1ebfedea0SLionel Sambuc /* ocsp.c */ 2*0a6a1f1dSLionel Sambuc /* 3*0a6a1f1dSLionel Sambuc * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4*0a6a1f1dSLionel Sambuc * 2000. 5ebfedea0SLionel Sambuc */ 6ebfedea0SLionel Sambuc /* ==================================================================== 7ebfedea0SLionel Sambuc * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 8ebfedea0SLionel Sambuc * 9ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without 10ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions 11ebfedea0SLionel Sambuc * are met: 12ebfedea0SLionel Sambuc * 13ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright 14ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer. 15ebfedea0SLionel Sambuc * 16ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright 17ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in 18ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the 19ebfedea0SLionel Sambuc * distribution. 20ebfedea0SLionel Sambuc * 21ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this 22ebfedea0SLionel Sambuc * software must display the following acknowledgment: 23ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project 24ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25ebfedea0SLionel Sambuc * 26ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27ebfedea0SLionel Sambuc * endorse or promote products derived from this software without 28ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact 29ebfedea0SLionel Sambuc * licensing@OpenSSL.org. 30ebfedea0SLionel Sambuc * 31ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL" 32ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written 33ebfedea0SLionel Sambuc * permission of the OpenSSL Project. 34ebfedea0SLionel Sambuc * 35ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following 36ebfedea0SLionel Sambuc * acknowledgment: 37ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project 38ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39ebfedea0SLionel Sambuc * 40ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE. 52ebfedea0SLionel Sambuc * ==================================================================== 53ebfedea0SLionel Sambuc * 54ebfedea0SLionel Sambuc * This product includes cryptographic software written by Eric Young 55ebfedea0SLionel Sambuc * (eay@cryptsoft.com). This product includes software written by Tim 56ebfedea0SLionel Sambuc * Hudson (tjh@cryptsoft.com). 57ebfedea0SLionel Sambuc * 58ebfedea0SLionel Sambuc */ 59ebfedea0SLionel Sambuc #include <openssl/asn1.h> 60ebfedea0SLionel Sambuc #include <openssl/asn1t.h> 61ebfedea0SLionel Sambuc #include <openssl/x509v3.h> 62ebfedea0SLionel Sambuc 63*0a6a1f1dSLionel Sambuc /*- 64*0a6a1f1dSLionel Sambuc Example of new ASN1 code, OCSP request 65ebfedea0SLionel Sambuc 66ebfedea0SLionel Sambuc OCSPRequest ::= SEQUENCE { 67ebfedea0SLionel Sambuc tbsRequest TBSRequest, 68ebfedea0SLionel Sambuc optionalSignature [0] EXPLICIT Signature OPTIONAL } 69ebfedea0SLionel Sambuc 70ebfedea0SLionel Sambuc TBSRequest ::= SEQUENCE { 71ebfedea0SLionel Sambuc version [0] EXPLICIT Version DEFAULT v1, 72ebfedea0SLionel Sambuc requestorName [1] EXPLICIT GeneralName OPTIONAL, 73ebfedea0SLionel Sambuc requestList SEQUENCE OF Request, 74ebfedea0SLionel Sambuc requestExtensions [2] EXPLICIT Extensions OPTIONAL } 75ebfedea0SLionel Sambuc 76ebfedea0SLionel Sambuc Signature ::= SEQUENCE { 77ebfedea0SLionel Sambuc signatureAlgorithm AlgorithmIdentifier, 78ebfedea0SLionel Sambuc signature BIT STRING, 79ebfedea0SLionel Sambuc certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 80ebfedea0SLionel Sambuc 81ebfedea0SLionel Sambuc Version ::= INTEGER { v1(0) } 82ebfedea0SLionel Sambuc 83ebfedea0SLionel Sambuc Request ::= SEQUENCE { 84ebfedea0SLionel Sambuc reqCert CertID, 85ebfedea0SLionel