aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key')
-rw-r--r--lib/public_key/.gitignore7
-rw-r--r--lib/public_key/asn1/InformationFramework.asn1682
-rw-r--r--lib/public_key/asn1/Makefile3
-rw-r--r--lib/public_key/asn1/PKCS-8.asn170
-rw-r--r--lib/public_key/asn1/PKCS-FRAME.set.asn1
-rw-r--r--lib/public_key/test/erl_make_certs.erl14
6 files changed, 84 insertions, 693 deletions
diff --git a/lib/public_key/.gitignore b/lib/public_key/.gitignore
new file mode 100644
index 0000000000..db24906676
--- /dev/null
+++ b/lib/public_key/.gitignore
@@ -0,0 +1,7 @@
+# public_key
+
+/lib/public_key/asn1/*.asn1db
+/lib/public_key/asn1/*.erl
+/lib/public_key/asn1/*.hrl
+/lib/public_key/include/OTP-PUB-KEY.hrl
+/lib/public_key/include/PKCS-FRAME.hrl
diff --git a/lib/public_key/asn1/InformationFramework.asn1 b/lib/public_key/asn1/InformationFramework.asn1
deleted file mode 100644
index 40fbd11a2a..0000000000
--- a/lib/public_key/asn1/InformationFramework.asn1
+++ /dev/null
@@ -1,682 +0,0 @@
-InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1)
- 6} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-IMPORTS
- -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
- directoryAbstractService, id-ar, id-at, id-mr, id-nf, id-oa, id-oc,
- id-sc, selectedAttributeTypes, serviceAdministration
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
- usefulDefinitions(0) 6}
- SearchRule
- FROM ServiceAdministration serviceAdministration
- -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
- TypeAndContextAssertion
- FROM DirectoryAbstractService directoryAbstractService
- -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
- booleanMatch, commonName, generalizedTimeMatch, generalizedTimeOrderingMatch,
- integerFirstComponentMatch, integerMatch, integerOrderingMatch,
- objectIdentifierFirstComponentMatch, UnboundedDirectoryString
- FROM SelectedAttributeTypes selectedAttributeTypes;
-
--- attribute data types
-Attribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- values
- SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
- valuesWithContext
- SET SIZE (1..MAX) OF
- SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
- contextList SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
-AttributeType ::= ATTRIBUTE.&id
-
-AttributeValue ::= ATTRIBUTE.&Type
-
-Context ::= SEQUENCE {
- contextType CONTEXT.&id({SupportedContexts}),
- contextValues
- SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
- fallback BOOLEAN DEFAULT FALSE
-}
-
-AttributeValueAssertion ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- assertion
- ATTRIBUTE.&equality-match.&AssertionType
- ({SupportedAttributes}{@type}),
- assertedContexts
- CHOICE {allContexts [0] NULL,
- selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion
- } OPTIONAL
-}
-
-ContextAssertion ::= SEQUENCE {
- contextType CONTEXT.&id({SupportedContexts}),
- contextValues
- SET SIZE (1..MAX) OF
- CONTEXT.&Assertion({SupportedContexts}{@contextType})
-}
-
-AttributeTypeAssertion ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL
-}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the values component of Attribute, the value component
--- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion.
