diff options
Diffstat (limited to 'lib/public_key')
-rw-r--r-- | lib/public_key/.gitignore | 7 | ||||
-rw-r--r-- | lib/public_key/asn1/InformationFramework.asn1 | 682 | ||||
-rw-r--r-- | lib/public_key/asn1/Makefile | 3 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-8.asn1 | 70 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-FRAME.set.asn | 1 | ||||
-rw-r--r-- | lib/public_key/test/erl_make_certs.erl | 14 |
6 files changed, 84 insertions, 693 deletions
diff --git a/lib/public_key/.gitignore b/lib/public_key/.gitignore new file mode 100644 index 0000000000..db24906676 --- /dev/null +++ b/lib/public_key/.gitignore @@ -0,0 +1,7 @@ +# public_key + +/lib/public_key/asn1/*.asn1db +/lib/public_key/asn1/*.erl +/lib/public_key/asn1/*.hrl +/lib/public_key/include/OTP-PUB-KEY.hrl +/lib/public_key/include/PKCS-FRAME.hrl diff --git a/lib/public_key/asn1/InformationFramework.asn1 b/lib/public_key/asn1/InformationFramework.asn1 deleted file mode 100644 index 40fbd11a2a..0000000000 --- a/lib/public_key/asn1/InformationFramework.asn1 +++ /dev/null @@ -1,682 +0,0 @@ -InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) - 6} DEFINITIONS ::= -BEGIN - --- EXPORTS All --- The types and values defined in this module are exported for use in the other ASN.1 modules contained --- within the Directory Specifications, and for the use of other applications which will use them to access --- Directory services. Other applications may use them for their own purposes, but this will not constrain --- extensions and modifications needed to maintain or improve the Directory service. -IMPORTS - -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 - directoryAbstractService, id-ar, id-at, id-mr, id-nf, id-oa, id-oc, - id-sc, selectedAttributeTypes, serviceAdministration - FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) - usefulDefinitions(0) 6} - SearchRule - FROM ServiceAdministration serviceAdministration - -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 - TypeAndContextAssertion - FROM DirectoryAbstractService directoryAbstractService - -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 - booleanMatch, commonName, generalizedTimeMatch, generalizedTimeOrderingMatch, - integerFirstComponentMatch, integerMatch, integerOrderingMatch, - objectIdentifierFirstComponentMatch, UnboundedDirectoryString - FROM SelectedAttributeTypes selectedAttributeTypes; - --- attribute data types -Attribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE { - type ATTRIBUTE.&id({SupportedAttributes}), - values - SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}), - valuesWithContext - SET SIZE (1..MAX) OF - SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}), - contextList SET SIZE (1..MAX) OF Context} OPTIONAL -} - -AttributeType ::= ATTRIBUTE.&id - -AttributeValue ::= ATTRIBUTE.&Type - -Context ::= SEQUENCE { - contextType CONTEXT.&id({SupportedContexts}), - contextValues - SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}), - fallback BOOLEAN DEFAULT FALSE -} - -AttributeValueAssertion ::= SEQUENCE { - type ATTRIBUTE.&id({SupportedAttributes}), - assertion - ATTRIBUTE.&equality-match.&AssertionType - ({SupportedAttributes}{@type}), - assertedContexts - CHOICE {allContexts [0] NULL, - selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion - } OPTIONAL -} - -ContextAssertion ::= SEQUENCE { - contextType CONTEXT.&id({SupportedContexts}), - contextValues - SET SIZE (1..MAX) OF - CONTEXT.&Assertion({SupportedContexts}{@contextType}) -} - -AttributeTypeAssertion ::= SEQUENCE { - type ATTRIBUTE.&id({SupportedAttributes}), - assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL -} - --- Definition of the following information object set is deferred, perhaps to standardized --- profiles or to protocol implementation conformance statements. The set is required to --- specify a table constraint on the values component of Attribute, the value component --- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion. -SupportedAttributes ATTRIBUTE ::= - {objectClass | aliasedEntryName, ...