diff options
Diffstat (limited to 'lib/public_key/asn1/OTP-PKIX.asn1')
-rw-r--r-- | lib/public_key/asn1/OTP-PKIX.asn1 | 709 |
1 files changed, 709 insertions, 0 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 new file mode 100644 index 0000000000..2bcacc0990 --- /dev/null +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -0,0 +1,709 @@ +OTP-PKIX {iso(1) identified-organization(3) dod(6) internet(1) + private(4) enterprices(1) ericsson(193) otp(19) ssl(10) + pkix1(1)} + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL + +IMPORTS + -- Certificate (parts of) + Version, + CertificateSerialNumber, + --AlgorithmIdentifier, + Validity, + UniqueIdentifier, + + -- AttribyteTypeAndValue + Name, + AttributeType, + id-at-name, + id-at-surname, + id-at-givenName, + id-at-initials, + id-at-generationQualifier, X520name, + id-at-commonName, X520CommonName, + id-at-localityName, X520LocalityName, + id-at-stateOrProvinceName, X520StateOrProvinceName, + id-at-organizationName, X520OrganizationName, + id-at-organizationalUnitName, X520OrganizationalUnitName, + id-at-title, X520Title, + id-at-dnQualifier, X520dnQualifier, + id-at-countryName, X520countryName, + id-at-serialNumber, X520SerialNumber, + id-at-pseudonym, X520Pseudonym, + id-domainComponent, DomainComponent, + id-emailAddress, EmailAddress, + + -- Extension Attributes + common-name, CommonName, + teletex-common-name, TeletexCommonName, + teletex-personal-name, TeletexPersonalName, + pds-name, PDSName, + physical-delivery-country-name, PhysicalDeliveryCountryName, + postal-code, PostalCode, + physical-delivery-office-name, PhysicalDeliveryOfficeName, + physical-delivery-office-number, PhysicalDeliveryOfficeNumber, + extension-OR-address-components, ExtensionORAddressComponents, + physical-delivery-personal-name, PhysicalDeliveryPersonalName, + physical-delivery-organization-name, PhysicalDeliveryOrganizationName, + extension-physical-delivery-address-components, + ExtensionPhysicalDeliveryAddressComponents, + unformatted-postal-address, UnformattedPostalAddress, + street-address, StreetAddress, + post-office-box-address, PostOfficeBoxAddress, + poste-restante-address, PosteRestanteAddress, + unique-postal-name, UniquePostalName, + local-postal-attributes, LocalPostalAttributes, + extended-network-address, ExtendedNetworkAddress, + terminal-type, TerminalType, + teletex-domain-defined-attributes, TeletexDomainDefinedAttributes + + FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-explicit(18) } + + -- Extensions + id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier, + id-ce-subjectKeyIdentifier, SubjectKeyIdentifier, + id-ce-keyUsage, KeyUsage, + id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod, + id-ce-certificatePolicies, CertificatePolicies, + id-ce-policyMappings, PolicyMappings, + id-ce-subjectAltName, SubjectAltName, + id-ce-issuerAltName, IssuerAltName, + id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes, + id-ce-basicConstraints, BasicConstraints, + id-ce-nameConstraints, NameConstraints, + id-ce-policyConstraints, PolicyConstraints, + id-ce-cRLDistributionPoints, CRLDistributionPoints, + id-ce-extKeyUsage, ExtKeyUsageSyntax, + id-ce-inhibitAnyPolicy, InhibitAnyPolicy, + id-ce-freshestCRL, FreshestCRL, + id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax, + id-pe-subjectInfoAccess, SubjectInfoAccessSyntax, + id-ce-cRLNumber, CRLNumber, + id-ce-issuingDistributionPoint, IssuingDistributionPoint, + id-ce-deltaCRLIndicator, BaseCRLNumber, + id-ce-cRLReasons, CRLReason, + id-ce-certificateIssuer, CertificateIssuer, + id-ce-holdInstructionCode, HoldInstructionCode, + id-ce-invalidityDate, InvalidityDate + + FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-implicit(19) } + + --Keys and Signatures + id-dsa, Dss-Parms, DSAPublicKey, + id-dsa-with-sha1, + md2WithRSAEncryption, + md5WithRSAEncryption, + sha1WithRSAEncryption, + rsaEncryption, RSAPublicKey, + dhpublicnumber, DomainParameters, DHPublicKey, + id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey, + ecdsa-with-SHA1, + prime-field, Prime-p, + characteristic-two-field, --Characteristic-two, + gnBasis, + tpBasis, Trinomial, + ppBasis, Pentanomial, + id-ecPublicKey, EcpkParameters, ECPoint + FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms(17) }; + +-- +-- Certificate +-- + +OTPCertificate ::= SEQUENCE { + tbsCertificate OTPTBSCertificate, + signatureAlgorithm SignatureAlgorithm, + signature BIT STRING } + +OTPTBSCertificate ::= SEQUENCE { + version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature SignatureAlgorithm, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo OTPSubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version MUST be v3 -- } + + +-- Attribute type and values +-- + +ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS { + &id AttributeType UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + +OTPAttributeTypeAndValue ::= SEQUENCE { + type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id + ({SupportedAttributeTypeAndValues}), + value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type + ({SupportedAttributeTypeAndValues}{@type}) } + +SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= + { name | surname | givenName | initials | generationQualifier | + commonName | localityName | stateOrProvinceName | organizationName | + organizationalUnitName | title | dnQualifier | countryName | + serialNumber | pseudonym | domainComponent | emailAddress } + +name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-name + TYPE X520name } + +surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-surname + TYPE X520name } + +givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-givenName + TYPE X520name } + +initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-initials + TYPE X520name } + +generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-generationQualifier + TYPE X520name } + +commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-commonName + TYPE X520CommonName } + +localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-localityName + TYPE X520LocalityName } + +stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-stateOrProvinceName + TYPE X520StateOrProvinceName } + +organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-organizationName + TYPE X520OrganizationName } + +organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-organizationalUnitName + TYPE X520OrganizationalUnitName } + +title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-title + TYPE X520Title } + +dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-dnQualifier + TYPE X520dnQualifier } + +countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-countryName + TYPE X520countryName } + +serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-serialNumber + TYPE X520SerialNumber } + +pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-pseudonym + TYPE X520Pseudonym } + +domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-domainComponent + TYPE DomainComponent } + +emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-emailAddress + TYPE EmailAddress } + +-- +-- Signature and Public Key Algorithms +-- + +OTPOLDSubjectPublicKeyInfo ::= SEQUENCE { + algorithm SEQUENCE { + algo PUBLIC-KEY-ALGORITHM-CLASS.&id + ({SupportedPublicKeyAlgorithms}), + parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type + ({SupportedPublicKeyAlgorithms}{@.algo}) + OPTIONAL + }, + subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType + ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) } + +OTPSubjectPublicKeyInfo ::= SEQUENCE { + algorithm PublicKeyAlgorithm, + subjectPublicKey BIT STRING } + + +-- The following is needed for conversion of SubjectPublicKeyInfo. + +OTPSubjectPublicKeyInfo-Any ::= SEQUENCE { + algorithm PublicKeyAlgorithm, + subjectPublicKey ANY } + + +SIGNATURE-ALGORITHM-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL } + WITH SYNTAX { + ID &id + [TYPE &Type] } + +PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL, + &PublicKeyType OPTIONAL } + WITH SYNTAX { + ID &id + [TYPE &Type] + [PUBLIC-KEY-TYPE &PublicKeyType] } + +SignatureAlgorithm ::= SEQUENCE { + algorithm SIGNATURE-ALGORITHM-CLASS.&id + ({SupportedSignatureAlgorithms}), + parameters SIGNATURE-ALGORITHM-CLASS.&Type + ({SupportedSignatureAlgorithms}{@algorithm}) + OPTIONAL } + +SignatureAlgorithm-Any ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL } + +PublicKeyAlgorithm ::= SEQUENCE { + algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id + ({SupportedPublicKeyAlgorithms}), + parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type + ({SupportedPublicKeyAlgorithms}{@algorithm}) + OPTIONAL } + +SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { + dsa-with-sha1 | md2-with-rsa-encryption | + md5-with-rsa-encryption | sha1-with-rsa-encryption | + ecdsa-with-sha1 } + +SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { + dsa | rsa-encryption | dh | kea | ec-public-key } + + -- DSA Keys and Signatures + + -- SubjectPublicKeyInfo: + + dsa PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-dsa + TYPE Dss-Parms -- XXX Must be OPTIONAL + PUBLIC-KEY-TYPE DSAPublicKey } + + -- Certificate.signatureAlgorithm + + dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { + ID id-dsa-with-sha1 + TYPE NULL } -- XXX Must be empty and not NULL + + -- + -- RSA Keys and Signatures + -- + + -- Certificate.signatureAlgorithm + + md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID md2WithRSAEncryption + TYPE NULL } + + md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID md5WithRSAEncryption + TYPE NULL } + + sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID sha1WithRSAEncryption + TYPE NULL } + + -- Certificate.signature + -- See PKCS #1 (RFC 2313). XXX + + -- SubjectPublicKeyInfo: + + rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID rsaEncryption + TYPE NULL + PUBLIC-KEY-TYPE RSAPublicKey } + + -- + -- Diffie-Hellman Keys + -- + + -- SubjectPublicKeyInfo: + + dh PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID dhpublicnumber + TYPE DomainParameters + PUBLIC-KEY-TYPE DHPublicKey } + + -- There are no Diffie-Hellman signature algorithms + + -- + -- KEA Keys + -- + + -- SubjectPublicKeyInfo: + + KEA-PublicKey ::= INTEGER + + kea PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-keyExchangeAlgorithm + TYPE KEA-Parms-Id + PUBLIC-KEY-TYPE KEA-PublicKey } + + -- There are no KEA signature algorithms + + -- + -- Elliptic Curve Keys, Signatures, and Curves + -- + + -- Certificate.signatureAlgorithm + + ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { + ID ecdsa-with-SHA1 + TYPE NULL } -- XXX Must be empty and not NULL + + FIELD-ID-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + + OTPFieldID ::= SEQUENCE { -- Finite field + fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}), + parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) } + + SupportedFieldIds FIELD-ID-CLASS ::= { + field-prime-field | field-characteristic-two } + + field-prime-field FIELD-ID-CLASS ::= { + ID prime-field + TYPE Prime-p } + + CHARACTERISTIC-TWO-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + + OTPCharacteristic-two ::= SEQUENCE { -- Finite field + m INTEGER, -- Field size 2^m + basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}), + parameters CHARACTERISTIC-TWO-CLASS.&Type + ({SupportedCharacteristicTwos}{@basis}) } + + SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= { + gn-basis | tp-basis | pp-basis } + + field-characteristic-two FIELD-ID-CLASS ::= { + ID characteristic-two-field + TYPE Characteristic-two } + + gn-basis CHARACTERISTIC-TWO-CLASS ::= { + ID gnBasis + TYPE NULL } + + tp-basis CHARACTERISTIC-TWO-CLASS ::= { + ID tpBasis + TYPE Trinomial } + + pp-basis CHARACTERISTIC-TWO-CLASS ::= { + ID ppBasis + TYPE Pentanomial } + + -- SubjectPublicKeyInfo.algorithm + + ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-ecPublicKey + TYPE EcpkParameters + PUBLIC-KEY-TYPE ECPoint } + +-- +-- Extension Attributes +-- + +EXTENSION-ATTRIBUTE-CLASS ::= CLASS { + &id INTEGER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + +OTPExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute + +-- XXX Below we should have extension-attribute-type and extension- +-- attribute-value but Erlang ASN1 does not like it. +OTPExtensionAttribute ::= SEQUENCE { + extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id + ({SupportedExtensionAttributes}), + extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type + ({SupportedExtensionAttributes}{@extensionAttributeType}) } + +SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= { + x400-common-name | + x400-teletex-common-name | + x400-teletex-personal-name | + x400-pds-name | + x400-physical-delivery-country-name | + x400-postal-code | + x400-physical-delivery-office-name | + x400-physical-delivery-office-number | + x400-extension-OR-address-components | + x400-physical-delivery-personal-name | + x400-physical-delivery-organization-name | + x400-extension-physical-delivery-address-components | + x400-unformatted-postal-address | + x400-street-address | + x400-post-office-box-address | + x400-poste-restante-address | + x400-unique-postal-name | + x400-local-postal-attributes | + x400-extended-network-address | + x400-terminal-type | + x400-teletex-domain-defined-attributes } + +-- Extension types and attribute values + +x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID common-name + TYPE CommonName } + +x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-common-name + TYPE TeletexCommonName } + +x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-personal-name + TYPE TeletexPersonalName } + +x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID pds-name + TYPE PDSName } + +x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-country-name + TYPE PhysicalDeliveryCountryName } + +x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= { + ID postal-code + TYPE PostalCode } + +x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-office-name + TYPE PhysicalDeliveryOfficeName } + +x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-office-number + TYPE PhysicalDeliveryOfficeNumber } + +x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= { + ID extension-OR-address-components + TYPE ExtensionORAddressComponents } + +x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-personal-name + TYPE PhysicalDeliveryPersonalName } + +x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-organization-name + TYPE PhysicalDeliveryOrganizationName } + +x400-extension-physical-delivery-address-components + EXTENSION-ATTRIBUTE-CLASS ::= { + ID extension-physical-delivery-address-components + TYPE ExtensionPhysicalDeliveryAddressComponents } + +x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID unformatted-postal-address + TYPE UnformattedPostalAddress } + +x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID street-address + TYPE StreetAddress } + +x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID post-office-box-address + TYPE PostOfficeBoxAddress } + +x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID poste-restante-address + TYPE PosteRestanteAddress } + +x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID unique-postal-name + TYPE UniquePostalName } + +x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= { + ID local-postal-attributes + TYPE LocalPostalAttributes } + +x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID extended-network-address + TYPE ExtendedNetworkAddress } + +x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= { + ID terminal-type + TYPE TerminalType } + +x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-domain-defined-attributes + TYPE TeletexDomainDefinedAttributes } + +-- Extensions + +OTPExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +EXTENSION-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL} + WITH SYNTAX { + ID &id + [TYPE &Type] } + +OTPExtension ::= SEQUENCE { + extnID EXTENSION-CLASS.&id({SupportedExtensions}), + critical BOOLEAN DEFAULT FALSE, + extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) } + +-- The following is needed for conversion between Extension and Extension-Cd + +ObjId ::= OBJECT IDENTIFIER +Boolean ::= BOOLEAN +Any ::= ANY + +Extension-Any ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue ANY } + +SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier | + subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod | + certificatePolicies | policyMappings | subjectAltName | + issuerAltName | subjectDirectoryAttributes | basicConstraints | + nameConstraints | policyConstraints | cRLDistributionPoints | + extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess | + subjectInfoAccess | cRLNumber | issuingDistributionPoint | + deltaCRLIndicator | cRLReasons | certificateIssuer | + holdInstructionCode | invalidityDate } + +authorityKeyIdentifier EXTENSION-CLASS ::= { + ID id-ce-authorityKeyIdentifier + TYPE AuthorityKeyIdentifier } + +subjectKeyIdentifier EXTENSION-CLASS ::= { + ID id-ce-subjectKeyIdentifier + TYPE SubjectKeyIdentifier } + +keyUsage EXTENSION-CLASS ::= { + ID id-ce-keyUsage + TYPE KeyUsage } + +privateKeyUsagePeriod EXTENSION-CLASS ::= { + ID id-ce-privateKeyUsagePeriod + TYPE PrivateKeyUsagePeriod } + +certificatePolicies EXTENSION-CLASS ::= { + ID id-ce-certificatePolicies + TYPE CertificatePolicies } + +policyMappings EXTENSION-CLASS ::= { + ID id-ce-policyMappings + TYPE PolicyMappings } + +subjectAltName EXTENSION-CLASS ::= { + ID id-ce-subjectAltName + TYPE SubjectAltName } + +issuerAltName EXTENSION-CLASS ::= { + ID id-ce-issuerAltName + TYPE IssuerAltName } + +subjectDirectoryAttributes EXTENSION-CLASS ::= { + ID id-ce-subjectDirectoryAttributes + TYPE SubjectDirectoryAttributes } + +basicConstraints EXTENSION-CLASS ::= { + ID id-ce-basicConstraints + TYPE BasicConstraints } + +nameConstraints EXTENSION-CLASS ::= { + ID id-ce-nameConstraints + TYPE NameConstraints } + +policyConstraints EXTENSION-CLASS ::= { + ID id-ce-policyConstraints + TYPE PolicyConstraints } + +cRLDistributionPoints EXTENSION-CLASS ::= { + ID id-ce-cRLDistributionPoints + TYPE CRLDistributionPoints } + +extKeyUsage EXTENSION-CLASS ::= { + ID id-ce-extKeyUsage + TYPE ExtKeyUsageSyntax } + +inhibitAnyPolicy EXTENSION-CLASS ::= { + ID id-ce-inhibitAnyPolicy + TYPE InhibitAnyPolicy } + +freshestCRL EXTENSION-CLASS ::= { + ID id-ce-freshestCRL + TYPE FreshestCRL } + +authorityInfoAccess EXTENSION-CLASS ::= { + ID id-pe-authorityInfoAccess + TYPE AuthorityInfoAccessSyntax } + +subjectInfoAccess EXTENSION-CLASS ::= { + ID id-pe-subjectInfoAccess + TYPE SubjectInfoAccessSyntax } + +cRLNumber EXTENSION-CLASS ::= { + ID id-ce-cRLNumber + TYPE CRLNumber } + +issuingDistributionPoint EXTENSION-CLASS ::= { + ID id-ce-issuingDistributionPoint + TYPE IssuingDistributionPoint } + +deltaCRLIndicator EXTENSION-CLASS ::= { + ID id-ce-deltaCRLIndicator + TYPE BaseCRLNumber } + +cRLReasons EXTENSION-CLASS ::= { + ID id-ce-cRLReasons + TYPE CRLReason } + +certificateIssuer EXTENSION-CLASS ::= { + ID id-ce-certificateIssuer + TYPE CertificateIssuer } + +holdInstructionCode EXTENSION-CLASS ::= { + ID id-ce-holdInstructionCode + TYPE HoldInstructionCode } + +invalidityDate EXTENSION-CLASS ::= { + ID id-ce-invalidityDate + TYPE InvalidityDate } + +END |