1178825Sdfr-- From rfc2560
2233294Sstas-- $Id$
3178825SdfrOCSP DEFINITIONS EXPLICIT TAGS::=
4178825Sdfr
5178825SdfrBEGIN
6178825Sdfr
7178825SdfrIMPORTS
8178825Sdfr	Certificate, AlgorithmIdentifier, CRLReason,
9178825Sdfr	Name, GeneralName, CertificateSerialNumber, Extensions
10178825Sdfr	FROM rfc2459;
11178825Sdfr
12178825SdfrOCSPVersion  ::=  INTEGER {  ocsp-v1(0) }
13178825Sdfr
14178825SdfrOCSPCertStatus ::= CHOICE {
15178825Sdfr    good                [0]     IMPLICIT NULL,
16178825Sdfr    revoked             [1]     IMPLICIT -- OCSPRevokedInfo -- SEQUENCE {
17178825Sdfr    			revocationTime		GeneralizedTime,
18178825Sdfr			revocationReason[0]	EXPLICIT CRLReason OPTIONAL
19178825Sdfr    },
20178825Sdfr    unknown             [2]     IMPLICIT NULL }
21178825Sdfr
22178825SdfrOCSPCertID ::= SEQUENCE {
23178825Sdfr    hashAlgorithm            AlgorithmIdentifier,
24178825Sdfr    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
25178825Sdfr    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
26178825Sdfr    serialNumber       CertificateSerialNumber }
27178825Sdfr
28178825SdfrOCSPSingleResponse ::= SEQUENCE {
29178825Sdfr   certID                       OCSPCertID,
30178825Sdfr   certStatus                   OCSPCertStatus,
31178825Sdfr   thisUpdate                   GeneralizedTime,
32178825Sdfr   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
33178825Sdfr   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
34178825Sdfr
35178825SdfrOCSPInnerRequest ::=     SEQUENCE {
36178825Sdfr    reqCert                    OCSPCertID,
37178825Sdfr    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
38178825Sdfr
39178825SdfrOCSPTBSRequest      ::=     SEQUENCE {
40178825Sdfr    version             [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
41178825Sdfr    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
42178825Sdfr    requestList             SEQUENCE OF OCSPInnerRequest,
43178825Sdfr    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
44178825Sdfr
45178825SdfrOCSPSignature       ::=     SEQUENCE {
46178825Sdfr    signatureAlgorithm   AlgorithmIdentifier,
47178825Sdfr    signature            BIT STRING,
48178825Sdfr    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
49178825Sdfr
50178825SdfrOCSPRequest     ::=     SEQUENCE {
51178825Sdfr    tbsRequest                  OCSPTBSRequest,
52178825Sdfr    optionalSignature   [0]     EXPLICIT OCSPSignature OPTIONAL }
53178825Sdfr
54178825SdfrOCSPResponseBytes ::=       SEQUENCE {
55178825Sdfr    responseType   OBJECT IDENTIFIER,
56178825Sdfr    response       OCTET STRING }
57178825Sdfr
58178825SdfrOCSPResponseStatus ::= ENUMERATED {
59178825Sdfr    successful            (0),      --Response has valid confirmations
60178825Sdfr    malformedRequest      (1),      --Illegal confirmation request
61178825Sdfr    internalError         (2),      --Internal error in issuer
62178825Sdfr    tryLater              (3),      --Try again later
63178825Sdfr                                    --(4) is not used
64178825Sdfr    sigRequired           (5),      --Must sign the request
65178825Sdfr    unauthorized          (6)       --Request unauthorized
66178825Sdfr}
67178825Sdfr
68178825SdfrOCSPResponse ::= SEQUENCE {
69178825Sdfr   responseStatus         OCSPResponseStatus,
70178825Sdfr   responseBytes          [0] EXPLICIT OCSPResponseBytes OPTIONAL }
71178825Sdfr
72178825SdfrOCSPKeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
73178825Sdfr                         --(excluding the tag and length fields)
74178825Sdfr
75178825SdfrOCSPResponderID ::= CHOICE {
76178825Sdfr   byName   [1] Name,
77178825Sdfr   byKey    [2] OCSPKeyHash }
78178825Sdfr
79178825SdfrOCSPResponseData ::= SEQUENCE {
80178825Sdfr   version              [0] EXPLICIT OCSPVersion -- DEFAULT v1 -- OPTIONAL,
81178825Sdfr   responderID              OCSPResponderID,
82178825Sdfr   producedAt               GeneralizedTime,
83178825Sdfr   responses                SEQUENCE OF OCSPSingleResponse,
84178825Sdfr   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
85178825Sdfr
86178825SdfrOCSPBasicOCSPResponse       ::= SEQUENCE {
87178825Sdfr   tbsResponseData      OCSPResponseData,
88178825Sdfr   signatureAlgorithm   AlgorithmIdentifier,
89178825Sdfr   signature            BIT STRING,
90178825Sdfr   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
91178825Sdfr
92178825Sdfr-- ArchiveCutoff ::= GeneralizedTime
93178825Sdfr
94178825Sdfr-- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
95178825Sdfr
96178825Sdfr-- Object Identifiers
97178825Sdfr
98178825Sdfrid-pkix-ocsp         OBJECT IDENTIFIER ::= {
99178825Sdfr 	 iso(1) identified-organization(3) dod(6) internet(1)
100178825Sdfr	 security(5) mechanisms(5) pkix(7) pkix-ad(48) 1
101178825Sdfr}
102178825Sdfr
103178825Sdfrid-pkix-ocsp-basic		OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
104178825Sdfrid-pkix-ocsp-nonce		OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
105178825Sdfr-- id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
106178825Sdfr-- id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
107178825Sdfr-- id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
108178825Sdfr-- id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
109178825Sdfr-- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
110178825Sdfr
111178825Sdfr
112178825SdfrEND
113178825Sdfr
114