Loading 19172asn1Module.txt 0 → 100644 +378 −0 Original line number Diff line number Diff line ETSI-SigPolicy-ASN1 { itu-t(0) identified-organization(4) etsi(0) sigpolicy-asn1(19172) id-mod(0) sigpolicy-syntax680(1)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS All - IMPORTS -- Imports from CAdES in ETSI EN 319 122-1 OtherHashAlgAndValue, PostalAddress, CommitmentTypeIdentifier FROM ETSI-CAdES-ExplicitSyntax97 { itu-t(0) identified-organization(4) etsi(0) cades(19122) id-mod(0) cades-explicit97(1)} -- Imports as defined in RFC 5912 Certificate FROM PKIX1Explicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} GeneralName FROM PKIX1Implicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} ; -- Type definitions -- ===================================== OTHER ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Value OPTIONAL } WITH SYNTAX { OTHER-ID &id [OTHER-TYPE &Value] } Other{OTHER:MyOtherSet} ::= SEQUENCE { otherId OTHER.&id({MyOtherSet}), otherValue OTHER.&Value({MyOtherSet}{@otherId}) OPTIONAL } SignaturePolicy ::= SEQUENCE { digest Digest, policyComponents PolicyComponents} Digest ::= OtherHashAlgAndValue PolicyComponents ::= SEQUENCE { geneneralDetails GeneralDetails, policyRules PolicyRules } GeneralDetails ::= SEQUENCE { sigPolicyDetails SigPolicyDetails, authorityDetails [0] AuthorityDetails OPTIONAL, otherDetails [1] OtherDetails OPTIONAL } SigPolicyDetails ::= SEQUENCE { policyIdentifier OBJECT IDENTIFIER, policyName InternationalNames, distributionPoints DistributionPoints OPTIONAL } InternationalNames ::= SEQUENCE OF MultiLangText MultiLangText ::= SEQUENCE { lang PrintableString, text UTF8String } DistributionPoints ::= SEQUENCE SIZE (1..MAX) OF IA5String AuthorityDetails ::= SEQUENCE { name [0] Name OPTIONAL, tradeName [1] TradeName OPTIONAL, postalAddresses PostalAddresses, electronicAddresses ElectronicAddresses, contactPersons [2] ContactPersons OPTIONAL} Name ::= InternationalNames TradeName::= InternationalNames PostalAddresses ::= SEQUENCE OF PostalAddress ElectronicAddresses::= SEQUENCE OF ElectronicAddresse ElectronicAddresse ::= MultiLangURI MultiLangURI ::= SEQUENCE { lang PrintableString, uri IA5String } ContactPersons ::= SEQUENCE OF ContactPerson ContactPerson ::= SEQUENCE { name UTF8String, electronicAddresses ElectronicAddresses, phoneNumbers SEQUENCE OF PrintableString} OtherDetails ::= SEQUENCE { dateOfIssue GeneralizedTime, signingPeriod [0] SigningPeriod OPTIONAL, others [1] SEQUENCE SIZE (1..MAX) OF Other{{OtherDetailsOtherSet}} OPTIONAL} SigningPeriod ::= SEQUENCE { notBefore GeneralizedTime, notAfter GeneralizedTime OPTIONAL } OtherDetailsOtherSet OTHER ::= {...} PolicyRules ::= SEQUENCE OF PolicyRuleWithScope PolicyRuleWithScope ::= SEQUENCE { rule SigPolicyRule, scope SigPolicyScope OPTIONAL} SigPolicyRule ::= CHOICE { commitmentRules [0] CommitmentRules, basicRule [1] BasicRule } BasicRule ::= CHOICE { dataToBeSignedRules [0] DataToBeSignedRules, sigToDTBSRelationRules [1] SigToDTBSRelationRules, dTBSCardinality [2] DTBSCardinality, sigDTBSRelativePosition [3] SigDTBSRelativePosition, sigFormatsAndLevels [4] SigFormatsAndLevels, augmentationRules [5] AugmentationRules, signingCertRules [6] SigningCertRules, timeEvidencesRules [7] TimeEvidencesRules, signerAttributeConstraints [8] SignerAttributeConstraints, qualifyingAttributesRules [9] QualifyingAttributesRules, sCDLoARules [10] SCDLoARules, cryptoSuitesRules [11] CryptoSuitesRules, otherRules [12] Other{{BasicRuleOtherSet}} } SigPolicyScope ::= ENUMERATED { generation (0), validation (1), augmentation (2) } BasicRuleOtherSet OTHER ::= {...