONAL, + contexts [3] SEQUENCE SIZE (0..MAX) OF ContextProfile OPTIONAL, + contextCombination [4] ContextCombination DEFAULT and:{}, + matchingUse [5] SEQUENCE SIZE (1..MAX) OF MatchingUse OPTIONAL +} + +ContextProfile ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValue + SEQUENCE SIZE (1..MAX) OF + CONTEXT.&Assertion({SupportedContexts}{@contextType}) OPTIONAL +} + +ContextCombination ::= CHOICE { + context [0] CONTEXT.&id, + and [1] SEQUENCE OF ContextCombination, + or [2] SEQUENCE OF ContextCombination, + not [3] ContextCombination +} + +MatchingUse ::= SEQUENCE { + restrictionType MATCHING-RESTRICTION.&id({SupportedMatchingRestrictions}), + restrictionValue + MATCHING-RESTRICTION.&Restriction + ({SupportedMatchingRestrictions}{@restrictionType}) +} + +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the components of SupportedMatchingRestrictions +SupportedMatchingRestrictions MATCHING-RESTRICTION ::= + {...} + +AttributeCombination ::= CHOICE { + attribute [0] AttributeType, + and [1] SEQUENCE OF AttributeCombination, + or [2] SEQUENCE OF AttributeCombination, + not [3] AttributeCombination +} + +ResultAttribute ::= SEQUENCE { + attributeType ATTRIBUTE.&id({SupportedAttributes}), + outputValues + CHOICE {selectedValues + SEQUENCE SIZE (1..MAX) OF + ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}), + matchedValuesOnly NULL} OPTIONAL, + contexts [0] SEQUENCE SIZE (1..MAX) OF ContextProfile OPTIONAL +} + +OutputValues ::= CHOICE { + selectedValues + SEQUENCE SIZE (1..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}), + matchedValuesOnly NULL +} + +-- ControlOptions ::= SEQUENCE { +-- serviceControls [0] ServiceControlOptions DEFAULT {}, +-- searchOptions [1] SearchControlOptions DEFAULT {searchAliases}, +-- hierarchyOptions [2] HierarchySelections OPTIONAL +-- } + +EntryLimit ::= SEQUENCE {default INTEGER, + max INTEGER +} + +RelaxationPolicy ::= SEQUENCE { + basic [0] MRMapping DEFAULT {}, + tightenings [1] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL, + relaxations [2] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL, + maximum [3] INTEGER OPTIONAL, -- mandatory if tightenings is present + minimum [4] INTEGER DEFAULT 1 +} + +MRMapping ::= SEQUENCE { + mapping [0] SEQUENCE SIZE (1..MAX) OF Mapping OPTIONAL, + substitution [1] SEQUENCE SIZE (1..MAX) OF MRSubstitution OPTIONAL +} + +Mapping ::= SEQUENCE { + mappingFunction + OBJECT IDENTIFIER + (CONSTRAINED BY {-- shall be an-- + + -- object identifier of a mapping-based matching algorithm -- }), + level INTEGER DEFAULT 0 +} + +MRSubstitution ::= SEQUENCE { + attribute AttributeType, + oldMatchingRule [0] MATCHING-RULE.&id OPTIONAL, + newMatchingRule [1] MATCHING-RULE.&id OPTIONAL +} + +-- SEARCH-RULE ::= CLASS { +-- &dmdId OBJECT IDENTIFIER, +-- &serviceType OBJECT IDENTIFIER OPTIONAL, +-- &userClass INTEGER OPTIONAL, +-- &InputAttributeTypes REQUEST-ATTRIBUTE OPTIONAL, +-- &combination AttributeCombination OPTIONAL, +-- &OutputAttributeTypes RESULT-ATTRIBUTE OPTIONAL, +-- &defaultControls ControlOptions OPTIONAL, +-- &mandatoryControls ControlOptions OPTIONAL, +-- &searchRuleControls ControlOptions OPTIONAL, +-- &familyGrouping FamilyGrouping OPTIONAL, +-- &familyReturn FamilyReturn OPTIONAL, +-- &additionalControl AttributeType OPTIONAL, +-- &relaxation RelaxationPolicy OPTIONAL, +-- &entryLimit EntryLimit OPTIONAL, +-- &allowedSubset AllowedSubset DEFAULT '111'B, +-- &imposedSubset ImposedSubset OPTIONAL, +-- &id INTEGER UNIQUE +-- } +-- WITH SYNTAX { +-- DMD ID &dmdId +-- [SERVICE-TYPE &serviceType] +-- [USER-CLASS &userClass] +-- [INPUT ATTRIBUTES &InputAttributeTypes] +-- [COMBINATION &combination] +-- [OUTPUT ATTRIBUTES &OutputAttributeTypes] +-- [DEFAULT CONTROL &defaultControls] +-- [MANDATORY CONTROL &mandatoryControls] +-- [SEARCH-RULE CONTROL &searchRuleControls] +-- [FAMILY-GROUPING &familyGrouping] +-- [FAMILY-RETURN &familyReturn] +-- [ADDITIONAL CONTROL &additionalControl] +-- [RELAXATION &relaxation] +-- [ALLOWED SUBSET &allowedSubset] +-- [IMPOSED SUBSET &imposedSubset] +-- [ENTRY LIMIT &entryLimit] +-- ID &id +-- } + +REQUEST-ATTRIBUTE ::= CLASS { + &attributeType ATTRIBUTE.&id, + &SelectedValues ATTRIBUTE.&Type OPTIONAL, + &DefaultValues SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL, + values SEQUENCE OF ATTRIBUTE.&Type + } OPTIONAL, + &contexts SEQUENCE OF ContextProfile OPTIONAL, + &contextCombination ContextCombination OPTIONAL, + &MatchingUse MatchingUse OPTIONAL, + &includeSubtypes BOOLEAN DEFAULT FALSE +} +WITH SYNTAX { + ATTRIBUTE TYPE &attributeType + [SELECTED VALUES &SelectedValues] + [DEFAULT VALUES &DefaultValues] + [CONTEXTS &contexts] + [CONTEXT COMBINATION &contextCombination] + [MATCHING USE &MatchingUse] + [INCLUDE SUBTYPES &includeSubtypes] +} + +RESULT-ATTRIBUTE ::= CLASS { + &attributeType ATTRIBUTE.&id, + &outputValues OutputValues OPTIONAL, + &contexts ContextProfile OPTIONAL +} +WITH SYNTAX { + ATTRIBUTE TYPE &attributeType + [OUTPUT VALUES &outputValues] + [CONTEXTS &contexts] +} + +MATCHING-RESTRICTION ::= CLASS { + &Restriction , + &Rules MATCHING-RULE.&id, + &id OBJECT IDENTIFIER UNIQUE +}WITH SYNTAX {RESTRICTION &Restriction + RULES &Rules + ID &id +} + +-- object identifier assignments +-- object classes +id-oc-top OBJECT IDENTIFIER ::= + {id-oc 0} + +id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1} + +id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28} + +id-oc-child OBJECT IDENTIFIER ::= {id-oc 29} + +-- attributes +id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} + +id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} + +-- matching rules +id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} + +id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} + +-- operational attributes +id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= + {id-oa 0} + +id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1} + +id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2} + +id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3} + +id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4} + +id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5} + +id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6} + +id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7} + +id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8} + +id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9} + +id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10} + +id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11} + +id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12} + +id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13} + +id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14} + +id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15} + +id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16} + +id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17} + +id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18} + +id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19} + +-- subentry classes +id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0} + +id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1} + +id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2} + +id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3} + +id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4} + +-- Name forms +id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16} + +-- administrative roles +id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1} + +id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2} + +id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3} + +id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4} + +id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5} + +id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6} + +id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7} + +id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8} + +END -- InformationFramework + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/MTSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/MTSAbstractService.asn new file mode 100644 index 0000000000..68a5118bc8 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/MTSAbstractService.asn @@ -0,0 +1,2366 @@ +-- Module MTSAbstractService (X.411:06/1999) +MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mts-abstract-service(1) version-1999(1)} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- Prologue +-- Exports everything +IMPORTS + -- Remote Operations + CONNECTION-PACKAGE, CONTRACT, ERROR, OPERATION, OPERATION-PACKAGE, + ROS-OBJECT-CLASS + --== + FROM Remote-Operations-Information-Objects {joint-iso-itu-t + remote-operations(4) informationObjects(5) version1(0)} + emptyUnbind + --== + FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t + remote-operations(4) useful-definitions(7) version1(0)} + -- MTA Abstract Service + internal-trace-information, trace-information + --== + FROM MTAAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mta-abstract-service(2) version-1999(1)} + -- MS Abstract Service Extension + forwarding-request + --== + FROM MSAbstractService {joint-iso-itu-t mhs(6) ms(4) modules(0) + abstract-service(1) version-1999(1)} + -- IPM Information Objects + IPMPerRecipientEnvelopeExtensions + --== + FROM IPMSInformationObjects {joint-iso-itu-t mhs(6) ipms(1) modules(0) + information-objects(2) version-1999(1)} + -- Object Identifiers + id-att-physicalRendition-basic, id-cp-mts-connect, id-ct-mts-access, + id-ct-mts-forced-access, id-ot-mts, id-ot-mts-user, id-pt-administration, + id-pt-delivery, id-pt-submission, id-tok-asymmetricToken + --== + FROM MTSObjectIdentifiers {joint-iso-itu-t mhs(6) mts(3) modules(0) + object-identifiers(0) version-1999(1)} + -- Operation and Error Codes + err-control-violates-registration, + err-deferred-delivery-cancellation-rejected, err-delivery-control-violated, + err-element-of-service-not-subscribed, err-inconsistent-request, + err-message-submission-identifier-invalid, + err-new-credentials-unacceptable, + err-old-credentials-incorrectly-specified, err-operation-refused, + err-originator-invalid, err-recipient-improperly-specified, + err-register-rejected, err-remote-bind-error, err-security-error, + err-submission-control-violated, err-unsupported-critical-function, + op-cancel-deferred-delivery, op-change-credentials, op-delivery-control, + op-message-delivery, op-message-submission, op-probe-submission, + op-register, op-report-delivery, op-submission-control + --== + FROM MTSAccessProtocol {joint-iso-itu-t mhs(6) protocols(0) modules(0) + mts-access-protocol(1) version-1999(1)} + -- Directory Definitions + Name + --== + FROM InformationFramework + PresentationAddress + --== + FROM SelectedAttributeTypes + ALGORITHM, AlgorithmIdentifier, Certificates, ENCRYPTED{}, SIGNATURE{}, + SIGNED{} + --== + FROM AuthenticationFramework + + -- Certificate Extensions + CertificateAssertion + --== + FROM CertificateExtensions + + -- Upper Bounds + ub-bit-options, ub-built-in-content-type, + ub-built-in-encoded-information-types, ub-certificates, + ub-common-name-length, ub-content-id-length, ub-content-length, + ub-content-types, ub-country-name-alpha-length, + ub-country-name-numeric-length, ub-deliverable-class, ub-diagnostic-codes, + ub-dl-expansions, ub-domain-defined-attributes, + ub-domain-defined-attribute-type-length, + ub-domain-defined-attribute-value-length, ub-domain-name-length, + ub-encoded-information-types, ub-extension-attributes, ub-extension-types, + ub-e163-4-number-length, ub-e163-4-sub-address-length, + ub-generation-qualifier-length, ub-given-name-length, ub-initials-length, + ub-integer-options, ub-local-id-length, ub-mta-name-length, + ub-mts-user-types, ub-numeric-user-id-length, ub-organization-name-length, + ub-organizational-units, ub-organizational-unit-name-length, + ub-orig-and-dl-expansions, ub-password-length, ub-pds-name-length, + ub-pds-parameter-length, ub-pds-physical-address-lines, + ub-postal-code-length, ub-privacy-mark-length, ub-queue-size, + ub-reason-codes, ub-recipients, ub-recipient-number-for-advice-length, + ub-redirections, ub-redirection-classes, ub-restrictions, + ub-security-categories, ub-security-labels, ub-security-problems, + ub-supplementary-info-length, ub-surname-length, ub-terminal-id-length, + ub-tsap-id-length, ub-unformatted-address-length, + ub-universal-generation-qualifier-length, ub-universal-given-name-length, + ub-universal-initials-length, ub-universal-surname-length, + ub-x121-address-length + --== + FROM MTSUpperBounds {joint-iso-itu-t mhs(6) mts(3) modules(0) + upper-bounds(3) version-1999(1)}; + +operationObject1 OPERATION ::= {LINKED {operationObject2} +} + +operationObject2 OPERATION ::= {LINKED {operationObject3} +} + +operationObject3 OPERATION ::= {LINKED {operationObject4} +} + +operationObject4 OPERATION ::= {LINKED {...} +} + +-- Objects +MHS-OBJECT ::= ROS-OBJECT-CLASS + +mts MHS-OBJECT ::= { + INITIATES {mts-forced-access-contract} + RESPONDS {mts-access-contract} + ID id-ot-mts +} + +mts-user MHS-OBJECT ::= { + INITIATES {mts-access-contract} + RESPONDS {mts-forced-access-contract} + ID id-ot-mts-user +} + +-- Contracts +mts-access-contract CONTRACT ::= { + CONNECTION mts-connect + INITIATOR CONSUMER OF {submission | delivery | administration} + ID id-ct-mts-access +} + +mts-forced-access-contract CONTRACT ::= { + CONNECTION mts-connect + RESPONDER CONSUMER OF {submission | delivery | administration} + ID id-ct-mts-forced-access +} + +-- Connection package +mts-connect CONNECTION-PACKAGE ::= { + BIND mts-bind + UNBIND mts-unbind + ID id-cp-mts-connect +} + +-- Ports +PORT ::= OPERATION-PACKAGE + +submission PORT ::= { + OPERATIONS {operationObject1, ...} + CONSUMER INVOKES + {message-submission | probe-submission | cancel-deferred-delivery, ...} + SUPPLIER INVOKES {submission-control, ...} + ID id-pt-submission +} + +delivery PORT ::= { + OPERATIONS {operationObject1, ...} + CONSUMER INVOKES {delivery-control, ...} + SUPPLIER INVOKES {message-delivery | report-delivery, ...} + ID id-pt-delivery +} + +administration PORT ::= { + OPERATIONS {change-credentials, ...} + CONSUMER INVOKES {register, ...} + SUPPLIER INVOKES {operationObject1, ...} + ID id-pt-administration +} + +-- MTS-bind and MTS-unbind +ABSTRACT-OPERATION ::= OPERATION + +ABSTRACT-ERROR ::= ERROR + +mts-bind ABSTRACT-OPERATION ::= { + ARGUMENT MTSBindArgument + RESULT MTSBindResult + ERRORS {mts-bind-error} +} + +MTSBindArgument ::= SET { + initiator-name ObjectName, + messages-waiting [1] EXPLICIT MessagesWaiting OPTIONAL, + initiator-credentials [2] InitiatorCredentials, + security-context [3] SecurityContext OPTIONAL, + ..., + extensions + [5] SET OF ExtensionField{{MTSBindExtensions}} DEFAULT {} +} + +MTSBindExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +MTSBindResult ::= SET { + responder-name ObjectName, + messages-waiting [1] EXPLICIT MessagesWaiting OPTIONAL, + responder-credentials [2] ResponderCredentials, + ..., + extensions + [5] SET OF ExtensionField{{MTSBindResultExtensions}} DEFAULT {} +} + +MTSBindResultExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +mts-bind-error ABSTRACT-ERROR ::= { + PARAMETER + INTEGER {busy(0), authentication-error(2), unacceptable-dialogue-mode(3), + unacceptable-security-context(4), + inadequate-association-confidentiality(5)}(0..ub-integer-options) +} + +mts-unbind ABSTRACT-OPERATION ::= emptyUnbind + +-- Association Control Parameters +ObjectName ::= CHOICE { + user-agent ORAddressAndOptionalDirectoryName, + mTA [0] MTAName, + message-store [4] ORAddressAndOptionalDirectoryName +} + +MessagesWaiting ::= SET { + urgent [0] DeliveryQueue, + normal [1] DeliveryQueue, + non-urgent [2] DeliveryQueue +} + +DeliveryQueue ::= SET { + messages [0] INTEGER(0..ub-queue-size), + octets [1] INTEGER(0..ub-content-length) OPTIONAL +} + +InitiatorCredentials ::= Credentials + +ResponderCredentials ::= Credentials + +Credentials ::= CHOICE { + simple Password, + strong [0] StrongCredentials, + ..., + protected [1] ProtectedPassword +} + +Password ::= CHOICE { + ia5-string IA5String(SIZE (0..ub-password-length)), + octet-string OCTET STRING(SIZE (0..ub-password-length)) +} + +StrongCredentials ::= SET { + bind-token [0] Token OPTIONAL, + certificate [1] Certificates OPTIONAL, + ..., + certificate-selector [2] CertificateAssertion OPTIONAL +} + +ProtectedPassword ::= SET { + signature + SIGNATURE{SET {password Password, + time1 [0] UTCTime OPTIONAL, + time2 [1] UTCTime OPTIONAL, + random1 [2] BIT STRING OPTIONAL, + random2 [3] BIT STRING OPTIONAL}}, + time1 [0] UTCTime OPTIONAL, + time2 [1] UTCTime OPTIONAL, + random1 [2] BIT STRING OPTIONAL, + random2 [3] BIT STRING OPTIONAL +} + +SecurityContext ::= SET SIZE (1..ub-security-labels) OF SecurityLabel + +-- Submission Port +message-submission ABSTRACT-OPERATION ::= { + ARGUMENT MessageSubmissionArgument + RESULT MessageSubmissionResult + ERRORS + {submission-control-violated | element-of-service-not-subscribed | + originator-invalid | recipient-improperly-specified | + inconsistent-request | security-error | unsupported-critical-function | + remote-bind-error} + LINKED {operationObject1, ...} + INVOKE PRIORITY {4 | 6 | 7} + CODE op-message-submission +} + +MessageSubmissionArgument ::= SEQUENCE { + envelope MessageSubmissionEnvelope, + content Content +} + +MessageSubmissionResult ::= SET { + message-submission-identifier MessageSubmissionIdentifier, + message-submission-time [0] MessageSubmissionTime, + content-identifier ContentIdentifier OPTIONAL, + extensions + [1] SET OF ExtensionField{{MessageSubmissionResultExtensions}} DEFAULT {} +} + +MessageSubmissionResultExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + originating-MTA-certificate | proof-of-submission | PrivateExtensions, + ...} + +probe-submission ABSTRACT-OPERATION ::= { + ARGUMENT ProbeSubmissionArgument + RESULT ProbeSubmissionResult + ERRORS + {submission-control-violated | element-of-service-not-subscribed | + originator-invalid | recipient-improperly-specified | + inconsistent-request | security-error | unsupported-critical-function | + remote-bind-error} + LINKED {operationObject1, ...