+ ARCHITECTURE
+
+EUDI is decetralized PKIX with ABAC level control over attributes that is using JSON as encoding and HTTP as transport.
+
+
+
+- ● eIDAS Node — State Certificate Authority
+- ● EUDI Verifier — Verifiable Presentations
+- ● EUID Wallet (Holder) — iOS/Android Application
+- ● EUDI Provider (Issuer) — OpenID for Verifiable Credentials
+- ● Personal Identification Data (PID) Provider — Diia State Enterprise
+- ● Qualified and Non-Qualified Electronic Attestation of Attributes (QEAA)
+- ● Qualifiied Electronic Signature Provider (QP) — Qualified Certificates (QC)
+
+
+
+HOLDER, ISSUER, VERIFIER
+
+In an OpenID4VC ecosystem, the Verifier and the Issuer are connected indirectly
+through the credential lifecycle, with interactions primarily mediated by the Holder.
+This architecture ensures trust without requiring a direct, continuous relationship
+between the Verifier and the Issuer, adhering to privacy and decentralization principles.
+The Verifier does not directly contact the Issuer during typical operations unless a status check is required.
+The Holder acts as the intermediary, ensuring their privacy and control over the data being shared.
+
+EUDI Wallet acts as Holder, QEAA, EAA, PIP (TSPs) act as EUDI Providers or Issuers. EUDI Verifier perform
+status verification of credentials and acts as presentations Verifier.
+
+PKIX vs OpenID4VC
+
+EUDI model has a similarity with PKIX.
+The same way person use a signed attribute set (a X.509 certificate from CSR attributes)
+for authentication and authorization in PKI, the OpenID4VC provider (PIP) envelops
+set of attributes (digital presentation of claims) and
+issue and Electronic Documents in mDOC format for EUDI Wallet.
+
+However, unlike PKIX with its centralized model,
+EUDI provide distributed model without single root CA,
+where all parties bounded cryptographycally. Also, EUDI has more subtle
+and rigorous control over attributes (claims) like in ABAC model.
+
+CRLs and OCSP can create privacy concerns since they involve
+querying a CA, potentially exposing the user's activity.
+OpenID4VC mitigates this by enabling the Holder to mediate
+the process, and some implementations avoid real-time statu
+checks entirely by including cryptographic proofs within the
+credential itself.
+
˙
diff --git a/lib/application.ex b/lib/application.ex
index 6a27e97..003f226 100644
--- a/lib/application.ex
+++ b/lib/application.ex
@@ -12,8 +12,10 @@ defmodule CA do
{ CA.CMC, port: port(:cmc) },
{ CA.OCSP, port: port(:ocsp) },
{ CA.TSP, port: port(:tsp) },
- { CA.EST, port: port(:est), plug: CA.EST, scheme: :http,
- thousand_island_options: [num_acceptors: 1] }
+ { CA.EUDI.Issuer, port: port(:issuer), plug: CA.EUDI.Issuer, scheme: :http, thousand_island_options: [num_acceptors: 1] },
+ { CA.EUDI.Verifier, port: port(:verifier), plug: CA.EUDI.Verifier, scheme: :http, thousand_island_options: [num_acceptors: 1] },
+ { CA.EUDI.Wallet, port: port(:wallet), plug: CA.EUDI.Wallet, scheme: :http, thousand_island_options: [num_acceptors: 1] },
+ { CA.EST, port: port(:est), plug: CA.EST, scheme: :http, thousand_island_options: [num_acceptors: 1] }
], strategy: :one_for_one, name: CA.Supervisor)
end
diff --git a/lib/eudi/eudi.ex b/lib/eudi/eudi.ex
new file mode 100644
index 0000000..909221b
--- /dev/null
+++ b/lib/eudi/eudi.ex
@@ -0,0 +1,4 @@
+defmodule CA.EUDI do
+ @moduledoc "CA/EUDI/OID4VC HTTPS/HTTP library."
+
+end
diff --git a/lib/eudi/issuer.ex b/lib/eudi/issuer.ex
new file mode 100644
index 0000000..ac6db43
--- /dev/null
+++ b/lib/eudi/issuer.ex
@@ -0,0 +1,42 @@
+defmodule CA.EUDI.Issuer do
+ @moduledoc "EUDI/OID4VC Issuer server."
+ @profiles [ "secp256k1", "secp384r1", "secp521r1" ]
+ @templates [ "ocsp", "ipsec", "bgp", "eap", "cap", "sip", "cmc", "scvp", "ssh", "tls" ]
+ @classes [ "ca", "ra", "server", "client", "human", "program" ]
+
+ use Plug.Router
+ plug :match
+ plug :dispatch
+ plug Plug.Parsers, parsers: [:json], json_decoder: Jason
+
+ def start_link(opt) do
+ Bandit.start_link(opt)
+ end
+
+ def child_spec(opt) do
+ %{
+ id: EUDI.Issuer,
+ start: {CA.EUDI.Issuer, :start_link, [opt]},
+ type: :supervisor,
+ restart: :permanent
+ }
+ end
+
+ get "/jwks" do CA.EST.Get.get(conn, "EUDI", [], [], "JWKS") end
+ get "/.well-known/openid-configuration" do CA.EST.Get.get(conn, "EUDI", [], [], "CONFIG") end
+ get "/.well-known/openid-credential-issuer" do CA.EST.Get.get(conn, "EUDI", [], [], "ISSUE") end
+ get "/.well-known/oauth-authorization-server" do CA.EST.Get.get(conn, "EUDI", [], [], "OAUTH") end
+ get "/.well-known/jwt-vc-issuer" do CA.EST.Get.get(conn, "EUDI", [], [], "JWT") end
+ get "/openid4vc/credentialOffer" do CA.EST.Get.get(conn, "EUDI", [], [], "OFFER") end
+ post "/openid4vc/jwt/issue" do CA.EST.Get.get(conn, "EUDI", [], [], "JWT") end
+ post "/openid4vc/sdjwt/issue" do CA.EST.Get.get(conn, "EUDI", [], [], "SDJWT") end
+ post "/openid4vc/mdoc/issue" do CA.EST.Get.get(conn, "EUDI", [], [], "MDOC") end
+
+ match _ do send_resp(conn, 404, "Please refer to https://authority.erp.uno for more information.\n") end
+ def encode(x) do
+ case Jason.encode(x) do
+ {:ok, bin} -> bin
+ {:error, _} -> ""
+ end |> Jason.Formatter.pretty_print
+ end
+end
diff --git a/lib/eudi/verifier.ex b/lib/eudi/verifier.ex
new file mode 100644
index 0000000..ad0d6cc
--- /dev/null
+++ b/lib/eudi/verifier.ex
@@ -0,0 +1,38 @@
+defmodule CA.EUDI.Verifier do
+ @moduledoc "EUDI/OID4VC Verifier."
+ @profiles [ "secp256k1", "secp384r1", "secp521r1" ]
+ @templates [ "ocsp", "ipsec", "bgp", "eap", "cap", "sip", "cmc", "scvp", "ssh", "tls" ]
+ @classes [ "ca", "ra", "server", "client", "human", "program" ]
+
+ use Plug.Router
+ plug :match
+ plug :dispatch
+ plug Plug.Parsers, parsers: [:json], json_decoder: Jason
+
+ def start_link(opt) do
+ Bandit.start_link(opt)
+ end
+
+ def child_spec(opt) do
+ %{
+ id: EUDI.Verifier,
+ start: {CA.EUDI.Verifier, :start_link, [opt]},
+ type: :supervisor,
+ restart: :permanent
+ }
+ end
+
+ get "/openid4vc/session/:id" do CA.EST.Get.get(conn, "EUDI", [], id, "SESSION") end
+ get "/openid4vc/policy-list" do CA.EST.Get.get(conn, "EUDI", [], [], "POLICIES") end
+ get "/openid4vc/pd/:id" do CA.EST.Get.get(conn, "EUDI", [], id, "PD") end
+ get "/openid4vc/verify/:state" do CA.EST.Get.get(conn, "EUDI", [], state, "VERIFY") end
+ get "/openid4vc/request/:id" do CA.EST.Get.get(conn, "EUDI", [], id, "REQ") end
+
+ match _ do send_resp(conn, 404, "Please refer to https://authority.erp.uno for more information.\n") end
+ def encode(x) do
+ case Jason.encode(x) do
+ {:ok, bin} -> bin
+ {:error, _} -> ""
+ end |> Jason.Formatter.pretty_print
+ end
+end
diff --git a/lib/eudi/wallet.ex b/lib/eudi/wallet.ex
new file mode 100644
index 0000000..95ea801
--- /dev/null
+++ b/lib/eudi/wallet.ex
@@ -0,0 +1,40 @@
+defmodule CA.EUDI.Wallet do
+ @moduledoc "EUDI/OID4VC Wallet web application server."
+ @profiles [ "secp256k1", "secp384r1", "secp521r1" ]
+ @templates [ "ocsp", "ipsec", "bgp", "eap", "cap", "sip", "cmc", "scvp", "ssh", "tls" ]
+ @classes [ "ca", "ra", "server", "client", "human", "program" ]
+
+ use Plug.Router
+ plug :match
+ plug :dispatch
+ plug Plug.Parsers, parsers: [:json], json_decoder: Jason
+
+ def start_link(opt) do
+ Bandit.start_link(opt)
+ end
+
+ def child_spec(opt) do
+ %{
+ id: EUDI.Wallet,
+ start: {CA.EUDI.Wallet, :start_link, [opt]},
+ type: :supervisor,
+ restart: :permanent
+ }
+ end
+
+ get "/wallets" do CA.EST.Get.get(conn, "EUDI", [], [], "WALLETS") end
+ get "/wallets/:id/dids" do CA.EST.Get.get(conn, "EUDI", [], [], "DIDS") end
+ get "/wallets/:id/keys" do CA.EST.Get.get(conn, "EUDI", [], [], "KEYS") end
+ get "/wallets/:id/credentials" do CA.EST.Get.get(conn, "EUDI", [], [], "CREDS") end
+ get "/wallets/:id/issuers" do CA.EST.Get.get(conn, "EUDI", [], [], "ISSUERS") end
+ get "/wallets/:id/exchange" do CA.EST.Get.get(conn, "EUDI", [], [], "EXCHANGES") end
+ get "/wallets/parseMDoc" do CA.EST.Get.get(conn, "EUDI", [], [], "MDOC") end
+
+ match _ do send_resp(conn, 404, "Please refer to https://authority.erp.uno for more information.\n") end
+ def encode(x) do
+ case Jason.encode(x) do
+ {:ok, bin} -> bin
+ {:error, _} -> ""
+ end |> Jason.Formatter.pretty_print
+ end
+end
diff --git a/lib/services/http/get.ex b/lib/services/http/get.ex
index 1295b70..11ee216 100644
--- a/lib/services/http/get.ex
+++ b/lib/services/http/get.ex
@@ -3,6 +3,9 @@ defmodule CA.EST.Get do
@profiles ["secp256k1","secp384r1","secp521r1"]
import Plug.Conn
+ def get(conn, _, _, _, _) do
+ end
+
def get(conn, "CA", profile, _, "CA") when profile in @profiles do
body = :base64.encode(CA.CSR.read_ca_public(profile))
conn |> put_resp_content_type("application/pkix-cert")
@@ -41,4 +44,7 @@ defmodule CA.EST.Get do
send_resp(conn, 200, CA.EST.encode([%{"template" => template, "curve" => curve, "operation" => operation}]))
end
+ def get(conn, _, _, _, _) do
+ end
+
end
\ No newline at end of file
diff --git a/priv/kep/DSTU.asn1 b/priv/cms/DSTU.asn1
similarity index 87%
rename from priv/kep/DSTU.asn1
rename to priv/cms/DSTU.asn1
index ed77aac..69cc3f6 100644
--- a/priv/kep/DSTU.asn1
+++ b/priv/cms/DSTU.asn1
@@ -11,7 +11,7 @@ Certificate ::= SEQUENCE {
Certificates ::= SEQUENCE OF Certificate
TBSCertificate ::= SEQUENCE {
- version [0] Version,
+ version [0] Version DEFAULT v3,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
@@ -23,7 +23,7 @@ TBSCertificate ::= SEQUENCE {
extensions [3] EXPLICIT Extensions }
UniqueIdentifier ::= BIT STRING
-Version ::= INTEGER {v3 (2)}
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Name ::= CHOICE { rdnSequence RDNSequence }
RDNSequence::= SEQUENCE OF RelativeDistinguishedName
@@ -40,7 +40,7 @@ Extension ::= SEQUENCE {
extnvalue OCTET STRING }
AttributeType ::= OBJECT IDENTIFIER
-AttributeValue ::= ANY -- DEFINED BY AttributeType
+AttributeValue ::= ANY --DEFINED BY AttributeType
DirectoryString ::= CHOICE {
printableString PrintableString,
utf8String UTF8String,
@@ -60,6 +60,13 @@ SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY }
+-- DEFINED BY algorithm OPTIONAL
+
+OctetString ::= OCTET STRING
+
DSTU4145Params::= SEQUENCE {
definition CHOICE { ecbinary ECBinary, namedCurve OBJECT IDENTIFIER },
dke OCTET STRING OPTIONAL }
diff --git a/priv/csr/EUDI.asn1 b/priv/csr/EUDI.asn1
new file mode 100644
index 0000000..1f09974
--- /dev/null
+++ b/priv/csr/EUDI.asn1
@@ -0,0 +1,49 @@
+EUDI DEFINITIONS ::=
+BEGIN
+
+id-eleg OBJECT IDENTIFIER ::= {iso(1) member-body(2) se(752) e-legitimationsnamnden(201)}
+
+-- Sweden Connect arcs
+id-mod OBJECT IDENTIFIER ::= { id-eleg 0 } -- ASN.1 modules
+id-test OBJECT IDENTIFIER ::= { id-eleg 1 } -- OIDs for test
+id-pol OBJECT IDENTIFIER ::= { id-eleg 2 } -- Policy
+id-attr OBJECT IDENTIFIER ::= { id-eleg 3 } -- Attributes
+id-qcs OBJECT IDENTIFIER ::= { id-eleg 4 } -- QC Statement
+id-ce OBJECT IDENTIFIER ::= { id-eleg 5 } -- Cert Extensions
+
+-- Sweden Connect Modules
+id-mod-auth-context-88 OBJECT IDENTIFIER ::= { id-mod 1 } -- Used in RFC 7773
+id-mod-auth-context-08 OBJECT IDENTIFIER ::= { id-mod 2 } -- Used in RFC 7773
+
+-- Sweden Connect OIDs for test
+
+-- Sweden Connect Policies
+id-pol-svt-ts-policy OBJECT IDENTIFIER ::= { id-pol 1 } -- SVT RFC 3161 timestamp policy
+
+-- Sweden Connect Attributes
+id-attr-org-affiliation OBJECT IDENTIFIER ::= { id-attr 1 } -- Organizational affiliation
+id-attr-transaction-id OBJECT IDENTIFIER ::= { id-attr 2 } -- Transaction identifier
+id-attr-auth-context-params OBJECT IDENTIFIER ::= { id-attr 3 } -- Authentication context parameters
+id-attr-prid OBJECT IDENTIFIER ::= { id-attr 4 } -- Provisional ID
+id-attr-prid-persistence OBJECT IDENTIFIER ::= { id-attr 5 } -- Provisional ID persistence indicator
+id-attr-pnr-binding OBJECT IDENTIFIER ::= { id-attr 6 } -- Personal Identity Number binding URI
+id-attr-eidas-pid OBJECT IDENTIFIER ::= { id-attr 7 } -- eIDAS Person Identifier
+id-attr-birth-name OBJECT IDENTIFIER ::= { id-attr 8 } -- Birth name
+id-attr-eidas-np-address OBJECT IDENTIFIER ::= { id-attr 9 } -- eIDAS Natural Person Address
+id-attr-user-certificate OBJECT IDENTIFIER ::= { id-attr 10 } -- User certificate
+id-attr-user-signature OBJECT IDENTIFIER ::= { id-attr 11 } -- User signature
+id-attr-sad OBJECT IDENTIFIER ::= { id-attr 12 } -- Signature activation data
+id-attr-auth-srv-signature OBJECT IDENTIFIER ::= { id-attr 13 } -- Authentication server signature
+id-attr-sign-message-digest OBJECT IDENTIFIER ::= { id-attr 14 } -- Sign message digest
+id-attr-previous-pid-number OBJECT IDENTIFIER ::= { id-attr 15 } -- Previous personal identity number
+id-attr-mapped-pid-number OBJECT IDENTIFIER ::= { id-attr 16 } -- Mapped personal identity number
+
+-- Sweden Connect QC Statement extension
+id-qcs-sid OBJECT IDENTIFIER ::= { id-qcs 1 } -- Semantics Identifiers
+id-qcs-statement OBJECT IDENTIFIER ::= { id-qcs 2 } -- QC statements
+
+-- Sweden Connect Certificate Extensions
+id-ce-authContext OBJECT IDENTIFIER ::= { id-ce 1 } -- Auth context extension used in RFC 7773
+id-ce-svt OBJECT IDENTIFIER ::= { id-ce 2 } -- Signature Validation Token extension
+
+END
\ No newline at end of file
diff --git a/priv/eudi/booking_registration_mdoc.json b/priv/eudi/booking_registration_mdoc.json
new file mode 100644
index 0000000..f4aba40
--- /dev/null
+++ b/priv/eudi/booking_registration_mdoc.json
@@ -0,0 +1,185 @@
+{
+"org.iso.18013.5.1.reservation_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "org.iso.18013.5.1.reservation",
+ "scope": "org.iso.18013.5.1.reservation",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Reservation",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/pid.png",
+ "alt_text": "A square figure of a PID"
+ }
+ }
+ ],
+ "claims": {
+ "org.iso.18013.5.reservation.1": {
+ "booking_service_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "The booking service providing the booking reservation.",
+ "locale": "en" }
+ ]
+ },
+ "reservation_id": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "The identifier of the booking reservation from the booking service.",
+ "locale": "en" }
+ ]
+ },
+ "reservation_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Date of the reservation.",
+ "locale": "en" }
+ ]
+ },
+ "service_provider_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "The name of the service provider (e.g. Hotel) the reservation refers to ",
+ "locale": "en" }
+ ]
+ },
+ "location": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "The location or place the reservation refers to (e.g. city, service provider place, etc.)",
+ "locale": "en" }
+ ]
+ },
+ "check_in_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "The check-in date for the reservation.",
+ "locale": "en" }
+ ]
+ },
+ "check_out_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "The check-out date for the reservation.",
+ "locale": "en" }
+ ]
+ },
+ "guests": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "The guest of the reservation (num of adults, num of children, etc).",
+ "locale": "en" }
+ ]
+ },
+ "car_rental": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Indicates inclusion of car rental in the reservation.",
+ "locale": "en" }
+ ]
+ },
+ "num_of_rooms": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "The number of rooms the reservation refers to.",
+ "locale": "en" }
+ ]
+ },
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Current last name(s) or surname(s) of the holder. ",
+ "locale": "en" }
+ ]
+ },
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Current first name(s), including middle name(s), of the holder. ",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Day, month, and year on which the holder was born.",
+ "locale": "en" }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/config/metadata_config.json b/priv/eudi/config/metadata_config.json
new file mode 100644
index 0000000..1ca14c1
--- /dev/null
+++ b/priv/eudi/config/metadata_config.json
@@ -0,0 +1,11 @@
+{
+ "credential_issuer": "http://127.0.0.1:5000",
+ "credential_endpoint": "http://127.0.0.1:5000/credential",
+ "batch_credential_endpoint": "http://127.0.0.1:5000/batch_credential",
+ "notification_endpoint": "http://127.0.0.1:5000/notification",
+ "deferred_credential_endpoint": "http://127.0.0.1:5000/deferred_credential",
+ "credential_configurations_supported": {
+
+
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/config/openid-configuration.json b/priv/eudi/config/openid-configuration.json
new file mode 100644
index 0000000..a060e07
--- /dev/null
+++ b/priv/eudi/config/openid-configuration.json
@@ -0,0 +1,90 @@
+{
+ "version": "3.0",
+ "token_endpoint_auth_methods_supported": [
+ "public"
+ ],
+ "claims_parameter_supported": true,
+ "request_parameter_supported": true,
+ "request_uri_parameter_supported": true,
+ "require_request_uri_registration": false,
+ "grant_types_supported": [
+ "authorization_code",
+ "implicit",
+ "urn:ietf:params:oauth:grant-type:jwt-bearer",
+ "refresh_token"
+ ],
+ "jwks_uri": "http://127.0.0.1:5000/priv/eudi/static/jwks.json",
+ "scopes_supported": [
+ "openid"
+ ],
+ "response_types_supported": [
+ "code"
+ ],
+ "response_modes_supported": [
+ "query",
+ "fragment",
+ "form_post"
+ ],
+ "subject_types_supported": [
+ "public",
+ "pairwise"
+ ],
+ "id_token_signing_alg_values_supported": [
+ "RS256",
+ "RS384",
+ "RS512",
+ "ES256",
+ "ES384",
+ "ES512",
+ "PS256",
+ "PS384",
+ "PS512",
+ "HS256",
+ "HS384",
+ "HS512"
+ ],
+ "userinfo_signing_alg_values_supported": [
+ "RS256",
+ "RS384",
+ "RS512",
+ "ES256",
+ "ES384",
+ "ES512",
+ "PS256",
+ "PS384",
+ "PS512",
+ "HS256",
+ "HS384",
+ "HS512"
+ ],
+ "request_object_signing_alg_values_supported": [
+ "RS256",
+ "RS384",
+ "RS512",
+ "ES256",
+ "ES384",
+ "ES512",
+ "HS256",
+ "HS384",
+ "HS512",
+ "PS256",
+ "PS384",
+ "PS512"
+ ],
+ "frontchannel_logout_supported": true,
+ "frontchannel_logout_session_required": true,
+ "backchannel_logout_supported": true,
+ "backchannel_logout_session_required": true,
+ "code_challenge_methods_supported": [
+ "S256"
+ ],
+ "issuer": "http://127.0.0.1:5000",
+ "registration_endpoint": "http://127.0.0.1:5000/registration",
+ "introspection_endpoint": "http://127.0.0.1:5000/introspection",
+ "authorization_endpoint": "http://127.0.0.1:5000/authorizationV3",
+ "token_endpoint": "http://127.0.0.1:5000/token",
+ "userinfo_endpoint": "http://127.0.0.1:5000/userinfo",
+ "end_session_endpoint": "http://127.0.0.1:5000/session",
+ "pushed_authorization_request_endpoint": "http://127.0.0.1:5000/pushed_authorizationv2",
+ "credential_endpoint": "http://127.0.0.1:5000/credential"
+}
\ No newline at end of file
diff --git a/priv/eudi/hiid_mdoc.json b/priv/eudi/hiid_mdoc.json
new file mode 100644
index 0000000..fc0e13d
--- /dev/null
+++ b/priv/eudi/hiid_mdoc.json
@@ -0,0 +1,230 @@
+{
+"eu.europa.ec.eudi.hiid_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.hiid.1",
+ "scope": "eu.europa.ec.eudi.hiid.1",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Health ID",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/hiid.png",
+ "alt_text": "A square figure of a hiid"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.hiid.1": {
+ "health_insurance_id": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Health Insurance ID",
+ "locale": "en" }
+ ]
+ },
+ "patient_id": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Patient ID",
+ "locale": "en" }
+ ]
+ },
+ "tax_number": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Tax Number",
+ "locale": "en" }
+ ]
+ },
+ "one_time_token": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "One Time Token",
+ "locale": "en" }
+ ]
+ },
+ "affiliation_country": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"Affiliation Country",
+ "display": [
+ {
+ "name": "",
+ "locale": "en" }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "matching_institution-id": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Matching Institution ID",
+ "locale": "en" }
+ ]
+ },
+ "matching_registered_family_name": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Matching Registered Family Name",
+ "locale": "en" }
+ ]
+ },
+ "matching_registered_given_name": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Matching Registered Given Name",
+ "locale": "en" }
+ ]
+ },
+ "matching_resident_address": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Matching Resident Address",
+ "locale": "en" }
+ ]
+ },
+ "matching_birth_place": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Mathing Birth Place",
+ "locale": "en" }
+ ]
+ },
+ "matching_birth_date": {
+ "mandatory": false,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Matching Birth Date",
+ "locale": "en" }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing Authority",
+ "locale": "en"
+ }
+ ]
+ },
+ "document_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Document Number",
+ "locale": "en" }
+ ]
+ },
+ "administrative_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Administrative_Number",
+ "locale": "en" }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing_Country",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_jurisdiction": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Issuing Jurisdiction",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/iban_mdoc.json b/priv/eudi/iban_mdoc.json
new file mode 100644
index 0000000..b3814fd
--- /dev/null
+++ b/priv/eudi/iban_mdoc.json
@@ -0,0 +1,255 @@
+{
+"eu.europa.ec.eudi.iban_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.iban.1",
+ "scope": "eu.europa.ec.eudi.iban.1",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "IBAN",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/iban.png",
+ "alt_text": "A square figure of a iban"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.iban.1": {
+ "iban": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "IBAN",
+ "locale": "en" }
+ ]
+ },
+ "national_account_number": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "National Account Number",
+ "locale": "en" }
+ ]
+ },
+ "account_product": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Account Product",
+ "locale": "en" }
+ ]
+ },
+ "account_name": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Account Name",
+ "locale": "en" }
+ ]
+ },
+ "account_type": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Account Type",
+ "locale": "en" }
+ ]
+ },
+ "currency": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Currency",
+ "locale": "en" }
+ ]
+ },
+ "bank_account_status": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Bank Account Status",
+ "locale": "en" }
+ ]
+ },
+ "payment_possibility": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Payment Possibility",
+ "locale": "en" }
+ ]
+ },
+ "registered_family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Registered Family Name",
+ "locale": "en" }
+ ]
+ },
+ "registered_given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Registered Given Name",
+ "locale": "en" }
+ ]
+ },
+ "date_of_birth": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Date of Birth",
+ "locale": "en"
+ }
+ ]
+ },
+ "account_holder_owner": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Account Holder Owner",
+ "locale": "en" }
+ ]
+ },
+ "coowner": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Coowner",
+ "locale": "en" }
+ ]
+ },
+ "disponent": {
+ "mandatory": false,
+ "value_type":"bool",
+ "display": [
+ {
+ "name": "",
+ "locale": "en" }
+ ]
+ },
+ "issuing_organization": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Issuing Organization",
+ "locale": "en" }
+ ]
+ },
+ "national_bank_code": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "National Bank Code",
+ "locale": "en" }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "credential_type": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Credential Type",
+ "locale": "en"
+ }
+ ]
+ },
+ "business_identifier_code": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Bussiness Identifier Code",
+ "locale": "en" }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/loyalty_mdoc.json b/priv/eudi/loyalty_mdoc.json
new file mode 100644
index 0000000..ba93614
--- /dev/null
+++ b/priv/eudi/loyalty_mdoc.json
@@ -0,0 +1,106 @@
+{
+ "eu.europa.ec.eudi.loyalty_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.loyalty.1",
+ "scope": "eu.europa.ec.eudi.loyalty.1",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Loyalty",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/pid.png",
+ "alt_text": "A square figure of a PID"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.loyalty.1": {
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Given Name",
+ "locale": "en"
+ }
+ ]
+ },
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Family Name",
+ "locale": "en" }
+ ]
+ },
+ "company": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Loyalty Card Company",
+ "locale": "en" }
+ ]
+ },
+ "client_id": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Client ID",
+ "locale": "en" }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
\ No newline at end of file
diff --git a/priv/eudi/mdl_jwt_vc_json.json b/priv/eudi/mdl_jwt_vc_json.json
new file mode 100644
index 0000000..9f872ea
--- /dev/null
+++ b/priv/eudi/mdl_jwt_vc_json.json
@@ -0,0 +1,341 @@
+{
+ "eu.europa.ec.eudi.mdl_jwt_vc_json": {
+ "format": "vc+sd-jwt",
+ "scope": "org.iso.18013.5.1.mDL",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "mDL",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/mdl.png",
+ "alt_text": "A square figure of a mDL"
+ }
+ }
+ ],
+ "vct": "eu.europa.ec.eudi.mdl_jwt_vc_json",
+ "claims": {
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Current Family Name",
+ "locale": "en" }
+ ]
+ },
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Current First Names",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "display": [
+ {
+ "name": "Date of Birth",
+ "locale": "en" }
+ ]
+ },
+ "issue_date": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Date when mDL was issued.",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Date when mDL expires",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Alpha-2 country code, as defined in ISO 3166-1, of the issuing authority’s country or territory",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Issuing authority name. The value shall only use latin1b characters and shall have a maximum length of 150 characters.",
+ "locale": "en"
+ }
+ ]
+ },
+ "document_number": {
+ "mandatory": true,
+ "value_type":"string",
+ "display": [
+ {
+ "name": "The number assigned or calculated by the issuing authority. The value shall only use latin1b characters and shall have a maximum length of 150 characters.",
+ "locale": "en" }
+ ]
+ },
+ "portrait": {
+ "mandatory": true,
+ "value_type":"jpeg",
+ "display": [
+ {
+ "name": "A reproduction of the mDL holder’s portrait",
+ "locale": "en" }
+ ]
+ },
+ "driving_privileges": {
+ "mandatory": true,
+ "value_type":"driving_privileges",
+ "display": [
+ {
+ "name": "Driving privileges of the mDL holder.",
+ "locale": "en" }
+ ]
+ },
+ "un_distinguishing_sign": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Distinguishing sign of the issuing country according to ISO/IEC 18013-1:2018, Annex F.",
+ "locale": "en"
+ }
+ ]
+ },
+ "administrative_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "An audit control number assigned by the issuing authority",
+ "locale": "en"
+ }
+ ]
+ },
+ "sex": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "mDL holder’s sex using values as defined in ISO/IEC 5218.",
+ "locale": "en"
+ }
+ ]
+ },
+ "height": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "mDL holder’s height in centimetres",
+ "locale": "en"
+ }
+ ]
+ },
+ "weight": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "mDL holder’s weight in kilograms",
+ "locale": "en"
+ }
+ ]
+ },
+ "eye_colour": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "mDL holder’s eye colour. The value shall be one of the following: “black”, “blue”, “brown”, “dichromatic”, “grey”, “green”, “hazel”, “maroon”, “pink”, “unknown”",
+ "locale": "en"
+ }
+ ]
+ },
+ "hair_colour": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "mDL holder’s hair colour. The value shall be one of the following: “bald”, “black”, “blond”, “brown”, “grey”, “red”, “auburn”, “sandy”, “white”, “unknown”.",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_place": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Country and municipality or state/province where the mDL holder was born.",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_address": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The place where the mDL holder resides and/or may be contacted (street/house number, municipality etc.).",
+ "locale": "en"
+ }
+ ]
+ },