-SupportedAttributes ATTRIBUTE ::=
- {objectClass | aliasedEntryName, ...}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the context specifications
-SupportedContexts CONTEXT ::=
- {...}
-
--- naming data types
-Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence
-}
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-DistinguishedName ::= RDNSequence
-
-RelativeDistinguishedName ::=
- SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue
-
-AttributeTypeAndDistinguishedValue ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
- primaryDistinguished BOOLEAN DEFAULT TRUE,
- valuesWithContext
- SET SIZE (1..MAX) OF
- SEQUENCE {distingAttrValue
- [0] ATTRIBUTE.&Type({SupportedAttributes}{@type})
- OPTIONAL,
- contextList SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
--- subtree data types
-SubtreeSpecification ::= SEQUENCE {
- base [0] LocalName DEFAULT {},
- COMPONENTS OF ChopSpecification,
- specificationFilter [4] Refinement OPTIONAL
-}
-
--- empty sequence specifies whole administrative area
-LocalName ::= RDNSequence
-
-ChopSpecification ::= SEQUENCE {
- specificExclusions
- [1] SET SIZE (1..MAX) OF
- CHOICE {chopBefore [0] LocalName,
- chopAfter [1] LocalName} OPTIONAL,
- minimum [2] BaseDistance DEFAULT 0,
- maximum [3] BaseDistance OPTIONAL
-}
-
-BaseDistance ::= INTEGER(0..MAX)
-
-Refinement ::= CHOICE {
- item [0] OBJECT-CLASS.&id,
- and [1] SET SIZE (1..MAX) OF Refinement,
- or [2] SET SIZE (1..MAX) OF Refinement,
- not [3] Refinement
-}
-
--- OBJECT-CLASS information object class specification
-OBJECT-CLASS ::= CLASS {
- &Superclasses OBJECT-CLASS OPTIONAL,
- &kind ObjectClassKind DEFAULT structural,
- &MandatoryAttributes ATTRIBUTE OPTIONAL,
- &OptionalAttributes ATTRIBUTE OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [SUBCLASS OF &Superclasses]
- [KIND &kind]
- [MUST CONTAIN &MandatoryAttributes]
- [MAY CONTAIN &OptionalAttributes]
- ID &id
-}
-
-ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)}
-
--- object classes
-top OBJECT-CLASS ::= {
- KIND abstract
- MUST CONTAIN {objectClass}
- ID id-oc-top
-}
-
-alias OBJECT-CLASS ::= {
- SUBCLASS OF {top}
- MUST CONTAIN {aliasedEntryName}
- ID id-oc-alias
-}
-
-parent OBJECT-CLASS ::= {KIND abstract
- ID id-oc-parent
-}
-
-child OBJECT-CLASS ::= {KIND auxiliary
- ID id-oc-child
-}
-
--- ATTRIBUTE information object class specification
-ATTRIBUTE ::= CLASS {
- &derivation ATTRIBUTE OPTIONAL,
- &Type OPTIONAL, -- either &Type or &derivation required
- &equality-match MATCHING-RULE OPTIONAL,
- &ordering-match MATCHING-RULE OPTIONAL,
- &substrings-match MATCHING-RULE OPTIONAL,
- &single-valued BOOLEAN DEFAULT FALSE,
- &collective BOOLEAN DEFAULT FALSE,
- &dummy BOOLEAN DEFAULT FALSE,
- -- operational extensions
- &no-user-modification BOOLEAN DEFAULT FALSE,
- &usage AttributeUsage DEFAULT userApplications,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [SUBTYPE OF &derivation]
- [WITH SYNTAX &Type]
- [EQUALITY MATCHING RULE &equality-match]
- [ORDERING MATCHING RULE &ordering-match]
- [SUBSTRINGS MATCHING RULE &substrings-match]
- [SINGLE VALUE &single-valued]
- [COLLECTIVE &collective]
- [DUMMY &dummy]
- [NO USER MODIFICATION &no-user-modification]
- [USAGE &usage]
- ID &id
-}
-
-AttributeUsage ::= ENUMERATED {
- userApplications(0), directoryOperation(1), distributedOperation(2),
- dSAOperation(3)}
-
--- attributes
-objectClass ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-at-objectClass
-}
-
-aliasedEntryName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- ID id-at-aliasedEntryName
-}
-
--- MATCHING-RULE information object class specification
-MATCHING-RULE ::= CLASS {
- &ParentMatchingRules MATCHING-RULE OPTIONAL,
- &AssertionType OPTIONAL,
- &uniqueMatchIndicator ATTRIBUTE OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [PARENT &ParentMatchingRules]
- [SYNTAX &AssertionType]
- [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
- ID &id
-}
-
--- matching rules
-objectIdentifierMatch MATCHING-RULE ::= {
- SYNTAX OBJECT IDENTIFIER
- ID id-mr-objectIdentifierMatch
-}
-
-distinguishedNameMatch MATCHING-RULE ::= {
- SYNTAX DistinguishedName
- ID id-mr-distinguishedNameMatch
-}
-
-MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult,
- OBJECT IDENTIFIER:matchingRule} ::= CLASS {
- &selectBy SelectedBy OPTIONAL,
- &ApplicableTo ATTRIBUTE,
- &subtypesIncluded BOOLEAN DEFAULT TRUE,
- &combinable BOOLEAN(combinable),
- &mappingResults MappingResult OPTIONAL,
- &userControl BOOLEAN DEFAULT FALSE,
- &exclusive BOOLEAN DEFAULT TRUE,
- &matching-rule MATCHING-RULE.&id(matchingRule),
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [SELECT BY &selectBy]
- APPLICABLE TO &ApplicableTo
- [SUBTYPES INCLUDED &subtypesIncluded]
- COMBINABLE &combinable
- [MAPPING RESULTS &mappingResults]
- [USER CONTROL &userControl]
- [EXCLUSIVE &exclusive]
- MATCHING RULE &matching-rule
- ID &id
-}
-
--- NAME-FORM information object class specification
-NAME-FORM ::= CLASS {
- &namedObjectClass OBJECT-CLASS,
- &MandatoryAttributes ATTRIBUTE,