} CommitmentRules ::= SEQUENCE OF CommitmentRule CommitmentRule ::= SEQUENCE { commitments SEQUENCE OF Commitment, matchingIndicator MatchingIndicator, basicRules SEQUENCE OF BasicRule} Commitment ::= SEQUENCE { commitmentIdentifier CommitmentTypeIdentifier, details SEQUENCE SIZE (1..MAX) OF MultiLangString OPTIONAL} MultiLangString ::= SEQUENCE { lang PrintableString, uri UTF8String } MatchingIndicator ::= ENUMERATED { all (0), none (1), atLeastOne(2) } DataToBeSignedRules ::= SEQUENCE OF DataToBeSignedRule DataToBeSignedRule ::= SEQUENCE { anyOfMimeType [0] SEQUENCE SIZE (1..MAX) OF UTF8String OPTIONAL, noneOfMimeType [1] SEQUENCE SIZE (1..MAX) OF UTF8String OPTIONAL } SigToDTBSRelationRules::= SEQUENCE { dTBSCardinality DTBSCardinality, sigDTBSRelativePosition [0] SigDTBSRelativePosition OPTIONAL, sigFormatsAndLevels [1] SigFormatsAndLevels OPTIONAL } DTBSCardinality::= SEQUENCE { maxDTBSNumber [0] MaxDTBSNumber OPTIONAL, minDTBSNumber [1] MinDTBSNumber OPTIONAL } MaxDTBSNumber ::= SEQUENCE { dTBSNumber INTEGER, maxValueQualifier MaxValueQualifier } MaxValueQualifier ::= ENUMERATED { lessThan (0), lessOrEqualTo (1), equal (2) } MinDTBSNumber ::= SEQUENCE { dTBSNumber INTEGER, minValueQualifier MinValueQualifier } MinValueQualifier ::= ENUMERATED { higherThan (0), higherOrEqualTo (1), equal (2) } SigDTBSRelativePosition ::= SEQUENCE OF SigDTBSRelativePositionValue SigDTBSRelativePositionValue::= ENUMERATED { envelopingSig (0), envelopedSig (1), detachedSig (2), aSiC (3) } SigFormatsAndLevels ::= SEQUENCE { sigFormats [0] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL, sigLevels [1] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL} AugmentationRules ::= SEQUENCE { previousValidationRequired BOOLEAN, levelID IA5String, augQualifier AugmentationQualifier } AugmentationQualifier ::= ENUMERATED { thisLevel (0), minLevel (1), maxLevel (2) } TrustAnchors ::= SEQUENCE OF TrustAnchor TrustAnchor ::= CHOICE { certificate CertAndReliableTime, tAInTrustedList TAsInTrustedList } CertAndReliableTime ::= SEQUENCE { cert Certificate, reliableUntil GeneralizedTime OPTIONAL } TAsInTrustedList::= SEQUENCE { uri IA5String, serviceTypes [0] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL, serviceStatuses [1] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL } NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree GeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::= INTEGER (0..MAX) PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } SkipCerts ::= INTEGER (0..MAX) CertificateTrustTrees ::= SEQUENCE OF CertificateTrustPoint CertificateTrustPoint ::= SEQUENCE { trustAnchors TrustAnchors, pathLenConstraint [0] PathLenConstraint OPTIONAL, acceptablePolicySet [1] AcceptablePolicySet OPTIONAL, nameConstraints [2] NameConstraints OPTIONAL, policyConstraints [3] PolicyConstraints OPTIONAL, userCertPath [4] UserCertPath OPTIONAL } PathLenConstraint ::= INTEGER (0..MAX) AcceptablePolicySet ::= SEQUENCE OF CertPolicyId CertPolicyId ::= OBJECT IDENTIFIER UserCertPath ::= CHOICE { asInSignature [0] BOOLEAN, path [1] SEQUENCE OF Certificate } CertificateRevReq ::= SEQUENCE { endCertRevReq EnuRevReq, caCerts EnuRevReq } EnuRevReq ::= ENUMERATED { clrCheck (0), --Checks shall be made against current CRLs -- (or authority revocation lists) ocspCheck (1), -- The revocation status shall be checked -- using the Online Certificate Status Protocol (RFC 2450) bothCheck (2), -- Both CRL and OCSP checks shall be carried out eitherCheck (3), -- At least one of CRL or OCSP checks shall be carried out noCheck (4), -- no check is mandated other (5) -- Other mechanism as defined by signature policy extension -- } CertificateRevTrust ::= SEQUENCE { certificateRevReq CertificateRevReq, freshness [0] Freshness OPTIONAL, sigCertIssuedByCAKeepsExpiredRevokedCertsInfo [1] Duration OPTIONAL } Freshness ::= CHOICE { maxDifferenceRevocationAndValidation [0] Duration, timeAfterSignature [1] Duration } Duration ::= PrintableString SigningCertRules ::= SEQUENCE { signingCertTrustConditions SigningCertTrustConditions, mandatedSigningCertInfo MandatedSigningCertInfo OPTIONAL } MandatedSigningCertInfo ::= ENUMERATED { signingCertOnly (0), fullPath (1) } SigningCertTrustConditions ::= SEQUENCE { signerTrustTrees CertificateTrustTrees, signerRevTrust CertificateRevTrust } TimeEvidencesRules::= SEQUENCE OF RulesForSetOfEvidences RulesForSetOfEvidences ::= SEQUENCE { evidenceIdentifiers SEQUENCE OF IA5String, levelOfAssurance IA5String, timeStampTrustCondition TimestampTrustCondition OPTIONAL } TimestampTrustCondition ::= SEQUENCE { ttsCertificateTrustTrees [0] CertificateTrustTrees OPTIONAL, ttsRevReq [1] CertificateRevReq OPTIONAL, ttsNameConstraints [2] NameConstraints OPTIONAL, signatureTimestampDelay [3] DeltaTime OPTIONAL } DeltaTime ::= SEQUENCE { deltaSeconds INTEGER, deltaMinutes INTEGER, deltaHours INTEGER, deltaDays INTEGER } SignerAttributeConstraints ::= SEQUENCE { noSignerAttributesAllowed BOOLEAN, constraintsOnOneSetOfAttributes SEQUENCE OF AttributeSetConstraints } AttributeSetConstraints ::= SEQUENCE { howCertAttribute HowCertAttribute, attrCertificateTrustTrees [0] CertificateTrustTrees OPTIONAL, attrRevReq [1] CertificateRevTrust OPTIONAL, attributeConstraints [2] AttributeConstraints OPTIONAL } HowCertAttribute ::= ENUMERATED { claimedAttribute (0), certifiedAttribtes (1), signedAssertions (2), any (3) } AttributeConstraints ::= SEQUENCE { attributeIdMustBePresent [0] OBJECT IDENTIFIER OPTIONAL, attributeValueConstraints [1] SEQUENCE SIZE (1..MAX) OF Other{{AttributeValueConstraintsOtherSet}} OPTIONAL } AttributeValueConstraintsOtherSet OTHER ::= {...} QualifyingAttributesRules ::= SEQUENCE OF LevelAttributesRules LevelAttributesRules ::= SEQUENCE { levelIdentifier [0] IA5String, signedAttributes [1] SignatureAttributes OPTIONAL, unsignedAttributes [2] SignatureAttributes OPTIONAL } SignatureAttributes ::= SEQUENCE OF CHOICE { choice [0] SEQUENCE OF SignatureAttribute, sigAttr [1] SignatureAttribute } SignatureAttribute ::= SEQUENCE { identifier OBJECT IDENTIFIER, mandatory BOOLEAN } SCDLoARules ::= IA5String CryptoSuitesRules ::= SEQUENCE OF AlgConstraints AlgConstraints ::= SEQUENCE { algID OBJECT IDENTIFIER, usages SEQUENCE SIZE (1..MAX) OF IA5String, minKeyLength [0] INTEGER OPTIONAL, minHashLength [1] INTEGER OPTIONAL, other Other{{AlgConstraintsOtherSet}} OPTIONAL } AlgConstraintsOtherSet OTHER ::= {...} END Loading