} - --- Definition of the following information object set is deferred, perhaps to standardized --- profiles or to protocol implementation conformance statements. The set is required to --- specify a table constraint on the context specifications -SupportedContexts CONTEXT ::= - {...} - --- naming data types -Name ::= CHOICE { -- only one possibility for now --rdnSequence RDNSequence -} - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -DistinguishedName ::= RDNSequence - -RelativeDistinguishedName ::= - SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue - -AttributeTypeAndDistinguishedValue ::= SEQUENCE { - type ATTRIBUTE.&id({SupportedAttributes}), - value ATTRIBUTE.&Type({SupportedAttributes}{@type}), - primaryDistinguished BOOLEAN DEFAULT TRUE, - valuesWithContext - SET SIZE (1..MAX) OF - SEQUENCE {distingAttrValue - [0] ATTRIBUTE.&Type({SupportedAttributes}{@type}) - OPTIONAL, - contextList SET SIZE (1..MAX) OF Context} OPTIONAL -} - --- subtree data types -SubtreeSpecification ::= SEQUENCE { - base [0] LocalName DEFAULT {}, - COMPONENTS OF ChopSpecification, - specificationFilter [4] Refinement OPTIONAL -} - --- empty sequence specifies whole administrative area -LocalName ::= RDNSequence - -ChopSpecification ::= SEQUENCE { - specificExclusions - [1] SET SIZE (1..MAX) OF - CHOICE {chopBefore [0] LocalName, - chopAfter [1] LocalName} OPTIONAL, - minimum [2] BaseDistance DEFAULT 0, - maximum [3] BaseDistance OPTIONAL -} - -BaseDistance ::= INTEGER(0..MAX) - -Refinement ::= CHOICE { - item [0] OBJECT-CLASS.&id, - and [1] SET SIZE (1..MAX) OF Refinement, - or [2] SET SIZE (1..MAX) OF Refinement, - not [3] Refinement -} - --- OBJECT-CLASS information object class specification -OBJECT-CLASS ::= CLASS { - &Superclasses OBJECT-CLASS OPTIONAL, - &kind ObjectClassKind DEFAULT structural, - &MandatoryAttributes ATTRIBUTE OPTIONAL, - &OptionalAttributes ATTRIBUTE OPTIONAL, - &id OBJECT IDENTIFIER UNIQUE -} -WITH SYNTAX { - [SUBCLASS OF &Superclasses] - [KIND &kind] - [MUST CONTAIN &MandatoryAttributes] - [MAY CONTAIN &OptionalAttributes] - ID &id -} - -ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)} - --- object classes -top OBJECT-CLASS ::= { - KIND abstract - MUST CONTAIN {objectClass} - ID id-oc-top -} - -alias OBJECT-CLASS ::= { - SUBCLASS OF {top} - MUST CONTAIN {aliasedEntryName} - ID id-oc-alias -} - -parent OBJECT-CLASS ::= {KIND abstract - ID id-oc-parent -} - -child OBJECT-CLASS ::= {KIND auxiliary - ID id-oc-child -} - --- ATTRIBUTE information object class specification -ATTRIBUTE ::= CLASS { - &derivation ATTRIBUTE OPTIONAL, - &Type OPTIONAL, -- either &Type or &derivation required - &equality-match MATCHING-RULE OPTIONAL, - &ordering-match MATCHING-RULE OPTIONAL, - &substrings-match MATCHING-RULE OPTIONAL, - &single-valued BOOLEAN DEFAULT FALSE, - &collective BOOLEAN DEFAULT FALSE, - &dummy BOOLEAN DEFAULT FALSE, - -- operational extensions - &no-user-modification BOOLEAN DEFAULT FALSE, - &usage AttributeUsage DEFAULT userApplications, - &id OBJECT IDENTIFIER UNIQUE -} -WITH SYNTAX { - [SUBTYPE OF &derivation] - [WITH SYNTAX &Type] - [EQUALITY MATCHING RULE &equality-match] - [ORDERING MATCHING RULE &ordering-match] - [SUBSTRINGS MATCHING RULE &substrings-match] - [SINGLE VALUE &single-valued] - [COLLECTIVE &collective] - [DUMMY &dummy] - [NO USER MODIFICATION &no-user-modification] - [USAGE &usage] - ID &id -} - -AttributeUsage ::= ENUMERATED { - userApplications(0), directoryOperation(1), distributedOperation(2), - dSAOperation(3)} - --- attributes -objectClass ATTRIBUTE ::= { - WITH SYNTAX OBJECT IDENTIFIER - EQUALITY MATCHING RULE objectIdentifierMatch - ID id-at-objectClass -} - -aliasedEntryName ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - SINGLE VALUE TRUE - ID id-at-aliasedEntryName -} - --- MATCHING-RULE information object class specification -MATCHING-RULE ::= CLASS { - &ParentMatchingRules MATCHING-RULE OPTIONAL, - &AssertionType OPTIONAL, - &uniqueMatchIndicator ATTRIBUTE OPTIONAL, - &id OBJECT IDENTIFIER UNIQUE -} -WITH SYNTAX { - [PARENT &ParentMatchingRules] - [SYNTAX &AssertionType] - [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator] - ID &id -} - --- matching rules -objectIdentifierMatch MATCHING-RULE ::= { - SYNTAX OBJECT IDENTIFIER - ID id-mr-objectIdentifierMatch -} - -distinguishedNameMatch MATCHING-RULE ::= { - SYNTAX DistinguishedName - ID id-mr-distinguishedNameMatch -} - -MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult, - OBJECT IDENTIFIER:matchingRule} ::= CLASS { - &selectBy SelectedBy OPTIONAL, - &ApplicableTo ATTRIBUTE, - &subtypesIncluded BOOLEAN DEFAULT TRUE, - &combinable BOOLEAN(combinable), - &mappingResults MappingResult OPTIONAL, - &userControl BOOLEAN DEFAULT FALSE, - &exclusive BOOLEAN DEFAULT TRUE, - &matching-rule MATCHING-RULE.&id(matchingRule), - &id OBJECT IDENTIFIER UNIQUE -} -WITH SYNTAX { - [SELECT BY &selectBy] - APPLICABLE TO &ApplicableTo - [SUBTYPES INCLUDED &subtypesIncluded] - COMBINABLE &combinable - [MAPPING RESULTS &mappingResults] - [USER CONTROL &userControl] - [EXCLUSIVE &exclusive] - MATCHING RULE &matching-rule - ID &id -} - --- NAME-FORM information object class specification -NAME-FORM ::= CLASS { - &namedObjectClass OBJECT-CLASS, - &MandatoryAttributes ATTRIBUTE, - &OptionalAttributes ATTRIBUTE OPTIONAL, - &id OBJECT IDENTIFIER UNIQUE -} -WITH SYNTAX { - NAMES &namedObjectClass - WITH ATTRIBUTES &MandatoryAttributes - [AND OPTIONALLY &OptionalAttributes] - ID &id -} - --- STRUCTURE-RULE class and DIT structure rule data types -DITStructureRule ::= SEQUENCE { - ruleIdentifier RuleIdentifier, - -- shall be unique within the scope of the subschema - nameForm NAME-FORM.&id, - superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL -} - -RuleIdentifier ::= INTEGER - -STRUCTURE-RULE ::= CLASS { - &nameForm NAME-FORM, - &SuperiorStructureRules STRUCTURE-RULE OPTIONAL, - &id RuleIdentifier -} -WITH SYNTAX { - NAME FORM &nameForm - [SUPERIOR RULES &SuperiorStructureRules] - ID &id -} - --- DIT content rule data type and CONTENT-RULE class -DITContentRule ::= SEQUENCE { - structuralObjectClass OBJECT-CLASS.&id, - auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL, - mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, - optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL, - precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL -} - -CONTENT-RULE ::= CLASS { - &structuralClass OBJECT-CLASS.&id UNIQUE, - &Auxiliaries OBJECT-CLASS OPTIONAL, - &Mandatory ATTRIBUTE OPTIONAL, - &Optional ATTRIBUTE OPTIONAL, - &Precluded ATTRIBUTE OPTIONAL -} -WITH SYNTAX { - STRUCTURAL OBJECT-CLASS &structuralClass - [AUXILIARY OBJECT-CLASSES &Auxiliaries] - [MUST CONTAIN &Mandatory] - [MAY CONTAIN &Optional] - [MUST-NOT CONTAIN &Precluded] -} - -CONTEXT ::= CLASS { - &Type , - &DefaultValue OPTIONAL, - &Assertion OPTIONAL, - &absentMatch BOOLEAN DEFAULT TRUE, - &id OBJECT IDENTIFIER UNIQUE -} -WITH SYNTAX { - WITH SYNTAX &Type - [DEFAULT-VALUE &DefaultValue] - [ASSERTED AS &Assertion] - [ABSENT-MATCH &absentMatch] - ID &id -} - -DITContextUse ::= SEQUENCE { - attributeType ATTRIBUTE.&id, - mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL, - optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL -} - -DIT-CONTEXT-USE-RULE ::= CLASS { - &attributeType ATTRIBUTE.&id UNIQUE, - &Mandatory CONTEXT OPTIONAL, - &Optional CONTEXT OPTIONAL -} -WITH SYNTAX { - ATTRIBUTE TYPE &attributeType - [MANDATORY CONTEXTS &Mandatory] - [OPTIONAL CONTEXTS &Optional] -} - -FRIENDS ::= CLASS { - &anchor ATTRIBUTE.&id UNIQUE, - &Friends ATTRIBUTE -}WITH SYNTAX {ANCHOR &anchor - FRIENDS &Friends -} - --- system schema information objects --- object classes -subentry OBJECT-CLASS ::= { - SUBCLASS OF {top} - KIND structural - MUST CONTAIN {commonName | subtreeSpecification} - ID id-sc-subentry -} - -subentryNameForm NAME-FORM ::= { - NAMES subentry - WITH ATTRIBUTES {commonName} - ID id-nf-subentryNameForm -} - -subtreeSpecification ATTRIBUTE ::= { - WITH SYNTAX SubtreeSpecification - USAGE directoryOperation - ID id-oa-subtreeSpecification -} - -administrativeRole ATTRIBUTE ::= { - WITH SYNTAX OBJECT-CLASS.