- &OptionalAttributes ATTRIBUTE OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- NAMES &namedObjectClass
- WITH ATTRIBUTES &MandatoryAttributes
- [AND OPTIONALLY &OptionalAttributes]
- ID &id
-}
-
--- STRUCTURE-RULE class and DIT structure rule data types
-DITStructureRule ::= SEQUENCE {
- ruleIdentifier RuleIdentifier,
- -- shall be unique within the scope of the subschema
- nameForm NAME-FORM.&id,
- superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL
-}
-
-RuleIdentifier ::= INTEGER
-
-STRUCTURE-RULE ::= CLASS {
- &nameForm NAME-FORM,
- &SuperiorStructureRules STRUCTURE-RULE OPTIONAL,
- &id RuleIdentifier
-}
-WITH SYNTAX {
- NAME FORM &nameForm
- [SUPERIOR RULES &SuperiorStructureRules]
- ID &id
-}
-
--- DIT content rule data type and CONTENT-RULE class
-DITContentRule ::= SEQUENCE {
- structuralObjectClass OBJECT-CLASS.&id,
- auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
- mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
- optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
- precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL
-}
-
-CONTENT-RULE ::= CLASS {
- &structuralClass OBJECT-CLASS.&id UNIQUE,
- &Auxiliaries OBJECT-CLASS OPTIONAL,
- &Mandatory ATTRIBUTE OPTIONAL,
- &Optional ATTRIBUTE OPTIONAL,
- &Precluded ATTRIBUTE OPTIONAL
-}
-WITH SYNTAX {
- STRUCTURAL OBJECT-CLASS &structuralClass
- [AUXILIARY OBJECT-CLASSES &Auxiliaries]
- [MUST CONTAIN &Mandatory]
- [MAY CONTAIN &Optional]
- [MUST-NOT CONTAIN &Precluded]
-}
-
-CONTEXT ::= CLASS {
- &Type ,
- &DefaultValue OPTIONAL,
- &Assertion OPTIONAL,
- &absentMatch BOOLEAN DEFAULT TRUE,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- WITH SYNTAX &Type
- [DEFAULT-VALUE &DefaultValue]
- [ASSERTED AS &Assertion]
- [ABSENT-MATCH &absentMatch]
- ID &id
-}
-
-DITContextUse ::= SEQUENCE {
- attributeType ATTRIBUTE.&id,
- mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
- optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL
-}
-
-DIT-CONTEXT-USE-RULE ::= CLASS {
- &attributeType ATTRIBUTE.&id UNIQUE,
- &Mandatory CONTEXT OPTIONAL,
- &Optional CONTEXT OPTIONAL
-}
-WITH SYNTAX {
- ATTRIBUTE TYPE &attributeType
- [MANDATORY CONTEXTS &Mandatory]
- [OPTIONAL CONTEXTS &Optional]
-}
-
-FRIENDS ::= CLASS {
- &anchor ATTRIBUTE.&id UNIQUE,
- &Friends ATTRIBUTE
-}WITH SYNTAX {ANCHOR &anchor
- FRIENDS &Friends
-}
-
--- system schema information objects
--- object classes
-subentry OBJECT-CLASS ::= {
- SUBCLASS OF {top}
- KIND structural
- MUST CONTAIN {commonName | subtreeSpecification}
- ID id-sc-subentry
-}
-
-subentryNameForm NAME-FORM ::= {
- NAMES subentry
- WITH ATTRIBUTES {commonName}
- ID id-nf-subentryNameForm
-}
-
-subtreeSpecification ATTRIBUTE ::= {
- WITH SYNTAX SubtreeSpecification
- USAGE directoryOperation
- ID id-oa-subtreeSpecification
-}
-
-administrativeRole ATTRIBUTE ::= {
- WITH SYNTAX OBJECT-CLASS.&id
- EQUALITY MATCHING RULE objectIdentifierMatch
- USAGE directoryOperation
- ID id-oa-administrativeRole
-}
-
-createTimestamp ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- EQUALITY MATCHING RULE generalizedTimeMatch
- ORDERING MATCHING RULE generalizedTimeOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-createTimestamp
-}
-
-modifyTimestamp ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- EQUALITY MATCHING RULE generalizedTimeMatch
- ORDERING MATCHING RULE generalizedTimeOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-modifyTimestamp
-}
-
-subschemaTimestamp ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- EQUALITY MATCHING RULE generalizedTimeMatch
- ORDERING MATCHING RULE generalizedTimeOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-subschemaTimestamp
-}
-
-creatorsName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-creatorsName
-}
-
-modifiersName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-modifiersName
-}
-
-subschemaSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-subschemaSubentryList
-}
-
-accessControlSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-accessControlSubentryList
-}
-
-collectiveAttributeSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-collectiveAttributeSubentryList
-}
-
-contextDefaultSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-contextDefaultSubentryList
-}
-
-serviceAdminSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-serviceAdminSubentryList
-}
-
-hasSubordinates ATTRIBUTE ::= {
- WITH SYNTAX BOOLEAN
- EQUALITY MATCHING RULE booleanMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-hasSubordinates
-}
-
-accessControlSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- ID id-sc-accessControlSubentry
-}
-
-collectiveAttributeSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- ID id-sc-collectiveAttributeSubentry
-}
-
-collectiveExclusions ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- USAGE directoryOperation
- ID id-oa-collectiveExclusions
-}
-
-contextAssertionSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- MUST CONTAIN {contextAssertionDefaults}
- ID id-sc-contextAssertionSubentry
-}
-
-contextAssertionDefaults ATTRIBUTE ::= {