Sambuc singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 86ebfedea0SLionel Sambuc 87ebfedea0SLionel Sambuc CertID ::= SEQUENCE { 88ebfedea0SLionel Sambuc hashAlgorithm AlgorithmIdentifier, 89ebfedea0SLionel Sambuc issuerNameHash OCTET STRING, -- Hash of Issuer's DN 90ebfedea0SLionel Sambuc issuerKeyHash OCTET STRING, -- Hash of Issuers public key 91ebfedea0SLionel Sambuc serialNumber CertificateSerialNumber } 92ebfedea0SLionel Sambuc 93ebfedea0SLionel Sambuc OCSPResponse ::= SEQUENCE { 94ebfedea0SLionel Sambuc responseStatus OCSPResponseStatus, 95ebfedea0SLionel Sambuc responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 96ebfedea0SLionel Sambuc 97ebfedea0SLionel Sambuc OCSPResponseStatus ::= ENUMERATED { 98ebfedea0SLionel Sambuc successful (0), --Response has valid confirmations 99ebfedea0SLionel Sambuc malformedRequest (1), --Illegal confirmation request 100ebfedea0SLionel Sambuc internalError (2), --Internal error in issuer 101ebfedea0SLionel Sambuc tryLater (3), --Try again later 102ebfedea0SLionel Sambuc --(4) is not used 103ebfedea0SLionel Sambuc sigRequired (5), --Must sign the request 104ebfedea0SLionel Sambuc unauthorized (6) --Request unauthorized 105ebfedea0SLionel Sambuc } 106ebfedea0SLionel Sambuc 107ebfedea0SLionel Sambuc ResponseBytes ::= SEQUENCE { 108ebfedea0SLionel Sambuc responseType OBJECT IDENTIFIER, 109ebfedea0SLionel Sambuc response OCTET STRING } 110ebfedea0SLionel Sambuc 111ebfedea0SLionel Sambuc BasicOCSPResponse ::= SEQUENCE { 112ebfedea0SLionel Sambuc tbsResponseData ResponseData, 113ebfedea0SLionel Sambuc signatureAlgorithm AlgorithmIdentifier, 114ebfedea0SLionel Sambuc signature BIT STRING, 115ebfedea0SLionel Sambuc certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 116ebfedea0SLionel Sambuc 117ebfedea0SLionel Sambuc ResponseData ::= SEQUENCE { 118ebfedea0SLionel Sambuc version [0] EXPLICIT Version DEFAULT v1, 119ebfedea0SLionel Sambuc responderID ResponderID, 120ebfedea0SLionel Sambuc producedAt GeneralizedTime, 121ebfedea0SLionel Sambuc responses SEQUENCE OF SingleResponse, 122ebfedea0SLionel Sambuc responseExtensions [1] EXPLICIT Extensions OPTIONAL } 123ebfedea0SLionel Sambuc 124ebfedea0SLionel Sambuc ResponderID ::= CHOICE { 125ebfedea0SLionel Sambuc byName [1] Name, --EXPLICIT 126ebfedea0SLionel Sambuc byKey [2] KeyHash } 127ebfedea0SLionel Sambuc 128ebfedea0SLionel Sambuc KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 129ebfedea0SLionel Sambuc --(excluding the tag and length fields) 130ebfedea0SLionel Sambuc 131ebfedea0SLionel Sambuc SingleResponse ::= SEQUENCE { 132ebfedea0SLionel Sambuc certID CertID, 133ebfedea0SLionel Sambuc certStatus CertStatus, 134ebfedea0SLionel Sambuc thisUpdate GeneralizedTime, 135ebfedea0SLionel Sambuc nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 136ebfedea0SLionel Sambuc singleExtensions [1] EXPLICIT Extensions OPTIONAL } 137ebfedea0SLionel Sambuc 138ebfedea0SLionel Sambuc CertStatus ::= CHOICE { 139ebfedea0SLionel Sambuc good [0] IMPLICIT NULL, 140ebfedea0SLionel Sambuc revoked [1] IMPLICIT RevokedInfo, 141ebfedea0SLionel Sambuc unknown [2] IMPLICIT UnknownInfo } 142ebfedea0SLionel Sambuc 143ebfedea0SLionel Sambuc RevokedInfo ::= SEQUENCE { 144ebfedea0SLionel Sambuc revocationTime GeneralizedTime, 145ebfedea0SLionel Sambuc revocationReason [0] EXPLICIT CRLReason OPTIONAL } 146ebfedea0SLionel Sambuc 147ebfedea0SLionel Sambuc UnknownInfo ::= NULL -- this can be replaced with an enumeration 148ebfedea0SLionel Sambuc 149ebfedea0SLionel Sambuc ArchiveCutoff ::= GeneralizedTime 150ebfedea0SLionel Sambuc 151ebfedea0SLionel Sambuc AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER 152ebfedea0SLionel Sambuc 153ebfedea0SLionel Sambuc ServiceLocator ::= SEQUENCE { 154ebfedea0SLionel Sambuc issuer Name, 155ebfedea0SLionel Sambuc locator