See: Description
| Interface | Description |
|---|---|
| CMPObjectIdentifiers |
| Class | Description |
|---|---|
| CAKeyUpdAnnContent | |
| CertConfirmContent | |
| CertifiedKeyPair |
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedKey OPTIONAL,
-- see [CRMF] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL
}
|
| CertOrEncCert |
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedKey
}
|
| CertRepMessage |
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse
}
|
| CertReqTemplateContent |
GenMsg: {id-it 19}, < absent >
GenRep: {id-it 19}, CertReqTemplateContent | < absent >
|
| CertResponse |
CertResponse ::= SEQUENCE {
certReqId INTEGER,
status PKIStatusInfo,
certifiedKeyPair CertifiedKeyPair OPTIONAL,
rspInfo OCTET STRING OPTIONAL
-- analogous to the id-regInfo-utf8Pairs string defined
-- for regInfo in CertReqMsg [CRMF]
}
|
| CertStatus |
CertStatus ::= SEQUENCE {
certHash OCTET STRING,
certReqId INTEGER,
statusInfo PKIStatusInfo OPTIONAL,
hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
OPTIONAL
}
|
| Challenge | |
| CMPCertificate | |
| CRLAnnContent | |
| CRLSource |
GenMsg: {id-it TBD1}, SEQUENCE SIZE (1..MAX) OF CRLStatus
GenRep: {id-it TBD2}, SEQUENCE SIZE (1..MAX) OF
CertificateList | < absent >
|
| CRLStatus |
CRLStatus ::= SEQUENCE {
source CRLSource,
thisUpdate Time OPTIONAL }
|
| DHBMParameter |
DHBMParameter ::= SEQUENCE {
owf AlgorithmIdentifier,
-- AlgId for a One-Way Function (SHA-1 recommended)
mac AlgorithmIdentifier
-- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
} -- or HMAC [RFC2104, RFC2202])
|
| ErrorMsgContent | |
| GenMsgContent | |
| GenRepContent | |
| InfoTypeAndValue |
Example InfoTypeAndValue contents include, but are not limited
to, the following (un-comment in this ASN.1 module and use as
appropriate for a given environment):
|
| KeyRecRepContent | |
| OOBCertHash | |
| PBMParameter | |
| PKIBody | |
| PKIConfirmContent | |
| PKIFailureInfo |
PKIFailureInfo ::= BIT STRING {
badAlg (0),
-- unrecognized or unsupported Algorithm Identifier
badMessageCheck (1), -- integrity check failed (e.g., signature did not verify)
badRequest (2),
-- transaction not permitted or supported
badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
badCertId (4), -- no certificate could be found matching the provided criteria
badDataFormat (5),
-- the data submitted has the wrong format
wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token
incorrectData (7), -- the requester's data is incorrect (for notary services)
missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
badPOP (9) -- the proof-of-possession failed
certRevoked (10),
certConfirmed (11),
wrongIntegrity (12),
badRecipientNonce (13),
timeNotAvailable (14),
-- the TSA's time source is not available
unacceptedPolicy (15),
-- the requested TSA policy is not supported by the TSA
unacceptedExtension (16),
-- the requested extension is not supported by the TSA
addInfoNotAvailable (17)
-- the additional information requested could not be understood
-- or is not available
badSenderNonce (18),
badCertTemplate (19),
signerNotTrusted (20),
transactionIdInUse (21),
unsupportedVersion (22),
notAuthorized (23),
systemUnavail (24),
systemFailure (25),
-- the request cannot be handled due to system failure
duplicateCertReq (26)
|
| PKIFreeText | |
| PKIHeader | |
| PKIHeaderBuilder | |
| PKIMessage |
PKIMessage ::= SEQUENCE {
header PKIHeader,
body PKIBody,
protection [0] PKIProtection OPTIONAL,
extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL
}
|
| PKIMessages | |
| PKIStatus | |
| PKIStatusInfo | |
| PollRepContent |
PollRepContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER,
checkAfter INTEGER, -- time in seconds
reason PKIFreeText OPTIONAL }
|
| PollReqContent |
PollReqContent ::= SEQUENCE OF SEQUENCE {
certReqId INTEGER }
|
| POPODecKeyChallContent | |
| POPODecKeyRespContent | |
| ProtectedPart | |
| RevAnnContent | |
| RevDetails | |
| RevRepContent | |
| RevRepContentBuilder | |
| RevReqContent | |
| RootCaKeyUpdateContent |
GenMsg: {id-it 20}, RootCaCertValue | < absent >
GenRep: {id-it 18}, RootCaKeyUpdateContent | < absent >
|