- WITH SYNTAX TypeAndContextAssertion
- EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch
- USAGE directoryOperation
- ID id-oa-contextAssertionDefault
-}
-
-serviceAdminSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- MUST CONTAIN {searchRules}
- ID id-sc-serviceAdminSubentry
-}
-
-searchRules ATTRIBUTE ::= {
- WITH SYNTAX SearchRuleDescription
- EQUALITY MATCHING RULE integerFirstComponentMatch
- USAGE directoryOperation
- ID id-oa-searchRules
-}
-
-SearchRuleDescription ::= SEQUENCE {
- COMPONENTS OF SearchRule,
- name [28] SET SIZE (1..MAX) OF UnboundedDirectoryString OPTIONAL,
- description [29] UnboundedDirectoryString OPTIONAL
-}
-
-hierarchyLevel ATTRIBUTE ::= {
- WITH SYNTAX HierarchyLevel
- EQUALITY MATCHING RULE integerMatch
- ORDERING MATCHING RULE integerOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyLevel
-}
-
-HierarchyLevel ::= INTEGER
-
-hierarchyBelow ATTRIBUTE ::= {
- WITH SYNTAX HierarchyBelow
- EQUALITY MATCHING RULE booleanMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyBelow
-}
-
-HierarchyBelow ::= BOOLEAN
-
-hierarchyParent ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyParent
-}
-
-hierarchyTop ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyTop
-}
-
--- object identifier assignments
--- object classes
-id-oc-top OBJECT IDENTIFIER ::=
- {id-oc 0}
-
-id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
-
-id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
-
-id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
-
--- attributes
-id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
-
-id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
-
--- matching rules
-id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
-
-id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
-
--- operational attributes
-id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::=
- {id-oa 0}
-
-id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
-
-id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
-
-id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
-
-id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
-
-id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
-
-id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
-
-id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
-
-id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
-
-id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
-
-id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
-
-id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
-
-id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
-
-id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
-
-id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
-
-id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
-
-id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
-
-id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
-
-id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
-
-id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
-
-id-oa-hierarchyTop OBJECT IDENTIFIER ::= {id-oa 20}
-
--- subentry classes
-id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
-
-id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
-
-id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
-
-id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
-
-id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
-
--- Name forms
-id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
-
--- administrative roles
-id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
-
-id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
-
-id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
-
-id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
-
-id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
-
-id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
-
-id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
-
-id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
-
-END -- InformationFramework
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index 2ce1168349..943d97bdb8 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
ASN_TOP = OTP-PUB-KEY PKCS-FRAME
ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
- PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 InformationFramework PKCS5v2-0 OTP-PKIX
+ PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 PKCS5v2-0 OTP-PKIX
ASN_ASNS = $(ASN_MODULES:%=%.asn1)
ASN_ERLS = $(ASN_TOP:%=%.erl)
ASN_HRLS = $(ASN_TOP:%=%.hrl)
@@ -117,5 +117,4 @@ OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \
$(EBIN)/PKCS-FRAME.beam: PKCS-FRAME.erl PKCS-FRAME.hrl
PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db
PKCS-FRAME.asn1db: PKCS-8.asn1\
- InformationFramework.asn1\
PKCS5v2-0.asn1 \ No newline at end of file
diff --git a/lib/public_key/asn1/PKCS-8.asn1 b/lib/public_key/asn1/PKCS-8.asn1
index 7413519b57..8412345b68 100644
--- a/lib/public_key/asn1/PKCS-8.asn1
+++ b/lib/public_key/asn1/PKCS-8.asn1
@@ -14,15 +14,15 @@ BEGIN
-- All types and values defined in this module is exported for use in other
-- ASN.1 modules.
