1178825Sdfr-- From rfc2560 2233294Sstas-- $Id$ 3178825SdfrOCSP DEFINITIONS EXPLICIT TAGS::= 4178825Sdfr 5178825SdfrBEGIN 6178825Sdfr 7178825SdfrIMPORTS 8178825Sdfr Certificate, AlgorithmIdentifier, CRLReason, 9178825Sdfr Name, GeneralName, CertificateSerialNumber, Extensions 10178825Sdfr FROM rfc2459; 11178825Sdfr 12178825SdfrOCSPVersion ::= INTEGER { ocsp-v1(0) } 13178825Sdfr 14178825SdfrOCSPCertStatus ::= CHOICE { 15178825Sdfr good [0] IMPLICIT NULL, 16178825Sdfr revoked [1] IMPLICIT -- OCSPRevokedInfo -- SEQUENCE { 17178825Sdfr revocationTime GeneralizedTime, 18178825Sdfr revocationReason[0] EXPLICIT CRLReason OPTIONAL 19178825Sdfr }, 20178825Sdfr unknown [2] IMPLICIT NULL } 21178825Sdfr 22178825SdfrOCSPCertID ::= SEQUENCE { 23178825Sdfr hashAlgorithm AlgorithmIdentifier, 24178825Sdfr issuerNameHash OCTET STRING, -- Hash of Issuer's DN 25178825Sdfr issuerKeyHash OCTET STRING, -- Hash of Issuers public key 26178825Sdfr serialNumber CertificateSerialNumber } 27178825Sdfr 28178825SdfrOCSPSingleResponse ::= SEQUENCE { 29178825Sdfr certID OCSPCertID, 30178825Sdfr certStatus OCSPCertStatus, 31178825Sdfr thisUpdate GeneralizedTime, 32178825Sdfr nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 33178825Sdfr singleExtensions [1] EXPLICIT Extensions OPTIONAL } 34178825Sdfr 35178825SdfrOCSPInnerRequest ::= SEQUENCE { 36178825Sdfr reqCert OCSPCertID, 37178825Sdfr singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 38178825Sdfr 39178825SdfrOCSPTBSRequest ::= SEQUENCE { 40178825Sdfr version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, 41178825Sdfr requestorName [1] EXPLICIT GeneralName OPTIONAL, 42178825Sdfr requestList SEQUENCE OF OCSPInnerRequest, 43178825Sdfr requestExtensions [2] EXPLICIT Extensions OPTIONAL } 44178825Sdfr 45178825SdfrOCSPSignature ::= SEQUENCE { 46178825Sdfr signatureAlgorithm AlgorithmIdentifier, 47178825Sdfr signature BIT STRING, 48178825Sdfr certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 49178825Sdfr 50178825SdfrOCSPRequest ::= SEQUENCE { 51178825Sdfr tbsRequest OCSPTBSRequest, 52178825Sdfr optionalSignature [0] EXPLICIT OCSPSignature OPTIONAL } 53178825Sdfr 54178825SdfrOCSPResponseBytes ::= SEQUENCE { 55178825Sdfr responseType OBJECT IDENTIFIER, 56178825Sdfr response OCTET STRING } 57178825Sdfr 58178825SdfrOCSPResponseStatus ::= ENUMERATED { 59178825Sdfr successful (0), --Response has valid confirmations 60178825Sdfr malformedRequest (1), --Illegal confirmation request 61178825Sdfr internalError (2), --Internal error in issuer 62178825Sdfr tryLater (3), --Try again later 63178825Sdfr --(4) is not used 64178825Sdfr sigRequired (5), --Must sign the request 65178825Sdfr unauthorized (6) --Request unauthorized 66178825Sdfr} 67178825Sdfr 68178825SdfrOCSPResponse ::= SEQUENCE { 69178825Sdfr responseStatus OCSPResponseStatus, 70178825Sdfr responseBytes [0] EXPLICIT OCSPResponseBytes OPTIONAL } 71178825Sdfr 72178825SdfrOCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 73178825Sdfr --(excluding the tag and length fields) 74178825Sdfr 75178825SdfrOCSPResponderID ::= CHOICE { 76178825Sdfr byName [1] Name, 77178825Sdfr byKey [2] OCSPKeyHash } 78178825Sdfr 79178825SdfrOCSPResponseData ::= SEQUENCE { 80178825Sdfr version [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL, 81178825Sdfr responderID OCSPResponderID, 82178825Sdfr producedAt GeneralizedTime, 83178825Sdfr responses SEQUENCE OF OCSPSingleResponse, 84178825Sdfr responseExtensions [1] EXPLICIT Extensions OPTIONAL } 85178825Sdfr 86178825SdfrOCSPBasicOCSPResponse ::= SEQUENCE { 87178825Sdfr tbsResponseData OCSPResponseData, 88178825Sdfr signatureAlgorithm AlgorithmIdentifier, 89178825Sdfr signature BIT STRING, 90178825Sdfr certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 91178825Sdfr 92178825Sdfr-- ArchiveCutoff ::= GeneralizedTime 93178825Sdfr 94178825Sdfr-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER 95178825Sdfr 96178825Sdfr-- Object Identifiers 97178825Sdfr 98178825Sdfrid-pkix-ocsp OBJECT IDENTIFIER ::= { 99178825Sdfr iso(1) identified-organization(3) dod(6) internet(1) 100178825Sdfr security(5) mechanisms(5) pkix(7) pkix-ad(48) 1 101178825Sdfr} 102178825Sdfr 103178825Sdfrid-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 104178825Sdfrid-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 105178825Sdfr-- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 } 106178825Sdfr-- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 } 107178825Sdfr-- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 108178825Sdfr-- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } 109178825Sdfr-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 } 110178825Sdfr 111178825Sdfr 112178825SdfrEND 113178825Sdfr 114