} + INVOKE PRIORITY {5} + CODE op-probe-submission +} + +ProbeSubmissionArgument ::= ProbeSubmissionEnvelope + +ProbeSubmissionResult ::= SET { + probe-submission-identifier ProbeSubmissionIdentifier, + probe-submission-time [0] ProbeSubmissionTime, + content-identifier ContentIdentifier OPTIONAL, + extensions + [1] SET OF ExtensionField{{ProbeResultExtensions}} DEFAULT {} +} + +ProbeResultExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions, +-- at most one instance of each extension type +cancel-deferred-delivery ABSTRACT-OPERATION ::= { + ARGUMENT CancelDeferredDeliveryArgument + RESULT CancelDeferredDeliveryResult + ERRORS + {deferred-delivery-cancellation-rejected | + message-submission-identifier-invalid | remote-bind-error} + LINKED {operationObject1, ...} + INVOKE PRIORITY {3} + CODE op-cancel-deferred-delivery +} + +CancelDeferredDeliveryArgument ::= MessageSubmissionIdentifier + +CancelDeferredDeliveryResult ::= NULL + +submission-control ABSTRACT-OPERATION ::= { + ARGUMENT SubmissionControlArgument + RESULT SubmissionControlResult + ERRORS {security-error | remote-bind-error} + LINKED {operationObject1, ...} + INVOKE PRIORITY {3} + CODE op-submission-control +} + +SubmissionControlArgument ::= SubmissionControls + +SubmissionControlResult ::= Waiting + +submission-control-violated ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-submission-control-violated +} + +element-of-service-not-subscribed ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-element-of-service-not-subscribed +} + +deferred-delivery-cancellation-rejected ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-deferred-delivery-cancellation-rejected +} + +originator-invalid ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-originator-invalid +} + +recipient-improperly-specified ABSTRACT-ERROR ::= { + PARAMETER ImproperlySpecifiedRecipients + CODE err-recipient-improperly-specified +} + +ImproperlySpecifiedRecipients ::= + SEQUENCE SIZE (1..ub-recipients) OF RecipientName + +message-submission-identifier-invalid ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-message-submission-identifier-invalid +} + +inconsistent-request ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-inconsistent-request +} + +security-error ABSTRACT-ERROR ::= { + PARAMETER SecurityProblem + CODE err-security-error +} + +SecurityProblem ::= INTEGER { + assemby-instructions-conflict-with-security-services(0), + authentication-problem(1), authentication-failure-on-subject-message(2), + confidentiality-association-problem(3), decryption-failed(4), + decryption-key-unobtainable(5), failure-of-proof-of-message(6), + forbidden-user-security-label-register(7), + incompatible-change-with-original-security-context(8), + integrity-failure-on-subject-message(9), invalid-security-label(10), + invalid-security-label-update(11), key-failure(12), + mandatory-parameter-absence(13), operation-security-failure(14), + redirection-prohibited(15), refused-alternate-recipient-name(16), + repudiation-failure-of-message(17), + responder-credentials-checking-problem(18), security-context-failure(19), + security-context-problem(20), security-policy-violation(21), + security-services-refusal(22), token-decryption-failed(23), token-error(24), + unable-to-aggregate-security-labels(25), unauthorised-dl-name(26), + unauthorised-entry-class(27), + unauthorised-originally-intended-recipient-name(28), + unauthorised-originator-name(29), unauthorised-recipient-name(30), + unauthorised-security-label-update(31), unauthorised-user-name(32), + unknown-security-label(33), unsupported-algorithm-identifier(34), + unsupported-security-policy(35)}(0..ub-security-problems) + +unsupported-critical-function ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-unsupported-critical-function +} + +remote-bind-error ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-remote-bind-error +} + +-- Submission Port Parameters +MessageSubmissionIdentifier ::= MTSIdentifier + +MessageSubmissionTime ::= Time + +ProbeSubmissionIdentifier ::= MTSIdentifier + +ProbeSubmissionTime ::= Time + +SubmissionControls ::= + Controls + (WITH COMPONENTS { + ..., + permissible-content-types ABSENT, + permissible-encoded-information-types ABSENT + }) + +Waiting ::= SET { + waiting-operations [0] Operations DEFAULT {}, + waiting-messages [1] WaitingMessages DEFAULT {}, + waiting-content-types + [2] SET SIZE (0..ub-content-types) OF ContentType DEFAULT {}, + waiting-encoded-information-types EncodedInformationTypes OPTIONAL +} + +Operations ::= BIT STRING { + probe-submission-or-report-delivery(0), + message-submission-or-message-delivery(1)}(SIZE (0..ub-bit-options)) + +-- holding 'one', not-holding 'zero' +WaitingMessages ::= BIT STRING { + long-content(0), low-priority(1), other-security-labels(2) +}(SIZE (0..ub-bit-options)) + +-- Delivery Port +message-delivery ABSTRACT-OPERATION ::= { + ARGUMENT MessageDeliveryArgument + RESULT MessageDeliveryResult + ERRORS + {delivery-control-violated | security-error | + unsupported-critical-function} + LINKED {operationObject1, ...} + INVOKE PRIORITY {4 | 6 | 7} + CODE op-message-delivery +} + +MessageDeliveryArgument ::= SEQUENCE { + COMPONENTS OF MessageDeliveryEnvelope, + content Content +} + +MessageDeliveryResult ::= SET { + recipient-certificate [0] RecipientCertificate OPTIONAL, + proof-of-delivery [1] IMPLICIT ProofOfDelivery OPTIONAL, + ..., + extensions + [2] SET OF ExtensionField{{MessageDeliveryResultExtensions}} DEFAULT {} +} + +MessageDeliveryResultExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +report-delivery ABSTRACT-OPERATION ::= { + ARGUMENT ReportDeliveryArgument + RESULT ReportDeliveryResult + ERRORS + {delivery-control-violated | security-error | + unsupported-critical-function} + LINKED {operationObject1, ...} + INVOKE PRIORITY {5} + CODE op-report-delivery +} + +ReportDeliveryArgument ::= SET { + COMPONENTS OF ReportDeliveryEnvelope, + returned-content [0] Content OPTIONAL +} + +ReportDeliveryResult ::= CHOICE { + empty-result NULL, + ..., + extensions + SET SIZE (1..MAX) OF ExtensionField{{ReportDeliveryResultExtensions}} +} + +ReportDeliveryResultExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +delivery-control ABSTRACT-OPERATION ::= { + ARGUMENT DeliveryControlArgument + RESULT DeliveryControlResult + ERRORS + {control-violates-registration | security-error | operation-refused} + LINKED {operationObject1, ...} + INVOKE PRIORITY {3} + CODE op-delivery-control +} + +DeliveryControlArgument ::= SET { + COMPONENTS OF DeliveryControls, + extensions + [6] SET OF ExtensionField{{DeliveryControlExtensions}} DEFAULT {} +} + +DeliveryControlExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +DeliveryControlResult ::= SET { + COMPONENTS OF Waiting, + extensions + [6] SET OF ExtensionField{{DeliveryControlResultExtensions}} DEFAULT {} +} + +DeliveryControlResultExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +delivery-control-violated ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-delivery-control-violated +} + +control-violates-registration ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-control-violates-registration +} + +operation-refused ABSTRACT-ERROR ::= { + PARAMETER RefusedOperation + CODE err-operation-refused +} + +RefusedOperation ::= SET { + refused-argument + CHOICE {built-in-argument [1] RefusedArgument, + refused-extension EXTENSION.&id}, + refusal-reason [2] RefusalReason +} + +RefusedArgument ::= INTEGER { + user-name(0), user-address(1), deliverable-content-types(2), + deliverable-maximum-content-length(3), + deliverable-encoded-information-types-constraints(4), + deliverable-security-labels(5), recipient-assigned-redirections(6), + restricted-delivery(7), + retrieve-registrations(8), -- value 9 reserved for possible future extension to Register arguments + restrict(10), permissible-operations(11), permissible-lowest-priority(12), + permissible-encoded-information-types(13), permissible-content-types(14), + permissible-maximum-content-length(15), permissible-security-context(16) +}(0..ub-integer-options) + +RefusalReason ::= INTEGER { + facility-unavailable(0), facility-not-subscribed(1), + parameter-unacceptable(2)}(0..ub-integer-options) + +-- Delivery Port Parameters +RecipientCertificate ::= Certificates + +ProofOfDelivery ::= + SIGNATURE + {SEQUENCE {algorithm-identifier + ProofOfDeliveryAlgorithmIdentifier, + delivery-time MessageDeliveryTime, + this-recipient-name ThisRecipientName, + originally-intended-recipient-name + OriginallyIntendedRecipientName OPTIONAL, + content Content, + content-identifier ContentIdentifier OPTIONAL, + message-security-label + MessageSecurityLabel OPTIONAL}} + +ProofOfDeliveryAlgorithmIdentifier ::= AlgorithmIdentifier + +DeliveryControls ::= Controls + +Controls ::= SET { + restrict [0] BOOLEAN DEFAULT TRUE, + -- update 'TRUE', remove 'FALSE' + permissible-operations [1] Operations OPTIONAL, + permissible-maximum-content-length [2] ContentLength OPTIONAL, + permissible-lowest-priority Priority OPTIONAL, + permissible-content-types [4] ContentTypes OPTIONAL, + permissible-encoded-information-types + PermissibleEncodedInformationTypes OPTIONAL, + permissible-security-context [5] SecurityContext OPTIONAL +} + +-- Note - The Tags [0], [1] and [2] are altered for the Register operation only. +PermissibleEncodedInformationTypes ::= + EncodedInformationTypesConstraints + +-- Administration Port +register ABSTRACT-OPERATION ::= { + ARGUMENT RegisterArgument + RESULT RegisterResult + ERRORS + {register-rejected | remote-bind-error | operation-refused | + security-error} + LINKED {operationObject1, ...} + INVOKE PRIORITY {5} + CODE op-register +} + +RegisterArgument ::= SET { + user-name UserName OPTIONAL, + user-address [0] UserAddress OPTIONAL, + deliverable-class + SET SIZE (1..ub-deliverable-class) OF DeliverableClass OPTIONAL, + default-delivery-controls [2] EXPLICIT DefaultDeliveryControls OPTIONAL, + redirections [3] Redirections OPTIONAL, + restricted-delivery [4] RestrictedDelivery OPTIONAL, + retrieve-registrations [5] RegistrationTypes OPTIONAL, + extensions + [6] SET OF ExtensionField{{RegisterExtensions}} DEFAULT {} +} + +RegisterExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +RegisterResult ::= CHOICE { + empty-result NULL, + non-empty-result + SET {registered-information + [0] RegisterArgument + (WITH COMPONENTS { + ..., + retrieve-registrations ABSENT + }) OPTIONAL, + extensions + [1] SET OF ExtensionField{{RegisterResultExtensions}} DEFAULT {} + } +} + +RegisterResultExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +change-credentials ABSTRACT-OPERATION ::= { + ARGUMENT ChangeCredentialsArgument + RESULT NULL + ERRORS + {new-credentials-unacceptable | old-credentials-incorrectly-specified | + remote-bind-error | security-error} + LINKED {operationObject1, ...} + INVOKE PRIORITY {5} + CODE op-change-credentials +} + +ChangeCredentialsArgument ::= SET { + old-credentials [0] Credentials(WITH COMPONENTS { + simple + }), + new-credentials [1] Credentials(WITH COMPONENTS { + simple + }) +} + +register-rejected ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-register-rejected +} + +new-credentials-unacceptable ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-new-credentials-unacceptable +} + +old-credentials-incorrectly-specified ABSTRACT-ERROR ::= { + PARAMETER NULL + CODE err-old-credentials-incorrectly-specified +} + +-- Administration Port Parameters +UserName ::= ORAddressAndOptionalDirectoryName + +UserAddress ::= CHOICE { + x121 + [0] SEQUENCE {x121-address + NumericString(SIZE (1..ub-x121-address-length)) OPTIONAL, + tsap-id + PrintableString(SIZE (1..ub-tsap-id-length)) OPTIONAL + }, + presentation [1] PSAPAddress +} + +PSAPAddress ::= PresentationAddress + +DeliverableClass ::= + MessageClass + (WITH COMPONENTS { + ..., + priority ABSENT, + -- The 'objects' component shall always be defaulted. + -- objects ABSENT, + -- A component with a DEFAULT clause cannot be ABSENT + applies-only-to ABSENT + }) + +DefaultDeliveryControls ::= + Controls + (WITH COMPONENTS { + ..., + + -- The 'restrict' component shall always be defaulted. + -- restrict ABSENT, + -- A component with a DEFAULT clause cannot be ABSENT + permissible-security-context ABSENT + }) + +Redirections ::= SEQUENCE SIZE (1..ub-redirections) OF RecipientRedirection + +RecipientRedirection ::= SET { + redirection-classes + [0] SET SIZE (1..ub-redirection-classes) OF RedirectionClass OPTIONAL, + recipient-assigned-alternate-recipient + [1] RecipientAssignedAlternateRecipient OPTIONAL +} + +RedirectionClass ::= MessageClass + +MessageClass ::= SET { + content-types [0] ContentTypes OPTIONAL, + maximum-content-length [1] ContentLength OPTIONAL, + encoded-information-types-constraints + [2] EncodedInformationTypesConstraints OPTIONAL, + security-labels [3] SecurityContext OPTIONAL, + priority [4] SET OF Priority OPTIONAL, + objects + [5] ENUMERATED {messages(0), reports(1), both(2), ... + } DEFAULT both, + applies-only-to [6] SEQUENCE OF Restriction OPTIONAL, -- Not considered in the case of Reports + extensions + [7] SET OF ExtensionField{{MessageClassExtensions}} DEFAULT {} +} + +EncodedInformationTypesConstraints ::= SEQUENCE { + unacceptable-eits [0] ExtendedEncodedInformationTypes OPTIONAL, + acceptable-eits [1] ExtendedEncodedInformationTypes OPTIONAL, + exclusively-acceptable-eits [2] ExtendedEncodedInformationTypes OPTIONAL +} + +MessageClassExtensions EXTENSION ::= {PrivateExtensions, ...} + +-- May contain private extensions and future standardised extensions +RecipientAssignedAlternateRecipient ::= + ORAddressAndOrDirectoryName + +RestrictedDelivery ::= SEQUENCE SIZE (1..ub-restrictions) OF Restriction + +Restriction ::= SET { + permitted BOOLEAN DEFAULT TRUE, + source-type + BIT STRING {originated-by(0), redirected-by(1), dl-expanded-by(2)} + DEFAULT {originated-by, redirected-by, dl-expanded-by}, + source-name ExactOrPattern OPTIONAL +} + +ExactOrPattern ::= CHOICE { + exact-match [0] ORName, + pattern-match [1] ORName +} + +RegistrationTypes ::= SEQUENCE { + standard-parameters + [0] BIT STRING {user-name(0), user-address(1), deliverable-class(2), + default-delivery-controls(3), redirections(4), + restricted-delivery(5)} OPTIONAL, + extensions [1] SET OF EXTENSION.&id({RegisterExtensions}) OPTIONAL +} + +-- Message Submission Envelope +MessageSubmissionEnvelope ::= SET { + COMPONENTS OF PerMessageSubmissionFields, + per-recipient-fields + [1] SEQUENCE SIZE (1..ub-recipients) OF + PerRecipientMessageSubmissionFields +} + +PerMessageSubmissionFields ::= SET { + originator-name OriginatorName, + original-encoded-information-types OriginalEncodedInformationTypes OPTIONAL, + content-type ContentType, + content-identifier ContentIdentifier OPTIONAL, + priority Priority DEFAULT normal, + per-message-indicators PerMessageIndicators DEFAULT {}, + deferred-delivery-time [0] DeferredDeliveryTime OPTIONAL, + extensions + [2] SET OF ExtensionField{{PerMessageSubmissionExtensions}} DEFAULT {} +} + +PerMessageSubmissionExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + recipient-reassignment-prohibited | dl-expansion-prohibited | + conversion-with-loss-prohibited | latest-delivery-time | + originator-return-address | originator-certificate | + content-confidentiality-algorithm-identifier | + message-origin-authentication-check | message-security-label | + proof-of-submission-request | content-correlator | dl-exempted-recipients | + certificate-selectors | multiple-originator-certificates | + forwarding-request -- for MS Abstract Service only -- | PrivateExtensions, + ...} + +PerRecipientMessageSubmissionFields ::= SET { + recipient-name RecipientName, + originator-report-request [0] OriginatorReportRequest, + explicit-conversion [1] ExplicitConversion OPTIONAL, + extensions + [2] SET OF ExtensionField{{PerRecipientMessageSubmissionExtensions}} + DEFAULT {} +} + +PerRecipientMessageSubmissionExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + originator-requested-alternate-recipient | requested-delivery-method | + physical-forwarding-prohibited | physical-forwarding-address-request | + physical-delivery-modes | registered-mail-type | recipient-number-for-advice + | physical-rendition-attributes | physical-delivery-report-request | + message-token | content-integrity-check | proof-of-delivery-request | + certificate-selectors-override | recipient-certificate | + IPMPerRecipientEnvelopeExtensions | PrivateExtensions, ...} + +-- Probe Submission Envelope +ProbeSubmissionEnvelope ::= SET { + COMPONENTS OF PerProbeSubmissionFields, + per-recipient-fields + [3] SEQUENCE SIZE (1..ub-recipients) OF PerRecipientProbeSubmissionFields +} + +PerProbeSubmissionFields ::= SET { + originator-name OriginatorName, + original-encoded-information-types OriginalEncodedInformationTypes OPTIONAL, + content-type ContentType, + content-identifier ContentIdentifier OPTIONAL, + content-length [0] ContentLength OPTIONAL, + per-message-indicators PerMessageIndicators DEFAULT {}, + extensions + [2] SET OF ExtensionField{{PerProbeSubmissionExtensions}} DEFAULT {} +} + +PerProbeSubmissionExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + recipient-reassignment-prohibited | dl-expansion-prohibited | + conversion-with-loss-prohibited | originator-certificate | + message-security-label | content-correlator | + probe-origin-authentication-check | PrivateExtensions, ...} + +PerRecipientProbeSubmissionFields ::= SET { + recipient-name RecipientName, + originator-report-request [0] OriginatorReportRequest, + explicit-conversion [1] ExplicitConversion OPTIONAL, + extensions + [2] SET OF ExtensionField{{PerRecipientProbeSubmissionExtensions}} + DEFAULT {} +} + +PerRecipientProbeSubmissionExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + originator-requested-alternate-recipient | requested-delivery-method | + physical-rendition-attributes | PrivateExtensions, ...