1 files changed, 183 insertions, 0 deletions

diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1
new file mode 100644
index 0000000000..db500fe9a1
--- /dev/null
+++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1
@@ -0,0 +1,183 @@
+  OCSP-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48)}
+  DEFINITIONS EXPLICIT TAGS ::=
+  BEGIN
+  IMPORTS
+
+  Extensions{}, EXTENSION, ATTRIBUTE
+  FROM PKIX-CommonTypes-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)}
+
+  AuthorityInfoAccessSyntax, GeneralName, CrlEntryExtensions
+  FROM PKIX1Implicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
+
+  Name, CertificateSerialNumber, id-kp, id-ad-ocsp, Certificate
+  FROM PKIX1Explicit-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
+
+  sa-dsaWithSHA1, sa-rsaWithMD2, sa-rsaWithMD5, sa-rsaWithSHA1
+  FROM PKIXAlgs-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-pkix1-algorithms2008-02(56)};
+
+  OCSPRequest     ::=     SEQUENCE {
+      tbsRequest                  TBSRequest,
+      optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+
+  TBSRequest      ::=     SEQUENCE {
+      version             [0] EXPLICIT Version DEFAULT v1,
+      requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+      requestList             SEQUENCE OF Request,
+      requestExtensions   [2] EXPLICIT Extensions {{re-ocsp-nonce |
+                                  re-ocsp-response, ...}} OPTIONAL }
+
+  Signature       ::=     SEQUENCE {
+      signatureAlgorithm   AlgorithmIdentifier
+                               { SIGNATURE-ALGORITHM, {...}},
+      signature            BIT STRING,
+      certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+  Version  ::=  INTEGER  {  v1(0) }
+
+  Request ::=     SEQUENCE {
+      reqCert                    CertID,
+      singleRequestExtensions    [0] EXPLICIT Extensions
+                                         { {re-ocsp-service-locator,
+                                                ...}} OPTIONAL }
+
+  CertID ::= SEQUENCE {
+      hashAlgorithm            AlgorithmIdentifier
+                                   {DIGEST-ALGORITHM, {...}},
+      issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+      issuerKeyHash      OCTET STRING, -- Hash of Issuer's public key
+      serialNumber       CertificateSerialNumber }
+
+  OCSPResponse ::= SEQUENCE {
+     responseStatus         OCSPResponseStatus,
+     responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+
+  OCSPResponseStatus ::= ENUMERATED {
+      successful            (0), --Response has valid confirmations
+      malformedRequest      (1), --Illegal confirmation request
+      internalError         (2), --Internal error in issuer
+      tryLater              (3), --Try again later
+                                 -- (4) is not used
+      sigRequired           (5), --Must sign the request
+      unauthorized          (6)  --Request unauthorized
+  }
+
+  RESPONSE ::= TYPE-IDENTIFIER
+
+  ResponseSet RESPONSE ::= {basicResponse, ...}
+
+  ResponseBytes ::=       SEQUENCE {
+      responseType        RESPONSE.
+                              &id ({ResponseSet}),
+      response            OCTET STRING (CONTAINING RESPONSE.
+                              &Type({ResponseSet}{@responseType}))}
+
+  basicResponse RESPONSE ::=
+      { BasicOCSPResponse IDENTIFIED BY id-pkix-ocsp-basic }
+
+  BasicOCSPResponse       ::= SEQUENCE {
+     tbsResponseData      ResponseData,
+     signatureAlgorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM,
+                              {sa-dsaWithSHA1 | sa-rsaWithSHA1 |
+                                   sa-rsaWithMD5 | sa-rsaWithMD2, ...}},
+     signature            BIT STRING,
+     certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+  ResponseData ::= SEQUENCE {
+     version              [0] EXPLICIT Version DEFAULT v1,
+     responderID              ResponderID,
+     producedAt               GeneralizedTime,
+     responses                SEQUENCE OF SingleResponse,
+     responseExtensions   [1] EXPLICIT Extensions
+                                  {{re-ocsp-nonce, ...}} OPTIONAL }
+
+  ResponderID ::= CHOICE {
+     byName   [1] Name,
+     byKey    [2] KeyHash }
+
+  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+                           -- (excluding the tag and length fields)
+
+  SingleResponse ::= SEQUENCE {
+     certID                       CertID,
+     certStatus                   CertStatus,
+     thisUpdate                   GeneralizedTime,
+     nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+     singleExtensions     [1]     EXPLICIT Extensions{{re-ocsp-crl |
+                                               re-ocsp-archive-cutoff |
+                                                CrlEntryExtensions, ...}
+                                               } OPTIONAL }
+
+  CertStatus ::= CHOICE {
+      good                [0]     IMPLICIT NULL,
+      revoked             [1]     IMPLICIT RevokedInfo,
+      unknown             [2]     IMPLICIT UnknownInfo }
+
+  RevokedInfo ::= SEQUENCE {
+      revocationTime              GeneralizedTime,
+      revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+
+  UnknownInfo ::= NULL
+
+  CRLReason ::= INTEGER
+
+  ArchiveCutoff ::= GeneralizedTime
+
+  AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet})
+
+  ServiceLocator ::= SEQUENCE {
+      issuer    Name,
+      locator   AuthorityInfoAccessSyntax }
+
+  CrlID ::= SEQUENCE {
+      crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+      crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+      crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+
+  --  Request Extensions
+
+  re-ocsp-nonce EXTENSION ::= { SYNTAX OCTET STRING IDENTIFIED
+                                    BY id-pkix-ocsp-nonce }
+  re-ocsp-response EXTENSION ::= { SYNTAX AcceptableResponses IDENTIFIED
+                                       BY id-pkix-ocsp-response }
+  re-ocsp-service-locator EXTENSION ::= { SYNTAX ServiceLocator
+                                          IDENTIFIED BY
+                                          id-pkix-ocsp-service-locator }
+
+  --  Response Extensions
+
+  re-ocsp-crl EXTENSION ::= { SYNTAX CrlID IDENTIFIED BY
+                                  id-pkix-ocsp-crl }
+  re-ocsp-archive-cutoff EXTENSION ::= { SYNTAX ArchiveCutoff
+                                         IDENTIFIED BY
+                                         id-pkix-ocsp-archive-cutoff }
+
+  -- Object Identifiers
+
+  id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+  id-pkix-ocsp                 OBJECT IDENTIFIER ::= id-ad-ocsp
+  id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+  id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+  id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+  id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+  id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+  id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+  id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+  END