&id - EQUALITY MATCHING RULE objectIdentifierMatch - USAGE directoryOperation - ID id-oa-administrativeRole -} - -createTimestamp ATTRIBUTE ::= { - WITH SYNTAX GeneralizedTime - -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 - EQUALITY MATCHING RULE generalizedTimeMatch - ORDERING MATCHING RULE generalizedTimeOrderingMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-createTimestamp -} - -modifyTimestamp ATTRIBUTE ::= { - WITH SYNTAX GeneralizedTime - -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 - EQUALITY MATCHING RULE generalizedTimeMatch - ORDERING MATCHING RULE generalizedTimeOrderingMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-modifyTimestamp -} - -subschemaTimestamp ATTRIBUTE ::= { - WITH SYNTAX GeneralizedTime - -- as per 46.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1 - EQUALITY MATCHING RULE generalizedTimeMatch - ORDERING MATCHING RULE generalizedTimeOrderingMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-subschemaTimestamp -} - -creatorsName ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-creatorsName -} - -modifiersName ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-modifiersName -} - -subschemaSubentryList ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-subschemaSubentryList -} - -accessControlSubentryList ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-accessControlSubentryList -} - -collectiveAttributeSubentryList ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-collectiveAttributeSubentryList -} - -contextDefaultSubentryList ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-contextDefaultSubentryList -} - -serviceAdminSubentryList ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-serviceAdminSubentryList -} - -hasSubordinates ATTRIBUTE ::= { - WITH SYNTAX BOOLEAN - EQUALITY MATCHING RULE booleanMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-hasSubordinates -} - -accessControlSubentry OBJECT-CLASS ::= { - KIND auxiliary - ID id-sc-accessControlSubentry -} - -collectiveAttributeSubentry OBJECT-CLASS ::= { - KIND auxiliary - ID id-sc-collectiveAttributeSubentry -} - -collectiveExclusions ATTRIBUTE ::= { - WITH SYNTAX OBJECT IDENTIFIER - EQUALITY MATCHING RULE objectIdentifierMatch - USAGE directoryOperation - ID id-oa-collectiveExclusions -} - -contextAssertionSubentry OBJECT-CLASS ::= { - KIND auxiliary - MUST CONTAIN {contextAssertionDefaults} - ID id-sc-contextAssertionSubentry -} - -contextAssertionDefaults ATTRIBUTE ::= { - WITH SYNTAX TypeAndContextAssertion - EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch - USAGE directoryOperation - ID id-oa-contextAssertionDefault -} - -serviceAdminSubentry OBJECT-CLASS ::= { - KIND auxiliary - MUST CONTAIN {searchRules} - ID id-sc-serviceAdminSubentry -} - -searchRules ATTRIBUTE ::= { - WITH SYNTAX SearchRuleDescription - EQUALITY MATCHING RULE integerFirstComponentMatch - USAGE directoryOperation - ID id-oa-searchRules -} - -SearchRuleDescription ::= SEQUENCE { - COMPONENTS OF SearchRule, - name [28] SET SIZE (1..MAX) OF UnboundedDirectoryString OPTIONAL, - description [29] UnboundedDirectoryString OPTIONAL -} - -hierarchyLevel ATTRIBUTE ::= { - WITH SYNTAX HierarchyLevel - EQUALITY MATCHING RULE integerMatch - ORDERING MATCHING RULE integerOrderingMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-hierarchyLevel -} - -HierarchyLevel ::= INTEGER - -hierarchyBelow ATTRIBUTE ::= { - WITH SYNTAX HierarchyBelow - EQUALITY MATCHING RULE booleanMatch - SINGLE VALUE TRUE - NO USER MODIFICATION TRUE - USAGE directoryOperation - ID id-oa-hierarchyBelow -} - -HierarchyBelow ::= BOOLEAN - -hierarchyParent ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - SINGLE VALUE TRUE - USAGE directoryOperation - ID id-oa-hierarchyParent -} - -hierarchyTop ATTRIBUTE ::= { - WITH SYNTAX DistinguishedName - EQUALITY MATCHING RULE distinguishedNameMatch - SINGLE VALUE TRUE - USAGE directoryOperation - ID id-oa-hierarchyTop -} - --- object identifier assignments --- object classes -id-oc-top OBJECT IDENTIFIER ::= - {id-oc 0} - -id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1} - -id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28} - -id-oc-child OBJECT IDENTIFIER ::= {id-oc 29} - --- attributes -id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0} - -id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1} - --- matching rules -id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0} - -id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1} - --- operational attributes -id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= - {id-oa 0} - -id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1} - -id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2} - -id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3} - -id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4} - -id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5} - -id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6} - -id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7} - -id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8} - -id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9} - -id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10} - -id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11} - -id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12} - -id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13} - -id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14} - -id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15} - -id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16} - -id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17} - -id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18} - -id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19} - -id-oa-hierarchyTop OBJECT IDENTIFIER ::= {id-oa 20} - --- subentry classes -id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0} - -id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1} - -id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2} - -id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3} - -id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4} - --- Name forms -id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16} - --- administrative roles -id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1} - -id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2} - -id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3} - -id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4} - -id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5} - -id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6} - -id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7} - -id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8} - -END -- InformationFramework diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile index 2ce1168349..943d97bdb8 100644 --- a/lib/public_key/asn1/Makefile +++ b/lib/public_key/asn1/Makefile @@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN) ASN_TOP = OTP-PUB-KEY PKCS-FRAME ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \ - PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 InformationFramework PKCS5v2-0 OTP-PKIX + PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-8 PKCS5v2-0 OTP-PKIX ASN_ASNS = $(ASN_MODULES:%=%.asn1) ASN_ERLS = $(ASN_TOP:%=%.erl) ASN_HRLS = $(ASN_TOP:%=%.hrl) @@ -117,5 +117,4 @@ OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \ $(EBIN)/PKCS-FRAME.beam: PKCS-FRAME.erl PKCS-FRAME.hrl PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db PKCS-FRAME.asn1db: PKCS-8.asn1\ - InformationFramework.asn1\ PKCS5v2-0.asn1