+ "portrait_capture_date": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Date when portrait was taken",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_in_years": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The age of the mDL holder",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_birth_year": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The year when the mDL holder was born ",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_over_NN": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "mDL holder is as old or older than a specified age",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_jurisdiction": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Country subdivision code of the jurisdiction that issued the mDL as defined in ISO 3166-2:2020, Clause 8. T",
+ "locale": "en"
+ }
+ ]
+ },
+ "nationality": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Nationality of the mDL holder as a two letter country code (alpha-2 code) defined in ISO 3166-1",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_city": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The city where the mDL holder lives.",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_state": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The state/province/district where the mDL holder lives",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_postal_code": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The postal code of the mDL holder.",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_country": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The country where the mDL holder lives",
+ "locale": "en"
+ }
+ ]
+ },
+ "biometric_template_xx": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Fingerprint biometric information",
+ "locale": "en"
+ }
+ ]
+ },
+ "family_name_national_character": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The family name of the mDL holder using full UTF-8 character set.",
+ "locale": "en"
+ }
+ ]
+ },
+ "given_name_national_character": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The given name of the mDL holder using full UTF-8 character set.",
+ "locale": "en"
+ }
+ ]
+ },
+ "signature_usual_mark": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Image of the signature or usual mark of the mDL holder",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/mdl_mdoc.json b/priv/eudi/mdl_mdoc.json
new file mode 100644
index 0000000..dae0d4a
--- /dev/null
+++ b/priv/eudi/mdl_mdoc.json
@@ -0,0 +1,389 @@
+{
+"eu.europa.ec.eudi.mdl_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "org.iso.18013.5.1.mDL",
+ "scope": "org.iso.18013.5.1.mDL",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "mDL",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/mdl.png",
+ "alt_text": "A square figure of a mDL"
+ }
+ }
+ ],
+ "claims": {
+ "org.iso.18013.5.1": {
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Family name",
+ "locale": "en" }
+ ]
+ },
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Given names",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Date of birth",
+ "locale": "en" }
+ ]
+ },
+ "issue_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Date of issue",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Date when mDL expires",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing country",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing authority",
+ "locale": "en"
+ }
+ ]
+ },
+ "document_number": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Licence number",
+ "locale": "en" }
+ ]
+ },
+ "portrait": {
+ "mandatory": true,
+ "value_type":"jpeg",
+ "source":"user",
+ "display": [
+ {
+ "name": "Portrait of mDL holder",
+ "locale": "en" }
+ ]
+ },
+ "driving_privileges": {
+ "mandatory": true,
+ "value_type":"driving_privileges",
+ "source":"user",
+ "display": [
+ {
+ "name": "Categories of vehicles",
+ "locale": "en" }
+ ]
+ },
+ "un_distinguishing_sign": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "UN distinguishing sign",
+ "locale": "en"
+ }
+ ]
+ },
+ "administrative_number": {
+ "mandatory": false,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Administrative number",
+ "locale": "en"
+ }
+ ]
+ },
+ "sex": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Sex",
+ "locale": "en"
+ }
+ ]
+ },
+ "height": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Height (cm)",
+ "locale": "en"
+ }
+ ]
+ },
+ "weight": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Weight (kg)",
+ "locale": "en"
+ }
+ ]
+ },
+ "eye_colour": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Eye colour",
+ "locale": "en"
+ }
+ ]
+ },
+ "hair_colour": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Hair colour",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_place": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Place of birth",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_address": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Permanent place of residence",
+ "locale": "en"
+ }
+ ]
+ },
+ "portrait_capture_date": {
+ "mandatory": false,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Portrait image timestamp",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_in_years": {
+ "mandatory": false,
+ "value_type":"uint",
+ "source":"user",
+ "display": [
+ {
+ "name": "Age attestation: How old are you (in years)?",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_birth_year": {
+ "mandatory": false,
+ "value_type":"uint",
+ "source":"user",
+ "display": [
+ {
+ "name": "Age attestation: In what year were you born?",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_over_18": {
+ "mandatory": false,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Age attestation: Nearest “true” attestation above request",
+ "locale": "en"
+ }
+ ]
+ },
+ "Issuing jurisdiction": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Issuing jurisdiction",
+ "locale": "en"
+ }
+ ]
+ },
+ "nationality": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Nationality",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_city": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident city",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_state": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident state/province/district",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_postal_code": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident postal code",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_country": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident country",
+ "locale": "en"
+ }
+ ]
+ },
+ "biometric_template_xx": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Fingerprint biometric information",
+ "locale": "en"
+ }
+ ]
+ },
+ "family_name_national_character": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Family name in national characters",
+ "locale": "en"
+ }
+ ]
+ },
+ "given_name_national_character": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Given name in national characters",
+ "locale": "en"
+ }
+ ]
+ },
+ "signature_usual_mark": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Signature / usual mark",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/msisdn_mdoc.json b/priv/eudi/msisdn_mdoc.json
new file mode 100644
index 0000000..8317bf0
--- /dev/null
+++ b/priv/eudi/msisdn_mdoc.json
@@ -0,0 +1,173 @@
+{
+"eu.europa.ec.eudi.msisdn_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.msisdn.1",
+ "scope": "eu.europa.ec.eudi.msisdn.1",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "MSISDN",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/msisdn.png",
+ "alt_text": "A square figure of a msisdn"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.msisdn.1": {
+ "phone_number": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Phone Number",
+ "locale": "en" }
+ ]
+ },
+ "registered_family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Registered Family Name",
+ "locale": "en" }
+ ]
+ },
+ "registered_given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Registered Given Name",
+ "locale": "en" }
+ ]
+ },
+ "contract_owner": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Contract Owner",
+ "locale": "en" }
+ ]
+ },
+ "end_user": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "End User",
+ "locale": "en" }
+ ]
+ },
+ "mobile_operator": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"Mobile Operator",
+ "display": [
+ {
+ "name": "",
+ "locale": "en" }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "credential_type": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Credential Type",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_organization": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing Organization",
+ "locale": "en" }
+ ]
+ },
+ "phone_number_in_use": {
+ "mandatory": false,
+ "value_type":"uint",
+ "source":"user",
+ "display": [
+ {
+ "name": "Phone Number in Use",
+ "locale": "en" }
+ ]
+ },
+ "document_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Document Number",
+ "locale": "en" }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/photo_id_mdoc.json b/priv/eudi/photo_id_mdoc.json
new file mode 100644
index 0000000..3591b9d
--- /dev/null
+++ b/priv/eudi/photo_id_mdoc.json
@@ -0,0 +1,328 @@
+{
+"eu.europa.ec.eudi.photoid": {
+ "format": "mso_mdoc",
+ "doctype": "org.iso.23220.2.photoid.1",
+ "scope": "org.iso.23220.2.photoid.1",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Photo",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/mdl.png",
+ "alt_text": "A square figure of a mDL"
+ }
+ }
+ ],
+ "claims": {
+ "org.iso.23220.photoid.1": {
+ "portrait": {
+ "mandatory": true,
+ "value_type":"jpeg",
+ "source":"user",
+ "display": [
+ {
+ "name": "Portrait Image",
+ "locale": "en" }
+ ]
+ },
+ "portrait_capture_date": {
+ "mandatory": false,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Portrait Capture Date",
+ "locale": "en" }
+ ]
+ },
+ "person_id": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Person Identifier",
+ "locale": "en" }
+ ]
+ },
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Family Name",
+ "locale": "en" }
+ ]
+ },
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Given Name",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Date of Birth",
+ "locale": "en" }
+ ]
+ },
+ "age_over_18": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Age over 18",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_in_years": {
+ "mandatory": false,
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Age in Years",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_birth_year": {
+ "mandatory": false,
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Birth Year",
+ "locale": "en"
+ }
+ ]
+ },
+ "family_name_birth": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Family Name at Birth",
+ "locale": "en"
+ }
+ ]
+ },
+ "given_name_birth": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Given Name at Birth",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_place": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Place",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_country": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Country",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_state": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth State",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_city": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth City",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_country": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Country",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_state": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident State",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_city": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident City",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_postal_code": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Postal Code",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_street": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Street",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_house_number": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident House Number",
+ "locale": "en"
+ }
+ ]
+ },
+ "gender": {
+ "mandatory": false,
+ "source":"user",
+ "display": [
+ {
+ "name": "Gender",
+ "locale": "en"
+ }
+ ]
+ },
+ "nationality": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Nationality",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing Authority",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing Country",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/pid_jwt_vc_json.json b/priv/eudi/pid_jwt_vc_json.json
new file mode 100644
index 0000000..41da70f
--- /dev/null
+++ b/priv/eudi/pid_jwt_vc_json.json
@@ -0,0 +1,232 @@
+{
+ "eu.europa.ec.eudi.pid_jwt_vc_json": {
+ "format": "vc+sd-jwt",
+ "scope": "eu.europa.ec.eudi.pid.1",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "PID",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/pid.png",
+ "alt_text": "A square figure of a PID"
+ }
+ }
+ ],
+ "vct": "eu.europa.ec.eudi.pid_jwt_vc_json",
+ "claims": {
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Current Family Name",
+ "locale": "en" }
+ ]
+ },
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Current First Names",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "display": [
+ {
+ "name": "Date of Birth",
+ "locale": "en" }
+ ]
+ },
+ "address": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Resident street_address, country, region, locality and postal_code",
+ "locale": "en"
+ }
+ ]
+ },
+ "gender": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "PID User’s gender, using a value as defined in ISO/IEC 5218.",
+ "locale": "en"
+ }
+ ]
+ },
+ "nationalities": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Array of nationalities",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_family_name": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Last name(s) or surname(s) of the PID User at the time of birth.",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_given_name": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "First name(s), including middle name(s), of the PID User at the time of birth.",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_over_18": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Adult or minor",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_in_years": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The subject’s current age in years.",
+ "locale": "en"
+ }
+ ]
+ },
+ "place_of_birth": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "The country, region, and locality",
+ "locale": "en"
+ }
+ ]
+ },
+ "birthdate_year": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "test",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_jurisdiction": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "document_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "administrative_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "portrait_capture_date": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "portrait": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/pid_mdoc.json b/priv/eudi/pid_mdoc.json
new file mode 100644
index 0000000..fc77b54
--- /dev/null
+++ b/priv/eudi/pid_mdoc.json
@@ -0,0 +1,356 @@
+{
+"eu.europa.ec.eudi.pid_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.pid.1",
+ "scope": "eu.europa.ec.eudi.pid.1",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "PID",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/pid.png",
+ "alt_text": "A square figure of a PID"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.pid.1": {
+ "family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Family Name(s)",
+ "locale": "en" }
+ ]
+ },
+ "given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Given Name(s)",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Date",
+ "locale": "en" }
+ ]
+ },
+ "age_over_18": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Age Over 18",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_in_years": {
+ "mandatory": false,
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Age in Years",
+ "locale": "en"
+ }
+ ]
+ },
+ "age_birth_year": {
+ "mandatory": false,
+ "value_type":"uint",
+ "display": [
+ {
+ "name": "Age Year of Birth",
+ "locale": "en"
+ }
+ ]
+ },
+ "family_name_birth": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Family Name(s)",
+ "locale": "en"
+ }
+ ]
+ },
+ "given_name_birth": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Given Name(s)",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_place": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Place",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_country": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Country",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_state": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth State/Province",
+ "locale": "en"
+ }
+ ]
+ },
+ "birth_city": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth City",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_address": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Address",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_country": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Country",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_state": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident State",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_city": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident City",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_postal_code": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Postal Code",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_street": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Street",
+ "locale": "en"
+ }
+ ]
+ },
+ "resident_house_number": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident House Number",
+ "locale": "en"
+ }
+ ]
+ },
+ "gender": {
+ "mandatory": false,
+ "source":"user",
+ "display": [
+ {
+ "name": "Gender",
+ "locale": "en"
+ }
+ ]
+ },
+ "nationality": {
+ "mandatory": false,
+ "source":"user",
+ "value_type":"string",
+ "display": [
+ {
+ "name": "Nationality",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Authority",
+ "locale": "en"
+ }
+ ]
+ },
+ "document_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Document Number",
+ "locale": "en"
+ }
+ ]
+ },
+ "administrative_number": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Administrative Number",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing Country",
+ "locale": "en"
+ }
+ ]
+ },
+ "portrait_capture_date": {
+ "mandatory": false,
+ "source":"user",
+ "display": [
+ {
+ "name": "Portrait Capture Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_jurisdiction": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "Issuing Jurisdiction",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/por_mdoc.json b/priv/eudi/por_mdoc.json
new file mode 100644
index 0000000..fce6f47
--- /dev/null
+++ b/priv/eudi/por_mdoc.json
@@ -0,0 +1,116 @@
+{
+"eu.europa.ec.eudi.por_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.por.1",
+ "scope": "eu.europa.ec.eudi.por.1",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Power Of Representation",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/por.png",
+ "alt_text": "A square figure of a PoR"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.por.1": {
+ "legal_person_identifier": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Legal Person Identifier",
+ "locale": "en" }
+ ]
+ },
+ "legal_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Legal Name",
+ "locale": "en" }
+ ]
+ },
+ "full_powers": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Full Powers",
+ "locale": "en" }
+ ]
+ },
+ "eService": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "eService",
+ "locale": "en" }
+ ]
+ },
+ "effective_from_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Effective From Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "effective_until_date": {
+ "mandatory": false,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Effective Until Date",
+ "locale": "en" }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/eudi/pseudonym_over18_mdoc.json b/priv/eudi/pseudonym_over18_mdoc.json
new file mode 100644
index 0000000..514bdfe
--- /dev/null
+++ b/priv/eudi/pseudonym_over18_mdoc.json
@@ -0,0 +1,105 @@
+{
+ "eu.europa.ec.eudi.pseudonym_over18_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.pseudonym.age_over_18.1",
+ "scope": "eu.europa.ec.eudi.pseudonym.age_over_18.1",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Age over 18 Pseudonym",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/pid.png",
+ "alt_text": "A square figure of a Age over 18"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.pseudonym.age_over_18.1": {
+ "user_pseudonym": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"issuer",
+ "display": [
+ {
+ "name": "User pseudonym",
+ "locale": "en" }
+ ]
+ },
+ "age_over_18": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Adult or minor",
+ "locale": "en" }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, as defined in ISO 3166-1, of the issuing authority’s country or territory",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing authority name. The value shall only use latin1b characters and shall have a maximum length of 150 characters.",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
\ No newline at end of file
diff --git a/priv/eudi/pseudonym_over18_mdoc_deferred_endpoint.json b/priv/eudi/pseudonym_over18_mdoc_deferred_endpoint.json
new file mode 100644
index 0000000..e2167ef
--- /dev/null
+++ b/priv/eudi/pseudonym_over18_mdoc_deferred_endpoint.json
@@ -0,0 +1,105 @@
+{
+ "eu.europa.ec.eudi.pseudonym_over18_mdoc_deferred_endpoint": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.pseudonym.age_over_18.deferred_endpoint",
+ "scope": "eu.europa.ec.eudi.pseudonym.age_over_18.deferred_endpoint",
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Pseudonym Deferred",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/pid.png",
+ "alt_text": "A square figure of a PID"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.pseudonym.age_over_18.deferred_endpoint": {
+ "user_pseudonym": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"issuer",
+ "display": [
+ {
+ "name": "User pseudonym",
+ "locale": "en" }
+ ]
+ },
+ "age_over_18": {
+ "mandatory": true,
+ "value_type":"bool",
+ "source":"user",
+ "display": [
+ {
+ "name": "Adult or minor",
+ "locale": "en" }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, representing the nationality of the PID User.",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, as defined in ISO 3166-1, of the issuing authority’s country or territory",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing authority name. The value shall only use latin1b characters and shall have a maximum length of 150 characters.",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+ }
\ No newline at end of file
diff --git a/priv/eudi/static/cookie_jwks.json b/priv/eudi/static/cookie_jwks.json
new file mode 100644
index 0000000..1acb0d4
--- /dev/null
+++ b/priv/eudi/static/cookie_jwks.json
@@ -0,0 +1 @@
+{"keys": [{"kty": "oct", "use": "enc", "kid": "enc", "k": "i2IPkoZ49WwR-ag1cFWzIBEMcn3XriFc"}, {"kty": "oct", "use": "sig", "kid": "sig", "k": "djQcgQm7WlmHR9lkD-L1cNAs9gsvAWnh"}]}
\ No newline at end of file
diff --git a/priv/eudi/static/jwks.json b/priv/eudi/static/jwks.json
new file mode 100644
index 0000000..60bc0d1
--- /dev/null
+++ b/priv/eudi/static/jwks.json
@@ -0,0 +1 @@
+{"keys": [{"kty": "RSA", "use": "sig", "kid": "andTMHFPNUxuZVh2MHV2MmwtcWZQdGpmSWhHTE9idGx0akJGbFlfaVZHOA", "e": "AQAB", "n": "2fv0MmYjq_bxG4Cc0PRapFjEmuaBd-Lw7xLgR-252ZUPbbSBjX94_KMfS-orQJ_B3BzbGhKBbH6xJZt5CIb1KRpUrQ7pr-A_eO68FxsgXqbp4wqoHscqLh7EQiMIORiaNlDsCHFXmRyRq9opctbABlgCItEIGgV5K7lXcA-_ZYB6iluHd8dsQFP2P7H1_fytqHZoVpnnlBBtVqaK_fPeX6O3dGmzP0Th5cp_Omnxnr-Sg-Zkbb8eCvQa5LGKv8wHheeLzScfY1E6ll2W3vsOtvNlvCtVYh9ZchDvRWpM8sdPTz8tj5xohKW_BLCqOli8Fbx-uLElpwiy2bpC8OFIQQ"}, {"kty": "EC", "use": "sig", "kid": "MmZHSC14RXp5TTB5d0tuQ19kQXVrSVVKRWJzUVI5eDBzQi1wVnAwU0h2bw", "crv": "P-256", "x": "Q42rGKKOWQXyd1a1UpuZ7HOwI6Qmh0So6XNha4FZ3p4", "y": "CNIlLsXMps61l1rEXi-WFxrD59870OuPny94czFASSo"}]}
\ No newline at end of file
diff --git a/priv/eudi/static/token_jwks.json b/priv/eudi/static/token_jwks.json
new file mode 100644
index 0000000..9940088
--- /dev/null
+++ b/priv/eudi/static/token_jwks.json
@@ -0,0 +1 @@
+{"keys": [{"kty": "oct", "use": "enc", "kid": "code", "k": "4PGtMx38-wRyFnQb6sgIFV5bDUc-UfJn"}, {"kty": "oct", "use": "enc", "kid": "refresh", "k": "p4MH2yoUgofun6uF_5gwPu-eqJCQ65pC"}]}
\ No newline at end of file
diff --git a/priv/eudi/tax_mdoc.json b/priv/eudi/tax_mdoc.json
new file mode 100644
index 0000000..b3b3c5e
--- /dev/null
+++ b/priv/eudi/tax_mdoc.json
@@ -0,0 +1,197 @@
+{
+"eu.europa.ec.eudi.tax_mdoc": {
+ "format": "mso_mdoc",
+ "doctype": "eu.europa.ec.eudi.tax.1",
+ "scope": "eu.europa.ec.eudi.tax.1",
+ "policy": {
+ "batch_size": 50,
+ "one_time_use": true
+ },
+ "cryptographic_binding_methods_supported": [
+ "jwk", "cose_key"
+ ],
+ "credential_alg_values_supported": [
+ -7
+ ],
+ "credential_crv_values_supported": [
+ 1
+ ],
+ "credential_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_types_supported": {
+ "jwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ]
+ },
+ "cwt": {
+ "proof_signing_alg_values_supported": [
+ "ES256"
+ ],
+ "proof_alg_values_supported": [
+ -7
+ ],
+ "proof_crv_values_supported": [
+ 1
+ ]
+ }
+ },
+ "display": [
+ {
+ "name": "Tax Number",
+ "locale": "en",
+ "logo": {
+ "url": "https://examplestate.com/public/tax.png",
+ "alt_text": "A square figure of a tax"
+ }
+ }
+ ],
+ "claims": {
+ "eu.europa.ec.eudi.tax.1": {
+ "tax_number": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Tax Number",
+ "locale": "en" }
+ ]
+ },
+ "affiliation_country": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Affiliation Country",
+ "locale": "en" }
+ ]
+ },
+ "registered_given_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Registered Given Name",
+ "locale": "en" }
+ ]
+ },
+ "registered_family_name": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Registered Family Name",
+ "locale": "en" }
+ ]
+ },
+ "resident_address": {
+ "mandatory": true,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Resident Address",
+ "locale": "en" }
+ ]
+ },
+ "birth_date": {
+ "mandatory": true,
+ "value_type":"full-date",
+ "source":"user",
+ "display": [
+ {
+ "name": "Birth Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "church_tax_ID": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "Church Tax ID",
+ "locale": "en"
+ }
+ ]
+ },
+ "iban": {
+ "mandatory": false,
+ "value_type":"string",
+ "source":"user",
+ "display": [
+ {
+ "name": "IBAN",
+ "locale": "en"
+ }
+ ]
+ },
+ "credential_type": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Credential Type",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuance_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuance Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "expiry_date": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Expiry Date",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_authority": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Issuing Authority",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_jurisdiction": {
+ "mandatory": false,
+ "display": [
+ {
+ "name": "",
+ "locale": "en"
+ }
+ ]
+ },
+ "issuing_country": {
+ "mandatory": true,
+ "source":"issuer",
+ "display": [
+ {
+ "name": "Alpha-2 country code, as defined in ISO 3166-1, of the issuing authority’s country or territory",
+ "locale": "en"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/priv/kep/AuthenticationFramework.asn1 b/priv/kep/AuthenticationFramework.asn1
deleted file mode 100644
index 94f019f..0000000
--- a/priv/kep/AuthenticationFramework.asn1
+++ /dev/null
@@ -1,263 +0,0 @@
--- Module AuthenticationFramework (X.509:08/1997)
-
-AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-IMPORTS
- id-at, id-mr, informationFramework, upperBounds,
- selectedAttributeTypes, basicAccessControl,
- certificateExtensions
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
- Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute
- FROM InformationFramework informationFramework
- ub-user-password
- FROM UpperBounds upperBounds
- AuthenticationLevel
- FROM BasicAccessControl basicAccessControl
- UniqueIdentifier, octetStringMatch
- FROM SelectedAttributeTypes selectedAttributeTypes
- certificateExactMatch, certificatePairExactMatch, certificateListExactMatch, GeneralNames, subjectDirectoryAttributes
- FROM CertificateExtensions certificateExtensions;
-
--- basic certificate definition
-Certificate ::=
- SIGNED
- {SEQUENCE {version [0] Version DEFAULT v1,
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, -- v2/v3
- subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, -- v2/v3
- extensions [3] Extensions OPTIONAL -- v3
- }}
-
-Version ::= INTEGER {v1(0), v2(1), v3(2)}
-CertificateSerialNumber ::= INTEGER
-
-AlgorithmIdentifier ::= SEQUENCE {
- algorithm ALGORITHM.&id({SupportedAlgorithms}),
- parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL
-}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the parameters component of AlgorithmIdentifier.