19172asn1Module.txt 0 → 100644 +378 −0 Original line number Diff line number Diff line ETSI-SigPolicy-ASN1 { itu-t(0) identified-organization(4) etsi(0) sigpolicy-asn1(19172) id-mod(0) sigpolicy-syntax680(1)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS All - IMPORTS -- Imports from CAdES in ETSI EN 319 122-1 OtherHashAlgAndValue, PostalAddress, CommitmentTypeIdentifier FROM ETSI-CAdES-ExplicitSyntax97 { itu-t(0) identified-organization(4) etsi(0) cades(19122) id-mod(0) cades-explicit97(1)} -- Imports as defined in RFC 5912 Certificate FROM PKIX1Explicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} GeneralName FROM PKIX1Implicit-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} ; -- Type definitions -- ===================================== OTHER ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Value OPTIONAL } WITH SYNTAX { OTHER-ID &id [OTHER-TYPE &Value] } Other{OTHER:MyOtherSet} ::= SEQUENCE { otherId OTHER.&id({MyOtherSet}), otherValue OTHER.&Value({MyOtherSet}{@otherId}) OPTIONAL } SignaturePolicy ::= SEQUENCE { digest Digest, policyComponents PolicyComponents} Digest ::= OtherHashAlgAndValue PolicyComponents ::= SEQUENCE { geneneralDetails GeneralDetails, policyRules PolicyRules } GeneralDetails ::= SEQUENCE { sigPolicyDetails SigPolicyDetails, authorityDetails [0] AuthorityDetails OPTIONAL, otherDetails [1] OtherDetails OPTIONAL } SigPolicyDetails ::= SEQUENCE { policyIdentifier OBJECT IDENTIFIER, policyName InternationalNames, distributionPoints DistributionPoints OPTIONAL } InternationalNames ::= SEQUENCE OF MultiLangText MultiLangText ::= SEQUENCE { lang PrintableString, text UTF8String } DistributionPoints ::= SEQUENCE SIZE (1..MAX) OF IA5String AuthorityDetails ::= SEQUENCE { name [0] Name OPTIONAL, tradeName [1] TradeName OPTIONAL, postalAddresses PostalAddresses, electronicAddresses ElectronicAddresses, contactPersons [2] ContactPersons OPTIONAL} Name ::= InternationalNames TradeName::= InternationalNames PostalAddresses ::= SEQUENCE OF PostalAddress ElectronicAddresses::= SEQUENCE OF ElectronicAddresse ElectronicAddresse ::= MultiLangURI MultiLangURI ::= SEQUENCE { lang PrintableString, uri IA5String } ContactPersons ::= SEQUENCE OF ContactPerson ContactPerson ::= SEQUENCE { name UTF8String, electronicAddresses ElectronicAddresses, phoneNumbers SEQUENCE OF PrintableString} OtherDetails ::= SEQUENCE { dateOfIssue GeneralizedTime, signingPeriod [0] SigningPeriod OPTIONAL, others [1] SEQUENCE SIZE (1..MAX) OF Other{{OtherDetailsOtherSet}} OPTIONAL} SigningPeriod ::= SEQUENCE { notBefore GeneralizedTime, notAfter GeneralizedTime OPTIONAL } OtherDetailsOtherSet OTHER ::= {...} PolicyRules ::= SEQUENCE OF PolicyRuleWithScope PolicyRuleWithScope ::= SEQUENCE { rule SigPolicyRule, scope SigPolicyScope OPTIONAL} SigPolicyRule ::= CHOICE { commitmentRules [0] CommitmentRules, basicRule [1] BasicRule } BasicRule ::= CHOICE { dataToBeSignedRules [0] DataToBeSignedRules, sigToDTBSRelationRules [1] SigToDTBSRelationRules, dTBSCardinality [2] DTBSCardinality, sigDTBSRelativePosition [3] SigDTBSRelativePosition, sigFormatsAndLevels [4] SigFormatsAndLevels, augmentationRules [5] AugmentationRules, signingCertRules [6] SigningCertRules, timeEvidencesRules [7] TimeEvidencesRules, signerAttributeConstraints [8] SignerAttributeConstraints, qualifyingAttributesRules [9] QualifyingAttributesRules, sCDLoARules [10] SCDLoARules, cryptoSuitesRules [11] CryptoSuitesRules, otherRules [12] Other{{BasicRuleOtherSet}} } SigPolicyScope ::= ENUMERATED { generation (0), validation (1), augmentation (2) } BasicRuleOtherSet OTHER ::= {...