} + +-- Message Delivery Envelope +MessageDeliveryEnvelope ::= SEQUENCE { + message-delivery-identifier MessageDeliveryIdentifier, + message-delivery-time MessageDeliveryTime, + other-fields OtherMessageDeliveryFields +} + +OtherMessageDeliveryFields ::= SET { + content-type DeliveredContentType, + originator-name DeliveredOriginatorName, + original-encoded-information-types + [1] OriginalEncodedInformationTypes OPTIONAL, + priority Priority DEFAULT normal, + delivery-flags [2] DeliveryFlags OPTIONAL, + other-recipient-names [3] OtherRecipientNames OPTIONAL, + this-recipient-name [4] ThisRecipientName, + originally-intended-recipient-name + [5] OriginallyIntendedRecipientName OPTIONAL, + converted-encoded-information-types + [6] ConvertedEncodedInformationTypes OPTIONAL, + message-submission-time [7] MessageSubmissionTime, + content-identifier [8] ContentIdentifier OPTIONAL, + extensions + [9] SET OF ExtensionField{{MessageDeliveryExtensions}} DEFAULT {} +} + +MessageDeliveryExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + conversion-with-loss-prohibited | requested-delivery-method | + physical-forwarding-prohibited | physical-forwarding-address-request | + physical-delivery-modes | registered-mail-type | recipient-number-for-advice + | physical-rendition-attributes | originator-return-address | + physical-delivery-report-request | originator-certificate | message-token | + content-confidentiality-algorithm-identifier | content-integrity-check | + message-origin-authentication-check | message-security-label | + proof-of-delivery-request | dl-exempted-recipients | certificate-selectors | + certificate-selectors-override | multiple-originator-certificates | + recipient-certificate | IPMPerRecipientEnvelopeExtensions | + redirection-history | dl-expansion-history | trace-information | + internal-trace-information | PrivateExtensions, ...} + +-- Report Delivery Envelope +ReportDeliveryEnvelope ::= SET { + COMPONENTS OF PerReportDeliveryFields, + per-recipient-fields + SEQUENCE SIZE (1..ub-recipients) OF PerRecipientReportDeliveryFields +} + +PerReportDeliveryFields ::= SET { + subject-submission-identifier SubjectSubmissionIdentifier, + content-identifier ContentIdentifier OPTIONAL, + content-type ContentType OPTIONAL, + original-encoded-information-types OriginalEncodedInformationTypes OPTIONAL, + extensions + [1] SET OF ExtensionField{{ReportDeliveryExtensions}} DEFAULT {} +} + +ReportDeliveryExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + message-security-label | content-correlator | redirection-history | + originator-and-DL-expansion-history | reporting-DL-name | + reporting-MTA-certificate | report-origin-authentication-check | + trace-information | internal-trace-information | reporting-MTA-name | + PrivateExtensions, ...} + +PerRecipientReportDeliveryFields ::= SET { + actual-recipient-name [0] ActualRecipientName, + report-type [1] ReportType, + converted-encoded-information-types + ConvertedEncodedInformationTypes OPTIONAL, + originally-intended-recipient-name + [2] OriginallyIntendedRecipientName OPTIONAL, + supplementary-information [3] SupplementaryInformation OPTIONAL, + extensions + [4] SET OF ExtensionField{{PerRecipientReportDeliveryExtensions}} + DEFAULT {} +} + +PerRecipientReportDeliveryExtensions EXTENSION ::= + {-- May contain the following extensions, private extensions, and future standardised extensions, + -- at most one instance of each extension type: + redirection-history | physical-forwarding-address | recipient-certificate | + proof-of-delivery | PrivateExtensions, ...} + +ReportType ::= CHOICE { + delivery [0] DeliveryReport, + non-delivery [1] NonDeliveryReport +} + +DeliveryReport ::= SET { + message-delivery-time [0] MessageDeliveryTime, + type-of-MTS-user [1] TypeOfMTSUser DEFAULT public +} + +NonDeliveryReport ::= SET { + non-delivery-reason-code [0] NonDeliveryReasonCode, + non-delivery-diagnostic-code [1] NonDeliveryDiagnosticCode OPTIONAL +} + +-- Envelope Fields +OriginatorName ::= ORAddressAndOrDirectoryName + +DeliveredOriginatorName ::= ORAddressAndOptionalDirectoryName + +OriginalEncodedInformationTypes ::= EncodedInformationTypes + +ContentTypes ::= SET SIZE (1..ub-content-types) OF ContentType + +ContentType ::= CHOICE { + built-in BuiltInContentType, + extended ExtendedContentType +} + +BuiltInContentType ::= [APPLICATION 6] INTEGER { + unidentified(0), + external(1), -- identified by the object-identifier of the EXTERNAL content + interpersonal-messaging-1984(2), interpersonal-messaging-1988(22), + edi-messaging(35), voice-messaging(40)}(0..ub-built-in-content-type) + +ExtendedContentType ::= RELATIVE-OID + +DeliveredContentType ::= CHOICE { + built-in [0] BuiltInContentType, + extended ExtendedContentType +} + +ContentIdentifier ::= + [APPLICATION 10] PrintableString(SIZE (1..ub-content-id-length)) + +PerMessageIndicators ::= [APPLICATION 8] BIT STRING { + disclosure-of-other-recipients(0), -- disclosure-of-other-recipients-requested 'one', + + -- disclosure-of-other-recipients-prohibited 'zero'; + -- ignored for Probe-submission + implicit-conversion-prohibited(1), -- implicit-conversion-prohibited 'one', + + -- implicit-conversion-allowed 'zero' + alternate-recipient-allowed(2), -- alternate-recipient-allowed 'one', + + -- alternate-recipient-prohibited 'zero' + content-return-request(3), -- content-return-requested 'one', + + -- content-return-not-requested 'zero'; + -- ignored for Probe-submission + reserved(4), -- bit reserved by MOTIS 1986 + bit-5(5), + bit-6(6), -- notification type-1 : bit 5 'zero' and bit 6 'one' + + -- notification type-2 : bit 5 'one' and bit 6 'zero' + -- notification type-3 : bit 5 'one' and bit 6 'one' + -- the mapping between notification type 1, 2, 3 + -- and the content specific notification types are defined + -- in relevant content specifications + service-message(7) -- the message content is for service purposes; + + +-- it may be a notification related to a service message; +-- used only by bilateral agreement --}(SIZE (0..ub-bit-options)) + +RecipientName ::= ORAddressAndOrDirectoryName + +OriginatorReportRequest ::= BIT STRING {report(3), non-delivery-report(4) + +-- at most one bit shall be 'one': +-- report bit 'one' requests a 'report'; +-- non-delivery-report bit 'one' requests a 'non-delivery-report'; +-- both bits 'zero' requests 'no-report' --}(SIZE (0..ub-bit-options)) + +ExplicitConversion ::= INTEGER { + ia5-text-to-teletex(0), + -- values 1 to 7 are no longer defined + ia5-text-to-g3-facsimile(8), ia5-text-to-g4-class-1(9), + ia5-text-to-videotex(10), teletex-to-ia5-text(11), + teletex-to-g3-facsimile(12), teletex-to-g4-class-1(13), + teletex-to-videotex(14), + -- value 15 is no longer defined + videotex-to-ia5-text(16), videotex-to-teletex(17)}(0..ub-integer-options) + +DeferredDeliveryTime ::= Time + +Priority ::= [APPLICATION 7] ENUMERATED {normal(0), non-urgent(1), urgent(2)} + +ContentLength ::= INTEGER(0..ub-content-length) + +MessageDeliveryIdentifier ::= MTSIdentifier + +MessageDeliveryTime ::= Time + +DeliveryFlags ::= BIT STRING { + implicit-conversion-prohibited(1) -- implicit-conversion-prohibited 'one', + + -- implicit-conversion-allowed 'zero' --}(SIZE (0..ub-bit-options)) + +OtherRecipientNames ::= SEQUENCE SIZE (1..ub-recipients) OF OtherRecipientName + +OtherRecipientName ::= ORAddressAndOptionalDirectoryName + +ThisRecipientName ::= ORAddressAndOptionalDirectoryName + +OriginallyIntendedRecipientName ::= ORAddressAndOptionalDirectoryName + +ConvertedEncodedInformationTypes ::= EncodedInformationTypes + +SubjectSubmissionIdentifier ::= MTSIdentifier + +ActualRecipientName ::= ORAddressAndOrDirectoryName + +TypeOfMTSUser ::= INTEGER { + public(0), private(1), ms(2), dl(3), pdau(4), physical-recipient(5), other(6) +}(0..ub-mts-user-types) + +NonDeliveryReasonCode ::= INTEGER { + transfer-failure(0), unable-to-transfer(1), conversion-not-performed(2), + physical-rendition-not-performed(3), physical-delivery-not-performed(4), + restricted-delivery(5), directory-operation-unsuccessful(6), + deferred-delivery-not-performed(7), transfer-failure-for-security-reason(8) +}(0..ub-reason-codes) + +NonDeliveryDiagnosticCode ::= INTEGER { + unrecognised-OR-name(0), ambiguous-OR-name(1), mts-congestion(2), + loop-detected(3), recipient-unavailable(4), maximum-time-expired(5), + encoded-information-types-unsupported(6), content-too-long(7), + conversion-impractical(8), implicit-conversion-prohibited(9), + implicit-conversion-not-subscribed(10), invalid-arguments(11), + content-syntax-error(12), size-constraint-violation(13), + protocol-violation(14), content-type-not-supported(15), + too-many-recipients(16), no-bilateral-agreement(17), + unsupported-critical-function(18), conversion-with-loss-prohibited(19), + line-too-long(20), page-split(21), pictorial-symbol-loss(22), + punctuation-symbol-loss(23), alphabetic-character-loss(24), + multiple-information-loss(25), recipient-reassignment-prohibited(26), + redirection-loop-detected(27), dl-expansion-prohibited(28), + no-dl-submit-permission(29), dl-expansion-failure(30), + physical-rendition-attributes-not-supported(31), + undeliverable-mail-physical-delivery-address-incorrect(32), + undeliverable-mail-physical-delivery-office-incorrect-or-invalid(33), + undeliverable-mail-physical-delivery-address-incomplete(34), + undeliverable-mail-recipient-unknown(35), + undeliverable-mail-recipient-deceased(36), + undeliverable-mail-organization-expired(37), + undeliverable-mail-recipient-refused-to-accept(38), + undeliverable-mail-recipient-did-not-claim(39), + undeliverable-mail-recipient-changed-address-permanently(40), + undeliverable-mail-recipient-changed-address-temporarily(41), + undeliverable-mail-recipient-changed-temporary-address(42), + undeliverable-mail-new-address-unknown(43), + undeliverable-mail-recipient-did-not-want-forwarding(44), + undeliverable-mail-originator-prohibited-forwarding(45), + secure-messaging-error(46), unable-to-downgrade(47), + unable-to-complete-transfer(48), transfer-attempts-limit-reached(49), + incorrect-notification-type(50), + dl-expansion-prohibited-by-security-policy(51), + forbidden-alternate-recipient(52), security-policy-violation(53), + security-services-refusal(54), unauthorised-dl-member(55), + unauthorised-dl-name(56), + unauthorised-originally-intended-recipient-name(57), + unauthorised-originator-name(58), unauthorised-recipient-name(59), + unreliable-system(60), authentication-failure-on-subject-message(61), + decryption-failed(62), decryption-key-unobtainable(63), + double-envelope-creation-failure(64), + double-enveloping-message-restoring-failure(65), + failure-of-proof-of-message(66), integrity-failure-on-subject-message(67), + invalid-security-label(68), key-failure(69), mandatory-parameter-absence(70), + operation-security-failure(71), repudiation-failure-of-message(72), + security-context-failure(73), token-decryption-failed(74), token-error(75), + unknown-security-label(76), unsupported-algorithm-identifier(77), + unsupported-security-policy(78)}(0..ub-diagnostic-codes) + +SupplementaryInformation ::= + PrintableString(SIZE (1..ub-supplementary-info-length)) + +-- Extension Fields +EXTENSION ::= CLASS { + &id ExtensionType UNIQUE, + &Type OPTIONAL, + &absent &Type OPTIONAL, + &recommended Criticality DEFAULT {} +} +WITH SYNTAX { + [&Type + [IF ABSENT &absent],] + [RECOMMENDED CRITICALITY &recommended,] + IDENTIFIED BY &id +} + +ExtensionType ::= CHOICE { + standard-extension [0] INTEGER(0..ub-extension-types), + private-extension [3] OBJECT IDENTIFIER +} + +Criticality ::= BIT STRING {for-submission(0), for-transfer(1), for-delivery(2) +}(SIZE (0..ub-bit-options)) -- critical 'one', non-critical 'zero' + + +ExtensionField{EXTENSION:ChosenFrom} ::= SEQUENCE { + type EXTENSION.&id({ChosenFrom}), + criticality [1] Criticality DEFAULT {}, + value [2] EXTENSION.&Type({ChosenFrom}{@type}) DEFAULT NULL:NULL +} + +PrivateExtensions EXTENSION ::= + {-- Any value shall be relayed and delivered if not Critical (see Table 27) + -- except those values whose semantics the MTA obeys which are defined to be removed when obeyed. + -- Shall be IDENTIFIED BY ExtensionType.private-extension --...} + +recipient-reassignment-prohibited EXTENSION ::= { + RecipientReassignmentProhibited + IF ABSENT recipient-reassignment-allowed, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:1 +} + +RecipientReassignmentProhibited ::= ENUMERATED { + recipient-reassignment-allowed(0), recipient-reassignment-prohibited(1) +} + +originator-requested-alternate-recipient EXTENSION ::= { + OriginatorRequestedAlternateRecipient, + RECOMMENDED CRITICALITY {for-submission}, + IDENTIFIED BY standard-extension:2 +} + +OriginatorRequestedAlternateRecipient ::= ORAddressAndOrDirectoryName + +-- OriginatorRequestedAlternateRecipient as defined here differs from the field of the same name +-- defined in Figure 4, since on submission the OR-address need not be present, but on +-- transfer the OR-address must be present. +dl-expansion-prohibited EXTENSION ::= { + DLExpansionProhibited + IF ABSENT dl-expansion-allowed, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:3 +} + +DLExpansionProhibited ::= ENUMERATED { + dl-expansion-allowed(0), dl-expansion-prohibited(1)} + +conversion-with-loss-prohibited EXTENSION ::= { + ConversionWithLossProhibited + IF ABSENT conversion-with-loss-allowed, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:4 +} + +ConversionWithLossProhibited ::= ENUMERATED { + conversion-with-loss-allowed(0), conversion-with-loss-prohibited(1) +} + +latest-delivery-time EXTENSION ::= { + LatestDeliveryTime, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:5 +} + +LatestDeliveryTime ::= Time + +requested-delivery-method EXTENSION ::= { + RequestedDeliveryMethod + IF ABSENT {any-delivery-method}, + IDENTIFIED BY standard-extension:6 +} + +RequestedDeliveryMethod ::= + SEQUENCE OF INTEGER { -- each different in order of preference, + -- most preferred first + any-delivery-method(0), mhs-delivery(1), physical-delivery(2), + telex-delivery(3), teletex-delivery(4), g3-facsimile-delivery(5), + g4-facsimile-delivery(6), ia5-terminal-delivery(7), videotex-delivery(8), + telephone-delivery(9)}(0..ub-integer-options) + +physical-forwarding-prohibited EXTENSION ::= { + PhysicalForwardingProhibited + IF ABSENT physical-forwarding-allowed, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:7 +} + +PhysicalForwardingProhibited ::= ENUMERATED { + physical-forwarding-allowed(0), physical-forwarding-prohibited(1)} + +physical-forwarding-address-request EXTENSION ::= { + PhysicalForwardingAddressRequest + IF ABSENT physical-forwarding-address-not-requested, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:8 +} + +PhysicalForwardingAddressRequest ::= ENUMERATED { + physical-forwarding-address-not-requested(0), + physical-forwarding-address-requested(1)} + +physical-delivery-modes EXTENSION ::= { + PhysicalDeliveryModes + IF ABSENT {ordinary-mail}, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:9 +} + +PhysicalDeliveryModes ::= BIT STRING { + ordinary-mail(0), special-delivery(1), express-mail(2), + counter-collection(3), counter-collection-with-telephone-advice(4), + counter-collection-with-telex-advice(5), + counter-collection-with-teletex-advice(6), bureau-fax-delivery(7) + +-- bits 0 to 6 are mutually exclusive +-- bit 7 can be set independently of any of bits 0 to 6 --} +(SIZE (0..ub-bit-options)) + +registered-mail-type EXTENSION ::= { + RegisteredMailType + IF ABSENT non-registered-mail, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:10 +} + +RegisteredMailType ::= INTEGER { + non-registered-mail(0), registered-mail(1), + registered-mail-to-addressee-in-person(2)}(0..ub-integer-options) + +recipient-number-for-advice EXTENSION ::= { + RecipientNumberForAdvice, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:11 +} + +RecipientNumberForAdvice ::= + TeletexString(SIZE (1..ub-recipient-number-for-advice-length)) + +physical-rendition-attributes EXTENSION ::= { + PhysicalRenditionAttributes + IF ABSENT id-att-physicalRendition-basic, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:12 +} + +PhysicalRenditionAttributes ::= OBJECT IDENTIFIER + +originator-return-address EXTENSION ::= { + OriginatorReturnAddress, + IDENTIFIED BY standard-extension:13 +} + +OriginatorReturnAddress ::= ORAddress + +physical-delivery-report-request EXTENSION ::= { + PhysicalDeliveryReportRequest + IF ABSENT return-of-undeliverable-mail-by-PDS, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:14 +} + +PhysicalDeliveryReportRequest ::= INTEGER { + return-of-undeliverable-mail-by-PDS(0), return-of-notification-by-PDS(1), + return-of-notification-by-MHS(2), return-of-notification-by-MHS-and-PDS(3) +}(0..ub-integer-options) + +originator-certificate EXTENSION ::= { + OriginatorCertificate, + IDENTIFIED BY standard-extension:15 +} + +OriginatorCertificate ::= Certificates + +message-token EXTENSION ::= { + MessageToken, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:16 +} + +MessageToken ::= Token + +content-confidentiality-algorithm-identifier EXTENSION ::= { + ContentConfidentialityAlgorithmIdentifier, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:17 +} + +ContentConfidentialityAlgorithmIdentifier ::= AlgorithmIdentifier + +content-integrity-check EXTENSION ::= { + ContentIntegrityCheck, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:18 +} + +ContentIntegrityCheck ::= + SIGNATURE + {SEQUENCE {algorithm-identifier + ContentIntegrityAlgorithmIdentifier OPTIONAL, + content Content}} + +ContentIntegrityAlgorithmIdentifier ::= AlgorithmIdentifier + +message-origin-authentication-check EXTENSION ::= { + MessageOriginAuthenticationCheck, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:19 +} + +MessageOriginAuthenticationCheck ::= + SIGNATURE + {SEQUENCE {algorithm-identifier + MessageOriginAuthenticationAlgorithmIdentifier, + content Content, + content-identifier ContentIdentifier OPTIONAL, + message-security-label MessageSecurityLabel OPTIONAL}} + +MessageOriginAuthenticationAlgorithmIdentifier ::= AlgorithmIdentifier + +message-security-label EXTENSION ::= { + MessageSecurityLabel, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:20 +} + +MessageSecurityLabel ::= SecurityLabel + +proof-of-submission-request EXTENSION ::= { + ProofOfSubmissionRequest + IF ABSENT proof-of-submission-not-requested, + RECOMMENDED CRITICALITY {for-submission}, + IDENTIFIED BY standard-extension:21 +} + +ProofOfSubmissionRequest ::= ENUMERATED { + proof-of-submission-not-requested(0), proof-of-submission-requested(1) +} + +proof-of-delivery-request EXTENSION ::= { + ProofOfDeliveryRequest + IF ABSENT proof-of-delivery-not-requested, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:22 +} + +ProofOfDeliveryRequest ::= ENUMERATED { + proof-of-delivery-not-requested(0), proof-of-delivery-requested(1)} + +content-correlator EXTENSION ::= { + ContentCorrelator, + IDENTIFIED BY standard-extension:23 +} + +ContentCorrelator ::= CHOICE {ia5text IA5String, + octets OCTET STRING +} + +probe-origin-authentication-check EXTENSION ::= { + ProbeOriginAuthenticationCheck, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:24 +} + +ProbeOriginAuthenticationCheck ::= + SIGNATURE + {SEQUENCE {algorithm-identifier + ProbeOriginAuthenticationAlgorithmIdentifier, + content-identifier ContentIdentifier OPTIONAL, + message-security-label MessageSecurityLabel OPTIONAL}} + +ProbeOriginAuthenticationAlgorithmIdentifier ::= AlgorithmIdentifier + +redirection-history EXTENSION ::= { + RedirectionHistory, + IDENTIFIED BY standard-extension:25 +} + +RedirectionHistory ::= SEQUENCE SIZE (1..ub-redirections) OF Redirection + +Redirection ::= SEQUENCE { + intended-recipient-name IntendedRecipientName, + redirection-reason RedirectionReason +} + +IntendedRecipientName ::= SEQUENCE { + intended-recipient ORAddressAndOptionalDirectoryName, + redirection-time Time +} + +RedirectionReason ::= ENUMERATED { + recipient-assigned-alternate-recipient(0), + originator-requested-alternate-recipient(1), + recipient-MD-assigned-alternate-recipient(2), + -- The following values may not be supported by implementations of earlier versions of this Service Definition + directory-look-up(3), alias(4), ... + } + +dl-expansion-history EXTENSION ::= { + DLExpansionHistory, + IDENTIFIED BY standard-extension:26 +} + +DLExpansionHistory ::= SEQUENCE SIZE (1..ub-dl-expansions) OF DLExpansion + +DLExpansion ::= SEQUENCE { + dl ORAddressAndOptionalDirectoryName, + dl-expansion-time Time +} + +physical-forwarding-address EXTENSION ::= { + PhysicalForwardingAddress, + IDENTIFIED BY standard-extension:27 +} + +PhysicalForwardingAddress ::= ORAddressAndOptionalDirectoryName + +recipient-certificate EXTENSION ::= { + RecipientCertificate, + IDENTIFIED BY standard-extension:28 +} + +proof-of-delivery EXTENSION ::= { + ProofOfDelivery, + IDENTIFIED BY standard-extension:29 +} + +originator-and-DL-expansion-history EXTENSION ::= { + OriginatorAndDLExpansionHistory, + IDENTIFIED BY standard-extension:30 +} + +OriginatorAndDLExpansionHistory ::= + SEQUENCE SIZE (2..ub-orig-and-dl-expansions) OF OriginatorAndDLExpansion + +OriginatorAndDLExpansion ::= SEQUENCE { + originator-or-dl-name ORAddressAndOptionalDirectoryName, + origination-or-expansion-time Time +} + +reporting-DL-name EXTENSION ::= { + ReportingDLName, + IDENTIFIED BY standard-extension:31 +} + +ReportingDLName ::= ORAddressAndOptionalDirectoryName + +reporting-MTA-certificate EXTENSION ::= { + ReportingMTACertificate, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:32 +} + +ReportingMTACertificate ::= Certificates + +report-origin-authentication-check EXTENSION ::= { + ReportOriginAuthenticationCheck, + RECOMMENDED CRITICALITY {for-delivery}, + IDENTIFIED BY standard-extension:33 +} + +ReportOriginAuthenticationCheck ::= + SIGNATURE + {SEQUENCE {algorithm-identifier + ReportOriginAuthenticationAlgorithmIdentifier, + content-identifier ContentIdentifier OPTIONAL, + message-security-label MessageSecurityLabel OPTIONAL, + per-recipient + SEQUENCE SIZE (1..ub-recipients) OF PerRecipientReportFields + }} + +ReportOriginAuthenticationAlgorithmIdentifier ::= AlgorithmIdentifier + +PerRecipientReportFields ::= SEQUENCE { + actual-recipient-name ActualRecipientName, + originally-intended-recipient-name OriginallyIntendedRecipientName OPTIONAL, + report-type + CHOICE {delivery [0] PerRecipientDeliveryReportFields, + non-delivery [1] PerRecipientNonDeliveryReportFields} +} + +PerRecipientDeliveryReportFields ::= SEQUENCE { + message-delivery-time MessageDeliveryTime, + type-of-MTS-user TypeOfMTSUser, + recipient-certificate [0] RecipientCertificate OPTIONAL, + proof-of-delivery [1] ProofOfDelivery OPTIONAL +} + +PerRecipientNonDeliveryReportFields ::= SEQUENCE { + non-delivery-reason-code NonDeliveryReasonCode, + non-delivery-diagnostic-code NonDeliveryDiagnosticCode OPTIONAL +} + +originating-MTA-certificate EXTENSION ::= { + OriginatingMTACertificate, + IDENTIFIED BY standard-extension:34 +} + +OriginatingMTACertificate ::= Certificates + +proof-of-submission EXTENSION ::= { + ProofOfSubmission, + IDENTIFIED BY standard-extension:35 +} + +ProofOfSubmission ::= + SIGNATURE + {SEQUENCE {algorithm-identifier + ProofOfSubmissionAlgorithmIdentifier, + message-submission-envelope MessageSubmissionEnvelope, + content Content, + message-submission-identifier MessageSubmissionIdentifier, + message-submission-time MessageSubmissionTime}} + +ProofOfSubmissionAlgorithmIdentifier ::= AlgorithmIdentifier + +reporting-MTA-name EXTENSION ::= { + ReportingMTAName, + IDENTIFIED BY standard-extension:39 +} + +ReportingMTAName ::= SEQUENCE { + domain GlobalDomainIdentifier, + mta-name MTAName, + mta-directory-name [0] Name OPTIONAL +} + +multiple-originator-certificates EXTENSION ::= { + ExtendedCertificates, + IDENTIFIED BY standard-extension:40 +} + +ExtendedCertificates ::= SET SIZE (1..ub-certificates) OF ExtendedCertificate + +ExtendedCertificate ::= CHOICE { + directory-entry [0] Name, -- Name of a Directory entry where the certificate can be found + certificate [1] Certificates +} + +dl-exempted-recipients EXTENSION ::= { + DLExemptedRecipients, + IDENTIFIED BY standard-extension:42 +} + +DLExemptedRecipients ::= SET OF ORAddressAndOrDirectoryName + +certificate-selectors EXTENSION ::= { + CertificateSelectors, + IDENTIFIED BY standard-extension:45 +} + +CertificateSelectors ::= SET { + encryption-recipient [0] CertificateAssertion OPTIONAL, + encryption-originator [1] CertificateAssertion OPTIONAL, + content-integrity-check [2] CertificateAssertion OPTIONAL, + token-signature [3] CertificateAssertion OPTIONAL, + message-origin-authentication [4] CertificateAssertion OPTIONAL +} + +certificate-selectors-override EXTENSION ::= { + CertificateSelectors + (WITH COMPONENTS { + ..., + message-origin-authentication ABSENT + }), + IDENTIFIED BY standard-extension:46 +} + +-- Some standard-extensions are defined elsewhere: +-- 36 (forwarding-request) in ITU-T Rec. X.413 | ISO/IEC 10021-5; +-- 37 (trace-information), and 38 (internal-trace-information) in Figure 4; +-- 41 (blind-copy-recipients), 43 (body-part-encryption-token), and 44 (forwarded-content-token) in +-- ITU-T Rec. X.420 | ISO/IEC 10021-7 +-- Common Parameter Types +Content ::= + OCTET + STRING -- when the content-type has the integer value external, the value of the + +-- content octet string is the ASN.1 encoding of the external-content; +-- an external-content is a data type EXTERNAL +MTSIdentifier ::= [APPLICATION 4] SEQUENCE { + global-domain-identifier GlobalDomainIdentifier, + local-identifier LocalIdentifier +} + +LocalIdentifier ::= IA5String(SIZE (1..ub-local-id-length)) + +GlobalDomainIdentifier ::= [APPLICATION 3] SEQUENCE { + country-name CountryName, + administration-domain-name AdministrationDomainName, + private-domain-identifier PrivateDomainIdentifier OPTIONAL +} + +PrivateDomainIdentifier ::= CHOICE { + numeric NumericString(SIZE (1..ub-domain-name-length)), + printable PrintableString(SIZE (1..ub-domain-name-length)) +} + +MTAName ::= IA5String(SIZE (1..ub-mta-name-length)) + +Time ::= UTCTime + +-- OR Names +ORAddressAndOrDirectoryName ::= ORName + +ORAddressAndOptionalDirectoryName ::= ORName + +ORName ::= [APPLICATION 0] SEQUENCE { + -- address --COMPONENTS OF ORAddress, + directory-name [0] Name OPTIONAL +} + +ORAddress ::= SEQUENCE { + built-in-standard-attributes BuiltInStandardAttributes, + built-in-domain-defined-attributes BuiltInDomainDefinedAttributes OPTIONAL, + -- see also teletex-domain-defined-attributes + extension-attributes ExtensionAttributes OPTIONAL +} + +-- The OR-address is semantically absent from the OR-name if the built-in-standard-attribute +-- sequence is empty and the built-in-domain-defined-attributes and extension-attributes are both omitted. +-- Built-in Standard Attributes +BuiltInStandardAttributes ::= SEQUENCE { + country-name CountryName OPTIONAL, + administration-domain-name AdministrationDomainName OPTIONAL, + network-address [0] NetworkAddress OPTIONAL, + -- see also extended-network-address + terminal-identifier [1] TerminalIdentifier OPTIONAL, + private-domain-name [2] PrivateDomainName OPTIONAL, + organization-name [3] OrganizationName OPTIONAL, + -- see also teletex-organization-name + numeric-user-identifier [4] NumericUserIdentifier OPTIONAL, + personal-name [5] PersonalName OPTIONAL, + -- see also teletex-personal-name + organizational-unit-names [6] OrganizationalUnitNames OPTIONAL + -- see also teletex-organizational-unit-names +} + +CountryName ::= [APPLICATION 1] CHOICE { + x121-dcc-code NumericString(SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString(SIZE (ub-country-name-alpha-length)) +} + +AdministrationDomainName ::= [APPLICATION 2] CHOICE { + numeric NumericString(SIZE (0..ub-domain-name-length)), + printable PrintableString(SIZE (0..ub-domain-name-length)) +} + +NetworkAddress ::= X121Address + +-- see also extended-network-address +X121Address ::= NumericString(SIZE (1..ub-x121-address-length)) + +TerminalIdentifier ::= PrintableString(SIZE (1..ub-terminal-id-length)) + +PrivateDomainName ::= CHOICE { + numeric NumericString(SIZE (1..ub-domain-name-length)), + printable PrintableString(SIZE (1..ub-domain-name-length)) +} + +OrganizationName ::= PrintableString(SIZE (1..ub-organization-name-length)) + +-- see also teletex-organization-name +NumericUserIdentifier ::= NumericString(SIZE (1..ub-numeric-user-id-length)) + +PersonalName ::= SET { + surname [0] PrintableString(SIZE (1..ub-surname-length)), + given-name + [1] PrintableString(SIZE (1..ub-given-name-length)) OPTIONAL, + initials + [2] PrintableString(SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier + [3] PrintableString(SIZE (1..ub-generation-qualifier-length)) OPTIONAL +} + +-- see also teletex-personal-name +OrganizationalUnitNames ::= + SEQUENCE SIZE (1..ub-organizational-units) OF OrganizationalUnitName + +-- see also teletex-organizational-unit-names +OrganizationalUnitName ::= + PrintableString(SIZE (1..ub-organizational-unit-name-length)) + +-- Built-in Domain-defined Attributes +BuiltInDomainDefinedAttributes ::= + SEQUENCE SIZE (1..ub-domain-defined-attributes) OF + BuiltInDomainDefinedAttribute + +BuiltInDomainDefinedAttribute ::= SEQUENCE { + type PrintableString(SIZE (1..ub-domain-defined-attribute-type-length)), + value PrintableString(SIZE (1..ub-domain-defined-attribute-value-length)) +} + +-- Extension Attributes +ExtensionAttributes ::= + SET SIZE (1..ub-extension-attributes) OF ExtensionAttribute + +ExtensionAttribute ::= SEQUENCE { + extension-attribute-type + [0] EXTENSION-ATTRIBUTE.&id({ExtensionAttributeTable}), + extension-attribute-value + [1] EXTENSION-ATTRIBUTE.&Type + ({ExtensionAttributeTable}{@extension-attribute-type}) +} + +EXTENSION-ATTRIBUTE ::= CLASS { + &id INTEGER(0..ub-extension-attributes) UNIQUE, + &Type +}WITH SYNTAX {&Type + IDENTIFIED BY &id +} + +ExtensionAttributeTable EXTENSION-ATTRIBUTE ::= + {common-name | teletex-common-name | universal-common-name | + teletex-organization-name | universal-organization-name | + teletex-personal-name | universal-personal-name | + teletex-organizational-unit-names | universal-organizational-unit-names | + teletex-domain-defined-attributes | universal-domain-defined-attributes | + pds-name | physical-delivery-country-name | postal-code | + physical-delivery-office-name | universal-physical-delivery-office-name | + physical-delivery-office-number | universal-physical-delivery-office-number + | extension-OR-address-components | + universal-extension-OR-address-components | physical-delivery-personal-name + | universal-physical-delivery-personal-name | + physical-delivery-organization-name | + universal-physical-delivery-organization-name | + extension-physical-delivery-address-components | + universal-extension-physical-delivery-address-components | + unformatted-postal-address | universal-unformatted-postal-address | + street-address | universal-street-address | post-office-box-address | + universal-post-office-box-address | poste-restante-address | + universal-poste-restante-address | unique-postal-name | + universal-unique-postal-name | local-postal-attributes | + universal-local-postal-attributes | extended-network-address | terminal-type + } + +-- Extension Standard Attributes +common-name EXTENSION-ATTRIBUTE ::= {CommonName + IDENTIFIED BY 1 +} + +CommonName ::= PrintableString(SIZE (1..ub-common-name-length)) + +teletex-common-name EXTENSION-ATTRIBUTE ::= {TeletexCommonName + IDENTIFIED BY 2 +} + +TeletexCommonName ::= TeletexString(SIZE (1..ub-common-name-length)) + +universal-common-name EXTENSION-ATTRIBUTE ::= { + UniversalCommonName + IDENTIFIED BY 24 +} + +UniversalCommonName ::= UniversalOrBMPString{ub-common-name-length} + +teletex-organization-name EXTENSION-ATTRIBUTE ::= { + TeletexOrganizationName + IDENTIFIED BY 3 +} + +TeletexOrganizationName ::= + TeletexString(SIZE (1..ub-organization-name-length)) + +universal-organization-name EXTENSION-ATTRIBUTE ::= { + UniversalOrganizationName + IDENTIFIED BY 25 +} + +UniversalOrganizationName ::= UniversalOrBMPString{ub-organization-name-length} + +teletex-personal-name EXTENSION-ATTRIBUTE ::= { + TeletexPersonalName + IDENTIFIED BY 4 +} + +TeletexPersonalName ::= SET { + surname [0] TeletexString(SIZE (1..ub-surname-length)), + given-name + [1] TeletexString(SIZE (1..ub-given-name-length)) OPTIONAL, + initials + [2] TeletexString(SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier + [3] TeletexString(SIZE (1..ub-generation-qualifier-length)) OPTIONAL +} + +universal-personal-name EXTENSION-ATTRIBUTE ::= { + UniversalPersonalName + IDENTIFIED BY 26 +} + +UniversalPersonalName ::= SET { + surname [0] UniversalOrBMPString{ub-universal-surname-length}, + -- If a language is specified within surname, then that language applies to each of the following + -- optional components unless the component specifies another language. + given-name + [1] UniversalOrBMPString{ub-universal-given-name-length} OPTIONAL, + initials + [2] UniversalOrBMPString{ub-universal-initials-length} OPTIONAL, + generation-qualifier + [3] UniversalOrBMPString{ub-universal-generation-qualifier-length} + OPTIONAL +} + +teletex-organizational-unit-names EXTENSION-ATTRIBUTE ::= { + TeletexOrganizationalUnitNames + IDENTIFIED BY 5 +} + +TeletexOrganizationalUnitNames ::= + SEQUENCE SIZE (1..ub-organizational-units) OF TeletexOrganizationalUnitName + +TeletexOrganizationalUnitName ::= + TeletexString(SIZE (1..ub-organizational-unit-name-length)) + +universal-organizational-unit-names EXTENSION-ATTRIBUTE ::= { + UniversalOrganizationalUnitNames + IDENTIFIED BY 27 +} + +UniversalOrganizationalUnitNames ::= + SEQUENCE SIZE (1..ub-organizational-units) OF UniversalOrganizationalUnitName + +-- If a unit name specifies a language, then that language applies to subordinate unit names unless +-- the subordinate specifies another language. +UniversalOrganizationalUnitName ::= + UniversalOrBMPString{ub-organizational-unit-name-length} + +UniversalOrBMPString{INTEGER:ub-string-length} ::= SET { + character-encoding + CHOICE {two-octets BMPString(SIZE (1..ub-string-length)), + four-octets UniversalString(SIZE (1..ub-string-length))}, + iso-639-language-code PrintableString(SIZE (2 | 5)) OPTIONAL +} + +pds-name EXTENSION-ATTRIBUTE ::= {PDSName + IDENTIFIED BY 7 +} + +PDSName ::= PrintableString(SIZE (1..ub-pds-name-length)) + +physical-delivery-country-name EXTENSION-ATTRIBUTE ::= { + PhysicalDeliveryCountryName + IDENTIFIED BY 8 +} + +PhysicalDeliveryCountryName ::= CHOICE { + x121-dcc-code NumericString(SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString(SIZE (ub-country-name-alpha-length)) +} + +postal-code EXTENSION-ATTRIBUTE ::= {PostalCode + IDENTIFIED BY 9 +} + +PostalCode ::= CHOICE { + numeric-code NumericString(SIZE (1..ub-postal-code-length)), + printable-code PrintableString(SIZE (1..ub-postal-code-length)) +} + +physical-delivery-office-name EXTENSION-ATTRIBUTE ::= { + PhysicalDeliveryOfficeName + IDENTIFIED BY 10 +} + +PhysicalDeliveryOfficeName ::= PDSParameter + +universal-physical-delivery-office-name EXTENSION-ATTRIBUTE ::= { + UniversalPhysicalDeliveryOfficeName + IDENTIFIED BY 29 +} + +UniversalPhysicalDeliveryOfficeName ::= UniversalPDSParameter + +physical-delivery-office-number EXTENSION-ATTRIBUTE ::= { + PhysicalDeliveryOfficeNumber + IDENTIFIED BY 11 +} + +PhysicalDeliveryOfficeNumber ::= PDSParameter + +universal-physical-delivery-office-number EXTENSION-ATTRIBUTE ::= { + UniversalPhysicalDeliveryOfficeNumber + IDENTIFIED BY 30 +} + +UniversalPhysicalDeliveryOfficeNumber ::= UniversalPDSParameter + +extension-OR-address-components EXTENSION-ATTRIBUTE ::= { + ExtensionORAddressComponents + IDENTIFIED BY 12 +} + +ExtensionORAddressComponents ::= PDSParameter + +universal-extension-OR-address-components EXTENSION-ATTRIBUTE ::= { + UniversalExtensionORAddressComponents + IDENTIFIED BY 31 +} + +UniversalExtensionORAddressComponents ::= UniversalPDSParameter + +physical-delivery-personal-name EXTENSION-ATTRIBUTE ::= { + PhysicalDeliveryPersonalName + IDENTIFIED BY 13 +} + +PhysicalDeliveryPersonalName ::= PDSParameter + +universal-physical-delivery-personal-name EXTENSION-ATTRIBUTE ::= { + UniversalPhysicalDeliveryPersonalName + IDENTIFIED BY 32 +} + +UniversalPhysicalDeliveryPersonalName ::= UniversalPDSParameter + +physical-delivery-organization-name