AuthorityInfoAccessSyntax } 156ebfedea0SLionel Sambuc 157ebfedea0SLionel Sambuc -- Object Identifiers 158ebfedea0SLionel Sambuc 159ebfedea0SLionel Sambuc id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } 160ebfedea0SLionel Sambuc id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp } 161ebfedea0SLionel Sambuc id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } 162ebfedea0SLionel Sambuc id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } 163ebfedea0SLionel Sambuc id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 } 164ebfedea0SLionel Sambuc id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 } 165ebfedea0SLionel Sambuc id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } 166ebfedea0SLionel Sambuc id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } 167ebfedea0SLionel Sambuc id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 } 168ebfedea0SLionel Sambuc 169ebfedea0SLionel Sambuc */ 170ebfedea0SLionel Sambuc 171ebfedea0SLionel Sambuc /* Request Structures */ 172ebfedea0SLionel Sambuc 173ebfedea0SLionel Sambuc DECLARE_STACK_OF(Request) 174ebfedea0SLionel Sambuc 175ebfedea0SLionel Sambuc typedef struct { 176ebfedea0SLionel Sambuc ASN1_INTEGER *version; 177ebfedea0SLionel Sambuc GENERAL_NAME *requestorName; 178ebfedea0SLionel Sambuc STACK_OF(Request) *requestList; 179ebfedea0SLionel Sambuc STACK_OF(X509_EXTENSION) *requestExtensions; 180ebfedea0SLionel Sambuc } TBSRequest; 181ebfedea0SLionel Sambuc 182ebfedea0SLionel Sambuc typedef struct { 183ebfedea0SLionel Sambuc X509_ALGOR *signatureAlgorithm; 184ebfedea0SLionel Sambuc ASN1_BIT_STRING *signature; 185ebfedea0SLionel Sambuc STACK_OF(X509) *certs; 186ebfedea0SLionel Sambuc } Signature; 187ebfedea0SLionel Sambuc 188ebfedea0SLionel Sambuc typedef struct { 189ebfedea0SLionel Sambuc TBSRequest *tbsRequest; 190ebfedea0SLionel Sambuc Signature *optionalSignature; 191ebfedea0SLionel Sambuc } OCSPRequest; 192ebfedea0SLionel Sambuc 193ebfedea0SLionel Sambuc typedef struct { 194ebfedea0SLionel Sambuc X509_ALGOR *hashAlgorithm; 195ebfedea0SLionel Sambuc ASN1_OCTET_STRING *issuerNameHash; 196ebfedea0SLionel Sambuc ASN1_OCTET_STRING *issuerKeyHash; 197ebfedea0SLionel Sambuc ASN1_INTEGER *certificateSerialNumber; 198ebfedea0SLionel Sambuc } CertID; 199ebfedea0SLionel Sambuc 200ebfedea0SLionel Sambuc typedef struct { 201ebfedea0SLionel Sambuc CertID *reqCert; 202ebfedea0SLionel Sambuc STACK_OF(X509_EXTENSION) *singleRequestExtensions; 203ebfedea0SLionel Sambuc } Request; 204ebfedea0SLionel Sambuc 205ebfedea0SLionel Sambuc /* Response structures */ 206ebfedea0SLionel Sambuc 207ebfedea0SLionel Sambuc typedef struct { 208ebfedea0SLionel Sambuc ASN1_OBJECT *responseType; 209ebfedea0SLionel Sambuc ASN1_OCTET_STRING *response; 210ebfedea0SLionel Sambuc } ResponseBytes; 211ebfedea0SLionel Sambuc 212ebfedea0SLionel Sambuc typedef struct { 213ebfedea0SLionel Sambuc ASN1_ENUMERATED *responseStatus; 214ebfedea0SLionel Sambuc ResponseBytes *responseBytes; 215ebfedea0SLionel Sambuc } OCSPResponse; 216ebfedea0SLionel Sambuc 217ebfedea0SLionel Sambuc typedef struct { 218ebfedea0SLionel Sambuc int type; 219ebfedea0SLionel Sambuc union { 220ebfedea0SLionel Sambuc X509_NAME *byName; 221ebfedea0SLionel Sambuc ASN1_OCTET_STRING *byKey; 222ebfedea0SLionel Sambuc } d; 223ebfedea0SLionel Sambuc } ResponderID; 224ebfedea0SLionel Sambuc 225ebfedea0SLionel Sambuc typedef struct { 226ebfedea0SLionel Sambuc ASN1_INTEGER *version; 227ebfedea0SLionel Sambuc ResponderID *responderID; 228ebfedea0SLionel Sambuc ASN1_GENERALIZEDTIME *producedAt; 229ebfedea0SLionel Sambuc STACK_OF(SingleResponse) *responses; 230ebfedea0SLionel Sambuc STACK_OF(X509_EXTENSION) *responseExtensions; 231ebfedea0SLionel Sambuc } ResponseData; 232ebfedea0SLionel Sambuc 233ebfedea0SLionel Sambuc typedef struct { 234ebfedea0SLionel