\ No newline at end of file diff --git a/lib/public_key/asn1/PKCS-8.asn1 b/lib/public_key/asn1/PKCS-8.asn1 index 7413519b57..8412345b68 100644 --- a/lib/public_key/asn1/PKCS-8.asn1 +++ b/lib/public_key/asn1/PKCS-8.asn1 @@ -14,15 +14,15 @@ BEGIN -- All types and values defined in this module is exported for use in other -- ASN.1 modules. -IMPORTS +--IMPORTS -- informationFramework -- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) -- usefulDefinitions(0) 3} -Attribute +--Attribute -- FROM InformationFramework informationFramework - FROM InformationFramework; +-- FROM InformationFramework; -- This import is really unnecessary since ALGORITHM-IDENTIFIER is defined as a -- TYPE-IDENTIFIER @@ -55,8 +55,8 @@ Version ::= INTEGER {v1(0)} (v1,...) PrivateKey ::= OCTET STRING --- Attributes ::= SET OF Attribute -Attributes ::= SET OF Attribute {{...}} +-- Attributes ::= SET OF PKAttribute +Attributes ::= SET OF PKAttribute {{...}} -- Encrypted private-key information syntax @@ -78,6 +78,66 @@ KeyEncryptionAlgorithms TYPE-IDENTIFIER ::= { ... -- For local profiles } +-- From InformationFramework +PKAttribute{ATTRIBUTE:SupportedAttributes} ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + values + SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}), + valuesWithContext + SET SIZE (1..MAX) OF + SEQUENCE {value ATTRIBUTE.&Type({SupportedAttributes}{@type}), + contextList SET SIZE (1..MAX) OF Context} OPTIONAL +} + +Context ::= SEQUENCE { + contextType CONTEXT.&id({SupportedContexts}), + contextValues + SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}), + fallback BOOLEAN DEFAULT FALSE +} +-- Definition of the following information object set is deferred, perhaps to standardized +-- profiles or to protocol implementation conformance statements. The set is required to +-- specify a table constraint on the context specifications +SupportedContexts CONTEXT ::= + {...} + + +CONTEXT ::= CLASS { + &Type , + &DefaultValue OPTIONAL, + &Assertion OPTIONAL, + &absentMatch BOOLEAN DEFAULT TRUE, + &id OBJECT IDENTIFIER UNIQUE +} + +-- ATTRIBUTE information object class specification +ATTRIBUTE ::= CLASS { + &derivation ATTRIBUTE OPTIONAL, + &Type OPTIONAL, -- either &Type or &derivation required + &equality-match MATCHING-RULE OPTIONAL, + &ordering-match MATCHING-RULE OPTIONAL, + &substrings-match MATCHING-RULE OPTIONAL, + &single-valued BOOLEAN DEFAULT FALSE, + &collective BOOLEAN DEFAULT FALSE, + &dummy BOOLEAN DEFAULT FALSE, + -- operational extensions + &no-user-modification BOOLEAN DEFAULT FALSE, + &usage AttributeUsage DEFAULT userApplications, + &id OBJECT IDENTIFIER UNIQUE +} + +-- MATCHING-RULE information object class specification +MATCHING-RULE ::= CLASS { + &ParentMatchingRules MATCHING-RULE OPTIONAL, + &AssertionType OPTIONAL, + &uniqueMatchIndicator ATTRIBUTE OPTIONAL, + &id OBJECT IDENTIFIER UNIQUE +} + +AttributeUsage ::= ENUMERATED { + userApplications(0), directoryOperation(1), distributedOperation(2), + dSAOperation(3)} + END diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn index a0777ff260..69b6727bef 100644 --- a/lib/public_key/asn1/PKCS-FRAME.set.asn +++ b/lib/public_key/asn1/PKCS-FRAME.set.asn @@ -1,3 +1,2 @@ PKCS-8.asn1 -InformationFramework.asn1 PKCS5v2-0.asn1 diff --git a/lib/public_key/test/erl_make_certs.erl b/lib/public_key/test/erl_make_certs.erl index 8b01ca3ad4..254aa6d2f9 100644 --- a/lib/public_key/test/erl_make_certs.erl +++ b/lib/public_key/test/erl_make_certs.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2010. All Rights Reserved. +%% Copyright Ericsson AB 2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) -> issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) -> {issuer_der(Issuer), decode_key(IssuerKey)}; issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) -> - {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File), + {ok, [{cert, Cert, _}|_]} = pem_to_der(File), {issuer_der(Cert), decode_key(IssuerKey)}. issuer_der(Issuer) -> @@ -185,7 +185,7 @@ issuer_der(Issuer) -> Subject. subject(undefined, IsRootCA) -> - User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end, + User = if IsRootCA -> "RootCA"; true -> user() end, Opts = [{email, User ++ "@erlang.org"}, {name, User}, {city, "Stockholm"}, @@ -196,6 +196,14 @@ subject(undefined, IsRootCA) -> subject(Opts, _) -> subject(Opts). +user() -> + case os:getenv("USER") of + false -> + "test_user"; + User -> + User + end. + subject(SubjectOpts) when is_list(SubjectOpts) -> Encode = fun(Opt) -> {Type,Value} = subject_enc(Opt), |