-
-SupportedAlgorithms ALGORITHM ::= {...}
-Validity ::= SEQUENCE { notBefore Time, notAfter Time }
-
-SubjectPublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- subjectPublicKey BIT STRING }
-
-Time ::= CHOICE {
- utcTime UTCTime,
- generalizedTime GeneralizedTime }
-
-Extensions ::= SEQUENCE OF Extension
-
--- For those extensions where ordering of individual extensions within the SEQUENCE is significant, the
--- specification of those individual extensions shall include the rules for the significance of the order therein
-
-Extension ::= SEQUENCE {
- extnId EXTENSION.&id({ExtensionSet}),
- critical BOOLEAN DEFAULT FALSE,
- extnValue OCTET STRING (CONTAINING EXTENSION.&ExtnType({ExtensionSet}{@extnID}) ENCODED BY der) }
-
-der OBJECT IDENTIFIER ::=
- {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}
-
-ExtensionSet EXTENSION ::= {...}
-
-EXTENSION ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &ExtnType }
- WITH SYNTAX { SYNTAX &ExtnType IDENTIFIED BY &id }
-
-Certificates ::= SEQUENCE {
- userCertificate Certificate,
- certificationPath ForwardCertificationPath OPTIONAL
-}
-
-ForwardCertificationPath ::= SEQUENCE OF CrossCertificates
-CrossCertificates ::= SET OF Certificate
-
-CertificationPath ::= SEQUENCE {
- userCertificate Certificate,
- theCACertificates SEQUENCE OF CertificatePair OPTIONAL
-}
-
-CertificatePair ::= SEQUENCE {
- issuedByThisCA [0] Certificate OPTIONAL,
- issuedToThisCA [1] Certificate OPTIONAL
-}
-
-CertificateList ::=
- SIGNED
- {SEQUENCE {version Version OPTIONAL, -- v2
- signature AlgorithmIdentifier,
- issuer Name,
- thisUpdate Time,
- nextUpdate Time OPTIONAL,
- revokedCertificates
- SEQUENCE OF
- SEQUENCE {userCertificate CertificateSerialNumber,
- revocationDate Time,
- crlEntryExtensions Extensions OPTIONAL} OPTIONAL,
- crlExtensions [0] Extensions OPTIONAL}}
-
-AttributeCertificationPath ::= SEQUENCE {
- attributeCertificate AttributeCertificate,
- acPath SEQUENCE OF ACPathData OPTIONAL
-}
-
-ACPathData ::= SEQUENCE {
- certificate [0] Certificate OPTIONAL,
- attributeCertificate [1] AttributeCertificate OPTIONAL
-}
-
-attributeCertificate ATTRIBUTE ::= {
- WITH SYNTAX AttributeCertificate
- EQUALITY MATCHING RULE attributeCertificateMatch
- ID id-at-attributeCertificate
-}
-
-AttributeCertificate ::= SIGNED{AttributeCertificateInfo}
-
-AttributeCertificateInfo ::= SEQUENCE {
- version Version DEFAULT v1,
- subject
- CHOICE {baseCertificateID [0] IssuerSerial, -- associated with a Public Key Certificate--
- subjectName [1] GeneralNames}, -- associated with a name
- issuer GeneralNames, -- CA issuing the attribute certificate
- signature AlgorithmIdentifier,
- serialNumber CertificateSerialNumber,
- attCertValidityPeriod AttCertValidityPeriod,
- attributes SEQUENCE OF Attribute,
- issuerUniqueID UniqueIdentifier OPTIONAL,
- extensions Extensions OPTIONAL
-}
-
-IssuerSerial ::= SEQUENCE {
- issuer GeneralNames,
- serial CertificateSerialNumber,
- issuerUID UniqueIdentifier OPTIONAL
-}
-
-AttCertValidityPeriod ::= SEQUENCE {
- notBeforeTime GeneralizedTime,
- notAfterTime GeneralizedTime
-}
-
-attributeCertificateMatch MATCHING-RULE ::= {
- SYNTAX AttributeCertificateAssertion
- ID id-mr-attributeCertificateMatch
-}
-
-AttributeCertificateAssertion ::= SEQUENCE {
- subject
- [0] CHOICE {baseCertificateID [0] IssuerSerial,
- subjectName [1] Name} OPTIONAL,
- issuer [1] Name OPTIONAL,
- attCertValidity [2] GeneralizedTime OPTIONAL,
- attType [3] SET OF AttributeType OPTIONAL
-}
-
--- At least one component of the sequence must be present
--- attribute types
-userPassword ATTRIBUTE ::= {
- WITH SYNTAX OCTET STRING(SIZE (0..ub-user-password))
- EQUALITY MATCHING RULE octetStringMatch
- ID id-at-userPassword
-}
-
-userCertificate ATTRIBUTE ::= {
- WITH SYNTAX Certificate
- EQUALITY MATCHING RULE certificateExactMatch
- ID id-at-userCertificate
-}
-
-cACertificate ATTRIBUTE ::= {
- WITH SYNTAX Certificate
- EQUALITY MATCHING RULE certificateExactMatch
- ID id-at-cAcertificate
-}
-
-crossCertificatePair ATTRIBUTE ::= {
- WITH SYNTAX CertificatePair
- EQUALITY MATCHING RULE certificatePairExactMatch
- ID id-at-crossCertificatePair
-}
-
-authorityRevocationList ATTRIBUTE ::= {
- WITH SYNTAX CertificateList
- EQUALITY MATCHING RULE certificateListExactMatch
- ID id-at-authorityRevocationList
-}
-
-certificateRevocationList ATTRIBUTE ::= {
- WITH SYNTAX CertificateList
- EQUALITY MATCHING RULE certificateListExactMatch
- ID id-at-certificateRevocationList
-}
-
-attributeCertificateRevocationList ATTRIBUTE ::= {
- WITH SYNTAX CertificateList
- ID id-at-attributeCertificateRevocationList
-}
-
--- information object classes
-ALGORITHM ::= TYPE-IDENTIFIER
-
--- parameterized types
-HASH{ToBeHashed} ::= SEQUENCE {
- algorithmIdentifier AlgorithmIdentifier,
- hashValue
- BIT STRING
- (CONSTRAINED BY {
- -- must be the result of applying a hashing procedure to the DER-encoded octets
- -- of a value of -- ToBeHashed})
-}
-
-ENCRYPTED-HASH{ToBeSigned} ::=
- BIT STRING
- (CONSTRAINED BY {
- -- must be the result of applying a hashing procedure to the DER-encoded octets
- -- of a value of --ToBeSigned -- and then applying an encipherment procedure to those octets --})
-
-ENCRYPTED{ToBeEnciphered} ::=
- BIT STRING
- (CONSTRAINED BY {
- -- must be the result of applying an encipherment procedure
- -- to the BER-encoded octets of a value of --ToBeEnciphered})
-
-SIGNATURE{ToBeSigned} ::= SEQUENCE {
- algorithmIdentifier AlgorithmIdentifier,
- encrypted ENCRYPTED-HASH{ToBeSigned}
-}
-
-SIGNED{ToBeSigned} ::= SEQUENCE {
- toBeSigned ToBeSigned,
- COMPONENTS OF SIGNATURE{ToBeSigned}
-}
-
-id-at-userPassword OBJECT IDENTIFIER ::= {id-at 35}
-id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36}
-id-at-cAcertificate OBJECT IDENTIFIER ::= {id-at 37}
-id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38}
-id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39}
-id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40}
-id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
-id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
-id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
-
-END
-
-
diff --git a/priv/kep/BasicAccessControl.asn1 b/priv/kep/BasicAccessControl.asn1
deleted file mode 100644
index 8f74f63..0000000
--- a/priv/kep/BasicAccessControl.asn1
+++ /dev/null
@@ -1,169 +0,0 @@
--- Module BasicAccessControl (X.501:08/1997)
-
-BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3}
-DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-IMPORTS
- id-aca, id-acScheme, informationFramework, upperBounds,
- selectedAttributeTypes, directoryAbstractService
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
- ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion,
- SubtreeSpecification, SupportedAttributes, MATCHING-RULE,
- objectIdentifierMatch, Refinement
- FROM InformationFramework informationFramework
- Filter
- FROM DirectoryAbstractService directoryAbstractService
- ub-tag
- FROM UpperBounds upperBounds
- NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{}
- FROM SelectedAttributeTypes selectedAttributeTypes;
-
-ACIItem ::= SEQUENCE {
- identificationTag DirectoryString{ub-tag},
- precedence Precedence,
- authenticationLevel AuthenticationLevel,
- itemOrUserFirst CHOICE {
- itemFirst [0] SEQUENCE {
- protectedItems ProtectedItems,
- itemPermissions SET OF ItemPermission
- },
- userFirst [1] SEQUENCE {
- userClasses UserClasses,
- userPermissions SET OF UserPermission
- }
- }
-}
-
-Precedence ::= INTEGER(0..255)
-
-ProtectedItems ::= SEQUENCE {
- entry [0] NULL OPTIONAL,
- allUserAttributeTypes [1] NULL OPTIONAL,
- attributeType [2] SET SIZE (1..MAX) OF AttributeType OPTIONAL,
- allAttributeValues [3] SET SIZE (1..MAX) OF AttributeType OPTIONAL,
- allUserAttributeTypesAndValues [4] NULL OPTIONAL,
- attributeValue [5] SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL,
- selfValue [6] SET SIZE (1..MAX) OF AttributeType OPTIONAL,
- rangeOfValues [7] Filter OPTIONAL,
- maxValueCount [8] SET SIZE (1..MAX) OF MaxValueCount OPTIONAL,
- maxImmSub [9] INTEGER OPTIONAL,
- restrictedBy [10] SET SIZE (1..MAX) OF RestrictedValue OPTIONAL,
- contexts [11] SET SIZE (1..MAX) OF ContextAssertion OPTIONAL,
- classes [12] Refinement OPTIONAL
-}
-
-MaxValueCount ::= SEQUENCE {
- type AttributeType,
- maxCount INTEGER }
-
-RestrictedValue ::= SEQUENCE {
- type AttributeType,
- valuesIn AttributeType }
-
-UserClasses ::= SEQUENCE {
- allUsers [0] NULL OPTIONAL,
- thisEntry [1] NULL OPTIONAL,
- name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
- userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
- -- dn component must be the name of an
- -- entry of GroupOfUniqueNames
- subtree [4] SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL
-}
-
-ItemPermission ::= SEQUENCE {
- precedence Precedence OPTIONAL,
- -- defaults to precedence in ACIItem
- userClasses UserClasses,
- grantsAndDenials GrantsAndDenials
-}
-
-UserPermission ::= SEQUENCE {
- precedence Precedence OPTIONAL,
- -- defaults to precedence in ACIItem
- protectedItems ProtectedItems,
- grantsAndDenials GrantsAndDenials
-}
-
-AuthenticationLevel ::= CHOICE {
- basicLevels
- SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)},
- localQualifier INTEGER OPTIONAL,
- signed BOOLEAN DEFAULT FALSE},
- other EXTERNAL
-}
-
-GrantsAndDenials ::= BIT STRING {
- -- permissions that may be used in conjunction
- -- with any component of ProtectedItems
- grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
- grantRead(4), denyRead(5), grantRemove(6),
- denyRemove(7),
- -- permissions that may be used only in conjunction
- -- with the entry component
- grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
- grantImport(12), denyImport(13), grantModify(14), denyModify(15),
- grantRename(16), denyRename(17), grantReturnDN(18),
- denyReturnDN(19),
- -- permissions that may be used in conjunction
- -- with any component, except entry, of ProtectedItems
- grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
- grantInvoke(24), denyInvoke(25)}
-
-AttributeTypeAndValue ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- value ATTRIBUTE.&Type({SupportedAttributes}{@type})
-}
-
--- attributes
-accessControlScheme ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- SINGLE VALUE TRUE
- USAGE directoryOperation
- ID id-aca-accessControlScheme
-}
-
-prescriptiveACI ATTRIBUTE ::= {
- WITH SYNTAX ACIItem
- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
- USAGE directoryOperation
- ID id-aca-prescriptiveACI
-}
-
-entryACI ATTRIBUTE ::= {
- WITH SYNTAX ACIItem
- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
- USAGE directoryOperation
- ID id-aca-entryACI
-}
-
-subentryACI ATTRIBUTE ::= {
- WITH SYNTAX ACIItem
- EQUALITY MATCHING RULE directoryStringFirstComponentMatch
- USAGE directoryOperation
- ID id-aca-subentryACI
-}
-
--- object identifier assignments
--- attributes
-id-aca-accessControlScheme OBJECT IDENTIFIER ::= {id-aca 1}
-id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
-id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
-id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
-
--- access control schemes -
-basicAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 1}
-simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
-rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
-rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
-rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
-
-END -- BasicAccessControl
-
diff --git a/priv/kep/CertificateExtensions.asn1 b/priv/kep/CertificateExtensions.asn1
deleted file mode 100644
index d573c42..0000000
--- a/priv/kep/CertificateExtensions.asn1
+++ /dev/null
@@ -1,456 +0,0 @@
--- Module CertificateExtensions (X.509:08/1997)
-
-CertificateExtensions {joint-iso-itu-t ds(5) module(1)
- certificateExtensions(26) 0} DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-
-IMPORTS id-at, id-ce, id-mr, informationFramework, authenticationFramework,
- selectedAttributeTypes, upperBounds
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
-
- Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE
- FROM InformationFramework informationFramework
-
- CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION, Time
- FROM AuthenticationFramework authenticationFramework
-
- DirectoryString{}
- FROM SelectedAttributeTypes selectedAttributeTypes
-
- ub-name
- FROM UpperBounds upperBounds;
-
--- Unless explicitly noted otherwise, there is no significance to the ordering
--- of components of a SEQUENCE OF construct in this Specification.