EXTENSION-ATTRIBUTE ::= { + PhysicalDeliveryOrganizationName + IDENTIFIED BY 14 +} + +PhysicalDeliveryOrganizationName ::= PDSParameter + +universal-physical-delivery-organization-name EXTENSION-ATTRIBUTE ::= +{UniversalPhysicalDeliveryOrganizationName + IDENTIFIED BY 33 +} + +UniversalPhysicalDeliveryOrganizationName ::= UniversalPDSParameter + +extension-physical-delivery-address-components EXTENSION-ATTRIBUTE ::= +{ExtensionPhysicalDeliveryAddressComponents + IDENTIFIED BY 15 +} + +ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter + +universal-extension-physical-delivery-address-components EXTENSION-ATTRIBUTE + ::= {UniversalExtensionPhysicalDeliveryAddressComponents + IDENTIFIED BY 34 +} + +UniversalExtensionPhysicalDeliveryAddressComponents ::= UniversalPDSParameter + +unformatted-postal-address EXTENSION-ATTRIBUTE ::= { + UnformattedPostalAddress + IDENTIFIED BY 16 +} + +UnformattedPostalAddress ::= SET { + printable-address + SEQUENCE SIZE (1..ub-pds-physical-address-lines) OF + PrintableString(SIZE (1..ub-pds-parameter-length)) OPTIONAL, + teletex-string + TeletexString(SIZE (1..ub-unformatted-address-length)) OPTIONAL +} + +universal-unformatted-postal-address EXTENSION-ATTRIBUTE ::= { + UniversalUnformattedPostalAddress + IDENTIFIED BY 35 +} + +UniversalUnformattedPostalAddress ::= + UniversalOrBMPString{ub-unformatted-address-length} + +street-address EXTENSION-ATTRIBUTE ::= {StreetAddress + IDENTIFIED BY 17 +} + +StreetAddress ::= PDSParameter + +universal-street-address EXTENSION-ATTRIBUTE ::= { + UniversalStreetAddress + IDENTIFIED BY 36 +} + +UniversalStreetAddress ::= UniversalPDSParameter + +post-office-box-address EXTENSION-ATTRIBUTE ::= { + PostOfficeBoxAddress + IDENTIFIED BY 18 +} + +PostOfficeBoxAddress ::= PDSParameter + +universal-post-office-box-address EXTENSION-ATTRIBUTE ::= { + UniversalPostOfficeBoxAddress + IDENTIFIED BY 37 +} + +UniversalPostOfficeBoxAddress ::= UniversalPDSParameter + +poste-restante-address EXTENSION-ATTRIBUTE ::= { + PosteRestanteAddress + IDENTIFIED BY 19 +} + +PosteRestanteAddress ::= PDSParameter + +universal-poste-restante-address EXTENSION-ATTRIBUTE ::= { + UniversalPosteRestanteAddress + IDENTIFIED BY 38 +} + +UniversalPosteRestanteAddress ::= UniversalPDSParameter + +unique-postal-name EXTENSION-ATTRIBUTE ::= {UniquePostalName + IDENTIFIED BY 20 +} + +UniquePostalName ::= PDSParameter + +universal-unique-postal-name EXTENSION-ATTRIBUTE ::= { + UniversalUniquePostalName + IDENTIFIED BY 39 +} + +UniversalUniquePostalName ::= UniversalPDSParameter + +local-postal-attributes EXTENSION-ATTRIBUTE ::= { + LocalPostalAttributes + IDENTIFIED BY 21 +} + +LocalPostalAttributes ::= PDSParameter + +universal-local-postal-attributes EXTENSION-ATTRIBUTE ::= { + UniversalLocalPostalAttributes + IDENTIFIED BY 40 +} + +UniversalLocalPostalAttributes ::= UniversalPDSParameter + +PDSParameter ::= SET { + printable-string PrintableString(SIZE (1..ub-pds-parameter-length)) OPTIONAL, + teletex-string TeletexString(SIZE (1..ub-pds-parameter-length)) OPTIONAL +} + +UniversalPDSParameter ::= UniversalOrBMPString{ub-pds-parameter-length} + +extended-network-address EXTENSION-ATTRIBUTE ::= { + ExtendedNetworkAddress + IDENTIFIED BY 22 +} + +ExtendedNetworkAddress ::= CHOICE { + e163-4-address + SEQUENCE {number + [0] NumericString(SIZE (1..ub-e163-4-number-length)), + sub-address + [1] NumericString(SIZE (1..ub-e163-4-sub-address-length)) + OPTIONAL}, + psap-address [0] PresentationAddress +} + +terminal-type EXTENSION-ATTRIBUTE ::= {TerminalType + IDENTIFIED BY 23 +} + +TerminalType ::= INTEGER { + telex(3), teletex(4), g3-facsimile(5), g4-facsimile(6), ia5-terminal(7), + videotex(8)}(0..ub-integer-options) + +-- Extension Domain-defined Attributes +teletex-domain-defined-attributes EXTENSION-ATTRIBUTE ::= { + TeletexDomainDefinedAttributes + IDENTIFIED BY 6 +} + +TeletexDomainDefinedAttributes ::= + SEQUENCE SIZE (1..ub-domain-defined-attributes) OF + TeletexDomainDefinedAttribute + +TeletexDomainDefinedAttribute ::= SEQUENCE { + type TeletexString(SIZE (1..ub-domain-defined-attribute-type-length)), + value TeletexString(SIZE (1..ub-domain-defined-attribute-value-length)) +} + +universal-domain-defined-attributes EXTENSION-ATTRIBUTE ::= { + UniversalDomainDefinedAttributes + IDENTIFIED BY 28 +} + +UniversalDomainDefinedAttributes ::= + SEQUENCE SIZE (1..ub-domain-defined-attributes) OF + UniversalDomainDefinedAttribute + +UniversalDomainDefinedAttribute ::= SEQUENCE { + type UniversalOrBMPString{ub-domain-defined-attribute-type-length}, + value UniversalOrBMPString{ub-domain-defined-attribute-value-length} +} + +-- Encoded Information Types +EncodedInformationTypes ::= [APPLICATION 5] SET { + built-in-encoded-information-types [0] BuiltInEncodedInformationTypes, + -- non-basic-parameters --COMPONENTS OF NonBasicParameters, + extended-encoded-information-types + [4] ExtendedEncodedInformationTypes OPTIONAL +} + +-- Built-in Encoded Information Types +BuiltInEncodedInformationTypes ::= BIT STRING { + unknown(0), ia5-text(2), g3-facsimile(3), g4-class-1(4), teletex(5), + videotex(6), voice(7), sfd(8), mixed-mode(9) +}(SIZE (0..ub-built-in-encoded-information-types)) + +-- Extended Encoded Information Types +ExtendedEncodedInformationTypes ::= + SET SIZE (1..ub-encoded-information-types) OF ExtendedEncodedInformationType + +ExtendedEncodedInformationType ::= OBJECT IDENTIFIER + +-- Non-basic Parameters +NonBasicParameters ::= SET { + g3-facsimile [1] G3FacsimileNonBasicParameters DEFAULT {}, + teletex [2] TeletexNonBasicParameters DEFAULT {} +} + +G3FacsimileNonBasicParameters ::= BIT STRING { + two-dimensional(8), -- As defined in ITU-T Recommendation T.30 + fine-resolution(9), -- + unlimited-length(20), -- These bit values are chosen such that when + b4-length(21), -- encoded using ASN.1 Basic Encoding Rules + a3-width(22), -- the resulting octets have the same values + b4-width(23), -- as for T.30 encoding + t6-coding(25), -- + uncompressed(30), -- Trailing zero bits are not significant. + width-middle-864-of-1728(37), -- It is recommended that implementations + width-middle-1216-of-1728(38), -- should not encode more than 32 bits unless + resolution-type(44), -- higher numbered bits are non-zero. + resolution-400x400(45), resolution-300x300(46), resolution-8x15(47), + edi(49), dtm(50), bft(51), mixed-mode(58), character-mode(60), + twelve-bits(65), preferred-huffmann(66), full-colour(67), jpeg(68), + processable-mode-26(71)} + +TeletexNonBasicParameters ::= SET { + graphic-character-sets [0] TeletexString OPTIONAL, + control-character-sets [1] TeletexString OPTIONAL, + page-formats [2] OCTET STRING OPTIONAL, + miscellaneous-terminal-capabilities [3] TeletexString OPTIONAL, + private-use + [4] OCTET STRING + OPTIONAL -- maximum ub-teletex-private-use-length octets -- +} + +-- as defined in CCITT Recommendation T.62 +-- Token +Token ::= SEQUENCE { + token-type-identifier [0] TOKEN.&id({TokensTable}), + token + [1] TOKEN.&Type({TokensTable}{@token-type-identifier}) +} + +TOKEN ::= TYPE-IDENTIFIER + +TokensTable TOKEN ::= {asymmetric-token, ...} + +asymmetric-token TOKEN ::= { + AsymmetricToken + IDENTIFIED BY id-tok-asymmetricToken +} + +AsymmetricToken ::= + SIGNED + {SEQUENCE {signature-algorithm-identifier AlgorithmIdentifier, + name + CHOICE {recipient-name RecipientName, + mta + [3] SEQUENCE {global-domain-identifier + GlobalDomainIdentifier OPTIONAL, + mta-name MTAName + }}, + time Time, + signed-data [0] TokenData OPTIONAL, + encryption-algorithm-identifier + [1] AlgorithmIdentifier OPTIONAL, + encrypted-data + [2] ENCRYPTED{TokenData} OPTIONAL}} + +TokenData ::= SEQUENCE { + type [0] TOKEN-DATA.&id({TokenDataTable}), + value [1] TOKEN-DATA.&Type({TokenDataTable}{@type}) +} + +TOKEN-DATA ::= CLASS {&id INTEGER UNIQUE, + &Type +}WITH SYNTAX {&Type + IDENTIFIED BY &id +} + +TokenDataTable TOKEN-DATA ::= + {bind-token-signed-data | message-token-signed-data | + message-token-encrypted-data | bind-token-encrypted-data, ...} + +bind-token-signed-data TOKEN-DATA ::= {BindTokenSignedData + IDENTIFIED BY 1 +} + +BindTokenSignedData ::= RandomNumber + +RandomNumber ::= BIT STRING + +message-token-signed-data TOKEN-DATA ::= { + MessageTokenSignedData + IDENTIFIED BY 2 +} + +MessageTokenSignedData ::= SEQUENCE { + content-confidentiality-algorithm-identifier + [0] ContentConfidentialityAlgorithmIdentifier OPTIONAL, + content-integrity-check + [1] ContentIntegrityCheck OPTIONAL, + message-security-label + [2] MessageSecurityLabel OPTIONAL, + proof-of-delivery-request + [3] ProofOfDeliveryRequest OPTIONAL, + message-sequence-number [4] INTEGER OPTIONAL +} + +message-token-encrypted-data TOKEN-DATA ::= { + MessageTokenEncryptedData + IDENTIFIED BY 3 +} + +MessageTokenEncryptedData ::= SEQUENCE { + content-confidentiality-key [0] EncryptionKey OPTIONAL, + content-integrity-check [1] ContentIntegrityCheck OPTIONAL, + message-security-label [2] MessageSecurityLabel OPTIONAL, + content-integrity-key [3] EncryptionKey OPTIONAL, + message-sequence-number [4] INTEGER OPTIONAL +} + +EncryptionKey ::= BIT STRING + +bind-token-encrypted-data TOKEN-DATA ::= { + BindTokenEncryptedData + IDENTIFIED BY 4 +} + +BindTokenEncryptedData ::= EXTERNAL + +-- Security Label +SecurityLabel ::= SET { + security-policy-identifier SecurityPolicyIdentifier OPTIONAL, + security-classification SecurityClassification OPTIONAL, + privacy-mark PrivacyMark OPTIONAL, + security-categories SecurityCategories OPTIONAL +} + +SecurityPolicyIdentifier ::= OBJECT IDENTIFIER + +SecurityClassification ::= INTEGER { + unmarked(0), unclassified(1), restricted(2), confidential(3), secret(4), + top-secret(5)}(0..ub-integer-options) + +PrivacyMark ::= PrintableString(SIZE (1..ub-privacy-mark-length)) + +SecurityCategories ::= SET SIZE (1..ub-security-categories) OF SecurityCategory + +SecurityCategory ::= SEQUENCE { + type [0] SECURITY-CATEGORY.&id({SecurityCategoriesTable}), + value [1] SECURITY-CATEGORY.&Type({SecurityCategoriesTable}{@type}) +} + +SECURITY-CATEGORY ::= TYPE-IDENTIFIER + +SecurityCategoriesTable SECURITY-CATEGORY ::= + {...} + +END -- of MTSAbstractService + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/MTSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/MTSUpperBounds.asn new file mode 100644 index 0000000000..10eac962cb --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/MTSUpperBounds.asn @@ -0,0 +1,146 @@ +-- Module MTSUpperBounds (X.411:06/1999) +MTSUpperBounds {joint-iso-itu-t mhs(6) mts(3) modules(0) upper-bounds(3) + version-1999(1)} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- Prologue +-- Exports everything +IMPORTS -- nothing -- ; + +-- Upper Bounds +ub-additional-info INTEGER ::= 1024 + +ub-bilateral-info INTEGER ::= 1024 + +ub-bit-options INTEGER ::= 16 + +ub-built-in-content-type INTEGER ::= 32767 + +ub-built-in-encoded-information-types INTEGER ::= 32 + +ub-certificates INTEGER ::= 64 + +ub-common-name-length INTEGER ::= 64 + +ub-content-correlator-length INTEGER ::= 512 + +ub-content-id-length INTEGER ::= 16 + +ub-content-length INTEGER ::= 2147483647 -- the largest integer in 32 bits + +ub-content-types INTEGER ::= 1024 + +ub-country-name-alpha-length INTEGER ::= 2 + +ub-country-name-numeric-length INTEGER ::= 3 + +ub-diagnostic-codes INTEGER ::= 32767 + +ub-deliverable-class INTEGER ::= 256 + +ub-dl-expansions INTEGER ::= 512 + +ub-domain-defined-attributes INTEGER ::= 4 + +ub-domain-defined-attribute-type-length INTEGER ::= 8 + +ub-domain-defined-attribute-value-length INTEGER ::= 128 + +ub-domain-name-length INTEGER ::= 16 + +ub-encoded-information-types INTEGER ::= 1024 + +ub-extension-attributes INTEGER ::= 256 + +ub-extension-types INTEGER ::= 256 + +ub-e163-4-number-length INTEGER ::= 15 + +ub-e163-4-sub-address-length INTEGER ::= 40 + +ub-generation-qualifier-length INTEGER ::= 3 + +ub-given-name-length INTEGER ::= 16 + +ub-initials-length INTEGER ::= 5 + +ub-integer-options INTEGER ::= 256 + +ub-labels-and-redirections INTEGER ::= 256 + +ub-local-id-length INTEGER ::= 32 + +ub-mta-name-length INTEGER ::= 32 + +ub-mts-user-types INTEGER ::= 256 + +ub-numeric-user-id-length INTEGER ::= 32 + +ub-organization-name-length INTEGER ::= 64 + +ub-organizational-unit-name-length INTEGER ::= 32 + +ub-organizational-units INTEGER ::= 4 + +ub-orig-and-dl-expansions INTEGER ::= 513 -- ub-dl-expansions plus one + +ub-password-length INTEGER ::= 62 + +ub-pds-name-length INTEGER ::= 16 + +ub-pds-parameter-length INTEGER ::= 30 + +ub-pds-physical-address-lines INTEGER ::= 6 + +ub-postal-code-length INTEGER ::= 16 + +ub-privacy-mark-length INTEGER ::= 128 + +ub-queue-size INTEGER ::= 2147483647 -- the largest integer in 32 bits + +ub-reason-codes INTEGER ::= 32767 + +ub-recipient-number-for-advice-length INTEGER ::= 32 + +ub-recipients INTEGER ::= 32767 + +ub-redirection-classes INTEGER ::= 256 + +ub-redirections INTEGER ::= 512 + +ub-restrictions INTEGER ::= 1024 + +ub-security-categories INTEGER ::= 64 + +ub-security-labels INTEGER ::= 256 + +ub-security-problems INTEGER ::= 256 + +ub-supplementary-info-length INTEGER ::= 256 + +ub-surname-length INTEGER ::= 40 + +ub-teletex-private-use-length INTEGER ::= 128 + +ub-terminal-id-length INTEGER ::= 24 + +ub-transfers INTEGER ::= 512 + +ub-tsap-id-length INTEGER ::= 16 + +ub-unformatted-address-length INTEGER ::= 180 + +ub-universal-generation-qualifier-length INTEGER ::= 16 + +ub-universal-given-name-length INTEGER ::= 40 + +ub-universal-initials-length INTEGER ::= 16 + +ub-universal-surname-length INTEGER ::= 64 + +ub-x121-address-length INTEGER ::= 16 + +END -- of MTSUpperBounds + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/PKCS7.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/PKCS7.asn new file mode 100644 index 0000000000..7a06661cc0 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/PKCS7.asn @@ -0,0 +1,343 @@ +-- Module PKCS7 (X.420:06/1999) +-- The ASN.1 in version 1.5 of the PKCS#7 document is not defined in an ASN.1 module. This prevents an IMPORT of it into other ASN.1 modules. +-- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7. +-- Extensions to PKCS#7 defined in RFC 2630 are included. +-- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive. +PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7 + module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT +TAGS ::= +BEGIN + +IMPORTS + -- Directory Information Framework + Attribute, Name + --== + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 3} + -- Directory Authentication Framework + AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList, + CertificateSerialNumber, HASH{}, SIGNED{} + --== + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 3}; + +-- In PKCS#7 the HASHED parameterised type applies the hash function to the +-- contents octets component of a DER encoding of a value of the parameter. +-- The ENCRYPTED parameterised type is redefined here because PKCS#7 encrypted values are +-- defined as OCTET STRING, instead of BIT STRING as in the Directory Authentication Framework +ENCRYPTED{ToBeEnciphered} ::= + OCTET STRING + (CONSTRAINED BY { + -- must be the result of applying an encipherment procedure to the contents octets component + -- of a definite-length BER-encoding of a value of --ToBeEnciphered}) + +ContentInfo ::= SEQUENCE { + content-type PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}), +-- pkcs7-content [0] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}) OPTIONAL + pkcs7-content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL +} + +PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER + +PKCS7ContentTable PKCS7-CONTENT-TYPE ::= + {data | signed-data | enveloped-data | signed-and-enveloped-data | + digested-data | encrypted-data | authenticated-data, ...} + +-- Data +data PKCS7-CONTENT-TYPE ::= {Data + IDENTIFIED BY id-data +} + +Data ::= OCTET STRING + +-- Signed Data +signed-data PKCS7-CONTENT-TYPE ::= {SignedData + IDENTIFIED BY id-signed-data +} + +SignedData ::= SEQUENCE { + version Version, + digestAlgorithms DigestAlgorithmIdentifiers, + contentInfo ContentInfo, + certificates [0] CertificateSet OPTIONAL, + crls [1] CertificateRevocationLists OPTIONAL, + signerInfos SignerInfos +} + +Version ::= INTEGER + +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +CertificateSet ::= SET OF CertificateChoice + +CertificateChoice ::= CHOICE { + certificate Certificate, + extendedCertificate [0] ExtendedCertificate, -- Obsolete + attributeCertificate [1] AttributeCertificate +} + +CertificateRevocationLists ::= SET OF CertificateList + +SignerInfos ::= SET OF SignerInfo + +SignerInfo ::= SEQUENCE { + version Version, + signerIdentifier SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + authenticatedAttributes [0] Attributes OPTIONAL, + digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + encryptedDigest EncryptedDigest, + unauthenticatedAttributes [1] Attributes OPTIONAL +} + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [2] SubjectKeyIdentifier +} + +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber +} + +SubjectKeyIdentifier ::= OCTET STRING + +DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +EncryptedDigest ::= ENCRYPTED{DigestInfo} + +DigestInfo ::= SEQUENCE { + digestAlgorithm DigestAlgorithmIdentifier, + digest Digest +} + +Digest ::= + HASH + {CHOICE {content + [1] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}), + authenticated-attributes [0] EXPLICIT Attributes}} + +-- Enveloped Data +enveloped-data PKCS7-CONTENT-TYPE ::= { + EnvelopedData + IDENTIFIED BY id-enveloped-data +} + +EnvelopedData ::= SEQUENCE { + version Version, + originatorInfo [0] OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttributes [1] Attributes OPTIONAL +} + +OriginatorInfo ::= SEQUENCE { + certificates [0] CertificateSet OPTIONAL, + crls [1] CertificateRevocationLists OPTIONAL +} + +RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo + +RecipientInfo ::= CHOICE { + keyTransportRecipientInfo KeyTransportRecipientInfo, + keyAgreementRecipientInfo [1] KeyAgreementRecipientInfo, + keyEncryptionKeyRecipientInfo [2] KeyEncryptionKeyRecipientInfo +} + +KeyTransportRecipientInfo ::= SEQUENCE { + version Version, + recipientIdentifier RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +EncryptedKey ::= OCTET STRING + +KeyAgreementRecipientInfo ::= SEQUENCE { + version Version, + originator [0] OriginatorIdentifierOrKey, + userKeyingMaterial [1] EXPLICIT OCTET STRING OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + recipientEncryptedKeys RecipientEncryptedKeys +} + +OriginatorIdentifierOrKey ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, + originatorPublicKey [1] OriginatorPublicKey +} + +OriginatorPublicKey ::= SEQUENCE { + algorithm AlgorithmIdentifier, + publicKey BIT STRING +} + +RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + +RecipientEncryptedKey ::= SEQUENCE { + recipientIdentifier KeyAgreementRecipientIdentifier, + encryptedKey EncryptedKey +} + +KeyAgreementRecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + recipientKeyIdentifier [0] RecipientKeyIdentifier +} + +RecipientKeyIdentifier ::= SEQUENCE { + subjectKeyIdentifier SubjectKeyIdentifier, + date GeneralizedTime OPTIONAL, + otherKeyAttribute OtherKeyAttribute OPTIONAL +} + +OtherKeyAttribute ::= SEQUENCE { + keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}), + keyAttribute + OTHER-KEY-ATTRIBUTE.