-IMPORTS
+--IMPORTS
-- informationFramework
-- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
-- usefulDefinitions(0) 3}
-Attribute
+--Attribute
-- FROM InformationFramework informationFramework
- FROM InformationFramework;
+-- FROM InformationFramework;
-- This import is really unnecessary since ALGORITHM-IDENTIFIER is defined as a
-- TYPE-IDENTIFIER
@@ -55,8 +55,8 @@ Version ::= INTEGER {v1(0)} (v1,...)
PrivateKey ::= OCTET STRING
--- Attributes ::= SET OF Attribute
-Attributes ::= SET OF Attribute {{...}}
+-- Attributes ::= SET OF PKAttribute
+Attributes ::= SET OF PKAttribute {{...}}
-- Encrypted private-key information syntax
@@ -78,6 +78,66 @@ KeyEncryptionAlgorithms TYPE-IDENTIFIER ::= {
... -- For local profiles
}
+-- From InformationFramework
+PKAttribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE {
+ type ATTRIBUTE.&id({SupportedAttributes}),
+ values
+ SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+ valuesWithContext
+ SET SIZE (1..MAX) OF
+ SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+ contextList SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+Context ::= SEQUENCE {
+ contextType CONTEXT.&id({SupportedContexts}),
+ contextValues
+ SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
+ fallback BOOLEAN DEFAULT FALSE
+}
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the context specifications
+SupportedContexts CONTEXT ::=
+ {...}
+
+
+CONTEXT ::= CLASS {
+ &Type ,
+ &DefaultValue OPTIONAL,
+ &Assertion OPTIONAL,
+ &absentMatch BOOLEAN DEFAULT TRUE,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+
+-- ATTRIBUTE information object class specification
+ATTRIBUTE ::= CLASS {
+ &derivation ATTRIBUTE OPTIONAL,
+ &Type OPTIONAL, -- either &Type or &derivation required
+ &equality-match MATCHING-RULE OPTIONAL,
+ &ordering-match MATCHING-RULE OPTIONAL,
+ &substrings-match MATCHING-RULE OPTIONAL,
+ &single-valued BOOLEAN DEFAULT FALSE,
+ &collective BOOLEAN DEFAULT FALSE,
+ &dummy BOOLEAN DEFAULT FALSE,
+ -- operational extensions
+ &no-user-modification BOOLEAN DEFAULT FALSE,
+ &usage AttributeUsage DEFAULT userApplications,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+
+-- MATCHING-RULE information object class specification
+MATCHING-RULE ::= CLASS {
+ &ParentMatchingRules MATCHING-RULE OPTIONAL,
+ &AssertionType OPTIONAL,
+ &uniqueMatchIndicator ATTRIBUTE OPTIONAL,
+ &id OBJECT IDENTIFIER UNIQUE
+}
+
+AttributeUsage ::= ENUMERATED {
+ userApplications(0), directoryOperation(1), distributedOperation(2),
+ dSAOperation(3)}
+
END
diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn
index a0777ff260..69b6727bef 100644
--- a/lib/public_key/asn1/PKCS-FRAME.set.asn
+++ b/lib/public_key/asn1/PKCS-FRAME.set.asn
@@ -1,3 +1,2 @@
PKCS-8.asn1
-InformationFramework.asn1
PKCS5v2-0.asn1
diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/public_key/test/erl_make_certs.erl
+++ b/lib/public_key/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
{issuer_der(Issuer), decode_key(IssuerKey)};
issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
- {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+ {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
{issuer_der(Cert), decode_key(IssuerKey)}.
issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
Subject.
subject(undefined, IsRootCA) ->
- User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+ User = if IsRootCA -> "RootCA"; true -> user() end,
Opts = [{email, User ++ "@erlang.org"},
{name, User},
{city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
subject(Opts, _) ->
subject(Opts).
+user() ->
+ case os:getenv("USER") of
+ false ->
+ "test_user";
+ User ->
+ User
+ end.
+
subject(SubjectOpts) when is_list(SubjectOpts) ->
Encode = fun(Opt) ->
{Type,Value} = subject_enc(Opt),