--- Key and policy information extensions
-authorityKeyIdentifier EXTENSION ::= {
- SYNTAX AuthorityKeyIdentifier
- IDENTIFIED BY id-ce-authorityKeyIdentifier
-}
-
-AuthorityKeyIdentifier ::= SEQUENCE {
- keyIdentifier [0] KeyIdentifier OPTIONAL,
- authorityCertIssuer [1] GeneralNames OPTIONAL,
- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
-}
-(WITH COMPONENTS {
- ...,
- authorityCertIssuer PRESENT,
- authorityCertSerialNumber PRESENT
- } |
- WITH COMPONENTS {
- ...,
- authorityCertIssuer ABSENT,
- authorityCertSerialNumber ABSENT
- })
-
-KeyIdentifier ::= OCTET STRING
-
-subjectKeyIdentifier EXTENSION ::= {
- SYNTAX SubjectKeyIdentifier
- IDENTIFIED BY id-ce-subjectKeyIdentifier
-}
-
-SubjectKeyIdentifier ::= KeyIdentifier
-
-keyUsage EXTENSION ::= {SYNTAX KeyUsage
- IDENTIFIED BY id-ce-keyUsage
-}
-
-KeyUsage ::= BIT STRING {
- digitalSignature(0), nonRepudiation(1), keyEncipherment(2),
- dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6),
- encipherOnly(7), decipherOnly(8)}
-
-extKeyUsage EXTENSION ::= {
- SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId
- IDENTIFIED BY id-ce-extKeyUsage
-}
-
-KeyPurposeId ::= OBJECT IDENTIFIER
-
-privateKeyUsagePeriod EXTENSION ::= {
- SYNTAX PrivateKeyUsagePeriod
- IDENTIFIED BY id-ce-privateKeyUsagePeriod
-}
-
-PrivateKeyUsagePeriod ::= SEQUENCE {
- notBefore [0] GeneralizedTime OPTIONAL,
- notAfter [1] GeneralizedTime OPTIONAL
-}
-(WITH COMPONENTS {
- ...,
- notBefore PRESENT
- } | WITH COMPONENTS {
- ...,
- notAfter PRESENT
- })
-
-certificatePolicies EXTENSION ::= {
- SYNTAX CertificatePoliciesSyntax
- IDENTIFIED BY id-ce-certificatePolicies
-}
-
-CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
-
-PolicyInformation ::= SEQUENCE {
- policyIdentifier CertPolicyId,
- policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL
-}
-
-CertPolicyId ::= OBJECT IDENTIFIER
-
-PolicyQualifierInfo ::= SEQUENCE {
- policyQualifierId CERT-POLICY-QUALIFIER.&id({SupportedPolicyQualifiers}),
- qualifier
- CERT-POLICY-QUALIFIER.&Qualifier
- ({SupportedPolicyQualifiers}{@policyQualifierId}) OPTIONAL
-}
-
-SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::=
- {...}
-
-CERT-POLICY-QUALIFIER ::= CLASS {
- &id OBJECT IDENTIFIER UNIQUE,
- &Qualifier OPTIONAL
-}WITH SYNTAX {POLICY-QUALIFIER-ID &id
- [QUALIFIER-TYPE &Qualifier]
-}
-
-policyMappings EXTENSION ::= {
- SYNTAX PolicyMappingsSyntax
- IDENTIFIED BY id-ce-policyMappings
-}
-
-PolicyMappingsSyntax ::=
- SEQUENCE SIZE (1..MAX) OF
- SEQUENCE {issuerDomainPolicy CertPolicyId,
- subjectDomainPolicy CertPolicyId}
-
-supportedAlgorithms ATTRIBUTE ::= {
- WITH SYNTAX SupportedAlgorithm
- EQUALITY MATCHING RULE algorithmIdentifierMatch
- ID id-at-supportedAlgorithms
-}
-
-SupportedAlgorithm ::= SEQUENCE {
- algorithmIdentifier AlgorithmIdentifier,
- intendedUsage [0] KeyUsage OPTIONAL,
- intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL
-}
-
--- Certificate subject and certificate issuer attributes extensions
-subjectAltName EXTENSION ::= {
- SYNTAX GeneralNames
- IDENTIFIED BY id-ce-subjectAltName
-}
-
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-GeneralName ::= CHOICE {
- otherName [0] INSTANCE OF OTHER-NAME,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- directoryName [4] Name,
- ediPartyName [5] EDIPartyName,
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER
-}
-
-OTHER-NAME ::= TYPE-IDENTIFIER
-
-EDIPartyName ::= SEQUENCE {
- nameAssigner [0] DirectoryString{ub-name} OPTIONAL,
- partyName [1] DirectoryString{ub-name}
-}
-
-issuerAltName EXTENSION ::= {
- SYNTAX GeneralNames
- IDENTIFIED BY id-ce-issuerAltName
-}
-
-subjectDirectoryAttributes EXTENSION ::= {
- SYNTAX AttributesSyntax
- IDENTIFIED BY id-ce-subjectDirectoryAttributes
-}
-
-AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute
-
--- Certification path constraints extensions
-basicConstraints EXTENSION ::= {
- SYNTAX BasicConstraintsSyntax
- IDENTIFIED BY id-ce-basicConstraints
-}
-
-BasicConstraintsSyntax ::= SEQUENCE {
- cA BOOLEAN DEFAULT FALSE,
- pathLenConstraint INTEGER(0..MAX) OPTIONAL
-}
-
-nameConstraints EXTENSION ::= {
- SYNTAX NameConstraintsSyntax
- IDENTIFIED BY id-ce-nameConstraint
-}
-
-NameConstraintsSyntax ::= SEQUENCE {
- permittedSubtrees [0] GeneralSubtrees OPTIONAL,
- excludedSubtrees [1] GeneralSubtrees OPTIONAL,
- requiredNameForms [2] NameForms OPTIONAL
-}
-
-GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
-
-GeneralSubtree ::= SEQUENCE {
- base GeneralName,
- minimum [0] BaseDistance DEFAULT 0,
- maximum [1] BaseDistance OPTIONAL
-}
-
-BaseDistance ::= INTEGER(0..MAX)
-
-NameForms ::= SEQUENCE {
- basicNameForms [0] BasicNameForms OPTIONAL,
- otherNameForms [1] SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL
-}(ALL EXCEPT ({ --none; i.e.:at least one component shall be present--}))
-
-BasicNameForms ::= BIT STRING {
- rfc822Name(0), dNSName(1), x400Address(2), directoryName(3), ediPartyName(4),
- uniformResourceIdentifier(5), iPAddress(6), registeredID(7)}(SIZE (1..MAX))
-
-policyConstraints EXTENSION ::= {
- SYNTAX PolicyConstraintsSyntax
- IDENTIFIED BY id-ce-policyConstraints
-}
-
-PolicyConstraintsSyntax ::= SEQUENCE {
- requireExplicitPolicy [0] SkipCerts OPTIONAL,
- inhibitPolicyMapping [1] SkipCerts OPTIONAL
-}
-
-SkipCerts ::= INTEGER(0..MAX)
-
-CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId
-
--- Basic CRL extensions
-cRLNumber EXTENSION ::= {
- SYNTAX CRLNumber
- IDENTIFIED BY id-ce-cRLNumber
-}
-
-CRLNumber ::= INTEGER(0..MAX)
-
-reasonCode EXTENSION ::= {
- SYNTAX CRLReason
- IDENTIFIED BY id-ce-reasonCode
-}
-
-CRLReason ::= ENUMERATED {
- unspecified(0), keyCompromise(1), cACompromise(2), affiliationChanged(3),
- superseded(4), cessationOfOperation(5), certificateHold(6), removeFromCRL(8)
-}
-
-instructionCode EXTENSION ::= {
- SYNTAX HoldInstruction
- IDENTIFIED BY id-ce-instructionCode
-}
-
-HoldInstruction ::= OBJECT IDENTIFIER
-
-invalidityDate EXTENSION ::= {
- SYNTAX GeneralizedTime
- IDENTIFIED BY id-ce-invalidityDate
-}
-
--- CRL distribution points and delta-CRL extensions
-cRLDistributionPoints EXTENSION ::= {
- SYNTAX CRLDistPointsSyntax
- IDENTIFIED BY id-ce-cRLDistributionPoints
-}
-
-CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-
-DistributionPoint ::= SEQUENCE {
- distributionPoint [0] DistributionPointName OPTIONAL,
- reasons [1] ReasonFlags OPTIONAL,
- cRLIssuer [2] GeneralNames OPTIONAL
-}
-
-DistributionPointName ::= CHOICE {
- fullName [0] GeneralNames,
- nameRelativeToCRLIssuer [1] RelativeDistinguishedName
-}
-
-ReasonFlags ::= BIT STRING {
- unused(0), keyCompromise(1), caCompromise(2), affiliationChanged(3),
- superseded(4), cessationOfOperation(5), certificateHold(6)}
-
-issuingDistributionPoint EXTENSION ::= {
- SYNTAX IssuingDistPointSyntax
- IDENTIFIED BY id-ce-issuingDistributionPoint
-}
-
-IssuingDistPointSyntax ::= SEQUENCE {
- distributionPoint [0] DistributionPointName OPTIONAL,
- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
- onlySomeReasons [3] ReasonFlags OPTIONAL,
- indirectCRL [4] BOOLEAN DEFAULT FALSE
-}
-
-certificateIssuer EXTENSION ::= {
- SYNTAX GeneralNames
- IDENTIFIED BY id-ce-certificateIssuer
-}
-
-deltaCRLIndicator EXTENSION ::= {
- SYNTAX BaseCRLNumber
- IDENTIFIED BY id-ce-deltaCRLIndicator
-}
-
-BaseCRLNumber ::= CRLNumber
-
-deltaRevocationList ATTRIBUTE ::= {
- WITH SYNTAX CertificateList
- EQUALITY MATCHING RULE certificateListExactMatch
- ID id-at-deltaRevocationList
-}
-
--- Matching rules
-certificateExactMatch MATCHING-RULE ::= {
- SYNTAX CertificateExactAssertion
- ID id-mr-certificateExactMatch
-}
-
-CertificateExactAssertion ::= SEQUENCE {
- serialNumber CertificateSerialNumber,
- issuer Name
-}
-
-certificateMatch MATCHING-RULE ::= {
- SYNTAX CertificateAssertion
- ID id-mr-certificateMatch
-}
-
-CertificateAssertion ::= SEQUENCE {
- serialNumber [0] CertificateSerialNumber OPTIONAL,
- issuer [1] Name OPTIONAL,
- subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL,
- authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
- certificateValid [4] Time OPTIONAL,
- privateKeyValid [5] GeneralizedTime OPTIONAL,
- subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL,
- keyUsage [7] KeyUsage OPTIONAL,
- subjectAltName [8] AltNameType OPTIONAL,
- policy [9] CertPolicySet OPTIONAL,
- pathToName [10] Name OPTIONAL
-}
-
-AltNameType ::= CHOICE {
- builtinNameForm
- ENUMERATED {rfc822Name(1), dNSName(2), x400Address(3), directoryName(4),
- ediPartyName(5), uniformResourceIdentifier(6), iPAddress(7),
- registeredId(8)},
- otherNameForm OBJECT IDENTIFIER
-}
-
-certificatePairExactMatch MATCHING-RULE ::= {
- SYNTAX CertificatePairExactAssertion
- ID id-mr-certificatePairExactMatch
-}
-
-CertificatePairExactAssertion ::= SEQUENCE {
- forwardAssertion [0] CertificateExactAssertion OPTIONAL,
- reverseAssertion [1] CertificateExactAssertion OPTIONAL
-}
-(WITH COMPONENTS {
- ...,
- forwardAssertion PRESENT
- } | WITH COMPONENTS {
- ...,
- reverseAssertion PRESENT
- })
-
-certificatePairMatch MATCHING-RULE ::= {
- SYNTAX CertificatePairAssertion
- ID id-mr-certificatePairMatch
-}
-
-CertificatePairAssertion ::= SEQUENCE {
- forwardAssertion [0] CertificateAssertion OPTIONAL,
- reverseAssertion [1] CertificateAssertion OPTIONAL
-}
-(WITH COMPONENTS {
- ...,
- forwardAssertion PRESENT
- } | WITH COMPONENTS {
- ...,
- reverseAssertion PRESENT
- })
-
-certificateListExactMatch MATCHING-RULE ::= {
- SYNTAX CertificateListExactAssertion
- ID id-mr-certificateListExactMatch
-}
-
-CertificateListExactAssertion ::= SEQUENCE {
- issuer Name,
- thisUpdate Time,
- distributionPoint DistributionPointName OPTIONAL
-}
-
-certificateListMatch MATCHING-RULE ::= {
- SYNTAX CertificateListAssertion
- ID id-mr-certificateListMatch
-}
-
-CertificateListAssertion ::= SEQUENCE {
- issuer Name OPTIONAL,
- minCRLNumber [0] CRLNumber OPTIONAL,
- maxCRLNumber [1] CRLNumber OPTIONAL,
- reasonFlags ReasonFlags OPTIONAL,
- dateAndTime Time OPTIONAL,
- distributionPoint [2] DistributionPointName OPTIONAL
-}
-
-algorithmIdentifierMatch MATCHING-RULE ::= {
- SYNTAX AlgorithmIdentifier
- ID id-mr-algorithmIdentifierMatch
-}
-
--- Object identifier assignments
-id-at-supportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52}
-id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53}
-id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9}
-id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14}
-id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15}
-id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16}
-id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17}
-id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18}
-id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19}
-id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20}
-id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21}
-id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23}
-id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24}
-id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27}
-id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28}
-id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29}
-id-ce-nameConstraint OBJECT IDENTIFIER ::= {id-ce 30 1}
-id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
-id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32}
-id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33}
-id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35}
-id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36}
-id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
-id-mr-certificateExactMatch OBJECT IDENTIFIER ::= {id-mr 34}
-id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35}
-id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36}
-id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37}
-id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38}
-id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39}
-id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40}
-id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54}
-
-END
-
-
diff --git a/priv/kep/DirectoryAbstractService.asn1 b/priv/kep/DirectoryAbstractService.asn1
deleted file mode 100644
index 7905ebb..0000000
--- a/priv/kep/DirectoryAbstractService.asn1
+++ /dev/null
@@ -1,227 +0,0 @@
--- Module DirectoryAbstractService (X.511:08/1997)
-DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
- directoryAbstractService(2) 3} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-IMPORTS
- informationFramework, authenticationFramework, basicAccessControl
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
- AttributeTypeAndValue FROM BasicAccessControl basicAccessControl
- Attribute, AttributeType, AttributeValue, AttributeValueAssertion,
- DistinguishedName, Name, RelativeDistinguishedName, SupportedAttributes,
- ATTRIBUTE, MATCHING-RULE, ContextAssertion, AttributeTypeAssertion,
- OBJECT-CLASS, RelaxationPolicy
- FROM InformationFramework informationFramework
- CertificationPath, SIGNED{}, SIGNATURE{}, ENCRYPTED{}, AlgorithmIdentifier, AttributeCertificationPath
- FROM AuthenticationFramework authenticationFramework;
-
--- Common data types
--- Parameterized type for representing optional signing
-
-OPTIONALLY-SIGNED {Type} ::= CHOICE {
- unsigned Type,
- signed SIGNED {Type}
-}
-
-AgreementID ::= SEQUENCE {
- identifier INTEGER,
- version INTEGER }
-
-Code ::= CHOICE {
- local INTEGER,
- global OBJECT IDENTIFIER }
-
-OperationProgress ::= SET {
- nameResolutionPhase [0] ENUMERATED {notStarted(1), proceeding(2), completed(3)},
- nextRDNToBeResolved [1] INTEGER OPTIONAL }
-
-ReferenceType ::= ENUMERATED {
- superior(1), subordinate(2), cross(3), nonSpecificSubordinate(4),
- supplier(5), master(6), immediateSuperior(7), self(8)}
-
-CommonArguments ::= SET {
- serviceControls [30] ServiceControls DEFAULT {},
- securityParameters [29] SecurityParameters OPTIONAL,
- requestor [28] DistinguishedName OPTIONAL,
- operationProgress [27] OperationProgress DEFAULT {
- nameResolutionPhase notStarted },
- aliasedRDNs [26] INTEGER OPTIONAL,
- criticalExtensions [25] BIT STRING OPTIONAL,
- referenceType [24] ReferenceType OPTIONAL,
- entryOnly [23] BOOLEAN DEFAULT TRUE,
- nameResolveOnMaste [21] BOOLEAN DEFAULT FALSE,
- operationContexts [20] ContextSelection OPTIONAL,
- familyGrouping [19] FamilyGrouping DEFAULT entryOnly
-}
-
-FamilyGrouping ::= ENUMERATED {
- entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)}
-
-CommonResults ::= SET {
- securityParameters [30] SecurityParameters OPTIONAL,
- performer [29] DistinguishedName OPTIONAL,
- aliasDereferenced [28] BOOLEAN DEFAULT FALSE,
- notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
-}
-
-CommonResultsSeq ::= SEQUENCE {
- securityParameters [30] SecurityParameters OPTIONAL,
- performer [29] DistinguishedName OPTIONAL,
- aliasDereferenced [28] BOOLEAN DEFAULT FALSE
-}
-
-ServiceControls ::= SET {
- options [0] ServiceControlOptions DEFAULT {},
- priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium,
- timeLimit [2] INTEGER OPTIONAL,
- sizeLimit [3] INTEGER OPTIONAL,
- scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL,
- attributeSizeLimit [5] INTEGER OPTIONAL,
- manageDSAITPlaneRef [6] SEQUENCE {
- dsaName Name,
- agreementID AgreementID } OPTIONAL,
- serviceType [7] OBJECT IDENTIFIER OPTIONAL,
- userClass [8] INTEGER OPTIONAL
-}
-
-ServiceControlOptions ::= BIT STRING {
- preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3),
- dontDereferenceAliases(4), subentries(5), copyShallDo(6),
- partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9),
- noSubtypeSelection(10), countFamily(11)}
-
-EntryInformationSelection ::= SET {
- attributes CHOICE {
- allUserAttributes [0] NULL,
- select [1] SET OF AttributeType
- } DEFAULT allUserAttributes:NULL,
- infoTypes [2] INTEGER {
- attributeTypesOnly(0),
- attributeTypesAndValues(1) } DEFAULT attributeTypesAndValues,
- extraAttributes CHOICE {
- allOperationalAttributes [3] NULL,
- select [4] SET OF AttributeType} OPTIONAL,
- contextSelection ContextSelection OPTIONAL,
- returnContexts BOOLEAN DEFAULT FALSE,
- familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly}
-}
-
-ContextSelection ::= CHOICE {
- allContexts NULL,
- selectedContexts SET OF TypeAndContextAssertion
-}
-
-TypeAndContextAssertion ::= SEQUENCE {
- type AttributeType,
- contextAssertions CHOICE {
- preference SEQUENCE OF ContextAssertion,
- all SET OF ContextAssertion
- }
-}
-
-FamilyReturn ::= SEQUENCE {
- memberSelect ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2), compoundEntry(3)},
- familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL
-}
-
-FamilyEntries ::= SEQUENCE {
- family-class OBJECT-CLASS.&id, -- structural object class value
- familyEntries SEQUENCE OF FamilyEntry }
-
-FamilyEntry ::= SEQUENCE {
- rdn RelativeDistinguishedName,
- information SEQUENCE OF CHOICE {attributeType AttributeType,attribute Attribute},
- family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL }
-
-EntryInformation ::= SEQUENCE {
- name Name,
- fromEntry BOOLEAN DEFAULT TRUE,
- information SET SIZE (1..MAX) OF CHOICE {
- attributeType AttributeType,
- attribute Attribute} OPTIONAL,
- incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems
- partialNameResolution [4] BOOLEAN DEFAULT FALSE -- not in 1988 or 1993 edition systems --
-}
-
-Filter ::= CHOICE {
- item [0] FilterItem,
- and [1] SET OF Filter,
- or [2] SET OF Filter,
- not [3] Filter }
-
-FilterItem ::= CHOICE {
- equality [0] AttributeValueAssertion,
- substrings [1] SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- strings SEQUENCE OF CHOICE {
- initial [0] ATTRIBUTE.&Type ({SupportedAttributes}{@substrings.type}),
- any [1] ATTRIBUTE.&Type ({SupportedAttributes}{@substrings.type}),
- final [2] ATTRIBUTE.&Type ({SupportedAttributes}{@substrings.type}),
- control Attribute}},
- greaterOrEqual [2] AttributeValueAssertion,
- lessOrEqual [3] AttributeValueAssertion,
- present [4] AttributeType,
- approximateMatch [5] AttributeValueAssertion,
- extensibleMatch [6] MatchingRuleAssertion,
- contextPresent [7] AttributeTypeAssertion
-}
-
-MatchingRuleAssertion ::= SEQUENCE {
- matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id,
- type [2] AttributeType OPTIONAL,
- matchValue [3] MATCHING-RULE.&AssertionType (CONSTRAINED BY {}),
- dnAttributes [4] BOOLEAN DEFAULT FALSE
-}
-
-PagedResultsRequest ::= CHOICE {
- newRequest SEQUENCE {
- pageSize INTEGER,
- sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL,
- reverse [1] BOOLEAN DEFAULT FALSE,
- unmerged [2] BOOLEAN DEFAULT FALSE},
- queryReference OCTET STRING }
-
-SortKey ::= SEQUENCE {
- type AttributeType,
- orderingRule MATCHING-RULE.&id OPTIONAL }
-
-SecurityParameters ::= SET {
- certification-path [0] CertificationPath OPTIONAL,
- name [1] DistinguishedName OPTIONAL,
- time [2] Time OPTIONAL,
- random [3] BIT STRING OPTIONAL,
- target [4] ProtectionRequest OPTIONAL,
- response [5] BIT STRING OPTIONAL,
- operationCode [6] Code OPTIONAL,
- attributeCertificationPath [7] AttributeCertificationPath OPTIONAL,
- errorProtection [8] ErrorProtectionRequest OPTIONAL,
- errorCode [9] Code OPTIONAL }
-
-HierarchySelections ::= BIT STRING {
- self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5),
- siblings(6), siblingChildren(7), siblingSubtree(8), all(9)}
-
-SearchControlOptions ::= BIT STRING {
- searchAliases(0), matchedValuesOnly(1), checkOverspecified(2),
- performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6),
- matchOnResidualName(7), entryCount(8), useSubset(9),
- separateFamilyMembers(10), searchFamily(11)}
-
-ProtectionRequest ::= INTEGER {
- none(0), signed(1), encrypted(2), signed-encrypted(3)}
-
-Time ::= CHOICE {
- utcTime UTCTime,
- generalizedTime GeneralizedTime }
-
-ErrorProtectionRequest ::= INTEGER {
- none(0), signed(1), encrypted(2), signed-encrypted(3)}
-
-END -- DirectoryAbstractService
-
diff --git a/priv/kep/InformationFramework.asn1 b/priv/kep/InformationFramework.asn1
deleted file mode 100644
index e3561a2..0000000
--- a/priv/kep/InformationFramework.asn1
+++ /dev/null
@@ -1,836 +0,0 @@
--- Module InformationFramework (X.501:08/1997)
-
-InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 3} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All -
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-IMPORTS
- id-oc, id-at, id-mr, id-oa, id-sc, id-ar, id-nf, selectedAttributeTypes, directoryAbstractService, upperBounds
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
- commonName, generalizedTimeMatch, generalizedTimeOrderingMatch, booleanMatch,
- integerMatch, integerOrderingMatch, objectIdentifierFirstComponentMatch,
- integerFirstComponentMatch, DirectoryString{}
- FROM SelectedAttributeTypes selectedAttributeTypes
- TypeAndContextAssertion, ServiceControlOptions, SearchControlOptions,
- HierarchySelections, FamilyGrouping, FamilyReturn
- FROM DirectoryAbstractService directoryAbstractService
- ub-search
- FROM UpperBounds upperBounds;
-
-Attribute ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- values SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
- valuesWithContext SET SIZE (1..MAX) OF SEQUENCE {
- value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
- contextList SET SIZE (1..MAX) OF Context } OPTIONAL
-}
-
-AttributeType ::= ATTRIBUTE.&id
-AttributeValue ::= ATTRIBUTE.&Type
-
-Context ::= SEQUENCE {
- contextType CONTEXT.&id({SupportedContexts}),
- contextValues SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
- fallback BOOLEAN DEFAULT FALSE
-}
-
-AttributeValueAssertion ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- assertion ATTRIBUTE.&equality-match.&AssertionType({SupportedAttributes}{@type}),
- assertedContexts CHOICE {
- allContexts [0] NULL,
- selectedContexts [1] SET SIZE (1..MAX) OF ContextAssertion
- } OPTIONAL
-}
-
-ContextAssertion ::= SEQUENCE {
- contextType CONTEXT.&id({SupportedContexts}),
- contextValues SET SIZE (1..MAX) OF CONTEXT.&Assertion({SupportedContexts}{@contextType})
-}
-
-AttributeTypeAssertion ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- assertedContexts SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL
-}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the values component of Attribute, the value component
--- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion.