Sambuc ResponseData *tbsResponseData; 235ebfedea0SLionel Sambuc X509_ALGOR *signatureAlgorithm; 236ebfedea0SLionel Sambuc ASN1_BIT_STRING *signature; 237ebfedea0SLionel Sambuc STACK_OF(X509) *certs; 238ebfedea0SLionel Sambuc } BasicOCSPResponse; 239ebfedea0SLionel Sambuc 240ebfedea0SLionel Sambuc typedef struct { 241ebfedea0SLionel Sambuc ASN1_GENERALIZEDTIME *revocationTime; 242ebfedea0SLionel Sambuc ASN1_ENUMERATED *revocationReason; 243ebfedea0SLionel Sambuc } RevokedInfo; 244ebfedea0SLionel Sambuc 245ebfedea0SLionel Sambuc typedef struct { 246ebfedea0SLionel Sambuc int type; 247ebfedea0SLionel Sambuc union { 248ebfedea0SLionel Sambuc ASN1_NULL *good; 249ebfedea0SLionel Sambuc RevokedInfo *revoked; 250ebfedea0SLionel Sambuc ASN1_NULL *unknown; 251ebfedea0SLionel Sambuc } d; 252ebfedea0SLionel Sambuc } CertStatus; 253ebfedea0SLionel Sambuc 254ebfedea0SLionel Sambuc typedef struct { 255ebfedea0SLionel Sambuc CertID *certID; 256ebfedea0SLionel Sambuc CertStatus *certStatus; 257ebfedea0SLionel Sambuc ASN1_GENERALIZEDTIME *thisUpdate; 258ebfedea0SLionel Sambuc ASN1_GENERALIZEDTIME *nextUpdate; 259ebfedea0SLionel Sambuc STACK_OF(X509_EXTENSION) *singleExtensions; 260ebfedea0SLionel Sambuc } SingleResponse; 261ebfedea0SLionel Sambuc 262ebfedea0SLionel Sambuc typedef struct { 263ebfedea0SLionel Sambuc X509_NAME *issuer; 264ebfedea0SLionel Sambuc STACK_OF(ACCESS_DESCRIPTION) *locator; 265ebfedea0SLionel Sambuc } ServiceLocator; 266ebfedea0SLionel Sambuc 267ebfedea0SLionel Sambuc /* Now the ASN1 templates */ 268ebfedea0SLionel Sambuc 269ebfedea0SLionel Sambuc IMPLEMENT_COMPAT_ASN1(X509); 270ebfedea0SLionel Sambuc IMPLEMENT_COMPAT_ASN1(X509_ALGOR); 271ebfedea0SLionel Sambuc // IMPLEMENT_COMPAT_ASN1(X509_EXTENSION); 272ebfedea0SLionel Sambuc IMPLEMENT_COMPAT_ASN1(GENERAL_NAME); 273ebfedea0SLionel Sambuc IMPLEMENT_COMPAT_ASN1(X509_NAME); 274ebfedea0SLionel Sambuc 275ebfedea0SLionel Sambuc ASN1_SEQUENCE(X509_EXTENSION) = { 276ebfedea0SLionel Sambuc ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), 277ebfedea0SLionel Sambuc ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), 278ebfedea0SLionel Sambuc ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) 279ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(X509_EXTENSION); 280ebfedea0SLionel Sambuc 281ebfedea0SLionel Sambuc 282ebfedea0SLionel Sambuc ASN1_SEQUENCE(Signature) = { 283ebfedea0SLionel Sambuc ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR), 284ebfedea0SLionel Sambuc ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING), 285ebfedea0SLionel Sambuc ASN1_SEQUENCE_OF(Signature, certs, X509) 286ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(Signature); 287ebfedea0SLionel Sambuc 288ebfedea0SLionel Sambuc ASN1_SEQUENCE(CertID) = { 289ebfedea0SLionel Sambuc ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR), 290ebfedea0SLionel Sambuc ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING), 291ebfedea0SLionel Sambuc ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING), 292ebfedea0SLionel Sambuc ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER) 293ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(CertID); 294ebfedea0SLionel Sambuc 295ebfedea0SLionel Sambuc ASN1_SEQUENCE(Request) = { 296ebfedea0SLionel Sambuc ASN1_SIMPLE(Request, reqCert, CertID), 297ebfedea0SLionel Sambuc ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0) 298ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(Request); 299ebfedea0SLionel Sambuc 300ebfedea0SLionel Sambuc ASN1_SEQUENCE(TBSRequest) = { 301ebfedea0SLionel Sambuc ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0), 302ebfedea0SLionel Sambuc ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1), 303ebfedea0SLionel Sambuc ASN1_SEQUENCE_OF(TBSRequest, requestList, Request), 304ebfedea0SLionel Sambuc ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2) 305ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(TBSRequest); 306ebfedea0SLionel Sambuc 307ebfedea0SLionel Sambuc ASN1_SEQUENCE(OCSPRequest) = { 308ebfedea0SLionel Sambuc ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest), 309ebfedea0SLionel Sambuc ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0) 310ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(OCSPRequest); 311ebfedea0SLionel Sambuc 312ebfedea0SLionel Sambuc /* Response templates */ 313ebfedea0SLionel Sambuc 314ebfedea0SLionel Sambuc ASN1_SEQUENCE(ResponseBytes) = { 315ebfedea0SLionel Sambuc ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT), 316ebfedea0SLionel Sambuc ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING) 317ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(ResponseBytes); 318ebfedea0SLionel Sambuc 319ebfedea0SLionel Sambuc ASN1_SEQUENCE(OCSPResponse) = { 320ebfedea0SLionel Sambuc ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED), 321ebfedea0SLionel Sambuc ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0) 322ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(OCSPResponse); 323ebfedea0SLionel Sambuc 324ebfedea0SLionel Sambuc ASN1_CHOICE(ResponderID) = { 325ebfedea0SLionel Sambuc ASN1_EXP(ResponderID, d.byName, X509_NAME, 1), 326ebfedea0SLionel Sambuc ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2) 327ebfedea0SLionel Sambuc } ASN1_CHOICE_END(ResponderID); 328ebfedea0SLionel Sambuc 329ebfedea0SLionel Sambuc ASN1_SEQUENCE(RevokedInfo) = { 330ebfedea0SLionel Sambuc ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME), 331ebfedea0SLionel Sambuc ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0) 332ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(RevokedInfo); 333ebfedea0SLionel Sambuc 334ebfedea0SLionel Sambuc ASN1_CHOICE(CertStatus) = { 335ebfedea0SLionel Sambuc ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0), 336ebfedea0SLionel Sambuc ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1), 337ebfedea0SLionel Sambuc ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2) 338ebfedea0SLionel Sambuc } ASN1_CHOICE_END(CertStatus); 339ebfedea0SLionel Sambuc 340ebfedea0SLionel Sambuc ASN1_SEQUENCE(SingleResponse) = { 341ebfedea0SLionel Sambuc ASN1_SIMPLE(SingleResponse, certID, CertID), 342ebfedea0SLionel Sambuc ASN1_SIMPLE(SingleResponse, certStatus, CertStatus), 343ebfedea0SLionel Sambuc ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME), 344ebfedea0SLionel Sambuc ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0), 345ebfedea0SLionel Sambuc ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1) 346ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(SingleResponse); 347ebfedea0SLionel Sambuc 348ebfedea0SLionel Sambuc ASN1_SEQUENCE(ResponseData) = { 349ebfedea0SLionel Sambuc ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0), 350ebfedea0SLionel Sambuc ASN1_SIMPLE(ResponseData, responderID, ResponderID), 351ebfedea0SLionel Sambuc ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME), 352ebfedea0SLionel Sambuc ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse), 353ebfedea0SLionel Sambuc ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1) 354ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(ResponseData); 355ebfedea0SLionel Sambuc 356ebfedea0SLionel Sambuc ASN1_SEQUENCE(BasicOCSPResponse) = { 357ebfedea0SLionel Sambuc ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData), 358ebfedea0SLionel Sambuc ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR), 359ebfedea0SLionel Sambuc ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING), 360ebfedea0SLionel Sambuc ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0) 361ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(BasicOCSPResponse); 362