Newer
Older
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version2(2)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version2(2) }
;
/************
-- EnrolmentRequest/Response
************/
EnrolmentResponseCode ::= ENUMERATED {
ok(0),
cantparse, -- valid for any structure
badcontenttype, -- not encrypted, not signed, not enrolmentrequest
imnottherecipient, -- the "recipients" doesn't include me
unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
decryptionfailed, -- works for ECIES-HMAC and AES-CCM
unknownits, -- can't retrieve the ITS from the itsId
invalidsignature, -- signature verification of the request fails
invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
baditsstatus, -- revoked, not yet active
incompleterequest, -- some elements are missing
deniedpermissions, -- requested permissions are not granted
invalidkeys, -- either the verification_key of the encryption_key is bad
deniedrequest, -- any other reason?
... }
InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest}
InnerEcRequest ::= SEQUENCE {
itsId OCTET STRING,
certificateFormat CertificateFormat,
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
...
}
InnerEcResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode EnrolmentResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
END