-
-SupportedAttributes ATTRIBUTE ::= {objectClass | aliasedEntryName, ...}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the context specifications
-
-SupportedContexts CONTEXT ::= {...}
-
-Name ::= CHOICE { rdnSequence RDNSequence }
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-DistinguishedName ::= RDNSequence
-RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
-
-AttributeTypeX ::= OBJECT IDENTIFIER
-AttributeValueX ::= CHOICE {
- utf8 UTF8String,
- printable PrintableString,
- else ANY }
-
-AttributeTypeAndValue ::= SEQUENCE {
- type AttributeTypeX,
- value AttributeValueX }
-
-AttributeTypeAndDistinguishedValue ::= SEQUENCE {
- type ATTRIBUTE.&id({SupportedAttributes}),
- value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
- primaryDistinguished BOOLEAN DEFAULT TRUE,
- valuesWithContext
- SET SIZE (1..MAX) OF
- SEQUENCE {distingAttrValue
- [0] ATTRIBUTE.&Type({SupportedAttributes}{@type}) OPTIONAL,
- contextList SET SIZE (1..MAX) OF Context} OPTIONAL
-}
-
--- subtree data types
-SubtreeSpecification ::= SEQUENCE {
- base [0] LocalName DEFAULT {},
- COMPONENTS OF ChopSpecification,
- specificationFilter [4] Refinement OPTIONAL
-}
-
--- empty sequence specifies whole administrative area
-LocalName ::= RDNSequence
-
-ChopSpecification ::= SEQUENCE {
- specificExclusions
- [1] SET SIZE (1..MAX) OF
- CHOICE {chopBefore [0] LocalName,
- chopAfter [1] LocalName} OPTIONAL,
- minimum [2] BaseDistance DEFAULT 0,
- maximum [3] BaseDistance OPTIONAL
-}
-
-BaseDistance ::= INTEGER(0..MAX)
-
-Refinement ::= CHOICE {
- item [0] OBJECT-CLASS.&id,
- and [1] SET OF Refinement,
- or [2] SET OF Refinement,
- not [3] Refinement
-}
-
--- OBJECT-CLASS information object class specification
-OBJECT-CLASS ::= CLASS {
- &Superclasses OBJECT-CLASS OPTIONAL,
- &kind ObjectClassKind DEFAULT structural,
- &MandatoryAttributes ATTRIBUTE OPTIONAL,
- &OptionalAttributes ATTRIBUTE OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [SUBCLASS OF &Superclasses]
- [KIND &kind]
- [MUST CONTAIN &MandatoryAttributes]
- [MAY CONTAIN &OptionalAttributes]
- ID &id
-}
-
-ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)}
-
--- object classes
-top OBJECT-CLASS ::= {
- KIND abstract
- MUST CONTAIN {objectClass}
- ID id-oc-top
-}
-
-alias OBJECT-CLASS ::= {
- SUBCLASS OF {top}
- MUST CONTAIN {aliasedEntryName}
- ID id-oc-alias
-}
-
-parent OBJECT-CLASS ::= {KIND abstract
- ID id-oc-parent
-}
-
-child OBJECT-CLASS ::= {KIND auxiliary
- ID id-oc-child
-}
-
--- ATTRIBUTE information object class specification
-ATTRIBUTE ::= CLASS {
- &derivation ATTRIBUTE OPTIONAL,
- &Type OPTIONAL, -- either &Type or &derivation required
- &equality-match MATCHING-RULE OPTIONAL,
- &ordering-match MATCHING-RULE OPTIONAL,
- &substrings-match MATCHING-RULE OPTIONAL,
- &single-valued BOOLEAN DEFAULT FALSE,
- &collective BOOLEAN DEFAULT FALSE,
- -- operational extensions
- &no-user-modification BOOLEAN DEFAULT FALSE,
- &usage AttributeUsage DEFAULT userApplications,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [SUBTYPE OF &derivation]
- [WITH SYNTAX &Type]
- [EQUALITY MATCHING RULE &equality-match]
- [ORDERING MATCHING RULE &ordering-match]
- [SUBSTRINGS MATCHING RULE &substrings-match]
- [SINGLE VALUE &single-valued]
- [COLLECTIVE &collective]
- [NO USER MODIFICATION &no-user-modification]
- [USAGE &usage]
- ID &id
-}
-
-AttributeUsage ::= ENUMERATED {
- userApplications(0), directoryOperation(1), distributedOperation(2),
- dSAOperation(3)}
-
--- attributes
-objectClass ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-at-objectClass
-}
-
-aliasedEntryName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- ID id-at-aliasedEntryName
-}
-
--- MATCHING-RULE information object class specification
-MATCHING-RULE ::= CLASS {
- &ParentMatchingRules MATCHING-RULE.&id OPTIONAL,
- &AssertionType OPTIONAL,
- &uniqueMatchIndicator ATTRIBUTE.&id OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [PARENT &ParentMatchingRules]
- [SYNTAX &AssertionType]
- [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
- ID &id
-}
-
--- matching rules
-objectIdentifierMatch MATCHING-RULE ::= {
- SYNTAX OBJECT IDENTIFIER
- ID id-mr-objectIdentifierMatch
-}
-
-distinguishedNameMatch MATCHING-RULE ::= {
- SYNTAX DistinguishedName
- ID id-mr-distinguishedNameMatch
-}
-
-MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult,
- OBJECT IDENTIFIER:matchingRule} ::= CLASS {
- &selectBy SelectedBy OPTIONAL,
- &ApplicableTo ATTRIBUTE,
- &subtypesIncluded BOOLEAN DEFAULT TRUE,
- &combinable BOOLEAN(combinable),
- &mappingResults MappingResult OPTIONAL,
- &userControl BOOLEAN DEFAULT FALSE,
- &exclusive BOOLEAN DEFAULT TRUE,
- &matching-rule MATCHING-RULE.&id(matchingRule),
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- [SELECT BY &selectBy]
- APPLICABLE TO &ApplicableTo
- [SUBTYPES INCLUDED &subtypesIncluded]
- COMBINABLE &combinable
- [MAPPING RESULTS &mappingResults]
- [USER CONTROL &userControl]
- [EXCLUSIVE &exclusive]
- MATCHING RULE &matching-rule
- ID &id
-}
-
--- NAME-FORM information object class specification
-NAME-FORM ::= CLASS {
- &namedObjectClass OBJECT-CLASS,
- &MandatoryAttributes ATTRIBUTE,
- &OptionalAttributes ATTRIBUTE OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}
-WITH SYNTAX {
- NAMES &namedObjectClass
- WITH ATTRIBUTES &MandatoryAttributes
- [AND OPTIONALLY &OptionalAttributes]
- ID &id
-}
-
--- STRUCTURE-RULE class and DIT structure rule data types
-STRUCTURE-RULE ::= CLASS {
- &nameForm NAME-FORM,
- &SuperiorStructureRules STRUCTURE-RULE OPTIONAL,
- &id RuleIdentifier
-}
-WITH SYNTAX {
- NAME FORM &nameForm
- [SUPERIOR RULES &SuperiorStructureRules]
- ID &id
-}
-
-DITStructureRule ::= SEQUENCE {
- ruleIdentifier RuleIdentifier,
- -- must be unique within the scope of the subschema
- nameForm NAME-FORM.&id,
- superiorStructureRules SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL
-}
-
-RuleIdentifier ::= INTEGER
-
--- CONTENT-RULE class and DIT content rule data types
-CONTENT-RULE ::= CLASS {
- &structuralClass OBJECT-CLASS.&id UNIQUE,
- &Auxiliaries OBJECT-CLASS OPTIONAL,
- &Mandatory ATTRIBUTE OPTIONAL,
- &Optional ATTRIBUTE OPTIONAL,
- &Precluded ATTRIBUTE OPTIONAL
-}
-WITH SYNTAX {
- STRUCTURAL OBJECT-CLASS &structuralClass
- [AUXILIARY OBJECT-CLASSES &Auxiliaries]
- [MUST CONTAIN &Mandatory]
- [MAY CONTAIN &Optional]
- [MUST-NOT CONTAIN &Precluded]
-}
-
-DITContentRule ::= SEQUENCE {
- structuralObjectClass OBJECT-CLASS.&id,
- auxiliaries SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
- mandatory [1] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
- optional [2] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
- precluded [3] SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL
-}
-
-CONTEXT ::= CLASS {
- &Type ,
- &Assertion OPTIONAL,
- &id OBJECT IDENTIFIER UNIQUE
-}WITH SYNTAX {WITH SYNTAX &Type
- [ASSERTED AS &Assertion]
- ID &id
-}
-
-DITContextUse ::= SEQUENCE {
- attributeType ATTRIBUTE.&id,
- mandatoryContexts [1] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
- optionalContexts [2] SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL
-}
-
-DIT-CONTEXT-USE-RULE ::= CLASS {
- &attributeType ATTRIBUTE.&id UNIQUE,
- &Mandatory CONTEXT OPTIONAL,
- &Optional CONTEXT OPTIONAL
-}
-WITH SYNTAX {
- ATTRIBUTE TYPE &attributeType
- [MANDATORY CONTEXTS &Mandatory]
- [OPTIONAL CONTEXTS &Optional]
-}
-
--- system schema information objects
--- object classes
-subentry OBJECT-CLASS ::= {
- SUBCLASS OF {top}
- KIND structural
- MUST CONTAIN {commonName | subtreeSpecification}
- ID id-sc-subentry
-}
-
-subentryNameForm NAME-FORM ::= {
- NAMES subentry
- WITH ATTRIBUTES {commonName}
- ID id-nf-subentryNameForm
-}
-
-accessControlSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- ID id-sc-accessControlSubentry
-}
-
-collectiveAttributeSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- ID id-sc-collectiveAttributeSubentry
-}
-
-contextAssertionSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- MUST CONTAIN {contextAssertionDefaults}
- ID id-sc-contextAssertionSubentry
-}
-
-serviceAdminSubentry OBJECT-CLASS ::= {
- KIND auxiliary
- MUST CONTAIN {searchRules}
- ID id-sc-serviceAdminSubentry
-}
-
--- attributes
-createTimestamp ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- EQUALITY MATCHING RULE generalizedTimeMatch
- ORDERING MATCHING RULE generalizedTimeOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-createTimestamp
-}
-
-modifyTimestamp ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- EQUALITY MATCHING RULE generalizedTimeMatch
- ORDERING MATCHING RULE generalizedTimeOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-modifyTimestamp
-}
-
-subschemaTimestamp ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- -- as per 41.3 b) or c) of ITU-T Rec.X. 680 | ISO/IEC 8824-1
- EQUALITY MATCHING RULE generalizedTimeMatch
- ORDERING MATCHING RULE generalizedTimeOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-subschemaTimestamp
-}
-
-creatorsName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-creatorsName
-}
-
-modifiersName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-modifiersName
-}
-
-subschemaSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-subschemaSubentryList
-}
-
-accessControlSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-accessControlSubentryList
-}
-
-collectiveAttributeSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-collectiveAttributeSubentryList
-}
-
-contextDefaultSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-contextDefaultSubentryList
-}
-
-serviceAdminSubentryList ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-serviceAdminSubentryList
-}
-
-hasSubordinates ATTRIBUTE ::= {
- WITH SYNTAX BOOLEAN
- EQUALITY MATCHING RULE booleanMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-hasSubordinates
-}
-
-administrativeRole ATTRIBUTE ::= {
- WITH SYNTAX OBJECT-CLASS.&id
- EQUALITY MATCHING RULE objectIdentifierMatch
- USAGE directoryOperation
- ID id-oa-administrativeRole
-}
-
-subtreeSpecification ATTRIBUTE ::= {
- WITH SYNTAX SubtreeSpecification
- USAGE directoryOperation
- ID id-oa-subtreeSpecification
-}
-
-collectiveExclusions ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- USAGE directoryOperation
- ID id-oa-collectiveExclusions
-}
-
-contextAssertionDefaults ATTRIBUTE ::= {
- WITH SYNTAX TypeAndContextAssertion
- EQUALITY MATCHING RULE objectIdentifierFirstComponentMatch
- USAGE directoryOperation
- ID id-oa-contextAssertionDefault
-}
-
-searchRules ATTRIBUTE ::= {
- WITH SYNTAX SearchRuleDescription
- EQUALITY MATCHING RULE integerFirstComponentMatch
- USAGE directoryOperation
- ID id-oa-searchRules
-}
-
-SearchRuleDescription ::= SEQUENCE {
- COMPONENTS OF SearchRule,
- name [28] SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL,
- description [29] DirectoryString{ub-search} OPTIONAL,
- obsolete [30] BOOLEAN DEFAULT FALSE
-}
-
-hierarchyLevel ATTRIBUTE ::= {
- WITH SYNTAX INTEGER
- EQUALITY MATCHING RULE integerMatch
- ORDERING MATCHING RULE integerOrderingMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyLevel
-}
-
-hierarchyBelow ATTRIBUTE ::= {
- WITH SYNTAX BOOLEAN
- EQUALITY MATCHING RULE booleanMatch
- SINGLE VALUE TRUE
- NO USER MODIFICATION TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyBelow
-}
-
-hierarchyParent ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- SINGLE VALUE TRUE
- USAGE directoryOperation
- ID id-oa-hierarchyParent
-}
-
-SearchRule ::= SEQUENCE {
- COMPONENTS OF SearchRuleId,
- serviceType [1] OBJECT IDENTIFIER OPTIONAL,
- userClass [2] INTEGER OPTIONAL,
- inputAttributeTypes
- [3] SEQUENCE SIZE (1..MAX) OF RequestAttribute OPTIONAL,
- attributeCombination [4] AttributeCombination DEFAULT and:{},
- outputAttributeTypes [5] SEQUENCE SIZE (1..MAX) OF ResultAttribute OPTIONAL,
- defaultControls [6] ControlOptions OPTIONAL,
- mandatoryControls [7] ControlOptions OPTIONAL,
- searchRuleControls [8] ControlOptions OPTIONAL,
- familyGrouping [9] FamilyGrouping OPTIONAL,
- familyReturn [10] FamilyReturn OPTIONAL,
- relaxation [11] RelaxationPolicy OPTIONAL,
- additionalControl [12] SEQUENCE SIZE (1..MAX) OF AttributeType OPTIONAL,
- allowedSubset [13] AllowedSubset DEFAULT '111'B,
- imposedSubset [14] ImposedSubset OPTIONAL,
- entryLimit [15] EntryLimit OPTIONAL
-}
-
-SearchRuleId ::= SEQUENCE {
- id INTEGER,
- dmdId [0] OBJECT IDENTIFIER
-}
-
-AllowedSubset ::= BIT STRING {baseObject(0), oneLevel(1), wholeSubtree(2)}
-
-ImposedSubset ::= ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)}
-
-RequestAttribute ::= SEQUENCE {
- attributeType ATTRIBUTE.&id({SupportedAttributes}),
- includeSubtypes [0] BOOLEAN DEFAULT FALSE,
- selectedValues
- [1] SEQUENCE SIZE (0..MAX) OF
- ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) OPTIONAL,
- defaultValues
- [2] SEQUENCE SIZE (0..MAX) OF
- SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL,
- values
- SEQUENCE OF
- ATTRIBUTE.&Type({SupportedAttributes}{@attributeType})
- } OPTIONAL,
- contexts [3] SEQUENCE SIZE (0..MAX) OF ContextProfile OPTIONAL,
- contextCombination [4] ContextCombination DEFAULT and:{},
- matchingUse [5] SEQUENCE SIZE (1..MAX) OF MatchingUse OPTIONAL
-}
-
-ContextProfile ::= SEQUENCE {
- contextType CONTEXT.&id({SupportedContexts}),
- contextValue
- SEQUENCE SIZE (1..MAX) OF
- CONTEXT.&Assertion({SupportedContexts}{@contextType}) OPTIONAL
-}
-
-ContextCombination ::= CHOICE {
- context [0] CONTEXT.&id,
- and [1] SEQUENCE OF ContextCombination,
- or [2] SEQUENCE OF ContextCombination,
- not [3] ContextCombination
-}
-
-MatchingUse ::= SEQUENCE {
- restrictionType MATCHING-RESTRICTION.&id({SupportedMatchingRestrictions}),
- restrictionValue
- MATCHING-RESTRICTION.&Restriction
- ({SupportedMatchingRestrictions}{@restrictionType})
-}
-
--- Definition of the following information object set is deferred, perhaps to standardized
--- profiles or to protocol implementation conformance statements. The set is required to
--- specify a table constraint on the components of SupportedMatchingRestrictions
-SupportedMatchingRestrictions MATCHING-RESTRICTION ::=
- {...}
-
-AttributeCombination ::= CHOICE {
- attribute [0] AttributeType,
- and [1] SEQUENCE OF AttributeCombination,
- or [2] SEQUENCE OF AttributeCombination,
- not [3] AttributeCombination
-}
-
-ResultAttribute ::= SEQUENCE {
- attributeType ATTRIBUTE.&id({SupportedAttributes}),
- outputValues
- CHOICE {selectedValues
- SEQUENCE SIZE (1..MAX) OF
- ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}),
- matchedValuesOnly NULL} OPTIONAL,
- contexts [0] SEQUENCE SIZE (1..MAX) OF ContextProfile OPTIONAL
-}
-
-OutputValues ::= CHOICE {
- selectedValues
- SEQUENCE SIZE (1..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}),
- matchedValuesOnly NULL
-}
-
-ControlOptions ::= SEQUENCE {
- serviceControls [0] ServiceControlOptions DEFAULT {},
- searchOptions [1] SearchControlOptions DEFAULT {searchAliases},
- hierarchyOptions [2] HierarchySelections OPTIONAL
-}
-
-EntryLimit ::= SEQUENCE {default INTEGER,
- max INTEGER
-}
-
-RelaxationPolicy ::= SEQUENCE {
- basic [0] MRMapping DEFAULT {},
- tightenings [1] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL,
- relaxations [2] SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL,
- maximum [3] INTEGER OPTIONAL, -- mandatory if tightenings is present
- minimum [4] INTEGER DEFAULT 1
-}
-
-MRMapping ::= SEQUENCE {
- mapping [0] SEQUENCE SIZE (1..MAX) OF Mapping OPTIONAL,
- substitution [1] SEQUENCE SIZE (1..MAX) OF MRSubstitution OPTIONAL
-}
-
-Mapping ::= SEQUENCE {
- mappingFunction
- OBJECT IDENTIFIER
- (CONSTRAINED BY {-- shall be an--
-
- -- object identifier of a mapping-based matching algorithm -- }),
- level INTEGER DEFAULT 0
-}
-
-MRSubstitution ::= SEQUENCE {
- attribute AttributeType,
- oldMatchingRule [0] MATCHING-RULE.&id OPTIONAL,
- newMatchingRule [1] MATCHING-RULE.&id OPTIONAL
-}
-
-SEARCH-RULE ::= CLASS {
- &dmdId OBJECT IDENTIFIER,
- &serviceType OBJECT IDENTIFIER OPTIONAL,
- &userClass INTEGER OPTIONAL,
- &InputAttributeTypes REQUEST-ATTRIBUTE OPTIONAL,
- &combination AttributeCombination OPTIONAL,
- &OutputAttributeTypes RESULT-ATTRIBUTE OPTIONAL,
- &defaultControls ControlOptions OPTIONAL,
- &mandatoryControls ControlOptions OPTIONAL,
- &searchRuleControls ControlOptions OPTIONAL,
- &familyGrouping FamilyGrouping OPTIONAL,
- &familyReturn FamilyReturn OPTIONAL,
- &additionalControl AttributeType OPTIONAL,
- &relaxation RelaxationPolicy OPTIONAL,
- &entryLimit EntryLimit OPTIONAL,
- &allowedSubset AllowedSubset DEFAULT '111'B,
- &imposedSubset ImposedSubset OPTIONAL,
- &id INTEGER UNIQUE
-}
-WITH SYNTAX {
- DMD ID &dmdId
- [SERVICE-TYPE &serviceType]
- [USER-CLASS &userClass]
- [INPUT ATTRIBUTES &InputAttributeTypes]
- [COMBINATION &combination]
- [OUTPUT ATTRIBUTES &OutputAttributeTypes]
- [DEFAULT CONTROL &defaultControls]
- [MANDATORY CONTROL &mandatoryControls]
- [SEARCH-RULE CONTROL &searchRuleControls]
- [FAMILY-GROUPING &familyGrouping]
- [FAMILY-RETURN &familyReturn]
- [ADDITIONAL CONTROL &additionalControl]
- [RELAXATION &relaxation]
- [ALLOWED SUBSET &allowedSubset]
- [IMPOSED SUBSET &imposedSubset]
- [ENTRY LIMIT &entryLimit]
- ID &id
-}
-
-REQUEST-ATTRIBUTE ::= CLASS {
- &attributeType ATTRIBUTE.&id,
- &SelectedValues ATTRIBUTE.&Type OPTIONAL,
- &DefaultValues SEQUENCE {entryType OBJECT-CLASS.&id OPTIONAL,
- values SEQUENCE OF ATTRIBUTE.&Type
- } OPTIONAL,
- &contexts SEQUENCE OF ContextProfile OPTIONAL,
- &contextCombination ContextCombination OPTIONAL,
- &MatchingUse MatchingUse OPTIONAL,
- &includeSubtypes BOOLEAN DEFAULT FALSE
-}
-WITH SYNTAX {
- ATTRIBUTE TYPE &attributeType
- [SELECTED VALUES &SelectedValues]
- [DEFAULT VALUES &DefaultValues]
- [CONTEXTS &contexts]
- [CONTEXT COMBINATION &contextCombination]
- [MATCHING USE &MatchingUse]
- [INCLUDE SUBTYPES &includeSubtypes]
-}
-
-RESULT-ATTRIBUTE ::= CLASS {
- &attributeType ATTRIBUTE.&id,
- &outputValues OutputValues OPTIONAL,
- &contexts ContextProfile OPTIONAL
-}
-WITH SYNTAX {
- ATTRIBUTE TYPE &attributeType
- [OUTPUT VALUES &outputValues]
- [CONTEXTS &contexts]
-}
-
-MATCHING-RESTRICTION ::= CLASS {
- &Restriction ,
- &Rules MATCHING-RULE.&id,
- &id OBJECT IDENTIFIER UNIQUE
-}WITH SYNTAX {RESTRICTION &Restriction
- RULES &Rules
- ID &id
-}
-
--- object identifier assignments
--- object classes
-
-id-oc-top OBJECT IDENTIFIER ::= {id-oc 0}
-id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
-id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
-id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
-
--- attributes
-id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
-id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
-
--- matching rules
-id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
-id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
-
--- operational attributes
-id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::= {id-oa 0}
-id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
-id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
-id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
-id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
-id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
-id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
-id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
-id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
-id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
-id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
-id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
-id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
-id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
-id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
-id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
-id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
-id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
-id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
-id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
-
--- subentry classes
-id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
-id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
-id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
-id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
-id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
-
--- Name forms
-id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
-
--- administrative roles
-id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
-id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
-id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
-id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
-id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
-id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
-id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
-id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
-
-id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt (2) ds (5) 4}
-id-at-countryName AttributeTypeX ::= {id-at 6}
-id-at-organizationName AttributeTypeX ::= {id-at 10}
-id-at-serialNumber AttributeTypeX ::= {id-at 5}
-id-at-stateOrProvinceName AttributeTypeX ::= {id-at 8}
-id-at-localityName AttributeTypeX ::= {id-at 7}
-id-at-commonName AttributeTypeX ::= {id-at 3}
-id-at-organizationalUnitName AttributeTypeX ::= {id-at 11}
-
-END -- InformationFramework
-
diff --git a/priv/kep/KEP.asn1 b/priv/kep/KEP.asn1
deleted file mode 100644
index f96b250..0000000
--- a/priv/kep/KEP.asn1
+++ /dev/null
@@ -1,285 +0,0 @@
--- http://www.dsszzi.gov.ua/dsszzi/control/uk/publish/article?art_id=77726
-
--- https://zakon.rada.gov.ua/laws/show/z1401-12
--- https://zakon.rada.gov.ua/laws/show/z1402-12
--- https://zakon.rada.gov.ua/laws/show/z0607-17
--- https://zakon.rada.gov.ua/laws/show/z2230-13
--- https://zakon.rada.gov.ua/laws/show/z1398-12
-
--- PKCS + OCSP + TSP + Authentication + Information (X.501:08, X.509:08, X.511:08, X.520:08).
-
--- from: Наказ Міністерства юстиції України,
--- to: Адміністрації Державної служби спеціального зв’язку та захисту інформації України
--- date: 20.08.2012 #1236/5/453
-
-KEP DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-
-IMPORTS Attribute, Name
- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1) 3}
- AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList,
- CertificateSerialNumber, HASH{}, SIGNED{}, Extensions, Version
- FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3}
- PolicyInformation, CRLReason
- FROM CertificateExtensions
- PKIStatusInfo
- FROM PKIXCMP-2009;
-
-ContentInfo ::= SEQUENCE {
- contentType ContentType,
- content [0] EXPLICIT ANY DEFINED BY contentType }
-
-UnknownInfo ::= NULL
-
-ContentTimeStamp ::= TimeStampToken
-
-CrlValidatedID ::= SEQUENCE {
- crlHash OtherHash,
- crlIdentifier CrlIdentifier OPTIONAL}
-
-OtherHash ::= CHOICE {
- sha1Hash OtherHashValue,
- otherHash OtherHashAlgAndValue}
-
-OcspListID ::= SEQUENCE {
- ocspResponses SEQUENCE OF OcspResponsesID}
-
-OcspResponsesID ::= SEQUENCE {
- ocspIdentifier OcspIdentifier,
- ocspRepHash OtherHash OPTIONAL
-}
-
-OtherRevRefs ::= SEQUENCE {
- otherRevRefType OtherRevRefType,
- otherRevRefs ANY DEFINED BY otherRevRefType
-}
-
-OcspIdentifier ::= SEQUENCE {
- ocspResponderID ResponderID,
- producedAt GeneralizedTime
-}
-
-
-CMSVersion ::= INTEGER {v0(0), v1(1), v2(2), v3(3), v4(4), v5(5)}
-
-gost34311 OBJECT IDENTIFIER ::= {iso(1) member-body(2) ua(804)
- root(2) security(1) cryptography(1) pki(1) pki-alg(1) pki-alg-hash (2) 1}
-
-OTHER-NAME ::= TYPE-IDENTIFIER
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-GeneralName ::= CHOICE {
- otherName [0] INSTANCE OF OTHER-NAME,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- directoryName [4] Name,
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER
-}
-
-TSAPolicyId ::= OBJECT IDENTIFIER
-SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
-KeyIdentifier ::= OCTET STRING
-SubjectKeyIdentifier ::= KeyIdentifier
-RevocationInfoChoices ::= SET OF CertificateList
-SignerInfos ::= SET OF SignerInfo
-CertificateSet ::= SET OF Certificate
-SignedData ::= SEQUENCE {
- version CMSVersion,
- digestAlgorithms DigestAlgorithmIdentifiers,
- encapContentInfo EncapsulatedContentInfo,
- certificates [0] IMPLICIT CertificateSet OPTIONAL,
- crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
- signerInfos SignerInfos }
-
-EncapsulatedContentInfo ::= SEQUENCE {
- eContentType ContentType,
- eContent [0] EXPLICIT OCTET STRING OPTIONAL }
-
-SignerInfo ::= SEQUENCE {
- version CMSVersion,
- sid SignerIdentifier,
- digestAlgorithm DigestAlgorithmIdentifier,
- signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
- signatureAlgorithm SignatureAlgorithmIdentifier,
- signature OCTET STRING,
- unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
-
-SignerIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier }
-
-IssuerAndSerialNumber ::= SEQUENCE {
- issuer Name,
- serialNumber INTEGER }
-
-Hash ::= OCTET STRING
- IssuerSerial ::= SEQUENCE {
- issuer GeneralNames,
- serialNumber CertificateSerialNumber}
-
-ESSCertIDv2 ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- certHash Hash,
- issuerSerial IssuerSerial}
-
-OtherHashValue ::= OCTET STRING
-OtherHashAlgAndValue ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashValue OtherHashValue }
-
-SPuri ::= IA5String
-
-SigPolicyId ::= OBJECT IDENTIFIER
-SigPolicyHash ::= OtherHashAlgAndValue
-SigPolicyQualifierId ::= OBJECT IDENTIFIER
-
-SignaturePolicyIdentifier ::= CHOICE {
- signaturePolicy SignaturePolicyId }
-
-SigPolicyQualifierInfo ::= SEQUENCE {
- sigPolicyQualifierId SigPolicyQualifierId,
- sigQualifier ANY DEFINED BY sigPolicyQualifierId }
-
-SignaturePolicyId ::= SEQUENCE {
- sigPolicyId SigPolicyId,
- sigPolicyHash SigPolicyHash OPTIONAL }
-
-DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-CertificateSerialNumber ::= INTEGER
-SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
-UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
-Attribute ::= SEQUENCE {attrType OBJECT IDENTIFIER, attrValues SET OF AttributeValue }
-AttributeValue ::= ANY
-MessageDigest ::= OCTET STRING
-
-SigningCertificateV2 ::= SEQUENCE {certs SEQUENCE OF ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL}
-SignaturePolicyImplied ::= NULL
-
-DisplayText ::= CHOICE {
- visibleString VisibleString (SIZE (1..200)),
- bmpString BMPString (SIZE (1..200)),
- utf8String UTF8String (SIZE (1..200))}
-
-CrlOcspRef ::= SEQUENCE {
- crlids [0] CRLListID OPTIONAL,
- ocspids [1] OcspListID OPTIONAL,
- otherRev [2] OtherRevRefs OPTIONAL }
-
-CrlIdentifier ::= SEQUENCE {
- crlissuer Name,
- crlIssuedTime UTCTime,
- crlNumber INTEGER OPTIONAL }
-
-BasicOCSPResponse ::= SEQUENCE {
- tbsResponseData ResponseData,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
-
-ResponseData ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- responderID ResponderID,
- producedAt GeneralizedTime,
- responses SEQUENCE OF SingleResponse,
- responseExtensions [1] EXPLICIT Extensions OPTIONAL}
-
-ResponderID ::= CHOICE {
- byName [1] Name,
- byKey [2] KeyHash}
-
-KeyHash ::= OCTET STRING
-
-CertID ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- issuerNameHash OCTET STRING,
- issuerKeyHash OCTET STRING,
- serialNumber CertificateSerialNumber}
-
-CertStatus ::= CHOICE {
- good [0] IMPLICIT NULL,
- revoked [1] IMPLICIT RevokedInfo,
- unknown [2] IMPLICIT UnknownInfo }
-
-RevokedInfo ::= SEQUENCE {
- revocationTime GeneralizedTime,
- revocationReason [0] EXPLICIT CRLReason OPTIONAL }
-
-SingleResponse ::= SEQUENCE {
- certID CertID,
- certStatus CertStatus,
- thisUpdate GeneralizedTime,
- nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- singleExtensions [1] EXPLICIT Extensions OPTIONAL }
-
-RevocationValues ::= SEQUENCE {
- crlVals [0] SEQUENCE OF CertificateList OPTIONAL,
- ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL,
- otherRevVals [2] OtherRevVals OPTIONAL}
-
-OtherRevValType ::= OBJECT IDENTIFIER
-OtherRevVals ::= SEQUENCE { otherRevValType OtherRevValType }
-CRLListID ::= SEQUENCE { crls SEQUENCE OF CrlValidatedID}
-
-MessageImprint ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashedMessage OCTET STRING }
-
-TimeStampReq ::= SEQUENCE {
- version INTEGER { v1(1) },
- messageImprint MessageImprint,
- reqPolicy TSAPolicyId OPTIONAL,
- nonce INTEGER OPTIONAL,
- certReq BOOLEAN DEFAULT FALSE,
- extensions [0] IMPLICIT Extensions OPTIONAL }
-
-TimeStampResp ::= SEQUENCE {
- status PKIStatusInfo,
- timeStampToken TimeStampToken OPTIONAL }
-
-TimeStampToken ::= ContentInfo
-
-TSTInfo ::= SEQUENCE {
- version INTEGER { v1(1)},
- policy TSAPolicyId,
- messageImprint MessageImprint,
- serialNumber INTEGER,
- genTime GeneralizedTime,
- accuracy Accuracy OPTIONAL,
- nonce INTEGER OPTIONAL,
- tsa [0] GeneralName OPTIONAL,
- extensions [1] IMPLICIT Extensions OPTIONAL }
-
-Accuracy ::= SEQUENCE {
- seconds INTEGER OPTIONAL,
- millis [0] INTEGER (1..999) OPTIONAL,
- micros [1] INTEGER (1..999) OPTIONAL }
-
-OtherRevRefType ::= OBJECT IDENTIFIER
-ContentType ::= OBJECT IDENTIFIER
-id-data OBJECT IDENTIFIER ::= {1 2 840 113549 1 7 1}
-id-signedData OBJECT IDENTIFIER ::= {1 2 840 113549 1 7 2}
-id-contentType OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 3}
-id-messageDigest OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 4}
-id-signingTime OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 5}
-
-id-aa-signTSToken OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 14}
-id-aa-ets-sigPolicyId OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 15}
-id-aa-ets-ContentTS OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 20}
-id-aa-ets-certRefs OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 21}
-id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 22}
-id-aa-ets-certValues OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 23}
-id-aa-ets-revoValues OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 24}
-id-aa-signingCertV2 OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-aa(2) 47}
-id-spq-ets-uri OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-spq(5) 1}
-id-spq-ets-unotice OBJECT IDENTIFIER ::= {1 2 840 113549 1 9 16 id-spq(5) 2}
-
-dstu7564-256 OBJECT IDENTIFIER ::= {iso(1) member-body(2) ukraine(804) root(2) security(1) cryptography(1) pki(1) alg(1) hash(2) dstu7564(2) 1}
-dstu7564-384 OBJECT IDENTIFIER ::= {iso(1) member-body(2) ukraine(804) root(2) security(1) cryptography(1) pki(1) alg(1) hash(2) dstu7564(2) 2}
-dstu7564-512 OBJECT IDENTIFIER ::= {iso(1) member-body(2) ukraine(804) root(2) security(1) cryptography(1) pki(1) alg(1) hash(2) dstu7564(2) 3}
-
-id-kp-timeStamping OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-kp(3) 8}
-id-ct-TSTInfo OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1)4}
-
-END
diff --git a/priv/kep/PKIXCMP-2009.asn1 b/priv/kep/PKIXCMP-2009.asn1
deleted file mode 100644
index 3e86c16..0000000
--- a/priv/kep/PKIXCMP-2009.asn1
+++ /dev/null
@@ -1,495 +0,0 @@
-PKIXCMP-2009
- { iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2000-02(50) }
- DEFINITIONS EXPLICIT TAGS ::=
- BEGIN
- IMPORTS
-
- AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE
- FROM PKIX-CommonTypes-2009
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
-
- AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM,
- DIGEST-ALGORITHM, MAC-ALGORITHM
- FROM AlgorithmInformation-2009
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0)
- id-mod-algorithmInformation-02(58)}
-
- Certificate, CertificateList
- FROM PKIX1Explicit-2009
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
-
- GeneralName, KeyIdentifier
- FROM PKIX1Implicit-2009
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)}
-
- CertTemplate, PKIPublicationInfo, EncryptedValue, CertId,
- CertReqMessages
- FROM PKIXCRMF-2009
- { iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) }
- -- see also the behavioral clarifications to CRMF codified in
- -- Appendix C of this specification
-
- CertificationRequest
- FROM PKCS-10
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)}
- -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT
- -- tags). Alternatively, implementers may directly include
- -- the [PKCS10] syntax in this module
- ;
-
- -- the rest of the module contains locally defined OIDs and
- -- constructs
-
- CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... }
- -- This syntax, while bits-on-the-wire compatible with the
- -- standard X.509 definition of "Certificate", allows the
- -- possibility of future certificate types (such as X.509
- -- attribute certificates, WAP WTLS certificates, or other kinds
- -- of certificates) within this certificate management protocol,
- -- should a need ever arise to support such generality. Those
- -- implementations that do not foresee a need to ever support
- -- other certificate types MAY, if they wish, comment out the
- -- above structure and "uncomment" the following one prior to
- -- compiling this ASN.1 module. (Note that interoperability
- -- with implementations that don't do this will be unaffected by
- -- this change.)