} CommitmentRules ::= SEQUENCE OF CommitmentRule CommitmentRule ::= SEQUENCE { commitments SEQUENCE OF Commitment, matchingIndicator MatchingIndicator, basicRules SEQUENCE OF BasicRule} Commitment ::= SEQUENCE { commitmentIdentifier CommitmentTypeIdentifier, details SEQUENCE SIZE (1..MAX) OF MultiLangString OPTIONAL} MultiLangString ::= SEQUENCE { lang PrintableString, uri UTF8String } MatchingIndicator ::= ENUMERATED { all (0), none (1), atLeastOne(2) } DataToBeSignedRules ::= SEQUENCE OF DataToBeSignedRule DataToBeSignedRule ::= SEQUENCE { anyOfMimeType [0] SEQUENCE SIZE (1..MAX) OF UTF8String OPTIONAL, noneOfMimeType [1] SEQUENCE SIZE (1..MAX) OF UTF8String OPTIONAL } SigToDTBSRelationRules::= SEQUENCE { dTBSCardinality DTBSCardinality, sigDTBSRelativePosition [0] SigDTBSRelativePosition OPTIONAL, sigFormatsAndLevels [1] SigFormatsAndLevels OPTIONAL } DTBSCardinality::= SEQUENCE { maxDTBSNumber [0] MaxDTBSNumber OPTIONAL, minDTBSNumber [1] MinDTBSNumber OPTIONAL } MaxDTBSNumber ::= SEQUENCE { dTBSNumber INTEGER, maxValueQualifier MaxValueQualifier } MaxValueQualifier ::= ENUMERATED { lessThan (0), lessOrEqualTo (1), equal (2) } MinDTBSNumber ::= SEQUENCE { dTBSNumber INTEGER, minValueQualifier MinValueQualifier } MinValueQualifier ::= ENUMERATED { higherThan (0), higherOrEqualTo (1), equal (2) } SigDTBSRelativePosition ::= SEQUENCE OF SigDTBSRelativePositionValue SigDTBSRelativePositionValue::= ENUMERATED { envelopingSig (0), envelopedSig (1), detachedSig (2), aSiC (3) } SigFormatsAndLevels ::= SEQUENCE { sigFormats [0] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL, sigLevels [1] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL} AugmentationRules ::= SEQUENCE { previousValidationRequired BOOLEAN, levelID IA5String, augQualifier AugmentationQualifier } AugmentationQualifier ::= ENUMERATED { thisLevel (0), minLevel (1), maxLevel (2) } TrustAnchors ::= SEQUENCE OF TrustAnchor TrustAnchor ::= CHOICE { certificate CertAndReliableTime, tAInTrustedList TAsInTrustedList } CertAndReliableTime ::= SEQUENCE { cert Certificate, reliableUntil GeneralizedTime OPTIONAL } TAsInTrustedList::= SEQUENCE { uri IA5String, serviceTypes [0] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL, serviceStatuses [1] SEQUENCE SIZE (1..MAX) OF IA5String OPTIONAL } NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree GeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::= INTEGER (0..MAX) PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } SkipCerts ::= INTEGER (0..MAX) CertificateTrustTrees ::= SEQUENCE OF CertificateTrustPoint CertificateTrustPoint ::= SEQUENCE { trustAnchors TrustAnchors, pathLenConstraint [0] PathLenConstraint OPTIONAL, acceptablePolicySet [1] AcceptablePolicySet OPTIONAL, nameConstraints [2] NameConstraints OPTIONAL, policyConstraints [3] PolicyConstraints OPTIONAL, userCertPath [4] UserCertPath OPTIONAL } PathLenConstraint ::= INTEGER (0..MAX) AcceptablePolicySet ::= SEQUENCE OF CertPolicyId CertPolicyId ::= OBJECT IDENTIFIER UserCertPath ::= CHOICE { asInSignature [0] BOOLEAN, path [1] SEQUENCE