&Type + ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL +} + +OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER + +OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::= + {...} + +KeyEncryptionKeyRecipientInfo ::= SEQUENCE { + version Version, + keyEncryptionKeyIdentifier KeyEncryptionKeyIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +KeyEncryptionKeyIdentifier ::= SEQUENCE { + keyIdentifier OCTET STRING, + date GeneralizedTime OPTIONAL, + otherKeyAttribute OtherKeyAttribute OPTIONAL +} + +EncryptedContentInfo ::= SEQUENCE { + contentType PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}), + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent + [0] ENCRYPTED{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}{@.contentType})} + OPTIONAL +} + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +-- Signed and Enveloped Data +signed-and-enveloped-data PKCS7-CONTENT-TYPE ::= { + SignedAndEnvelopedData + IDENTIFIED BY id-signed-and-enveloped-data +} + +SignedAndEnvelopedData ::= SEQUENCE { + version Version, + recipientInfos SET SIZE (1..MAX) OF KeyTransportRecipientInfo, + digestAlgorithms DigestAlgorithmIdentifiers, + encryptedContentInfo EncryptedContentInfo, + certificates [0] CertificateSet OPTIONAL, + crls [1] CertificateRevocationLists OPTIONAL, + signerInfos + SET SIZE (1..MAX) OF + SignerInfo + (WITH COMPONENTS { + ..., + signerIdentifier (WITH COMPONENTS { + issuerAndSerialNumber PRESENT + }), + authenticatedAttributes ABSENT, + unauthenticatedAttributes ABSENT + }) +} + +-- Digested Data +digested-data PKCS7-CONTENT-TYPE ::= { + DigestedData + IDENTIFIED BY id-digested-data +} + +DigestedData ::= SEQUENCE { + version Version, + digestAlgorithm DigestAlgorithmIdentifier, + contentInfo ContentInfo, + digest HASH{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})} +} + +-- Encrypted Data +encrypted-data PKCS7-CONTENT-TYPE ::= { + EncryptedData + IDENTIFIED BY id-encrypted-data +} + +EncryptedData ::= SEQUENCE { + version Version, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttributes [1] Attributes OPTIONAL +} + +-- Authenticated Data +authenticated-data PKCS7-CONTENT-TYPE ::= { + AuthenticatedData + IDENTIFIED BY id-authenticated-data +} + +AuthenticatedData ::= SEQUENCE { + version Version, + originatorInfo [0] OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + macAlgorithm MessageAuthenticationCodeAlgorithmIdentifier, + digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, + contentInfo ContentInfo, + authenticatedAttributes [2] Attributes OPTIONAL, + messageAuthenticationCode MessageAuthenticationCode, + unauthenticatedAttributes [3] Attributes OPTIONAL +} + +MessageAuthenticationCodeAlgorithmIdentifier ::= AlgorithmIdentifier + +MessageAuthenticationCode ::= OCTET STRING + +-- Object Identifiers +id-pkcs OBJECT IDENTIFIER ::= + {iso member-body usa(840) rsadsi(113549) pkcs(1)} + +id-data OBJECT IDENTIFIER ::= {id-pkcs 7 1} + +id-signed-data OBJECT IDENTIFIER ::= {id-pkcs 7 2} + +id-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 3} + +id-signed-and-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 4} + +id-digested-data OBJECT IDENTIFIER ::= {id-pkcs 7 5} + +id-encrypted-data OBJECT IDENTIFIER ::= {id-pkcs 7 6} + +id-authenticated-data OBJECT IDENTIFIER ::= {id-pkcs 9 16 1 2} + +-- Definitions from PKCS#6 +ExtendedCertificate ::= + SIGNED{ExtendedCertificateInfo} + +ExtendedCertificateInfo ::= SEQUENCE { + version Version, + certificate Certificate, + attributes Attributes +} + +Attributes ::= SET OF Attribute + +END -- of PKCS#7 + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/SelectedAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/SelectedAttributeTypes.asn new file mode 100644 index 0000000000..07bba30690 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/SelectedAttributeTypes.asn @@ -0,0 +1,1466 @@ +-- Module SelectedAttributeTypes (X.520:08/1997) + +SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + informationFramework, upperBounds, id-at, id-mr, id-avc, + directoryAbstractService, id-pr, id-not, id-cat + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 3} + Attribute, ATTRIBUTE, MATCHING-RULE, AttributeType, OBJECT-CLASS, + DistinguishedName, objectIdentifierMatch, distinguishedNameMatch, + CONTEXT, ContextAssertion, AttributeCombination, ContextCombination, + MAPPING-BASED-MATCHING, MRMapping, AttributeValueAssertion + FROM InformationFramework informationFramework + G3FacsimileNonBasicParameters + FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) + mts-abstract-service(1) version-1999(1)} + ub-answerback, ub-name, ub-common-name, ub-surname, ub-serial-number, + ub-locality-name, ub-state-name, ub-street-address, ub-organization-name, + ub-organizational-unit-name, ub-title, ub-description, + ub-business-category, ub-postal-line, ub-postal-string, ub-postal-code, + ub-post-office-box, ub-physical-office-name, ub-telex-number, + ub-country-code, ub-teletex-terminal-id, ub-telephone-number, + ub-x121-address, ub-international-isdn-number, ub-destination-indicator, + ub-user-password, ub-match, ub-knowledge-information, + ub-directory-string-first-component-match, ub-localeContextSyntax, + ub-pseudonym + FROM UpperBounds upperBounds + FilterItem, HierarchySelections, SearchControlOptions, ServiceControlOptions + FROM DirectoryAbstractService directoryAbstractService; + +-- Directory string type +DirectoryString{INTEGER:maxSize} ::= CHOICE { + teletexString TeletexString(SIZE (1..maxSize)), + printableString PrintableString(SIZE (1..maxSize)), + universalString UniversalString(SIZE (1..maxSize)), + bmpString BMPString(SIZE (1..maxSize)), + uTF8String UTF8String(SIZE (1..maxSize)) +} + +-- Attribute types +knowledgeInformation ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-knowledge-information} + EQUALITY MATCHING RULE caseIgnoreMatch + ID id-at-knowledgeInformation +} + +name ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-name} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-name +} + +commonName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-common-name} + ID id-at-commonName +} + +surname ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-surname} + ID id-at-surname +} + +givenName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-name} + ID id-at-givenName +} + +initials ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-name} + ID id-at-initials +} + +generationQualifier ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-name} + ID id-at-generationQualifier +} + +uniqueIdentifier ATTRIBUTE ::= { + WITH SYNTAX UniqueIdentifier + EQUALITY MATCHING RULE bitStringMatch + ID id-at-uniqueIdentifier +} + +UniqueIdentifier ::= BIT STRING + +dnQualifier ATTRIBUTE ::= { + WITH SYNTAX PrintableString + EQUALITY MATCHING RULE caseIgnoreMatch + ORDERING MATCHING RULE caseIgnoreOrderingMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-dnQualifier +} + +serialNumber ATTRIBUTE ::= { + WITH SYNTAX PrintableString(SIZE (1..ub-serial-number)) + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-serialNumber +} + +pseudonym ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-pseudonym} + ID id-at-pseudonym +} + +countryName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX CountryName + SINGLE VALUE TRUE + ID id-at-countryName +} + +CountryName ::= PrintableString(SIZE (2)) -- ISO 3166 codes only + + +localityName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-locality-name} + ID id-at-localityName +} + +collectiveLocalityName ATTRIBUTE ::= { + SUBTYPE OF localityName + COLLECTIVE TRUE + ID id-at-collectiveLocalityName +} + +stateOrProvinceName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-state-name} + ID id-at-stateOrProvinceName +} + +collectiveStateOrProvinceName ATTRIBUTE ::= { + SUBTYPE OF stateOrProvinceName + COLLECTIVE TRUE + ID id-at-collectiveStateOrProvinceName +} + +streetAddress ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-street-address} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-streetAddress +} + +collectiveStreetAddress ATTRIBUTE ::= { + SUBTYPE OF streetAddress + COLLECTIVE TRUE + ID id-at-collectiveStreetAddress +} + +houseIdentifier ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-name} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-houseIdentifier +} + +organizationName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-organization-name} + ID id-at-organizationName +} + +collectiveOrganizationName ATTRIBUTE ::= { + SUBTYPE OF organizationName + COLLECTIVE TRUE + ID id-at-collectiveOrganizationName +} + +organizationalUnitName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-organizational-unit-name} + ID id-at-organizationalUnitName +} + +collectiveOrganizationalUnitName ATTRIBUTE ::= { + SUBTYPE OF organizationalUnitName + COLLECTIVE TRUE + ID id-at-collectiveOrganizationalUnitName +} + +title ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-title} + ID id-at-title +} + +description ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-description} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-description +} + +searchGuide ATTRIBUTE ::= {WITH SYNTAX Guide + ID id-at-searchGuide +} + +Guide ::= SET { + objectClass [0] OBJECT-CLASS.&id OPTIONAL, + criteria [1] Criteria +} + +Criteria ::= CHOICE { + type [0] CriteriaItem, + and [1] SET OF Criteria, + or [2] SET OF Criteria, + not [3] Criteria +} + +CriteriaItem ::= CHOICE { + equality [0] AttributeType, + substrings [1] AttributeType, + greaterOrEqual [2] AttributeType, + lessOrEqual [3] AttributeType, + approximateMatch [4] AttributeType +} + +enhancedSearchGuide ATTRIBUTE ::= { + WITH SYNTAX EnhancedGuide + ID id-at-enhancedSearchGuide +} + +EnhancedGuide ::= SEQUENCE { + objectClass [0] OBJECT-CLASS.&id, + criteria [1] Criteria, + subset + [2] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT oneLevel +} + +businessCategory ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-business-category} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-businessCategory +} + +postalAddress ATTRIBUTE ::= { + WITH SYNTAX PostalAddress + EQUALITY MATCHING RULE caseIgnoreListMatch + SUBSTRINGS MATCHING RULE caseIgnoreListSubstringsMatch + ID id-at-postalAddress +} + +PostalAddress ::= + SEQUENCE SIZE (1..ub-postal-line) OF DirectoryString{ub-postal-string} + +collectivePostalAddress ATTRIBUTE ::= { + SUBTYPE OF postalAddress + COLLECTIVE TRUE + ID id-at-collectivePostalAddress +} + +postalCode ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-postal-code} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-postalCode +} + +collectivePostalCode ATTRIBUTE ::= { + SUBTYPE OF postalCode + COLLECTIVE TRUE + ID id-at-collectivePostalCode +} + +postOfficeBox ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-post-office-box} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-postOfficeBox +} + +collectivePostOfficeBox ATTRIBUTE ::= { + SUBTYPE OF postOfficeBox + COLLECTIVE TRUE + ID id-at-collectivePostOfficeBox +} + +physicalDeliveryOfficeName ATTRIBUTE ::= { + WITH SYNTAX DirectoryString {ub-physical-office-name} + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-physicalDeliveryOfficeName +} + +collectivePhysicalDeliveryOfficeName ATTRIBUTE ::= { + SUBTYPE OF physicalDeliveryOfficeName + COLLECTIVE TRUE + ID id-at-collectivePhysicalDeliveryOfficeName +} + +telephoneNumber ATTRIBUTE ::= { + WITH SYNTAX TelephoneNumber + EQUALITY MATCHING RULE telephoneNumberMatch + SUBSTRINGS MATCHING RULE telephoneNumberSubstringsMatch + ID id-at-telephoneNumber +} + +TelephoneNumber ::= PrintableString(SIZE (1..ub-telephone-number)) + +-- String complying with CCITT Rec. E.123 only +collectiveTelephoneNumber ATTRIBUTE ::= { + SUBTYPE OF telephoneNumber + COLLECTIVE TRUE + ID id-at-collectiveTelephoneNumber +} + +telexNumber ATTRIBUTE ::= { + WITH SYNTAX TelexNumber + ID id-at-telexNumber +} + +TelexNumber ::= SEQUENCE { + telexNumber PrintableString(SIZE (1..ub-telex-number)), + countryCode PrintableString(SIZE (1..ub-country-code)), + answerback PrintableString(SIZE (1..ub-answerback)) +} + +collectiveTelexNumber ATTRIBUTE ::= { + SUBTYPE OF telexNumber + COLLECTIVE TRUE + ID id-at-collectiveTelexNumber +} + +facsimileTelephoneNumber ATTRIBUTE ::= { + WITH SYNTAX FacsimileTelephoneNumber + EQUALITY MATCHING RULE facsimileNumberMatch + SUBSTRINGS MATCHING RULE facsimileNumberSubstringsMatch + ID id-at-facsimileTelephoneNumber +} + +facsimileNumberMatch MATCHING-RULE ::= { + SYNTAX TelephoneNumber + ID id-mr-facsimileNumberMatch +} + +facsimileNumberSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-facsimileNumberSubstringsMatch +} + +FacsimileTelephoneNumber ::= SEQUENCE { + telephoneNumber TelephoneNumber, + parameters G3FacsimileNonBasicParameters OPTIONAL +} + +collectiveFacsimileTelephoneNumber ATTRIBUTE ::= { + SUBTYPE OF facsimileTelephoneNumber + COLLECTIVE TRUE + ID id-at-collectiveFacsimileTelephoneNumber +} + +x121Address ATTRIBUTE ::= { + WITH SYNTAX X121Address + EQUALITY MATCHING RULE numericStringMatch + SUBSTRINGS MATCHING RULE numericStringSubstringsMatch + ID id-at-x121Address +} + +X121Address ::= NumericString(SIZE (1..ub-x121-address)) + +-- String as defined by ITU-T Rec. X.121 +internationalISDNNumber ATTRIBUTE ::= { + WITH SYNTAX InternationalISDNNumber + EQUALITY MATCHING RULE numericStringMatch + SUBSTRINGS MATCHING RULE numericStringSubstringsMatch + ID id-at-internationalISDNNumber +} + +InternationalISDNNumber ::= + NumericString(SIZE (1..ub-international-isdn-number)) + +-- String complying with ITU-T Rec. E.164 only +collectiveInternationalISDNNumber ATTRIBUTE ::= { + SUBTYPE OF internationalISDNNumber + COLLECTIVE TRUE + ID id-at-collectiveInternationalISDNNumber +} + +registeredAddress ATTRIBUTE ::= { + SUBTYPE OF postalAddress + WITH SYNTAX PostalAddress + ID id-at-registeredAddress +} + +destinationIndicator ATTRIBUTE ::= { + WITH SYNTAX DestinationIndicator + EQUALITY MATCHING RULE caseIgnoreMatch + SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch + ID id-at-destinationIndicator +} + +DestinationIndicator ::= PrintableString(SIZE (1..ub-destination-indicator)) + +communicationsService ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-at-communicationsService +} + +communicationsNetwork ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID id-at-communicationsNetwork +} + +-- alphabetical characters only +preferredDeliveryMethod ATTRIBUTE ::= { + WITH SYNTAX PreferredDeliveryMethod + SINGLE VALUE TRUE + ID id-at-preferredDeliveryMethod +} + +PreferredDeliveryMethod ::= + SEQUENCE OF + INTEGER {any-delivery-method(0), mhs-delivery(1), physical-delivery(2), + telex-delivery(3), teletex-delivery(4), g3-facsimile-delivery(5), + g4-facsimile-delivery(6), ia5-terminal-delivery(7), + videotex-delivery(8), telephone-delivery(9)} + +presentationAddress ATTRIBUTE ::= { + WITH SYNTAX PresentationAddress + EQUALITY MATCHING RULE presentationAddressMatch + SINGLE VALUE TRUE + ID id-at-presentationAddress +} + +PresentationAddress ::= SEQUENCE { + pSelector [0] OCTET STRING OPTIONAL, + sSelector [1] OCTET STRING OPTIONAL, + tSelector [2] OCTET STRING OPTIONAL, + nAddresses [3] SET SIZE (1..MAX) OF OCTET STRING +} + +supportedApplicationContext ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-at-supportedApplicationContext +} + +protocolInformation ATTRIBUTE ::= { + WITH SYNTAX ProtocolInformation + EQUALITY MATCHING RULE protocolInformationMatch + ID id-at-protocolInformation +} + +ProtocolInformation ::= SEQUENCE { + nAddress OCTET STRING, + profiles SET OF OBJECT IDENTIFIER +} + +distinguishedName ATTRIBUTE ::= { + WITH SYNTAX DistinguishedName + EQUALITY MATCHING RULE distinguishedNameMatch + ID id-at-distinguishedName +} + +member ATTRIBUTE ::= {SUBTYPE OF distinguishedName + ID id-at-member +} + +uniqueMember ATTRIBUTE ::= { + WITH SYNTAX NameAndOptionalUID + EQUALITY MATCHING RULE uniqueMemberMatch + ID id-at-uniqueMember +} + +NameAndOptionalUID ::= SEQUENCE { + dn DistinguishedName, + uid UniqueIdentifier OPTIONAL +} + +owner ATTRIBUTE ::= {SUBTYPE OF distinguishedName + ID id-at-owner +} + +roleOccupant ATTRIBUTE ::= { + SUBTYPE OF distinguishedName + ID id-at-roleOccupant +} + +seeAlso ATTRIBUTE ::= {SUBTYPE OF distinguishedName + ID id-at-seeAlso +} + +dmdName ATTRIBUTE ::= { + SUBTYPE OF name + WITH SYNTAX DirectoryString {ub-common-name} + ID id-at-dmdName +} + +dSAProblem ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-dSAProblem +} + +searchServiceProblem ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID id-not-searchServiceProblem +} + +serviceType ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID id-not-serviceType +} + +attributeTypeList ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-attributeTypeList +} + +filterItem ATTRIBUTE ::= { + WITH SYNTAX FilterItem + ID id-not-filterItem +} + +attributeCombinations ATTRIBUTE ::= { + WITH SYNTAX AttributeCombination + ID id-not-attributeCombinations +} + +contextTypeList ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-contextTypeList +} + +contextList ATTRIBUTE ::= { + WITH SYNTAX ContextAssertion + ID id-not-contextList +} + +hierarchySelectList ATTRIBUTE ::= { + WITH SYNTAX HierarchySelections + SINGLE VALUE TRUE + ID id-not-hierarchySelectList +} + +searchOptionsList ATTRIBUTE ::= { + WITH SYNTAX SearchControlOptions + SINGLE VALUE TRUE + ID id-not-searchOptionsList +} + +serviceControlOptionsList ATTRIBUTE ::= { + WITH SYNTAX ServiceControlOptions + SINGLE VALUE TRUE + ID id-not-serviceControlOptionsList +} + +multipleMatchingLocalities ATTRIBUTE ::= { + WITH SYNTAX MultipleMatchingLocalities + ID id-not-multipleMatchingLocalities +} + +MultipleMatchingLocalities ::= SEQUENCE { + matchingRuleUsed MATCHING-RULE.