-
- -- CMPCertificate ::= Certificate
-
- PKIMessage ::= SEQUENCE {
- header PKIHeader,
- body PKIBody,
- protection [0] PKIProtection OPTIONAL,
- extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
- OPTIONAL }
-
- PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
-
- PKIHeader ::= SEQUENCE {
- pvno INTEGER { cmp1999(1), cmp2000(2) },
- sender GeneralName,
- -- identifies the sender
- recipient GeneralName,
- -- identifies the intended recipient
- messageTime [0] GeneralizedTime OPTIONAL,
- -- time of production of this message (used when sender
- -- believes that the transport will be "suitable"; i.e.,
- -- that the time will still be meaningful upon receipt)
- protectionAlg [1] AlgorithmIdentifier{ALGORITHM, {...}}
- OPTIONAL,
- -- algorithm used for calculation of protection bits
- senderKID [2] KeyIdentifier OPTIONAL,
- recipKID [3] KeyIdentifier OPTIONAL,
- -- to identify specific keys used for protection
- transactionID [4] OCTET STRING OPTIONAL,
- -- identifies the transaction; i.e., this will be the same in
- -- corresponding request, response, certConf, and PKIConf
- -- messages
- senderNonce [5] OCTET STRING OPTIONAL,
- recipNonce [6] OCTET STRING OPTIONAL,
- -- nonces used to provide replay protection, senderNonce
- -- is inserted by the creator of this message; recipNonce
- -- is a nonce previously inserted in a related message by
- -- the intended recipient of this message
- freeText [7] PKIFreeText OPTIONAL,
- -- this may be used to indicate context-specific instructions
- -- (this field is intended for human consumption)
- generalInfo [8] SEQUENCE SIZE (1..MAX) OF
- InfoTypeAndValue OPTIONAL
- -- this may be used to convey context-specific information
- -- (this field not primarily intended for human consumption)
- }
-
- PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
- -- text encoded as UTF-8 String [RFC3629] (note: each
- -- UTF8String MAY include an [RFC3066] language tag
- -- to indicate the language of the contained text;
- -- see [RFC2482] for details)
-
- PKIBody ::= CHOICE { -- message-specific body elements
- ir [0] CertReqMessages, --Initialization Request
- ip [1] CertRepMessage, --Initialization Response
- cr [2] CertReqMessages, --Certification Request
- cp [3] CertRepMessage, --Certification Response
- p10cr [4] CertificationRequest, --imported from [PKCS10]
- popdecc [5] POPODecKeyChallContent, --pop Challenge
- popdecr [6] POPODecKeyRespContent, --pop Response
- kur [7] CertReqMessages, --Key Update Request
- kup [8] CertRepMessage, --Key Update Response
- krr [9] CertReqMessages, --Key Recovery Request
- krp [10] KeyRecRepContent, --Key Recovery Response
- rr [11] RevReqContent, --Revocation Request
- rp [12] RevRepContent, --Revocation Response
- ccr [13] CertReqMessages, --Cross-Cert. Request
- ccp [14] CertRepMessage, --Cross-Cert. Response
- ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
- cann [16] CertAnnContent, --Certificate Ann.
- rann [17] RevAnnContent, --Revocation Ann.
- crlann [18] CRLAnnContent, --CRL Announcement
- pkiconf [19] PKIConfirmContent, --Confirmation
- nested [20] NestedMessageContent, --Nested Message
- genm [21] GenMsgContent, --General Message
- genp [22] GenRepContent, --General Response
- error [23] ErrorMsgContent, --Error Message
- certConf [24] CertConfirmContent, --Certificate confirm
- pollReq [25] PollReqContent, --Polling request
- pollRep [26] PollRepContent --Polling response
- }
-
- PKIProtection ::= BIT STRING
-
- ProtectedPart ::= SEQUENCE {
- header PKIHeader,
- body PKIBody }
-
- id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- usa(840) nt(113533) nsn(7) algorithms(66) 13 }
- PBMParameter ::= SEQUENCE {
- salt OCTET STRING,
- -- note: implementations MAY wish to limit acceptable sizes
- -- of this string to values appropriate for their environment
- -- in order to reduce the risk of denial-of-service attacks
- owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
- -- AlgId for a One-Way Function (SHA-1 recommended)
- iterationCount INTEGER,
- -- number of times the OWF is applied
- -- note: implementations MAY wish to limit acceptable sizes
- -- of this integer to values appropriate for their environment
- -- in order to reduce the risk of denial-of-service attacks
- mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
- -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
- -- or HMAC [RFC2104, RFC2202])
- }
-
- id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2)
- usa(840) nt(113533) nsn(7) algorithms(66) 30 }
- DHBMParameter ::= SEQUENCE {
- owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}},
- -- AlgId for a One-Way Function (SHA-1 recommended)
- mac AlgorithmIdentifier{MAC-ALGORITHM, {...}}
- -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
- -- or HMAC [RFC2104, RFC2202])
- }
-
- PKIStatus ::= INTEGER {
- accepted (0),
- -- you got exactly what you asked for
- grantedWithMods (1),
- -- you got something like what you asked for; the
- -- requester is responsible for ascertaining the differences
- rejection (2),
- -- you don't get it, more information elsewhere in the message
- waiting (3),
- -- the request body part has not yet been processed; expect to
- -- hear more later (note: proper handling of this status
- -- response MAY use the polling req/rep PKIMessages specified
- -- in Section 5.3.22; alternatively, polling in the underlying
- -- transport layer MAY have some utility in this regard)
- revocationWarning (4),
- -- this message contains a warning that a revocation is
- -- imminent
- revocationNotification (5),
- -- notification that a revocation has occurred
- keyUpdateWarning (6)
- -- update already done for the oldCertId specified in
- -- CertReqMsg
- }
-
- PKIFailureInfo ::= BIT STRING {
- -- since we can fail in more than one way!
- -- More codes may be added in the future if/when required.
- badAlg (0),
- -- unrecognized or unsupported Algorithm Identifier
- badMessageCheck (1),
- -- integrity check failed (e.g., signature did not verify)
- badRequest (2),
- -- transaction not permitted or supported
- badTime (3),
- -- messageTime was not sufficiently close to the system time,
- -- as defined by local policy
- badCertId (4),
- -- no certificate could be found matching the provided criteria
- badDataFormat (5),
- -- the data submitted has the wrong format
- wrongAuthority (6),
- -- the authority indicated in the request is different from the
- -- one creating the response token
- incorrectData (7),
- -- the requester's data is incorrect (for notary services)
- missingTimeStamp (8),
- -- when the timestamp is missing but should be there
- -- (by policy)
- badPOP (9),
- -- the proof-of-possession failed
- certRevoked (10),
- -- the certificate has already been revoked
- certConfirmed (11),
- -- the certificate has already been confirmed
- wrongIntegrity (12),
- -- invalid integrity, password based instead of signature or
- -- vice versa
- badRecipientNonce (13),
- -- invalid recipient nonce, either missing or wrong value
- timeNotAvailable (14),
- -- the TSA's time source is not available
- unacceptedPolicy (15),
- -- the requested TSA policy is not supported by the TSA
- unacceptedExtension (16),
- -- the requested extension is not supported by the TSA
- addInfoNotAvailable (17),
- -- the additional information requested could not be
- -- understood or is not available
- badSenderNonce (18),
- -- invalid sender nonce, either missing or wrong size
- badCertTemplate (19),
- -- invalid cert. template or missing mandatory information
- signerNotTrusted (20),
- -- signer of the message unknown or not trusted
- transactionIdInUse (21),
- -- the transaction identifier is already in use
- unsupportedVersion (22),
- -- the version of the message is not supported
- notAuthorized (23),
- -- the sender was not authorized to make the preceding
- -- request or perform the preceding action
- systemUnavail (24),
- -- the request cannot be handled due to system unavailability
- systemFailure (25),
- -- the request cannot be handled due to system failure
- duplicateCertReq (26)
- -- certificate cannot be issued because a duplicate
- -- certificate already exists
- }
-
- PKIStatusInfo ::= SEQUENCE {
- status PKIStatus,
- statusString PKIFreeText OPTIONAL,
- failInfo PKIFailureInfo OPTIONAL }
-
- OOBCert ::= CMPCertificate
-
- OOBCertHash ::= SEQUENCE {
- hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
- OPTIONAL,
- certId [1] CertId OPTIONAL,
- hashVal BIT STRING
- -- hashVal is calculated over the DER encoding of the
- -- self-signed certificate with the identifier certID.
- }
-
- POPODecKeyChallContent ::= SEQUENCE OF Challenge
- -- One Challenge per encryption key certification request (in the
- -- same order as these requests appear in CertReqMessages).
-
- Challenge ::= SEQUENCE {
- owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}
- OPTIONAL,
- -- MUST be present in the first Challenge; MAY be omitted in
- -- any subsequent Challenge in POPODecKeyChallContent (if
- -- omitted, then the owf used in the immediately preceding
- -- Challenge is to be used).
- witness OCTET STRING,
- -- the result of applying the one-way function (owf) to a
- -- randomly-generated INTEGER, A. [Note that a different
- -- INTEGER MUST be used for each Challenge.]
- challenge OCTET STRING
- -- the encryption (under the public key for which the cert.
- -- request is being made) of Rand, where Rand is specified as
- -- Rand ::= SEQUENCE {
- -- int INTEGER,
- -- - the randomly-generated INTEGER A (above)
- -- sender GeneralName
- -- - the sender's name (as included in PKIHeader)
- -- }
- }
-
- POPODecKeyRespContent ::= SEQUENCE OF INTEGER
- -- One INTEGER per encryption key certification request (in the
- -- same order as these requests appear in CertReqMessages). The
- -- retrieved INTEGER A (above) is returned to the sender of the
- -- corresponding Challenge.
-
- CertRepMessage ::= SEQUENCE {
- caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
- OPTIONAL,
- response SEQUENCE OF CertResponse }
-
- CertResponse ::= SEQUENCE {
- certReqId INTEGER,
- -- to match this response with the corresponding request (a value
- -- of -1 is to be used if certReqId is not specified in the
- -- corresponding request)
- status PKIStatusInfo,
- certifiedKeyPair CertifiedKeyPair OPTIONAL,
- rspInfo OCTET STRING OPTIONAL
- -- analogous to the id-regInfo-utf8Pairs string defined
- -- for regInfo in CertReqMsg [RFC4211]
- }
-
- CertifiedKeyPair ::= SEQUENCE {
- certOrEncCert CertOrEncCert,
- privateKey [0] EncryptedValue OPTIONAL,
- -- see [RFC4211] for comment on encoding
- publicationInfo [1] PKIPublicationInfo OPTIONAL }
-
- CertOrEncCert ::= CHOICE {
- certificate [0] CMPCertificate,
- encryptedCert [1] EncryptedValue }
- KeyRecRepContent ::= SEQUENCE {
- status PKIStatusInfo,
- newSigCert [0] CMPCertificate OPTIONAL,
- caCerts [1] SEQUENCE SIZE (1..MAX) OF
- CMPCertificate OPTIONAL,
- keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
- CertifiedKeyPair OPTIONAL }
-
- RevReqContent ::= SEQUENCE OF RevDetails
-
- RevDetails ::= SEQUENCE {
- certDetails CertTemplate,
- -- allows requester to specify as much as they can about
- -- the cert. for which revocation is requested
- -- (e.g., for cases in which serialNumber is not available)
- crlEntryDetails Extensions{{...}} OPTIONAL
- -- requested crlEntryExtensions
- }
-
- RevRepContent ::= SEQUENCE {
- status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
- -- in same order as was sent in RevReqContent
- revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
- -- IDs for which revocation was requested
- -- (same order as status)
- crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
- -- the resulting CRLs (there may be more than one)
- }
-
- CAKeyUpdAnnContent ::= SEQUENCE {
- oldWithNew CMPCertificate, -- old pub signed with new priv
- newWithOld CMPCertificate, -- new pub signed with old priv
- newWithNew CMPCertificate -- new pub signed with new priv
- }
-
- CertAnnContent ::= CMPCertificate
-
- RevAnnContent ::= SEQUENCE {
- status PKIStatus,
- certId CertId,
- willBeRevokedAt GeneralizedTime,
- badSinceDate GeneralizedTime,
- crlDetails Extensions{{...}} OPTIONAL
- -- extra CRL details (e.g., crl number, reason, location, etc.)
- }
-
- CRLAnnContent ::= SEQUENCE OF CertificateList
- PKIConfirmContent ::= NULL
-
- NestedMessageContent ::= PKIMessages
-
- INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER
-
- InfoTypeAndValue ::= SEQUENCE {
- infoType INFO-TYPE-AND-VALUE.
- &id({SupportedInfoSet}),
- infoValue INFO-TYPE-AND-VALUE.
- &Type({SupportedInfoSet}{@infoType}) }
-
- SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... }
-
- -- Example InfoTypeAndValue contents include, but are not limited
- -- to, the following (uncomment in this ASN.1 module and use as
- -- appropriate for a given environment):
- --
- -- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1}
- -- CAProtEncCertValue ::= CMPCertificate
- -- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
- -- SignKeyPairTypesValue ::= SEQUENCE OF
- -- AlgorithmIdentifier{{...}}
- -- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3}
- -- EncKeyPairTypesValue ::= SEQUENCE OF
- -- AlgorithmIdentifier{{...}}
- -- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
- -- PreferredSymmAlgValue ::= AlgorithmIdentifier{{...}}
- -- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5}
- -- CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent
- -- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6}
- -- CurrentCRLValue ::= CertificateList
- -- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7}
- -- UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER
- -- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10}
- -- KeyPairParamReqValue ::= OBJECT IDENTIFIER
- -- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11}
- -- KeyPairParamRepValue ::= AlgorithmIdentifer
- -- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12}
- -- RevPassphraseValue ::= EncryptedValue
- -- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13}
- -- ImplicitConfirmValue ::= NULL
- -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14}
- -- ConfirmWaitTimeValue ::= GeneralizedTime
- -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15}
- -- OrigPKIMessageValue ::= PKIMessages
- -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16}
- -- SuppLangTagsValue ::= SEQUENCE OF UTF8String
- --
- -- where
- --
- -- id-pkix OBJECT IDENTIFIER ::= {
- -- iso(1) identified-organization(3)
- -- dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
- -- and
- -- id-it OBJECT IDENTIFIER ::= {id-pkix 4}
- --
- --
- -- This construct MAY also be used to define new PKIX Certificate
- -- Management Protocol request and response messages, or general-
- -- purpose (e.g., announcement) messages for future needs or for
- -- specific environments.
-
- GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
-
- -- May be sent by EE, RA, or CA (depending on message content).
- -- The OPTIONAL infoValue parameter of InfoTypeAndValue will
- -- typically be omitted for some of the examples given above.
- -- The receiver is free to ignore any contained OBJECT IDs that it
- -- does not recognize. If sent from EE to CA, the empty set
- -- indicates that the CA may send
- -- any/all information that it wishes.
-
- GenRepContent ::= SEQUENCE OF InfoTypeAndValue
- -- Receiver MAY ignore any contained OIDs that it does not
- -- recognize.
