ocsp.asn1 revision 178826 
1252190Srpaulo-- From rfc2560
2252190Srpaulo-- $Id: ocsp.asn1 19576 2006-12-30 12:40:43Z lha $
3252190SrpauloOCSP DEFINITIONS EXPLICIT TAGS::=
4252190Srpaulo
5252190SrpauloBEGIN
6252190Srpaulo
7252190SrpauloIMPORTS
8252190Srpaulo	Certificate, AlgorithmIdentifier, CRLReason,
9252190Srpaulo	Name, GeneralName, CertificateSerialNumber, Extensions
10252190Srpaulo	FROM rfc2459;
11252190Srpaulo
12252190SrpauloOCSPVersion  ::=  INTEGER {  ocsp-v1(0) }
13252190Srpaulo
14252190SrpauloOCSPCertStatus ::= CHOICE {
15252190Srpaulo    good                [0]     IMPLICIT NULL,
16252190Srpaulo    revoked             [1]     IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
17252190Srpaulo    			revocationTime		GeneralizedTime,
18252190Srpaulo			revocationReason[0]	EXPLICIT CRLReason OPTIONAL
19252190Srpaulo    },
20252190Srpaulo    unknown             [2]     IMPLICIT NULL }
21252190Srpaulo
22252190SrpauloOCSPCertID ::= SEQUENCE {
23252190Srpaulo    hashAlgorithm            AlgorithmIdentifier,
24252190Srpaulo    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
25252190Srpaulo    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
26252190Srpaulo    serialNumber       CertificateSerialNumber }
27281806Srpaulo
28252190SrpauloOCSPSingleResponse ::= SEQUENCE {
29252190Srpaulo   certID                       OCSPCertID,
30252190Srpaulo   certStatus                   OCSPCertStatus,
31252190Srpaulo   thisUpdate                   GeneralizedTime,
32281806Srpaulo   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
33281806Srpaulo   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
34252190Srpaulo
35252190SrpauloOCSPInnerRequest ::=     SEQUENCE {
36252190Srpaulo    reqCert                    OCSPCertID,
37252190Srpaulo    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
38252190Srpaulo
39252190SrpauloOCSPTBSRequest      ::=     SEQUENCE {
40252190Srpaulo    version             [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
41252190Srpaulo    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
42252190Srpaulo    requestList             SEQUENCE OF OCSPInnerRequest,
43252190Srpaulo    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
44252190Srpaulo
45252190SrpauloOCSPSignature       ::=     SEQUENCE {
46252190Srpaulo    signatureAlgorithm   AlgorithmIdentifier,
47252190Srpaulo    signature            BIT STRING,
48252190Srpaulo    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
49252190Srpaulo
50252190SrpauloOCSPRequest     ::=     SEQUENCE {
51252190Srpaulo    tbsRequest                  OCSPTBSRequest,
52252190Srpaulo    optionalSignature   [0]     EXPLICIT OCSPSignature OPTIONAL }
53252190Srpaulo
54252190SrpauloOCSPResponseBytes ::=       SEQUENCE {
55252190Srpaulo    responseType   OBJECT IDENTIFIER,
56252190Srpaulo    response       OCTET STRING }
57252190Srpaulo
58252190SrpauloOCSPResponseStatus ::= ENUMERATED {
59252190Srpaulo    successful            (0),      --Response has valid confirmations
60252190Srpaulo    malformedRequest      (1),      --Illegal confirmation request
61252190Srpaulo    internalError         (2),      --Internal error in issuer
62252190Srpaulo    tryLater              (3),      --Try again later
63252190Srpaulo                                    --(4) is not used
64252190Srpaulo    sigRequired           (5),      --Must sign the request
65252190Srpaulo    unauthorized          (6)       --Request unauthorized
66252190Srpaulo}
67252190Srpaulo
68252190SrpauloOCSPResponse ::= SEQUENCE {
69252190Srpaulo   responseStatus         OCSPResponseStatus,
70252190Srpaulo   responseBytes          [0] EXPLICIT OCSPResponseBytes OPTIONAL }
71252190Srpaulo
72281806SrpauloOCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
73252190Srpaulo                         --(excluding the tag and length fields)
74252190Srpaulo
75252190SrpauloOCSPResponderID ::= CHOICE {
76252190Srpaulo   byName   [1] Name,
77252190Srpaulo   byKey    [2] OCSPKeyHash }
78252190Srpaulo
79252190SrpauloOCSPResponseData ::= SEQUENCE {
80252190Srpaulo   version              [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
81252190Srpaulo   responderID              OCSPResponderID,
82252190Srpaulo   producedAt               GeneralizedTime,
83252190Srpaulo   responses                SEQUENCE OF OCSPSingleResponse,
84252190Srpaulo   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
85252190Srpaulo
86252190SrpauloOCSPBasicOCSPResponse       ::= SEQUENCE {
87252190Srpaulo   tbsResponseData      OCSPResponseData,
88252190Srpaulo   signatureAlgorithm   AlgorithmIdentifier,
89252190Srpaulo   signature            BIT STRING,
90252190Srpaulo   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
91252190Srpaulo
92252190Srpaulo-- ArchiveCutoff ::= GeneralizedTime
93252190Srpaulo
94252190Srpaulo-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
95252190Srpaulo
96252190Srpaulo-- Object Identifiers
97252190Srpaulo
98252190Srpauloid-pkix-ocsp         OBJECT IDENTIFIER ::= {
99252190Srpaulo 	 iso(1) identified-organization(3) dod(6) internet(1)
100252190Srpaulo	 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
101252190Srpaulo}
102252190Srpaulo
103252190Srpauloid-pkix-ocsp-basic		OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
104252190Srpauloid-pkix-ocsp-nonce		OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
105252190Srpaulo-- id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
106252190Srpaulo-- id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
107252190Srpaulo-- id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
108252190Srpaulo-- id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
109252190Srpaulo-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
110281806Srpaulo
111252190Srpaulo
112252190SrpauloEND
113252190Srpaulo
114252190Srpaulo