&id OPTIONAL, + attributeList SEQUENCE OF AttributeValueAssertion +} + +proposedRelaxation ATTRIBUTE ::= { + WITH SYNTAX SEQUENCE OF MRMapping + ID id-not-proposedRelaxation +} + +appliedRelaxation ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + ID id-not-appliedRelaxation +} + +-- Matching rules +caseIgnoreMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseIgnoreMatch +} + +caseIgnoreOrderingMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseIgnoreOrderingMatch +} + +caseIgnoreSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-caseIgnoreSubstringsMatch +} + +SubstringAssertion ::= + SEQUENCE OF + CHOICE {initial [0] DirectoryString{ub-match}, + any [1] DirectoryString{ub-match}, + final [2] DirectoryString{ub-match}, + control Attribute + } -- Used to specify interpretation of the following items + +-- at most one initial and one final component +caseExactMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseExactMatch +} + +caseExactOrderingMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-caseExactOrderingMatch +} + +caseExactSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion -- only the PrintableString choice + ID id-mr-caseExactSubstringsMatch +} + +numericStringMatch MATCHING-RULE ::= { + SYNTAX NumericString + ID id-mr-numericStringMatch +} + +numericStringOrderingMatch MATCHING-RULE ::= { + SYNTAX NumericString + ID id-mr-numericStringOrderingMatch +} + +numericStringSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-numericStringSubstringsMatch +} + +caseIgnoreListMatch MATCHING-RULE ::= { + SYNTAX CaseIgnoreListMatch + ID id-mr-caseIgnoreListMatch +} + +CaseIgnoreListMatch ::= SEQUENCE OF DirectoryString{ub-match} + +caseIgnoreListSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-caseIgnoreListSubstringsMatch +} + +storedPrefixMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-storedPrefixMatch +} + +booleanMatch MATCHING-RULE ::= {SYNTAX BOOLEAN + ID id-mr-booleanMatch +} + +integerMatch MATCHING-RULE ::= {SYNTAX INTEGER + ID id-mr-integerMatch +} + +integerOrderingMatch MATCHING-RULE ::= { + SYNTAX INTEGER + ID id-mr-integerOrderingMatch +} + +bitStringMatch MATCHING-RULE ::= { + SYNTAX BIT STRING + ID id-mr-bitStringMatch +} + +octetStringMatch MATCHING-RULE ::= { + SYNTAX OCTET STRING + ID id-mr-octetStringMatch +} + +octetStringOrderingMatch MATCHING-RULE ::= { + SYNTAX OCTET STRING + ID id-mr-octetStringOrderingMatch +} + +octetStringSubstringsMatch MATCHING-RULE ::= { + SYNTAX OctetSubstringAssertion + ID id-mr-octetStringSubstringsMatch +} + +OctetSubstringAssertion ::= + SEQUENCE OF + CHOICE {initial [0] OCTET STRING, + any [1] OCTET STRING, + final [2] OCTET STRING} + +-- at most one initial and one final component +telephoneNumberMatch MATCHING-RULE ::= { + SYNTAX TelephoneNumber + ID id-mr-telephoneNumberMatch +} + +telephoneNumberSubstringsMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-telephoneNumberSubstringsMatch +} + +presentationAddressMatch MATCHING-RULE ::= { + SYNTAX PresentationAddress + ID id-mr-presentationAddressMatch +} + +uniqueMemberMatch MATCHING-RULE ::= { + SYNTAX NameAndOptionalUID + ID id-mr-uniqueMemberMatch +} + +protocolInformationMatch MATCHING-RULE ::= { + SYNTAX OCTET STRING + ID id-mr-protocolInformationMatch +} + +uTCTimeMatch MATCHING-RULE ::= {SYNTAX UTCTime + ID id-mr-uTCTimeMatch +} + +uTCTimeOrderingMatch MATCHING-RULE ::= { + SYNTAX UTCTime + ID id-mr-uTCTimeOrderingMatch +} + +generalizedTimeMatch MATCHING-RULE ::= { + SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + ID id-mr-generalizedTimeMatch +} + +generalizedTimeOrderingMatch MATCHING-RULE ::= { + SYNTAX GeneralizedTime + -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 + ID id-mr-generalizedTimeOrderingMatch +} + +integerFirstComponentMatch MATCHING-RULE ::= { + SYNTAX INTEGER + ID id-mr-integerFirstComponentMatch +} + +objectIdentifierFirstComponentMatch MATCHING-RULE ::= { + SYNTAX OBJECT IDENTIFIER + ID id-mr-objectIdentifierFirstComponentMatch +} + +directoryStringFirstComponentMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-directory-string-first-component-match} + ID id-mr-directoryStringFirstComponentMatch +} + +wordMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-wordMatch +} + +keywordMatch MATCHING-RULE ::= { + SYNTAX DirectoryString {ub-match} + ID id-mr-keywordMatch +} + +systemProposedMatch MATCHING-RULE ::= {ID id-mr-systemProposedMatch +} + +generalWordMatch MATCHING-RULE ::= { + SYNTAX SubstringAssertion + ID id-mr-generalWordMatch +} + +sequenceMatchType ATTRIBUTE ::= { + WITH SYNTAX + ENUMERATED {sequenceExact(0), sequenceDeletion(1), + sequenceRestrictedDeletion(2), sequencePermutation(3), + sequencePermutationAndDeletion(4), sequenceProviderDefined(5)} + SINGLE VALUE TRUE + ID id-cat-sequenceMatchType +} -- defaulting to sequenceExact, + +wordMatchTypes ATTRIBUTE ::= { + WITH SYNTAX + ENUMERATED {wordExact(0), wordTruncated(1), wordPhonetic(2), + wordProviderDefined(3)} + SINGLE VALUE TRUE + ID id-cat-wordMatchType +} -- defaulting to wordExact + +characterMatchTypes ATTRIBUTE ::= { + WITH SYNTAX + ENUMERATED {characterExact(0), characterCaseIgnore(1), characterMapped(2)} + SINGLE VALUE TRUE + ID id-cat-characterMatchTypes +} + +selectedContexts ATTRIBUTE ::= { + WITH SYNTAX ContextAssertion + ID id-cat-selectedContexts +} + +approximateStringMatch MATCHING-RULE ::= {ID id-mr-approximateStringMatch +} + +ignoreIfAbsentMatch MATCHING-RULE ::= {ID id-mr-ignoreIfAbsentMatch +} + +nullMatch MATCHING-RULE ::= {ID id-mr-nullMatch +} + +ZONAL-MATCHING ::= + MAPPING-BASED-MATCHING{ZonalSelect, TRUE, ZonalResult, zonalMatch.&id} + +ZonalSelect ::= SEQUENCE OF AttributeType + +ZonalResult ::= ENUMERATED { + cannot-select-mapping(0), zero-mappings(2), multiple-mappings(3)} + +zonalMatch MATCHING-RULE ::= { + UNIQUE-MATCH-INDICATOR multipleMatchingLocalities.&id + ID id-mr-zonalMatch +} + +-- Contexts +languageContext CONTEXT ::= { + WITH SYNTAX LanguageContextSyntax + ID id-avc-language +} + +LanguageContextSyntax ::= PrintableString(SIZE (2..3)) -- ISO 639-2 codes only + + +temporalContext CONTEXT ::= { + WITH SYNTAX TimeSpecification + ASSERTED AS TimeAssertion + ID id-avc-temporal +} + +TimeSpecification ::= SEQUENCE { + time + CHOICE {absolute + SEQUENCE {startTime [0] GeneralizedTime OPTIONAL, + endTime [1] GeneralizedTime OPTIONAL}, + periodic SET OF Period}, + notThisTime BOOLEAN DEFAULT FALSE, + timeZone TimeZone OPTIONAL +} + +Period ::= SEQUENCE { + timesOfDay [0] SET SIZE (1..MAX) OF DayTimeBand OPTIONAL, + days + [1] CHOICE {intDay SET OF INTEGER, + bitDay + BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), + thursday(4), friday(5), saturday(6)}, + dayOf XDayOf} OPTIONAL, + weeks + [2] CHOICE {allWeeks NULL, + intWeek SET OF INTEGER, + bitWeek + BIT STRING {week1(0), week2(1), week3(2), week4(3), week5(4)} + } OPTIONAL, + months + [3] CHOICE {allMonths NULL, + intMonth SET OF INTEGER, + bitMonth + BIT STRING {january(0), february(1), march(2), april(3), + may(4), june(5), july(6), august(7), + september(8), october(9), november(10), + december(11)}} OPTIONAL, + years [4] SET OF INTEGER(1000..MAX) OPTIONAL +} + +XDayOf ::= CHOICE { + first [1] NamedDay, + second [2] NamedDay, + third [3] NamedDay, + fourth [4] NamedDay, + fifth [5] NamedDay +} + +NamedDay ::= CHOICE { + intNamedDays + ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4), thursday(5), + friday(6), saturday(7)}, + bitNamedDays + BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4), + friday(5), saturday(6)} +} + +DayTimeBand ::= SEQUENCE { + startDayTime [0] DayTime DEFAULT {hour 0}, + endDayTime [1] DayTime DEFAULT {hour 23, minute 59, second 59} +} + +DayTime ::= SEQUENCE { + hour [0] INTEGER(0..23), + minute [1] INTEGER(0..59) DEFAULT 0, + second [2] INTEGER(0..59) DEFAULT 0 +} + +TimeZone ::= INTEGER(-12..12) + +TimeAssertion ::= CHOICE { + now NULL, + at GeneralizedTime, + between + SEQUENCE {startTime [0] GeneralizedTime, + endTime [1] GeneralizedTime OPTIONAL, + entirely BOOLEAN DEFAULT FALSE} +} + +localeContext CONTEXT ::= { + WITH SYNTAX LocaleContextSyntax + ID id-avc-locale +} + +LocaleContextSyntax ::= CHOICE { + localeID1 OBJECT IDENTIFIER, + localeID2 DirectoryString{ub-localeContextSyntax} +} + +-- Object identifier assignments - +-- object identifiers assigned in other modules are shown in comments +-- Attributes +-- id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} +-- id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} +id-at-encryptedAliasedEntryName OBJECT IDENTIFIER ::= + {id-at 1 2} + +id-at-knowledgeInformation OBJECT IDENTIFIER ::= {id-at 2} + +id-at-commonName OBJECT IDENTIFIER ::= {id-at 3} + +id-at-encryptedCommonName OBJECT IDENTIFIER ::= {id-at 3 2} + +id-at-surname OBJECT IDENTIFIER ::= {id-at 4} + +id-at-encryptedSurname OBJECT IDENTIFIER ::= {id-at 4 2} + +id-at-serialNumber OBJECT IDENTIFIER ::= {id-at 5} + +id-at-encryptedSerialNumber OBJECT IDENTIFIER ::= {id-at 5 2} + +id-at-countryName OBJECT IDENTIFIER ::= {id-at 6} + +id-at-encryptedCountryName OBJECT IDENTIFIER ::= {id-at 6 2} + +id-at-localityName OBJECT IDENTIFIER ::= {id-at 7} + +id-at-encryptedLocalityName OBJECT IDENTIFIER ::= {id-at 7 2} + +id-at-collectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1} + +id-at-encryptedCollectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1 2} + +id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8} + +id-at-encryptedStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 2} + +id-at-collectiveStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 1} + +id-at-encryptedCollectiveStateOrProvinceName OBJECT IDENTIFIER ::= + {id-at 8 1 2} + +id-at-streetAddress OBJECT IDENTIFIER ::= {id-at 9} + +id-at-encryptedStreetAddress OBJECT IDENTIFIER ::= {id-at 9 2} + +id-at-collectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1} + +id-at-encryptedCollectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1 2} + +id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10} + +id-at-encryptedOrganizationName OBJECT IDENTIFIER ::= {id-at 10 2} + +id-at-collectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1} + +id-at-encryptedCollectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1 2} + +id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11} + +id-at-encryptedOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 2} + +id-at-collectiveOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 1} + +id-at-encryptedCollectiveOrganizationalUnitName OBJECT IDENTIFIER ::= + {id-at 11 1 2} + +id-at-title OBJECT IDENTIFIER ::= {id-at 12} + +id-at-encryptedTitle OBJECT IDENTIFIER ::= {id-at 12 2} + +id-at-description OBJECT IDENTIFIER ::= {id-at 13} + +id-at-encryptedDescription OBJECT IDENTIFIER ::= {id-at 13 2} + +id-at-searchGuide OBJECT IDENTIFIER ::= {id-at 14} + +id-at-encryptedSearchGuide OBJECT IDENTIFIER ::= {id-at 14 2} + +id-at-businessCategory OBJECT IDENTIFIER ::= {id-at 15} + +id-at-encryptedBusinessCategory OBJECT IDENTIFIER ::= {id-at 15 2} + +id-at-postalAddress OBJECT IDENTIFIER ::= {id-at 16} + +id-at-encryptedPostalAddress OBJECT IDENTIFIER ::= {id-at 16 2} + +id-at-collectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1} + +id-at-encryptedCollectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1 2} + +id-at-postalCode OBJECT IDENTIFIER ::= {id-at 17} + +id-at-encryptedPostalCode OBJECT IDENTIFIER ::= {id-at 17 2} + +id-at-collectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1} + +id-at-encryptedCollectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1 2} + +id-at-postOfficeBox OBJECT IDENTIFIER ::= {id-at 18} + +id-at-encryptedPostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 2} + +id-at-collectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1} + +id-at-encryptedCollectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1 2} + +id-at-physicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19} + +id-at-encryptedPhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 2} + +id-at-collectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 1} + +id-at-encryptedCollectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= + {id-at 19 1 2} + +id-at-telephoneNumber OBJECT IDENTIFIER ::= {id-at 20} + +id-at-encryptedTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 2} + +id-at-collectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1} + +id-at-encryptedCollectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1 2} + +id-at-telexNumber OBJECT IDENTIFIER ::= {id-at 21} + +id-at-encryptedTelexNumber OBJECT IDENTIFIER ::= {id-at 21 2} + +id-at-collectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1} + +id-at-encryptedCollectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1 2} + +-- id-at-teletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22} +-- id-at-encryptedTeletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22 2} +-- id-at-collectiveTeletexTerminalIdentifier OBJECT IDENTIFIER ::= {id-at 22 1} +-- id-at-encryptedCollectiveTeletexTerminalIdentifier +-- OBJECT IDENTIFIER ::= {id-at 22 1 2} +id-at-facsimileTelephoneNumber OBJECT IDENTIFIER ::= + {id-at 23} + +id-at-encryptedFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 2} + +id-at-collectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 1} + +id-at-encryptedCollectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= + {id-at 23 1 2} + +id-at-x121Address OBJECT IDENTIFIER ::= {id-at 24} + +id-at-encryptedX121Address OBJECT IDENTIFIER ::= {id-at 24 2} + +id-at-internationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25} + +id-at-encryptedInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 2} + +id-at-collectiveInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 1} + +id-at-encryptedCollectiveInternationalISDNNumber OBJECT IDENTIFIER ::= + {id-at 25 1 2} + +id-at-registeredAddress OBJECT IDENTIFIER ::= {id-at 26} + +id-at-encryptedRegisteredAddress OBJECT IDENTIFIER ::= {id-at 26 2} + +id-at-destinationIndicator OBJECT IDENTIFIER ::= {id-at 27} + +id-at-encryptedDestinationIndicator OBJECT IDENTIFIER ::= {id-at 27 2} + +id-at-preferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28} + +id-at-encryptedPreferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28 2} + +id-at-presentationAddress OBJECT IDENTIFIER ::= {id-at 29} + +id-at-encryptedPresentationAddress OBJECT IDENTIFIER ::= {id-at 29 2} + +id-at-supportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30} + +id-at-encryptedSupportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30 2} + +id-at-member OBJECT IDENTIFIER ::= {id-at 31} + +id-at-encryptedMember OBJECT IDENTIFIER ::= {id-at 31 2} + +id-at-owner OBJECT IDENTIFIER ::= {id-at 32} + +id-at-encryptedOwner OBJECT IDENTIFIER ::= {id-at 32 2} + +id-at-roleOccupant OBJECT IDENTIFIER ::= {id-at 33} + +id-at-encryptedRoleOccupant OBJECT IDENTIFIER ::= {id-at 33 2} + +id-at-seeAlso OBJECT IDENTIFIER ::= {id-at 34} + +id-at-encryptedSeeAlso OBJECT IDENTIFIER ::= {id-at 34 2} + +-- id-at-userPassword OBJECT IDENTIFIER ::= {id-at 35} +id-at-encryptedUserPassword OBJECT IDENTIFIER ::= + {id-at 35 2} + +-- id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36} +id-at-encryptedUserCertificate OBJECT IDENTIFIER ::= + {id-at 36 2} + +-- id-at-cACertificate OBJECT IDENTIFIER ::= {id-at 37} +id-at-encryptedCACertificate OBJECT IDENTIFIER ::= + {id-at 37 2} + +-- id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38} +id-at-encryptedAuthorityRevocationList OBJECT IDENTIFIER ::= + {id-at 38 2} + +-- id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39} +id-at-encryptedCertificateRevocationList OBJECT IDENTIFIER ::= + {id-at 39 2} + +-- id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40} +id-at-encryptedCrossCertificatePair OBJECT IDENTIFIER ::= + {id-at 40 2} + +id-at-name OBJECT IDENTIFIER ::= {id-at 41} + +id-at-givenName OBJECT IDENTIFIER ::= {id-at 42} + +id-at-encryptedGivenName OBJECT IDENTIFIER ::= {id-at 42 2} + +id-at-initials OBJECT IDENTIFIER ::= {id-at 43} + +id-at-encryptedInitials OBJECT IDENTIFIER ::= {id-at 43 2} + +id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44} + +id-at-encryptedGenerationQualifier OBJECT IDENTIFIER ::= {id-at 44 2} + +id-at-uniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45} + +id-at-encryptedUniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45 2} + +id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46} + +id-at-encryptedDnQualifier OBJECT IDENTIFIER ::= {id-at 46 2} + +id-at-enhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47} + +id-at-encryptedEnhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47 2} + +id-at-protocolInformation OBJECT IDENTIFIER ::= {id-at 48} + +id-at-encryptedProtocolInformation OBJECT IDENTIFIER ::= {id-at 48 2} + +id-at-distinguishedName OBJECT IDENTIFIER ::= {id-at 49} + +id-at-encryptedDistinguishedName OBJECT IDENTIFIER ::= {id-at 49 2} + +id-at-uniqueMember OBJECT IDENTIFIER ::= {id-at 50} + +id-at-encryptedUniqueMember OBJECT IDENTIFIER ::= {id-at 50 2} + +id-at-houseIdentifier OBJECT IDENTIFIER ::= {id-at 51} + +id-at-encryptedHouseIdentifier OBJECT IDENTIFIER ::= {id-at 51 2} + +--id-at-supportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52} +id-at-encryptedSupportedAlgorithms OBJECT IDENTIFIER ::= + {id-at 52 