-
- ErrorMsgContent ::= SEQUENCE {
- pKIStatusInfo PKIStatusInfo,
- errorCode INTEGER OPTIONAL,
- -- implementation-specific error codes
- errorDetails PKIFreeText OPTIONAL
- -- implementation-specific error details
- }
-
- CertConfirmContent ::= SEQUENCE OF CertStatus
-
- CertStatus ::= SEQUENCE {
- certHash OCTET STRING,
- -- the hash of the certificate, using the same hash algorithm
- -- as is used to create and verify the certificate signature
- certReqId INTEGER,
- -- to match this confirmation with the corresponding req/rep
- statusInfo PKIStatusInfo OPTIONAL }
-
- PollReqContent ::= SEQUENCE OF SEQUENCE {
- certReqId INTEGER }
-
- PollRepContent ::= SEQUENCE OF SEQUENCE {
- certReqId INTEGER,
- checkAfter INTEGER, -- time in seconds
- reason PKIFreeText OPTIONAL }
-
- END
diff --git a/priv/kep/SelectedAttributeTypes.asn1 b/priv/kep/SelectedAttributeTypes.asn1
deleted file mode 100644
index df2fb18..0000000
--- a/priv/kep/SelectedAttributeTypes.asn1
+++ /dev/null
@@ -1,1196 +0,0 @@
--- Module SelectedAttributeTypes (X.520:08/1997)
-
-SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) selectedAttributeTypes(5) 3}
-DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-IMPORTS
- informationFramework, upperBounds, id-at, id-mr, id-avc,
- directoryAbstractService, id-pr, id-not, id-cat
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
- Attribute, ATTRIBUTE, MATCHING-RULE, AttributeType, OBJECT-CLASS,
- DistinguishedName, objectIdentifierMatch, distinguishedNameMatch,
- CONTEXT, ContextAssertion, AttributeCombination, ContextCombination,
- MAPPING-BASED-MATCHING, MRMapping, AttributeValueAssertion
- FROM InformationFramework informationFramework
- ub-answerback, ub-name, ub-common-name, ub-surname, ub-serial-number,
- ub-locality-name, ub-state-name, ub-street-address, ub-organization-name,
- ub-organizational-unit-name, ub-title, ub-description,
- ub-business-category, ub-postal-line, ub-postal-string, ub-postal-code,
- ub-post-office-box, ub-physical-office-name, ub-telex-number,
- ub-country-code, ub-teletex-terminal-id, ub-telephone-number,
- ub-x121-address, ub-international-isdn-number, ub-destination-indicator,
- ub-user-password, ub-match, ub-knowledge-information,
- ub-directory-string-first-component-match, ub-localeContextSyntax, ub-pseudonym
- FROM UpperBounds upperBounds
- FilterItem, HierarchySelections, SearchControlOptions, ServiceControlOptions
- FROM DirectoryAbstractService directoryAbstractService;
-
--- Directory string type
-DirectoryString{INTEGER:maxSize} ::= CHOICE {
- teletexString TeletexString(SIZE (1..maxSize)),
- printableString PrintableString(SIZE (1..maxSize)),
- universalString UniversalString(SIZE (1..maxSize)),
- bmpString BMPString(SIZE (1..maxSize)),
- uTF8String UTF8String(SIZE (1..maxSize))
-}
-
--- Attribute types
-knowledgeInformation ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-knowledge-information}
- EQUALITY MATCHING RULE caseIgnoreMatch
- ID id-at-knowledgeInformation
-}
-
-name ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-name}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-name
-}
-
-commonName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-common-name}
- ID id-at-commonName
-}
-
-surname ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-surname}
- ID id-at-surname
-}
-
-givenName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-name}
- ID id-at-givenName
-}
-
-initials ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-name}
- ID id-at-initials
-}
-
-generationQualifier ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-name}
- ID id-at-generationQualifier
-}
-
-uniqueIdentifier ATTRIBUTE ::= {
- WITH SYNTAX UniqueIdentifier
- EQUALITY MATCHING RULE bitStringMatch
- ID id-at-uniqueIdentifier
-}
-
-UniqueIdentifier ::= BIT STRING
-
-dnQualifier ATTRIBUTE ::= {
- WITH SYNTAX PrintableString
- EQUALITY MATCHING RULE caseIgnoreMatch
- ORDERING MATCHING RULE caseIgnoreOrderingMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-dnQualifier
-}
-
-serialNumber ATTRIBUTE ::= {
- WITH SYNTAX PrintableString(SIZE (1..ub-serial-number))
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-serialNumber
-}
-
-pseudonym ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-pseudonym}
- ID id-at-pseudonym
-}
-
-countryName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX CountryName
- SINGLE VALUE TRUE
- ID id-at-countryName
-}
-
-CountryName ::= PrintableString(SIZE (2)) -- ISO 3166 codes only
-
-
-localityName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-locality-name}
- ID id-at-localityName
-}
-
-collectiveLocalityName ATTRIBUTE ::= {
- SUBTYPE OF localityName
- COLLECTIVE TRUE
- ID id-at-collectiveLocalityName
-}
-
-stateOrProvinceName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-state-name}
- ID id-at-stateOrProvinceName
-}
-
-collectiveStateOrProvinceName ATTRIBUTE ::= {
- SUBTYPE OF stateOrProvinceName
- COLLECTIVE TRUE
- ID id-at-collectiveStateOrProvinceName
-}
-
-streetAddress ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-street-address}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-streetAddress
-}
-
-collectiveStreetAddress ATTRIBUTE ::= {
- SUBTYPE OF streetAddress
- COLLECTIVE TRUE
- ID id-at-collectiveStreetAddress
-}
-
-houseIdentifier ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-name}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-houseIdentifier
-}
-
-organizationName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-organization-name}
- ID id-at-organizationName
-}
-
-collectiveOrganizationName ATTRIBUTE ::= {
- SUBTYPE OF organizationName
- COLLECTIVE TRUE
- ID id-at-collectiveOrganizationName
-}
-
-organizationalUnitName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-organizational-unit-name}
- ID id-at-organizationalUnitName
-}
-
-collectiveOrganizationalUnitName ATTRIBUTE ::= {
- SUBTYPE OF organizationalUnitName
- COLLECTIVE TRUE
- ID id-at-collectiveOrganizationalUnitName
-}
-
-title ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-title}
- ID id-at-title
-}
-
-description ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-description}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-description
-}
-
-searchGuide ATTRIBUTE ::= {WITH SYNTAX Guide
- ID id-at-searchGuide
-}
-
-Guide ::= SET {
- objectClass [0] OBJECT-CLASS.&id OPTIONAL,
- criteria [1] Criteria
-}
-
-Criteria ::= CHOICE {
- type [0] CriteriaItem,
- and [1] SET OF Criteria,
- or [2] SET OF Criteria,
- not [3] Criteria
-}
-
-CriteriaItem ::= CHOICE {
- equality [0] AttributeType,
- substrings [1] AttributeType,
- greaterOrEqual [2] AttributeType,
- lessOrEqual [3] AttributeType,
- approximateMatch [4] AttributeType
-}
-
-enhancedSearchGuide ATTRIBUTE ::= {
- WITH SYNTAX EnhancedGuide
- ID id-at-enhancedSearchGuide
-}
-
-EnhancedGuide ::= SEQUENCE {
- objectClass [0] OBJECT-CLASS.&id,
- criteria [1] Criteria,
- subset
- [2] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} DEFAULT oneLevel
-}
-
-businessCategory ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-business-category}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-businessCategory
-}
-
-postalAddress ATTRIBUTE ::= {
- WITH SYNTAX PostalAddress
- EQUALITY MATCHING RULE caseIgnoreListMatch
- SUBSTRINGS MATCHING RULE caseIgnoreListSubstringsMatch
- ID id-at-postalAddress
-}
-
-PostalAddress ::=
- SEQUENCE SIZE (1..ub-postal-line) OF DirectoryString{ub-postal-string}
-
-collectivePostalAddress ATTRIBUTE ::= {
- SUBTYPE OF postalAddress
- COLLECTIVE TRUE
- ID id-at-collectivePostalAddress
-}
-
-postalCode ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-postal-code}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-postalCode
-}
-
-collectivePostalCode ATTRIBUTE ::= {
- SUBTYPE OF postalCode
- COLLECTIVE TRUE
- ID id-at-collectivePostalCode
-}
-
-postOfficeBox ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-post-office-box}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-postOfficeBox
-}
-
-collectivePostOfficeBox ATTRIBUTE ::= {
- SUBTYPE OF postOfficeBox
- COLLECTIVE TRUE
- ID id-at-collectivePostOfficeBox
-}
-
-physicalDeliveryOfficeName ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {ub-physical-office-name}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-physicalDeliveryOfficeName
-}
-
-collectivePhysicalDeliveryOfficeName ATTRIBUTE ::= {
- SUBTYPE OF physicalDeliveryOfficeName
- COLLECTIVE TRUE
- ID id-at-collectivePhysicalDeliveryOfficeName
-}
-
-telephoneNumber ATTRIBUTE ::= {
- WITH SYNTAX TelephoneNumber
- EQUALITY MATCHING RULE telephoneNumberMatch
- SUBSTRINGS MATCHING RULE telephoneNumberSubstringsMatch
- ID id-at-telephoneNumber
-}
-
-TelephoneNumber ::= PrintableString(SIZE (1..ub-telephone-number))
-
--- String complying with CCITT Rec. E.123 only
-collectiveTelephoneNumber ATTRIBUTE ::= {
- SUBTYPE OF telephoneNumber
- COLLECTIVE TRUE
- ID id-at-collectiveTelephoneNumber
-}
-
-telexNumber ATTRIBUTE ::= {
- WITH SYNTAX TelexNumber
- ID id-at-telexNumber
-}
-
-TelexNumber ::= SEQUENCE {
- telexNumber PrintableString(SIZE (1..ub-telex-number)),
- countryCode PrintableString(SIZE (1..ub-country-code)),
- answerback PrintableString(SIZE (1..ub-answerback))
-}
-
-collectiveTelexNumber ATTRIBUTE ::= {
- SUBTYPE OF telexNumber
- COLLECTIVE TRUE
- ID id-at-collectiveTelexNumber
-}
-
-facsimileTelephoneNumber ATTRIBUTE ::= {
- WITH SYNTAX FacsimileTelephoneNumber
- EQUALITY MATCHING RULE facsimileNumberMatch
- SUBSTRINGS MATCHING RULE facsimileNumberSubstringsMatch
- ID id-at-facsimileTelephoneNumber
-}
-
-facsimileNumberMatch MATCHING-RULE ::= {
- SYNTAX TelephoneNumber
- ID id-mr-facsimileNumberMatch
-}
-
-facsimileNumberSubstringsMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion
- ID id-mr-facsimileNumberSubstringsMatch
-}
-
-FacsimileTelephoneNumber ::= SEQUENCE {
- telephoneNumber TelephoneNumber,
- parameters G3FacsimileNonBasicParameters OPTIONAL
-}
-
-collectiveFacsimileTelephoneNumber ATTRIBUTE ::= {
- SUBTYPE OF facsimileTelephoneNumber
- COLLECTIVE TRUE
- ID id-at-collectiveFacsimileTelephoneNumber
-}
-
-x121Address ATTRIBUTE ::= {
- WITH SYNTAX X121Address
- EQUALITY MATCHING RULE numericStringMatch
- SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
- ID id-at-x121Address
-}
-
-X121Address ::= NumericString(SIZE (1..ub-x121-address))
-
--- String as defined by ITU-T Rec. X.121
-internationalISDNNumber ATTRIBUTE ::= {
- WITH SYNTAX InternationalISDNNumber
- EQUALITY MATCHING RULE numericStringMatch
- SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
- ID id-at-internationalISDNNumber
-}
-
-InternationalISDNNumber ::=
- NumericString(SIZE (1..ub-international-isdn-number))
-
--- String complying with ITU-T Rec. E.164 only
-collectiveInternationalISDNNumber ATTRIBUTE ::= {
- SUBTYPE OF internationalISDNNumber
- COLLECTIVE TRUE
- ID id-at-collectiveInternationalISDNNumber
-}
-
-registeredAddress ATTRIBUTE ::= {
- SUBTYPE OF postalAddress
- WITH SYNTAX PostalAddress
- ID id-at-registeredAddress
-}
-
-destinationIndicator ATTRIBUTE ::= {
- WITH SYNTAX DestinationIndicator
- EQUALITY MATCHING RULE caseIgnoreMatch
- SUBSTRINGS MATCHING RULE caseIgnoreSubstringsMatch
- ID id-at-destinationIndicator
-}
-
-DestinationIndicator ::= PrintableString(SIZE (1..ub-destination-indicator))
-
-communicationsService ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-at-communicationsService
-}
-
-communicationsNetwork ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- SINGLE VALUE TRUE
- ID id-at-communicationsNetwork
-}
-
--- alphabetical characters only
-preferredDeliveryMethod ATTRIBUTE ::= {
- WITH SYNTAX PreferredDeliveryMethod
- SINGLE VALUE TRUE
- ID id-at-preferredDeliveryMethod
-}
-
-PreferredDeliveryMethod ::=
- SEQUENCE OF
- INTEGER {any-delivery-method(0), mhs-delivery(1), physical-delivery(2),
- telex-delivery(3), teletex-delivery(4), g3-facsimile-delivery(5),
- g4-facsimile-delivery(6), ia5-terminal-delivery(7),
- videotex-delivery(8), telephone-delivery(9)}
-
-presentationAddress ATTRIBUTE ::= {
- WITH SYNTAX PresentationAddress
- EQUALITY MATCHING RULE presentationAddressMatch
- SINGLE VALUE TRUE
- ID id-at-presentationAddress
-}
-
-PresentationAddress ::= SEQUENCE {
- pSelector [0] OCTET STRING OPTIONAL,
- sSelector [1] OCTET STRING OPTIONAL,
- tSelector [2] OCTET STRING OPTIONAL,
- nAddresses [3] SET SIZE (1..MAX) OF OCTET STRING
-}
-
-supportedApplicationContext ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-at-supportedApplicationContext
-}
-
-protocolInformation ATTRIBUTE ::= {
- WITH SYNTAX ProtocolInformation
- EQUALITY MATCHING RULE protocolInformationMatch
- ID id-at-protocolInformation
-}
-
-ProtocolInformation ::= SEQUENCE {
- nAddress OCTET STRING,
- profiles SET OF OBJECT IDENTIFIER
-}
-
-distinguishedName ATTRIBUTE ::= {
- WITH SYNTAX DistinguishedName
- EQUALITY MATCHING RULE distinguishedNameMatch
- ID id-at-distinguishedName
-}
-
-member ATTRIBUTE ::= {SUBTYPE OF distinguishedName
- ID id-at-member
-}
-
-uniqueMember ATTRIBUTE ::= {
- WITH SYNTAX NameAndOptionalUID
- EQUALITY MATCHING RULE uniqueMemberMatch
- ID id-at-uniqueMember
-}
-
-NameAndOptionalUID ::= SEQUENCE {
- dn DistinguishedName,
- uid UniqueIdentifier OPTIONAL
-}
-
-owner ATTRIBUTE ::= {SUBTYPE OF distinguishedName
- ID id-at-owner
-}
-
-roleOccupant ATTRIBUTE ::= {
- SUBTYPE OF distinguishedName
- ID id-at-roleOccupant
-}
-
-seeAlso ATTRIBUTE ::= {SUBTYPE OF distinguishedName
- ID id-at-seeAlso
-}
-
-dmdName ATTRIBUTE ::= {
- SUBTYPE OF name
- WITH SYNTAX DirectoryString {ub-common-name}
- ID id-at-dmdName
-}
-
-dSAProblem ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-not-dSAProblem
-}
-
-searchServiceProblem ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- SINGLE VALUE TRUE
- ID id-not-searchServiceProblem
-}
-
-serviceType ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- SINGLE VALUE TRUE
- ID id-not-serviceType
-}
-
-attributeTypeList ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-not-attributeTypeList
-}
-
-filterItem ATTRIBUTE ::= {
- WITH SYNTAX FilterItem
- ID id-not-filterItem
-}
-
-attributeCombinations ATTRIBUTE ::= {
- WITH SYNTAX AttributeCombination
- ID id-not-attributeCombinations
-}
-
-contextTypeList ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-not-contextTypeList
-}
-
-contextList ATTRIBUTE ::= {
- WITH SYNTAX ContextAssertion
- ID id-not-contextList
-}
-
-hierarchySelectList ATTRIBUTE ::= {
- WITH SYNTAX HierarchySelections
- SINGLE VALUE TRUE
- ID id-not-hierarchySelectList
-}
-
-searchOptionsList ATTRIBUTE ::= {
- WITH SYNTAX SearchControlOptions
- SINGLE VALUE TRUE
- ID id-not-searchOptionsList
-}
-
-serviceControlOptionsList ATTRIBUTE ::= {
- WITH SYNTAX ServiceControlOptions
- SINGLE VALUE TRUE
- ID id-not-serviceControlOptionsList
-}
-
-multipleMatchingLocalities ATTRIBUTE ::= {
- WITH SYNTAX MultipleMatchingLocalities
- ID id-not-multipleMatchingLocalities
-}
-
-MultipleMatchingLocalities ::= SEQUENCE {
- matchingRuleUsed MATCHING-RULE.&id OPTIONAL,
- attributeList SEQUENCE OF AttributeValueAssertion
-}
-
-proposedRelaxation ATTRIBUTE ::= {
- WITH SYNTAX SEQUENCE OF MRMapping
- ID id-not-proposedRelaxation
-}
-
-appliedRelaxation ATTRIBUTE ::= {
- WITH SYNTAX OBJECT IDENTIFIER
- EQUALITY MATCHING RULE objectIdentifierMatch
- ID id-not-appliedRelaxation
-}
-
--- Matching rules
-caseIgnoreMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-caseIgnoreMatch
-}
-
-caseIgnoreOrderingMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-caseIgnoreOrderingMatch
-}
-
-caseIgnoreSubstringsMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion
- ID id-mr-caseIgnoreSubstringsMatch
-}
-
-SubstringAssertion ::=
- SEQUENCE OF
- CHOICE {initial [0] DirectoryString{ub-match},
- any [1] DirectoryString{ub-match},
- final [2] DirectoryString{ub-match},
- control Attribute
- } -- Used to specify interpretation of the following items
-
--- at most one initial and one final component
-caseExactMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-caseExactMatch
-}
-
-caseExactOrderingMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-caseExactOrderingMatch
-}
-
-caseExactSubstringsMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion -- only the PrintableString choice
- ID id-mr-caseExactSubstringsMatch
-}
-
-numericStringMatch MATCHING-RULE ::= {
- SYNTAX NumericString
- ID id-mr-numericStringMatch
-}
-
-numericStringOrderingMatch MATCHING-RULE ::= {
- SYNTAX NumericString
- ID id-mr-numericStringOrderingMatch
-}
-
-numericStringSubstringsMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion
- ID id-mr-numericStringSubstringsMatch
-}
-
-caseIgnoreListMatch MATCHING-RULE ::= {
- SYNTAX CaseIgnoreListMatch
- ID id-mr-caseIgnoreListMatch
-}
-
-CaseIgnoreListMatch ::= SEQUENCE OF DirectoryString{ub-match}
-
-caseIgnoreListSubstringsMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion
- ID id-mr-caseIgnoreListSubstringsMatch
-}
-
-storedPrefixMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-storedPrefixMatch
-}
-
-booleanMatch MATCHING-RULE ::= {SYNTAX BOOLEAN
- ID id-mr-booleanMatch
-}
-
-integerMatch MATCHING-RULE ::= {SYNTAX INTEGER
- ID id-mr-integerMatch
-}
-
-integerOrderingMatch MATCHING-RULE ::= {
- SYNTAX INTEGER
- ID id-mr-integerOrderingMatch
-}
-
-bitStringMatch MATCHING-RULE ::= {
- SYNTAX BIT STRING
- ID id-mr-bitStringMatch
-}
-
-octetStringMatch MATCHING-RULE ::= {
- SYNTAX OCTET STRING
- ID id-mr-octetStringMatch
-}
-
-octetStringOrderingMatch MATCHING-RULE ::= {
- SYNTAX OCTET STRING
- ID id-mr-octetStringOrderingMatch
-}
-
-octetStringSubstringsMatch MATCHING-RULE ::= {
- SYNTAX OctetSubstringAssertion
- ID id-mr-octetStringSubstringsMatch
-}
-
-OctetSubstringAssertion ::=
- SEQUENCE OF
- CHOICE {initial [0] OCTET STRING,
- any [1] OCTET STRING,
- final [2] OCTET STRING}
-
--- at most one initial and one final component
-telephoneNumberMatch MATCHING-RULE ::= {
- SYNTAX TelephoneNumber
- ID id-mr-telephoneNumberMatch
-}
-
-telephoneNumberSubstringsMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion
- ID id-mr-telephoneNumberSubstringsMatch
-}
-
-presentationAddressMatch MATCHING-RULE ::= {
- SYNTAX PresentationAddress
- ID id-mr-presentationAddressMatch
-}
-
-uniqueMemberMatch MATCHING-RULE ::= {
- SYNTAX NameAndOptionalUID
- ID id-mr-uniqueMemberMatch
-}
-
-protocolInformationMatch MATCHING-RULE ::= {
- SYNTAX OCTET STRING
- ID id-mr-protocolInformationMatch
-}
-
-uTCTimeMatch MATCHING-RULE ::= {SYNTAX UTCTime
- ID id-mr-uTCTimeMatch
-}
-
-uTCTimeOrderingMatch MATCHING-RULE ::= {
- SYNTAX UTCTime
- ID id-mr-uTCTimeOrderingMatch
-}
-
-generalizedTimeMatch MATCHING-RULE ::= {
- SYNTAX GeneralizedTime
- -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- ID id-mr-generalizedTimeMatch
-}
-
-generalizedTimeOrderingMatch MATCHING-RULE ::= {
- SYNTAX GeneralizedTime
- -- as per 41.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
- ID id-mr-generalizedTimeOrderingMatch
-}
-
-integerFirstComponentMatch MATCHING-RULE ::= {
- SYNTAX INTEGER
- ID id-mr-integerFirstComponentMatch
-}
-
-objectIdentifierFirstComponentMatch MATCHING-RULE ::= {
- SYNTAX OBJECT IDENTIFIER
- ID id-mr-objectIdentifierFirstComponentMatch
-}
-
-directoryStringFirstComponentMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-directory-string-first-component-match}
- ID id-mr-directoryStringFirstComponentMatch
-}
-
-wordMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-wordMatch
-}
-
-keywordMatch MATCHING-RULE ::= {
- SYNTAX DirectoryString {ub-match}
- ID id-mr-keywordMatch
-}
-
-systemProposedMatch MATCHING-RULE ::= {ID id-mr-systemProposedMatch
-}
-
-generalWordMatch MATCHING-RULE ::= {
- SYNTAX SubstringAssertion
- ID id-mr-generalWordMatch
-}
-
-sequenceMatchType ATTRIBUTE ::= {
- WITH SYNTAX
- ENUMERATED {sequenceExact(0), sequenceDeletion(1),
- sequenceRestrictedDeletion(2), sequencePermutation(3),
- sequencePermutationAndDeletion(4), sequenceProviderDefined(5)}
- SINGLE VALUE TRUE
- ID id-cat-sequenceMatchType
-} -- defaulting to sequenceExact,
-
-wordMatchTypes ATTRIBUTE ::= {
- WITH SYNTAX
- ENUMERATED {wordExact(0), wordTruncated(1), wordPhonetic(2),
- wordProviderDefined(3)}
- SINGLE VALUE TRUE
- ID id-cat-wordMatchType
-} -- defaulting to wordExact
-
-characterMatchTypes ATTRIBUTE ::= {
- WITH SYNTAX
- ENUMERATED {characterExact(0), characterCaseIgnore(1), characterMapped(2)}
- SINGLE VALUE TRUE
- ID id-cat-characterMatchTypes
-}
-
-selectedContexts ATTRIBUTE ::= {
- WITH SYNTAX ContextAssertion
- ID id-cat-selectedContexts
-}
-
-approximateStringMatch MATCHING-RULE ::= {ID id-mr-approximateStringMatch
-}
-
-ignoreIfAbsentMatch MATCHING-RULE ::= {ID id-mr-ignoreIfAbsentMatch
-}
-
-nullMatch MATCHING-RULE ::= {ID id-mr-nullMatch
-}
-
-ZONAL-MATCHING ::=
- MAPPING-BASED-MATCHING{ZonalSelect, TRUE, ZonalResult, zonalMatch.&id}
-
-ZonalSelect ::= SEQUENCE OF AttributeType
-
-ZonalResult ::= ENUMERATED {
- cannot-select-mapping(0), zero-mappings(2), multiple-mappings(3)}
-
-zonalMatch MATCHING-RULE ::= {
- UNIQUE-MATCH-INDICATOR multipleMatchingLocalities.&id
- ID id-mr-zonalMatch
-}
-
--- Contexts
-languageContext CONTEXT ::= {
- WITH SYNTAX LanguageContextSyntax
- ID id-avc-language
-}
-
-LanguageContextSyntax ::= PrintableString(SIZE (2..3)) -- ISO 639-2 codes only
-
-
-temporalContext CONTEXT ::= {
- WITH SYNTAX TimeSpecification
- ASSERTED AS TimeAssertion
- ID id-avc-temporal
-}
-
-TimeSpecification ::= SEQUENCE {
- time
- CHOICE {absolute
- SEQUENCE {startTime [0] GeneralizedTime OPTIONAL,
- endTime [1] GeneralizedTime OPTIONAL},
- periodic SET OF Period},
- notThisTime BOOLEAN DEFAULT FALSE,
- timeZone TimeZone OPTIONAL
-}
-
-Period ::= SEQUENCE {
- timesOfDay [0] SET SIZE (1..MAX) OF DayTimeBand OPTIONAL,
- days
- [1] CHOICE {intDay SET OF INTEGER,
- bitDay
- BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3),
- thursday(4), friday(5), saturday(6)},
- dayOf XDayOf} OPTIONAL,
- weeks