OF Certificate } CertificateRevReq ::= SEQUENCE { endCertRevReq EnuRevReq, caCerts EnuRevReq } EnuRevReq ::= ENUMERATED { clrCheck (0), --Checks shall be made against current CRLs -- (or authority revocation lists) ocspCheck (1), -- The revocation status shall be checked -- using the Online Certificate Status Protocol (RFC 2450) bothCheck (2), -- Both CRL and OCSP checks shall be carried out eitherCheck (3), -- At least one of CRL or OCSP checks shall be carried out noCheck (4), -- no check is mandated other (5) -- Other mechanism as defined by signature policy extension -- } CertificateRevTrust ::= SEQUENCE { certificateRevReq CertificateRevReq, freshness [0] Freshness OPTIONAL, sigCertIssuedByCAKeepsExpiredRevokedCertsInfo [1] Duration OPTIONAL } Freshness ::= CHOICE { maxDifferenceRevocationAndValidation [0] Duration, timeAfterSignature [1] Duration } Duration ::= PrintableString SigningCertRules ::= SEQUENCE { signingCertTrustConditions SigningCertTrustConditions, mandatedSigningCertInfo MandatedSigningCertInfo OPTIONAL } MandatedSigningCertInfo ::= ENUMERATED { signingCertOnly (0), fullPath (1) } SigningCertTrustConditions ::= SEQUENCE { signerTrustTrees CertificateTrustTrees, signerRevTrust CertificateRevTrust } TimeEvidencesRules::= SEQUENCE OF RulesForSetOfEvidences RulesForSetOfEvidences ::= SEQUENCE { evidenceIdentifiers SEQUENCE OF IA5String, levelOfAssurance IA5String, timeStampTrustCondition TimestampTrustCondition OPTIONAL } TimestampTrustCondition ::= SEQUENCE { ttsCertificateTrustTrees [0] CertificateTrustTrees OPTIONAL, ttsRevReq [1] CertificateRevReq OPTIONAL, ttsNameConstraints [2] NameConstraints OPTIONAL, signatureTimestampDelay [3] DeltaTime OPTIONAL } DeltaTime ::= SEQUENCE { deltaSeconds INTEGER, deltaMinutes INTEGER, deltaHours INTEGER, deltaDays INTEGER } SignerAttributeConstraints ::= SEQUENCE { noSignerAttributesAllowed BOOLEAN, constraintsOnOneSetOfAttributes SEQUENCE OF AttributeSetConstraints } AttributeSetConstraints ::= SEQUENCE { howCertAttribute HowCertAttribute, attrCertificateTrustTrees [0] CertificateTrustTrees OPTIONAL, attrRevReq [1] CertificateRevTrust OPTIONAL, attributeConstraints [2] AttributeConstraints OPTIONAL } HowCertAttribute ::= ENUMERATED { claimedAttribute (0), certifiedAttribtes (1), signedAssertions (2), any (3) } AttributeConstraints ::= SEQUENCE { attributeIdMustBePresent [0] OBJECT IDENTIFIER OPTIONAL, attributeValueConstraints [1] SEQUENCE SIZE (1..MAX) OF Other{{AttributeValueConstraintsOtherSet}} OPTIONAL } AttributeValueConstraintsOtherSet OTHER ::= {...} QualifyingAttributesRules ::= SEQUENCE OF LevelAttributesRules LevelAttributesRules ::= SEQUENCE { levelIdentifier [0] IA5String, signedAttributes [1] SignatureAttributes OPTIONAL, unsignedAttributes [2] SignatureAttributes OPTIONAL } SignatureAttributes ::= SEQUENCE OF CHOICE { choice [0] SEQUENCE OF SignatureAttribute, sigAttr [1] SignatureAttribute } SignatureAttribute ::= SEQUENCE { identifier OBJECT IDENTIFIER, mandatory BOOLEAN } SCDLoARules ::= IA5String CryptoSuitesRules ::= SEQUENCE OF AlgConstraints AlgConstraints ::= SEQUENCE { algID OBJECT IDENTIFIER, usages SEQUENCE SIZE (1..MAX) OF IA5String, minKeyLength [0] INTEGER OPTIONAL, minHashLength [1] INTEGER OPTIONAL, other Other{{AlgConstraintsOtherSet}} OPTIONAL } AlgConstraintsOtherSet OTHER ::= {...} END