2} + +--id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53} +id-at-encryptedDeltaRevocationList OBJECT IDENTIFIER ::= + {id-at 53 2} + +id-at-dmdName OBJECT IDENTIFIER ::= {id-at 54} + +id-at-encryptedDmdName OBJECT IDENTIFIER ::= {id-at 54 2} + +-- id-at-clearance OBJECT IDENTIFIER ::= {id-at 55} +id-at-encryptedClearance OBJECT IDENTIFIER ::= + {id-at 55 2} + +-- id-at-defaultDirQop OBJECT IDENTIFIER ::= {id-at 56} +id-at-encryptedDefaultDirQop OBJECT IDENTIFIER ::= + {id-at 56 2} + +-- id-at-attributeIntegrityInfo OBJECT IDENTIFIER ::= {id-at 57} +id-at-encryptedAttributeIntegrityInfo OBJECT IDENTIFIER ::= + {id-at 57 2} + +--id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58} +id-at-encryptedAttributeCertificate OBJECT IDENTIFIER ::= + {id-at 58 2} + +-- id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59} +id-at-encryptedAttributeCertificateRevocationList OBJECT IDENTIFIER ::= + {id-at 59 2} + +-- id-at-confKeyInfo OBJECT IDENTIFIER ::= {id-at 60} +id-at-encryptedConfKeyInfo OBJECT IDENTIFIER ::= + {id-at 60 2} + +-- id-at-family-information OBJECT IDENTIFIER {id-at 64} +id-at-pseudonym OBJECT IDENTIFIER ::= + {id-at 65} + +id-at-communicationsService OBJECT IDENTIFIER ::= {id-at 66} + +id-at-communicationsNetwork OBJECT IDENTIFIER ::= {id-at 67} + +-- Matching rules +-- id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} +-- id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} +id-mr-caseIgnoreMatch OBJECT IDENTIFIER ::= + {id-mr 2} + +id-mr-caseIgnoreOrderingMatch OBJECT IDENTIFIER ::= {id-mr 3} + +id-mr-caseIgnoreSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 4} + +id-mr-caseExactMatch OBJECT IDENTIFIER ::= {id-mr 5} + +id-mr-caseExactOrderingMatch OBJECT IDENTIFIER ::= {id-mr 6} + +id-mr-caseExactSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 7} + +id-mr-numericStringMatch OBJECT IDENTIFIER ::= {id-mr 8} + +id-mr-numericStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 9} + +id-mr-numericStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 10} + +id-mr-caseIgnoreListMatch OBJECT IDENTIFIER ::= {id-mr 11} + +id-mr-caseIgnoreListSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 12} + +id-mr-booleanMatch OBJECT IDENTIFIER ::= {id-mr 13} + +id-mr-integerMatch OBJECT IDENTIFIER ::= {id-mr 14} + +id-mr-integerOrderingMatch OBJECT IDENTIFIER ::= {id-mr 15} + +id-mr-bitStringMatch OBJECT IDENTIFIER ::= {id-mr 16} + +id-mr-octetStringMatch OBJECT IDENTIFIER ::= {id-mr 17} + +id-mr-octetStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 18} + +id-mr-octetStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 19} + +id-mr-telephoneNumberMatch OBJECT IDENTIFIER ::= {id-mr 20} + +id-mr-telephoneNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 21} + +id-mr-presentationAddressMatch OBJECT IDENTIFIER ::= {id-mr 22} + +id-mr-uniqueMemberMatch OBJECT IDENTIFIER ::= {id-mr 23} + +id-mr-protocolInformationMatch OBJECT IDENTIFIER ::= {id-mr 24} + +id-mr-uTCTimeMatch OBJECT IDENTIFIER ::= {id-mr 25} + +id-mr-uTCTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 26} + +id-mr-generalizedTimeMatch OBJECT IDENTIFIER ::= {id-mr 27} + +id-mr-generalizedTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 28} + +id-mr-integerFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 29} + +id-mr-objectIdentifierFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 30} + +id-mr-directoryStringFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 31} + +id-mr-wordMatch OBJECT IDENTIFIER ::= {id-mr 32} + +id-mr-keywordMatch OBJECT IDENTIFIER ::= {id-mr 33} + +-- id-mr-certificateExactMatch OBJECT IDENTIFIER ::= {id-mr 34} +-- id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35} +-- id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36} +-- id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37} +-- id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38} +-- id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39} +-- id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40} +id-mr-storedPrefixMatch OBJECT IDENTIFIER ::= + {id-mr 41} + +-- id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42} +-- id-mr-readerAndKeyIDMatch OBJECT IDENTIFIER ::= {id-mr 43} +--id-mr-attributeIntegrityMatch OBJECT IDENTIFIER ::= {id-mr 44} +id-mr-systemProposedMatch OBJECT IDENTIFIER ::= + {id-mr 47} + +id-mr-generalWordMatch OBJECT IDENTIFIER ::= {id-mr 48} + +id-mr-approximateStringMatch OBJECT IDENTIFIER ::= {id-mr 49} + +id-mr-ignoreIfAbsentMatch OBJECT IDENTIFIER ::= {id-mr 50} + +id-mr-nullMatch OBJECT IDENTIFIER ::= {id-mr 51} + +id-mr-zonalMatch OBJECT IDENTIFIER ::= {id-mr 52} + +id-mr-facsimileNumberMatch OBJECT IDENTIFIER ::= {id-mr 63} + +id-mr-facsimileNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 64} + +-- contexts +id-avc-language OBJECT IDENTIFIER ::= {id-avc 0} + +id-avc-temporal OBJECT IDENTIFIER ::= {id-avc 1} + +id-avc-locale OBJECT IDENTIFIER ::= {id-avc 2} + +--id-avc-attributeValueSecurityLabelContext OBJECT IDENTIFIER ::= {id-avc 3} +--id-avc-attributeValueIntegrityInfoContext OBJECT IDENTIFIER ::= {id-avc 4} +-- Problem definitions +id-pr-targetDsaUnavailable OBJECT IDENTIFIER ::= + {id-pr 1} + +id-pr-dataSourceUnavailable OBJECT IDENTIFIER ::= {id-pr 2} + +id-pr-unidentifiedOperation OBJECT IDENTIFIER ::= {id-pr 3} + +id-pr-unavailableOperation OBJECT IDENTIFIER ::= {id-pr 4} + +id-pr-searchAttributeViolation OBJECT IDENTIFIER ::= {id-pr 5} + +id-pr-searchAttributeCombinationViolation OBJECT IDENTIFIER ::= {id-pr 6} + +id-pr-searchValueNotAllowed OBJECT IDENTIFIER ::= {id-pr 7} + +id-pr-missingSearchAttribute OBJECT IDENTIFIER ::= {id-pr 8} + +id-pr-searchValueViolation OBJECT IDENTIFIER ::= {id-pr 9} + +id-pr-attributeNegationViolation OBJECT IDENTIFIER ::= {id-pr 10} + +id-pr-searchValueRequired OBJECT IDENTIFIER ::= {id-pr 11} + +id-pr-invalidSearchValue OBJECT IDENTIFIER ::= {id-pr 12} + +id-pr-searchContextViolation OBJECT IDENTIFIER ::= {id-pr 13} + +id-pr-searchContextCombinationViolation OBJECT IDENTIFIER ::= {id-pr 14} + +id-pr-missingSearchContext OBJECT IDENTIFIER ::= {id-pr 15} + +id-pr-searchContextValueViolation OBJECT IDENTIFIER ::= {id-pr 16} + +id-pr-searchContextValueRequired OBJECT IDENTIFIER ::= {id-pr 17} + +id-pr-invalidContextSearchValue OBJECT IDENTIFIER ::= {id-pr 18} + +id-pr-unsupportedMatchingRule OBJECT IDENTIFIER ::= {id-pr 19} + +id-pr-attributeMatchingViolation OBJECT IDENTIFIER ::= {id-pr 20} + +id-pr-unsupportedMatchingUse OBJECT IDENTIFIER ::= {id-pr 21} + +id-pr-matchingUseViolation OBJECT IDENTIFIER ::= {id-pr 22} + +id-pr-hierarchySelectForbidden OBJECT IDENTIFIER ::= {id-pr 23} + +id-pr-invalidHierarchySelect OBJECT IDENTIFIER ::= {id-pr 24} + +id-pr-unavailableHierarchySelect OBJECT IDENTIFIER ::= {id-pr 25} + +id-pr-invalidSearchOptions OBJECT IDENTIFIER ::= {id-pr 26} + +id-pr-missingSearchOptions OBJECT IDENTIFIER ::= {id-pr 27} + +id-pr-invalidServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 28} + +id-pr-missingServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 29} + +id-pr-searchSubsetViolation OBJECT IDENTIFIER ::= {id-pr 30} + +id-pr-unmatchedKeyAttributes OBJECT IDENTIFIER ::= {id-pr 31} + +id-pr-ambiguousKeyAttributes OBJECT IDENTIFIER ::= {id-pr 32} + +-- Notification attributes +id-not-dSAProblem OBJECT IDENTIFIER ::= {id-not 0} + +id-not-searchServiceProblem OBJECT IDENTIFIER ::= {id-not 1} + +id-not-serviceType OBJECT IDENTIFIER ::= {id-not 2} + +id-not-attributeTypeList OBJECT IDENTIFIER ::= {id-not 3} + +id-not-matchingRuleList OBJECT IDENTIFIER ::= {id-not 4} + +id-not-filterItem OBJECT IDENTIFIER ::= {id-not 5} + +id-not-attributeCombinations OBJECT IDENTIFIER ::= {id-not 6} + +id-not-contextTypeList OBJECT IDENTIFIER ::= {id-not 7} + +id-not-contextList OBJECT IDENTIFIER ::= {id-not 8} + +id-not-contextCombinations OBJECT IDENTIFIER ::= {id-not 9} + +id-not-hierarchySelectList OBJECT IDENTIFIER ::= {id-not 10} + +id-not-searchOptionsList OBJECT IDENTIFIER ::= {id-not 11} + +id-not-serviceControlOptionsList OBJECT IDENTIFIER ::= {id-not 12} + +id-not-multipleMatchingLocalities OBJECT IDENTIFIER ::= {id-not 13} + +id-not-proposedRelaxation OBJECT IDENTIFIER ::= {id-not 14} + +id-not-appliedRelaxation OBJECT IDENTIFIER ::= {id-not 15} + +id-not-substringRequirements OBJECT IDENTIFIER ::= {id-not 16} + +-- Control attributes +id-cat-sequenceMatchType OBJECT IDENTIFIER ::= + {id-cat 1} + +id-cat-wordMatchType OBJECT IDENTIFIER ::= {id-cat 2} + +id-cat-characterMatchTypes OBJECT IDENTIFIER ::= {id-cat 3} + +id-cat-selectedContexts OBJECT IDENTIFIER ::= {id-cat 4} + +END -- SelectedAttributeTypes + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/UpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/UpperBounds.asn new file mode 100644 index 0000000000..37890f8b49 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/UpperBounds.asn @@ -0,0 +1,89 @@ +-- Module UpperBounds (X.520:08/1997) + +UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +ub-answerback INTEGER ::= + 8 + +ub-business-category INTEGER ::= 128 + +ub-common-name INTEGER ::= 64 + +ub-country-code INTEGER ::= 4 + +ub-description INTEGER ::= 1024 + +ub-destination-indicator INTEGER ::= 128 + +ub-directory-string-first-component-match INTEGER ::= 32768 + +ub-international-isdn-number INTEGER ::= 16 + +ub-knowledge-information INTEGER ::= 32768 + +ub-locality-name INTEGER ::= 128 + +ub-match INTEGER ::= 128 + +ub-name INTEGER ::= 64 + +ub-organization-name INTEGER ::= 64 + +ub-organizational-unit-name INTEGER ::= 64 + +ub-physical-office-name INTEGER ::= 128 + +ub-post-office-box INTEGER ::= 40 + +ub-postal-code INTEGER ::= 40 + +ub-postal-line INTEGER ::= 6 + +ub-postal-string INTEGER ::= 30 + +ub-privacy-mark-length INTEGER ::= 128 + +ub-schema INTEGER ::= 1024 + +ub-search INTEGER ::= 32768 + +ub-serial-number INTEGER ::= 64 + +ub-state-name INTEGER ::= 128 + +ub-street-address INTEGER ::= 128 + +ub-surname INTEGER ::= 64 + +ub-tag INTEGER ::= 64 + +ub-telephone-number INTEGER ::= 32 + +ub-teletex-terminal-id INTEGER ::= 1024 + +ub-telex-number INTEGER ::= 14 + +ub-title INTEGER ::= 64 + +ub-user-password INTEGER ::= 128 + +ub-x121-address INTEGER ::= 15 + +ub-localeContextSyntax INTEGER ::= 128 + +ub-locale-context-syntax INTEGER ::= 64 + +ub-pseudonym INTEGER ::= 128 + +ub-content INTEGER ::= 32768 + +END -- UpperBounds + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/UsefulDefinitions.asn b/lib/asn1/test/asn1_SUITE_data/modified_x420/UsefulDefinitions.asn new file mode 100644 index 0000000000..d9601bb7d0 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/UsefulDefinitions.asn @@ -0,0 +1,238 @@ +-- Module UsefulDefinitions (X.501:08/1997) +UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} +DEFINITIONS ::= +BEGIN + +-- EXPORTS All - +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +ID ::= OBJECT IDENTIFIER + +ds ID ::= {joint-iso-itu-t ds(5)} + +-- categories of information object +module ID ::= {ds 1} + +serviceElement ID ::= {ds 2} + +applicationContext ID ::= {ds 3} + +attributeType ID ::= {ds 4} + +attributeSyntax ID ::= {ds 5} + +objectClass ID ::= {ds 6} + +-- attributeSet ID ::= {ds 7} +algorithm ID ::= {ds 8} + +abstractSyntax ID ::= {ds 9} + +-- object ID ::= {ds 10} +-- port ID ::= {ds 11} +dsaOperationalAttribute ID ::= + {ds 12} + +matchingRule ID ::= {ds 13} + +knowledgeMatchingRule ID ::= {ds 14} + +nameForm ID ::= {ds 15} + +group ID ::= {ds 16} + +subentry ID ::= {ds 17} + +operationalAttributeType ID ::= {ds 18} + +operationalBinding ID ::= {ds 19} + +schemaObjectClass ID ::= {ds 20} + +schemaOperationalAttribute ID ::= {ds 21} + +administrativeRoles ID ::= {ds 23} + +accessControlAttribute ID ::= {ds 24} + +rosObject ID ::= {ds 25} + +contract ID ::= {ds 26} + +package ID ::= {ds 27} + +accessControlSchemes ID ::= {ds 28} + +certificateExtension ID ::= {ds 29} + +managementObject ID ::= {ds 30} + +attributeValueContext ID ::= {ds 31} + +-- securityExchange ID ::= {ds 32} +idmProtocol ID ::= {ds 33} + +problem ID ::= {ds 34} + +notification ID ::= {ds 35} + +matchingRestriction ID ::= + {ds 36} -- None are currently defined by this specification + +controlAttributeType ID ::= {ds 37} + +-- modules +usefulDefinitions ID ::= {module usefulDefinitions(0) 3} + +informationFramework ID ::= {module informationFramework(1) 3} + +directoryAbstractService ID ::= {module directoryAbstractService(2) 3} + +distributedOperations ID ::= {module distributedOperations(3) 3} + +protocolObjectIdentifiers ID ::= {module protocolObjectIdentifiers(4) 3} + +selectedAttributeTypes ID ::= {module selectedAttributeTypes(5) 3} + +selectedObjectClasses ID ::= {module selectedObjectClasses(6) 3} + +authenticationFramework ID ::= {module authenticationFramework(7) 3} + +algorithmObjectIdentifiers ID ::= {module algorithmObjectIdentifiers(8) 3} + +directoryObjectIdentifiers ID ::= {module directoryObjectIdentifiers(9) 3} + +upperBounds ID ::= {module upperBounds(10) 3} + +dap ID ::= {module dap(11) 3} + +dsp ID ::= {module dsp(12) 3} + +distributedDirectoryOIDs ID ::= {module distributedDirectoryOIDs(13) 3} + +directoryShadowOIDs ID ::= {module directoryShadowOIDs(14) 3} + +directoryShadowAbstractService ID ::= + {module directoryShadowAbstractService(15) 3} + +disp ID ::= {module disp(16) 3} + +dop ID ::= {module dop(17) 3} + +opBindingManagement ID ::= {module opBindingManagement(18) 3} + +opBindingOIDs ID ::= {module opBindingOIDs(19) 3} + +hierarchicalOperationalBindings ID ::= + {module hierarchicalOperationalBindings(20) 3} + +dsaOperationalAttributeTypes ID ::= {module dsaOperationalAttributeTypes(22) 3} + +schemaAdministration ID ::= {module schemaAdministration(23) 3} + +basicAccessControl ID ::= {module basicAccessControl(24) 3} + +directoryOperationalBindingTypes ID ::= + {module directoryOperationalBindingTypes(25) 3} + +certificateExtensions ID ::= {module certificateExtensions(26) 0} + +directoryManagement ID ::= {module directoryManagement(27) 1} + +enhancedSecurity ID ::= {module enhancedSecurity(28) 1} + +iDMProtocolSpecification ID ::= {module iDMProtocolSpecification(30) 4} + +directoryIDMProtocols ID ::= {module directoryIDMProtocols(31) 4} + +-- directorySecurityExchanges ID ::= {module directorySecurityExchanges (29) 1} +-- synonyms +id-oc ID ::= + objectClass + +id-at ID ::= attributeType + +id-as ID ::= abstractSyntax + +id-mr ID ::= matchingRule + +id-nf ID ::= nameForm + +id-sc ID ::= subentry + +id-oa ID ::= operationalAttributeType + +id-ob ID ::= operationalBinding + +id-doa ID ::= dsaOperationalAttribute + +id-kmr ID ::= knowledgeMatchingRule + +id-soc ID ::= schemaObjectClass + +id-soa ID ::= schemaOperationalAttribute + +id-ar ID ::= administrativeRoles + +id-aca ID ::= accessControlAttribute + +id-ac ID ::= applicationContext + +id-rosObject ID ::= rosObject + +id-contract ID ::= contract + +id-package ID ::= package + +id-acScheme ID ::= accessControlSchemes + +id-ce ID ::= certificateExtension + +id-mgt ID ::= managementObject + +id-idm ID ::= idmProtocol + +id-avc ID ::= attributeValueContext + +-- id-se ID ::= securityExchange +id-pr ID ::= problem + +id-not ID ::= notification + +id-mre ID ::= matchingRestriction + +id-cat ID ::= controlAttributeType + +-- obsolete module identifiers +-- usefulDefinition ID ::= {module 0} +-- informationFramework ID ::= {module 1} +-- directoryAbstractService ID ::= {module 2} +-- distributedOperations ID ::= {module 3} +-- protocolObjectIdentifiers ID ::= {module 4} +-- selectedAttributeTypes ID ::= {module 5} +-- selectedObjectClasses ID ::= {module 6} +-- authenticationFramework ID ::= {module 7} +-- algorithmObjectIdentifiers ID ::= {module 8} +-- directoryObjectIdentifiers ID ::= {module 9} +-- upperBounds ID ::= {module 10} +-- dap ID ::= {module 11} +-- dsp ID ::= {module 12} +-- distributedDirectoryObjectIdentifiers ID ::= {module 13} +-- unused module identifiers +-- directoryShadowOIDs ID ::= {module 14} +-- directoryShadowAbstractService ID ::= {module 15} +-- disp ID ::= {module 16} +-- dop ID ::= {module 17} +-- opBindingManagement ID ::= {module 18} +-- opBindingOIDs ID ::= {module 19} +-- hierarchicalOperationalBindings ID ::= {module 20} +-- dsaOperationalAttributeTypes ID ::= {module 22} +-- schemaAdministration ID ::= {module 23} +-- basicAccessControl ID ::= {module 24} +-- operationalBindingOIDs ID ::= {module 25} +END -- UsefulDefinitions + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/lib/asn1/test/asn1_SUITE_data/modified_x420/p7_signed_data.pem b/lib/asn1/test/asn1_SUITE_data/modified_x420/p7_signed_data.pem new file mode 100644 index 0000000000..fc6bdebd8b --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/modified_x420/p7_signed_data.pem @@ -0,0 +1,23 @@ +-----BEGIN PKCS7----- +MIIDxQYJKoZIhvcNAQcCoIIDtjCCA7ICAQExCzAJBgUrDgMCGgUAMBoGCSqGSIb3 +DQEHAaANBAtwbGFpbiB0ZXh0CqCCAeMwggHfMIIBSAIJAKB+Sm2O7vxbMA0GCSqG +SIb3DQEBBAUAMDQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtFcmljc3NvbiBBQjEP +MA0GA1UECxMGTkVUU2ltMB4XDTA4MDIyOTE1MzEwMFoXDTE4MDIyNjE1MzEwMFow +NDELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0VyaWNzc29uIEFCMQ8wDQYDVQQLEwZO +RVRTaW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2EtqGq/lu0DdUfexOk +X4icontyAFXqJL8TRtsL4tSTleQiHICH+glBpJ1Grk/x5YV6Fke49hSBHhG3J8A7 +CpicAmXTiZR2LGvdLoO2HEwItlR9IaFICsr2/piHzB/ZWnu0uzeHBQW3gJNGG21V +KltZapcBew3jNG8wdPdykPpnAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAK//FOT1m +KamyWjwWs1hzmngpqmvQAR4CcD3F5jtbwz8bNZtfoRr1VnJktZhorVb5uWPfahH2 +qnvJEX8EtoY7un8O3N1sJFVFcTkEIz2THalYZG6bQ8owqr4s3vZ3XoOBD5ukVwjE +sVdDSa4b713tiHCsWoGca7cn6i6y6s/oDpwxggGbMIIBlwIBATBBMDQxCzAJBgNV +BAYTAlNFMRQwEgYDVQQKEwtFcmljc3NvbiBBQjEPMA0GA1UECxMGTkVUU2ltAgkA +oH5KbY7u/FswCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB +MBwGCSqGSIb3DQEJBTEPFw0wODAyMjkxNTMxMDFaMCMGCSqGSIb3DQEJBDEWBBQF +/OBF9SkVcUzcMGOVsg3QKX/hGTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH +MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG +9w0DAgIBKDANBgkqhkiG9w0BAQEFAASBgEA7LwwdYP7LMMAoBl7qX+XMF66c5stq +e9f2BpGsFGqhfDac+tmnCkRu1clr9VUld0DSuw+Qc3oUnpix/Vo5mwmbQ19iR/f9 +oBmm85iZMBDy8vScS6Vm7u+mHvQ9d4iNNS7MDQ8peEu9ItxWe1x3LuCAMbvGMiXE +75U3Iy4ZYCq4 +-----END PKCS7----- |