- [2] CHOICE {allWeeks NULL,
- intWeek SET OF INTEGER,
- bitWeek
- BIT STRING {week1(0), week2(1), week3(2), week4(3), week5(4)}
- } OPTIONAL,
- months
- [3] CHOICE {allMonths NULL,
- intMonth SET OF INTEGER,
- bitMonth
- BIT STRING {january(0), february(1), march(2), april(3),
- may(4), june(5), july(6), august(7),
- september(8), october(9), november(10),
- december(11)}} OPTIONAL,
- years [4] SET OF INTEGER(1000..MAX) OPTIONAL
-}
-
-XDayOf ::= CHOICE {
- first [1] NamedDay,
- second [2] NamedDay,
- third [3] NamedDay,
- fourth [4] NamedDay,
- fifth [5] NamedDay
-}
-
-NamedDay ::= CHOICE {
- intNamedDays
- ENUMERATED {sunday(1), monday(2), tuesday(3), wednesday(4), thursday(5),
- friday(6), saturday(7)},
- bitNamedDays
- BIT STRING {sunday(0), monday(1), tuesday(2), wednesday(3), thursday(4),
- friday(5), saturday(6)}
-}
-
-DayTimeBand ::= SEQUENCE {
- startDayTime [0] DayTime DEFAULT {hour 0},
- endDayTime [1] DayTime DEFAULT {hour 23, minute 59, second 59}
-}
-
-DayTime ::= SEQUENCE {
- hour [0] INTEGER(0..23),
- minute [1] INTEGER(0..59) DEFAULT 0,
- second [2] INTEGER(0..59) DEFAULT 0
-}
-
-TimeZone ::= INTEGER(-12..12)
-
-TimeAssertion ::= CHOICE {
- now NULL,
- at GeneralizedTime,
- between
- SEQUENCE {startTime [0] GeneralizedTime,
- endTime [1] GeneralizedTime OPTIONAL,
- entirely BOOLEAN DEFAULT FALSE}
-}
-
-localeContext CONTEXT ::= {
- WITH SYNTAX LocaleContextSyntax
- ID id-avc-locale
-}
-
-LocaleContextSyntax ::= CHOICE {
- localeID1 OBJECT IDENTIFIER,
- localeID2 DirectoryString{ub-localeContextSyntax}
-}
-
--- Object identifier assignments -
--- object identifiers assigned in other modules are shown in comments
--- Attributes
--- id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
--- id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
-id-at-encryptedAliasedEntryName OBJECT IDENTIFIER ::= {id-at 1 2}
-id-at-knowledgeInformation OBJECT IDENTIFIER ::= {id-at 2}
-id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}
-id-at-encryptedCommonName OBJECT IDENTIFIER ::= {id-at 3 2}
-id-at-surname OBJECT IDENTIFIER ::= {id-at 4}
-id-at-encryptedSurname OBJECT IDENTIFIER ::= {id-at 4 2}
-id-at-serialNumber OBJECT IDENTIFIER ::= {id-at 5}
-id-at-encryptedSerialNumber OBJECT IDENTIFIER ::= {id-at 5 2}
-id-at-countryName OBJECT IDENTIFIER ::= {id-at 6}
-id-at-encryptedCountryName OBJECT IDENTIFIER ::= {id-at 6 2}
-id-at-localityName OBJECT IDENTIFIER ::= {id-at 7}
-id-at-encryptedLocalityName OBJECT IDENTIFIER ::= {id-at 7 2}
-id-at-collectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1}
-id-at-encryptedCollectiveLocalityName OBJECT IDENTIFIER ::= {id-at 7 1 2}
-id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8}
-id-at-encryptedStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 2}
-id-at-collectiveStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 1}
-id-at-encryptedCollectiveStateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8 1 2}
-id-at-streetAddress OBJECT IDENTIFIER ::= {id-at 9}
-id-at-encryptedStreetAddress OBJECT IDENTIFIER ::= {id-at 9 2}
-id-at-collectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1}
-id-at-encryptedCollectiveStreetAddress OBJECT IDENTIFIER ::= {id-at 9 1 2}
-id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10}
-id-at-encryptedOrganizationName OBJECT IDENTIFIER ::= {id-at 10 2}
-id-at-collectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1}
-id-at-encryptedCollectiveOrganizationName OBJECT IDENTIFIER ::= {id-at 10 1 2}
-id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11}
-id-at-encryptedOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 2}
-id-at-collectiveOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 1}
-id-at-encryptedCollectiveOrganizationalUnitName OBJECT IDENTIFIER ::= {id-at 11 1 2}
-id-at-title OBJECT IDENTIFIER ::= {id-at 12}
-id-at-encryptedTitle OBJECT IDENTIFIER ::= {id-at 12 2}
-id-at-description OBJECT IDENTIFIER ::= {id-at 13}
-id-at-encryptedDescription OBJECT IDENTIFIER ::= {id-at 13 2}
-id-at-searchGuide OBJECT IDENTIFIER ::= {id-at 14}
-id-at-encryptedSearchGuide OBJECT IDENTIFIER ::= {id-at 14 2}
-id-at-businessCategory OBJECT IDENTIFIER ::= {id-at 15}
-id-at-encryptedBusinessCategory OBJECT IDENTIFIER ::= {id-at 15 2}
-id-at-postalAddress OBJECT IDENTIFIER ::= {id-at 16}
-id-at-encryptedPostalAddress OBJECT IDENTIFIER ::= {id-at 16 2}
-id-at-collectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1}
-id-at-encryptedCollectivePostalAddress OBJECT IDENTIFIER ::= {id-at 16 1 2}
-id-at-postalCode OBJECT IDENTIFIER ::= {id-at 17}
-id-at-encryptedPostalCode OBJECT IDENTIFIER ::= {id-at 17 2}
-id-at-collectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1}
-id-at-encryptedCollectivePostalCode OBJECT IDENTIFIER ::= {id-at 17 1 2}
-id-at-postOfficeBox OBJECT IDENTIFIER ::= {id-at 18}
-id-at-encryptedPostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 2}
-id-at-collectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1}
-id-at-encryptedCollectivePostOfficeBox OBJECT IDENTIFIER ::= {id-at 18 1 2}
-id-at-physicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19}
-id-at-encryptedPhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 2}
-id-at-collectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 1}
-id-at-encryptedCollectivePhysicalDeliveryOfficeName OBJECT IDENTIFIER ::= {id-at 19 1 2}
-id-at-telephoneNumber OBJECT IDENTIFIER ::= {id-at 20}
-id-at-encryptedTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 2}
-id-at-collectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1}
-id-at-encryptedCollectiveTelephoneNumber OBJECT IDENTIFIER ::= {id-at 20 1 2}
-id-at-telexNumber OBJECT IDENTIFIER ::= {id-at 21}
-id-at-encryptedTelexNumber OBJECT IDENTIFIER ::= {id-at 21 2}
-id-at-collectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1}
-id-at-encryptedCollectiveTelexNumber OBJECT IDENTIFIER ::= {id-at 21 1 2}
-id-at-facsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23}
-id-at-encryptedFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 2}
-id-at-collectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 1}
-id-at-encryptedCollectiveFacsimileTelephoneNumber OBJECT IDENTIFIER ::= {id-at 23 1 2}
-id-at-x121Address OBJECT IDENTIFIER ::= {id-at 24}
-id-at-encryptedX121Address OBJECT IDENTIFIER ::= {id-at 24 2}
-id-at-internationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25}
-id-at-encryptedInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 2}
-id-at-collectiveInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 1}
-id-at-encryptedCollectiveInternationalISDNNumber OBJECT IDENTIFIER ::= {id-at 25 1 2}
-id-at-registeredAddress OBJECT IDENTIFIER ::= {id-at 26}
-id-at-encryptedRegisteredAddress OBJECT IDENTIFIER ::= {id-at 26 2}
-id-at-destinationIndicator OBJECT IDENTIFIER ::= {id-at 27}
-id-at-encryptedDestinationIndicator OBJECT IDENTIFIER ::= {id-at 27 2}
-id-at-preferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28}
-id-at-encryptedPreferredDeliveryMethod OBJECT IDENTIFIER ::= {id-at 28 2}
-id-at-presentationAddress OBJECT IDENTIFIER ::= {id-at 29}
-id-at-encryptedPresentationAddress OBJECT IDENTIFIER ::= {id-at 29 2}
-id-at-supportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30}
-id-at-encryptedSupportedApplicationContext OBJECT IDENTIFIER ::= {id-at 30 2}
-id-at-member OBJECT IDENTIFIER ::= {id-at 31}
-id-at-encryptedMember OBJECT IDENTIFIER ::= {id-at 31 2}
-id-at-owner OBJECT IDENTIFIER ::= {id-at 32}
-id-at-encryptedOwner OBJECT IDENTIFIER ::= {id-at 32 2}
-id-at-roleOccupant OBJECT IDENTIFIER ::= {id-at 33}
-id-at-encryptedRoleOccupant OBJECT IDENTIFIER ::= {id-at 33 2}
-id-at-seeAlso OBJECT IDENTIFIER ::= {id-at 34}
-id-at-encryptedSeeAlso OBJECT IDENTIFIER ::= {id-at 34 2}
-id-at-encryptedUserPassword OBJECT IDENTIFIER ::= {id-at 35 2}
-id-at-encryptedUserCertificate OBJECT IDENTIFIER ::= {id-at 36 2}
-id-at-encryptedCACertificate OBJECT IDENTIFIER ::= {id-at 37 2}
-id-at-encryptedAuthorityRevocationList OBJECT IDENTIFIER ::= {id-at 38 2}
-id-at-encryptedCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 39 2}
-id-at-encryptedCrossCertificatePair OBJECT IDENTIFIER ::= {id-at 40 2}
-id-at-name OBJECT IDENTIFIER ::= {id-at 41}
-id-at-givenName OBJECT IDENTIFIER ::= {id-at 42}
-id-at-encryptedGivenName OBJECT IDENTIFIER ::= {id-at 42 2}
-id-at-initials OBJECT IDENTIFIER ::= {id-at 43}
-id-at-encryptedInitials OBJECT IDENTIFIER ::= {id-at 43 2}
-id-at-generationQualifier OBJECT IDENTIFIER ::= {id-at 44}
-id-at-encryptedGenerationQualifier OBJECT IDENTIFIER ::= {id-at 44 2}
-id-at-uniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45}
-id-at-encryptedUniqueIdentifier OBJECT IDENTIFIER ::= {id-at 45 2}
-id-at-dnQualifier OBJECT IDENTIFIER ::= {id-at 46}
-id-at-encryptedDnQualifier OBJECT IDENTIFIER ::= {id-at 46 2}
-id-at-enhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47}
-id-at-encryptedEnhancedSearchGuide OBJECT IDENTIFIER ::= {id-at 47 2}
-id-at-protocolInformation OBJECT IDENTIFIER ::= {id-at 48}
-id-at-encryptedProtocolInformation OBJECT IDENTIFIER ::= {id-at 48 2}
-id-at-distinguishedName OBJECT IDENTIFIER ::= {id-at 49}
-id-at-encryptedDistinguishedName OBJECT IDENTIFIER ::= {id-at 49 2}
-id-at-uniqueMember OBJECT IDENTIFIER ::= {id-at 50}
-id-at-encryptedUniqueMember OBJECT IDENTIFIER ::= {id-at 50 2}
-id-at-houseIdentifier OBJECT IDENTIFIER ::= {id-at 51}
-id-at-encryptedHouseIdentifier OBJECT IDENTIFIER ::= {id-at 51 2}
-id-at-encryptedSupportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52 2}
-id-at-encryptedDeltaRevocationList OBJECT IDENTIFIER ::= {id-at 53 2}
-id-at-dmdName OBJECT IDENTIFIER ::= {id-at 54}
-id-at-encryptedDmdName OBJECT IDENTIFIER ::= {id-at 54 2}
-id-at-encryptedClearance OBJECT IDENTIFIER ::= {id-at 55 2}
-id-at-encryptedDefaultDirQop OBJECT IDENTIFIER ::= {id-at 56 2}
-id-at-encryptedAttributeIntegrityInfo OBJECT IDENTIFIER ::= {id-at 57 2}
-id-at-encryptedAttributeCertificate OBJECT IDENTIFIER ::= {id-at 58 2}
-id-at-encryptedAttributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59 2}
-id-at-encryptedConfKeyInfo OBJECT IDENTIFIER ::= {id-at 60 2}
-id-at-pseudonym OBJECT IDENTIFIER ::= {id-at 65}
-id-at-communicationsService OBJECT IDENTIFIER ::= {id-at 66}
-id-at-communicationsNetwork OBJECT IDENTIFIER ::= {id-at 67}
-
--- Matching rules
-id-mr-caseIgnoreMatch OBJECT IDENTIFIER ::= {id-mr 2}
-id-mr-caseIgnoreOrderingMatch OBJECT IDENTIFIER ::= {id-mr 3}
-id-mr-caseIgnoreSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 4}
-id-mr-caseExactMatch OBJECT IDENTIFIER ::= {id-mr 5}
-id-mr-caseExactOrderingMatch OBJECT IDENTIFIER ::= {id-mr 6}
-id-mr-caseExactSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 7}
-id-mr-numericStringMatch OBJECT IDENTIFIER ::= {id-mr 8}
-id-mr-numericStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 9}
-id-mr-numericStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 10}
-id-mr-caseIgnoreListMatch OBJECT IDENTIFIER ::= {id-mr 11}
-id-mr-caseIgnoreListSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 12}
-id-mr-booleanMatch OBJECT IDENTIFIER ::= {id-mr 13}
-id-mr-integerMatch OBJECT IDENTIFIER ::= {id-mr 14}
-id-mr-integerOrderingMatch OBJECT IDENTIFIER ::= {id-mr 15}
-id-mr-bitStringMatch OBJECT IDENTIFIER ::= {id-mr 16}
-id-mr-octetStringMatch OBJECT IDENTIFIER ::= {id-mr 17}
-id-mr-octetStringOrderingMatch OBJECT IDENTIFIER ::= {id-mr 18}
-id-mr-octetStringSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 19}
-id-mr-telephoneNumberMatch OBJECT IDENTIFIER ::= {id-mr 20}
-id-mr-telephoneNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 21}
-id-mr-presentationAddressMatch OBJECT IDENTIFIER ::= {id-mr 22}
-id-mr-uniqueMemberMatch OBJECT IDENTIFIER ::= {id-mr 23}
-id-mr-protocolInformationMatch OBJECT IDENTIFIER ::= {id-mr 24}
-id-mr-uTCTimeMatch OBJECT IDENTIFIER ::= {id-mr 25}
-id-mr-uTCTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 26}
-id-mr-generalizedTimeMatch OBJECT IDENTIFIER ::= {id-mr 27}
-id-mr-generalizedTimeOrderingMatch OBJECT IDENTIFIER ::= {id-mr 28}
-id-mr-integerFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 29}
-id-mr-objectIdentifierFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 30}
-id-mr-directoryStringFirstComponentMatch OBJECT IDENTIFIER ::= {id-mr 31}
-id-mr-wordMatch OBJECT IDENTIFIER ::= {id-mr 32}
-id-mr-keywordMatch OBJECT IDENTIFIER ::= {id-mr 33}
-id-mr-storedPrefixMatch OBJECT IDENTIFIER ::= {id-mr 41}
-id-mr-systemProposedMatch OBJECT IDENTIFIER ::= {id-mr 47}
-id-mr-generalWordMatch OBJECT IDENTIFIER ::= {id-mr 48}
-id-mr-approximateStringMatch OBJECT IDENTIFIER ::= {id-mr 49}
-id-mr-ignoreIfAbsentMatch OBJECT IDENTIFIER ::= {id-mr 50}
-id-mr-nullMatch OBJECT IDENTIFIER ::= {id-mr 51}
-id-mr-zonalMatch OBJECT IDENTIFIER ::= {id-mr 52}
-id-mr-facsimileNumberMatch OBJECT IDENTIFIER ::= {id-mr 63}
-id-mr-facsimileNumberSubstringsMatch OBJECT IDENTIFIER ::= {id-mr 64}
-
--- contexts
-id-avc-language OBJECT IDENTIFIER ::= {id-avc 0}
-id-avc-temporal OBJECT IDENTIFIER ::= {id-avc 1}
-id-avc-locale OBJECT IDENTIFIER ::= {id-avc 2}
-
--- Problem definitions
-id-pr-targetDsaUnavailable OBJECT IDENTIFIER ::= {id-pr 1}
-id-pr-dataSourceUnavailable OBJECT IDENTIFIER ::= {id-pr 2}
-id-pr-unidentifiedOperation OBJECT IDENTIFIER ::= {id-pr 3}
-id-pr-unavailableOperation OBJECT IDENTIFIER ::= {id-pr 4}
-id-pr-searchAttributeViolation OBJECT IDENTIFIER ::= {id-pr 5}
-id-pr-searchAttributeCombinationViolation OBJECT IDENTIFIER ::= {id-pr 6}
-id-pr-searchValueNotAllowed OBJECT IDENTIFIER ::= {id-pr 7}
-id-pr-missingSearchAttribute OBJECT IDENTIFIER ::= {id-pr 8}
-id-pr-searchValueViolation OBJECT IDENTIFIER ::= {id-pr 9}
-id-pr-attributeNegationViolation OBJECT IDENTIFIER ::= {id-pr 10}
-id-pr-searchValueRequired OBJECT IDENTIFIER ::= {id-pr 11}
-id-pr-invalidSearchValue OBJECT IDENTIFIER ::= {id-pr 12}
-id-pr-searchContextViolation OBJECT IDENTIFIER ::= {id-pr 13}
-id-pr-searchContextCombinationViolation OBJECT IDENTIFIER ::= {id-pr 14}
-id-pr-missingSearchContext OBJECT IDENTIFIER ::= {id-pr 15}
-id-pr-searchContextValueViolation OBJECT IDENTIFIER ::= {id-pr 16}
-id-pr-searchContextValueRequired OBJECT IDENTIFIER ::= {id-pr 17}
-id-pr-invalidContextSearchValue OBJECT IDENTIFIER ::= {id-pr 18}
-id-pr-unsupportedMatchingRule OBJECT IDENTIFIER ::= {id-pr 19}
-id-pr-attributeMatchingViolation OBJECT IDENTIFIER ::= {id-pr 20}
-id-pr-unsupportedMatchingUse OBJECT IDENTIFIER ::= {id-pr 21}
-id-pr-matchingUseViolation OBJECT IDENTIFIER ::= {id-pr 22}
-id-pr-hierarchySelectForbidden OBJECT IDENTIFIER ::= {id-pr 23}
-id-pr-invalidHierarchySelect OBJECT IDENTIFIER ::= {id-pr 24}
-id-pr-unavailableHierarchySelect OBJECT IDENTIFIER ::= {id-pr 25}
-id-pr-invalidSearchOptions OBJECT IDENTIFIER ::= {id-pr 26}
-id-pr-missingSearchOptions OBJECT IDENTIFIER ::= {id-pr 27}
-id-pr-invalidServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 28}
-id-pr-missingServiceControlOptions OBJECT IDENTIFIER ::= {id-pr 29}
-id-pr-searchSubsetViolation OBJECT IDENTIFIER ::= {id-pr 30}
-id-pr-unmatchedKeyAttributes OBJECT IDENTIFIER ::= {id-pr 31}
-id-pr-ambiguousKeyAttributes OBJECT IDENTIFIER ::= {id-pr 32}
-
--- Notification attributes
-id-not-dSAProblem OBJECT IDENTIFIER ::= {id-not 0}
-id-not-searchServiceProblem OBJECT IDENTIFIER ::= {id-not 1}
-id-not-serviceType OBJECT IDENTIFIER ::= {id-not 2}
-id-not-attributeTypeList OBJECT IDENTIFIER ::= {id-not 3}
-id-not-matchingRuleList OBJECT IDENTIFIER ::= {id-not 4}
-id-not-filterItem OBJECT IDENTIFIER ::= {id-not 5}
-id-not-attributeCombinations OBJECT IDENTIFIER ::= {id-not 6}
-id-not-contextTypeList OBJECT IDENTIFIER ::= {id-not 7}
-id-not-contextList OBJECT IDENTIFIER ::= {id-not 8}
-id-not-contextCombinations OBJECT IDENTIFIER ::= {id-not 9}
-id-not-hierarchySelectList OBJECT IDENTIFIER ::= {id-not 10}
-id-not-searchOptionsList OBJECT IDENTIFIER ::= {id-not 11}
-id-not-serviceControlOptionsList OBJECT IDENTIFIER ::= {id-not 12}
-id-not-multipleMatchingLocalities OBJECT IDENTIFIER ::= {id-not 13}
-id-not-proposedRelaxation OBJECT IDENTIFIER ::= {id-not 14}
-id-not-appliedRelaxation OBJECT IDENTIFIER ::= {id-not 15}
-id-not-substringRequirements OBJECT IDENTIFIER ::= {id-not 16}
-
--- Control attributes
-id-cat-sequenceMatchType OBJECT IDENTIFIER ::= {id-cat 1}
-id-cat-wordMatchType OBJECT IDENTIFIER ::= {id-cat 2}
-id-cat-characterMatchTypes OBJECT IDENTIFIER ::= {id-cat 3}
-id-cat-selectedContexts OBJECT IDENTIFIER ::= {id-cat 4}
-
-G3FacsimileNonBasicParameters ::= BIT STRING {
- two-dimensional(8), -- As defined in ITU-T Recommendation T.30
- fine-resolution(9), --
- unlimited-length(20), -- These bit values are chosen such that when
- b4-length(21), -- encoded using ASN.1 Basic Encoding Rules
- a3-width(22), -- the resulting octets have the same values
- b4-width(23), -- as for T.30 encoding
- t6-coding(25), --
- uncompressed(30), -- Trailing zero bits are not significant.
- width-middle-864-of-1728(37), -- It is recommended that implementations
- width-middle-1216-of-1728(38), -- should not encode more than 32 bits unless
- resolution-type(44), -- higher numbered bits are non-zero.
- resolution-400x400(45), resolution-300x300(46), resolution-8x15(47),
- edi(49), dtm(50), bft(51), mixed-mode(58), character-mode(60),
- twelve-bits(65), preferred-huffmann(66), full-colour(67), jpeg(68),
- processable-mode-26(71)}
-
-END -- SelectedAttributeTypes
-
-
diff --git a/priv/kep/UpperBounds.asn1 b/priv/kep/UpperBounds.asn1
deleted file mode 100644
index 80d196f..0000000
--- a/priv/kep/UpperBounds.asn1
+++ /dev/null
@@ -1,52 +0,0 @@
--- Module UpperBounds (X.520:08/1997)
-
-UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 3}
-DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-ub-answerback INTEGER ::= 8
-ub-business-category INTEGER ::= 128
-ub-common-name INTEGER ::= 64
-ub-country-code INTEGER ::= 4
-ub-description INTEGER ::= 1024
-ub-destination-indicator INTEGER ::= 128
-ub-directory-string-first-component-match INTEGER ::= 32768
-ub-international-isdn-number INTEGER ::= 16
-ub-knowledge-information INTEGER ::= 32768
-ub-locality-name INTEGER ::= 128
-ub-match INTEGER ::= 128
-ub-name INTEGER ::= 64
-ub-organization-name INTEGER ::= 64
-ub-organizational-unit-name INTEGER ::= 64
-ub-physical-office-name INTEGER ::= 128
-ub-post-office-box INTEGER ::= 40
-ub-postal-code INTEGER ::= 40
-ub-postal-line INTEGER ::= 6
-ub-postal-string INTEGER ::= 30
-ub-privacy-mark-length INTEGER ::= 128
-ub-schema INTEGER ::= 1024
-ub-search INTEGER ::= 17 --This definition is missing; to be provided --
-ub-serial-number INTEGER ::= 64
-ub-state-name INTEGER ::= 128
-ub-street-address INTEGER ::= 128
-ub-surname INTEGER ::= 64
-ub-tag INTEGER ::= 64
-ub-telephone-number INTEGER ::= 32
-ub-teletex-terminal-id INTEGER ::= 1024
-ub-telex-number INTEGER ::= 14
-ub-title INTEGER ::= 64
-ub-user-password INTEGER ::= 128
-ub-x121-address INTEGER ::= 15
-ub-localeContextSyntax INTEGER ::= 128
-ub-locale-context-syntax INTEGER ::= 64
-ub-pseudonym INTEGER ::= 128
-ub-content INTEGER ::= 32768
-
-END -- UpperBounds
-
diff --git a/priv/kep/UsefulDefinitions.asn1 b/priv/kep/UsefulDefinitions.asn1
deleted file mode 100644
index e77f9b4..0000000
--- a/priv/kep/UsefulDefinitions.asn1
+++ /dev/null
@@ -1,112 +0,0 @@
--- Module UsefulDefinitions (X.501:08/1997)
-
-UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
-DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All -
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-
-ID ::= OBJECT IDENTIFIER
-ds ID ::= {joint-iso-itu-t ds(5)}
-
--- categories of information object
-module ID ::= {ds 1}
-serviceElement ID ::= {ds 2}
-applicationContext ID ::= {ds 3}
-attributeType ID ::= {ds 4}
-attributeSyntax ID ::= {ds 5}
-objectClass ID ::= {ds 6}
-
-algorithm ID ::= {ds 8}
-abstractSyntax ID ::= {ds 9}
-dsaOperationalAttribute ID ::= {ds 12}
-matchingRule ID ::= {ds 13}
-knowledgeMatchingRule ID ::= {ds 14}
-nameForm ID ::= {ds 15}
-group ID ::= {ds 16}
-subentry ID ::= {ds 17}
-operationalAttributeType ID ::= {ds 18}
-operationalBinding ID ::= {ds 19}
-schemaObjectClass ID ::= {ds 20}
-schemaOperationalAttribute ID ::= {ds 21}
-administrativeRoles ID ::= {ds 23}
-accessControlAttribute ID ::= {ds 24}
-rosObject ID ::= {ds 25}
-contract ID ::= {ds 26}
-package ID ::= {ds 27}
-accessControlSchemes ID ::= {ds 28}
-certificateExtension ID ::= {ds 29}
-managementObject ID ::= {ds 30}
-attributeValueContext ID ::= {ds 31}
-idmProtocol ID ::= {ds 33}
-problem ID ::= {ds 34}
-notification ID ::= {ds 35}
-matchingRestriction ID ::= {ds 36}
-controlAttributeType ID ::= {ds 37}
-
-usefulDefinitions ID ::= {module usefulDefinitions(0) 3}
-informationFramework ID ::= {module informationFramework(1) 3}
-directoryAbstractService ID ::= {module directoryAbstractService(2) 3}
-distributedOperations ID ::= {module distributedOperations(3) 3}
-protocolObjectIdentifiers ID ::= {module protocolObjectIdentifiers(4) 3}
-selectedAttributeTypes ID ::= {module selectedAttributeTypes(5) 3}
-selectedObjectClasses ID ::= {module selectedObjectClasses(6) 3}
-authenticationFramework ID ::= {module authenticationFramework(7) 3}
-algorithmObjectIdentifiers ID ::= {module algorithmObjectIdentifiers(8) 3}
-directoryObjectIdentifiers ID ::= {module directoryObjectIdentifiers(9) 3}
-upperBounds ID ::= {module upperBounds(10) 3}
-dap ID ::= {module dap(11) 3}
-dsp ID ::= {module dsp(12) 3}
-distributedDirectoryOIDs ID ::= {module distributedDirectoryOIDs(13) 3}
-directoryShadowOIDs ID ::= {module directoryShadowOIDs(14) 3}
-directoryShadowAbstractService ID ::= {module directoryShadowAbstractService(15) 3}
-disp ID ::= {module disp(16) 3}
-dop ID ::= {module dop(17) 3}
-opBindingManagement ID ::= {module opBindingManagement(18) 3}
-opBindingOIDs ID ::= {module opBindingOIDs(19) 3}
-hierarchicalOperationalBindings ID ::= {module hierarchicalOperationalBindings(20) 3}
-dsaOperationalAttributeTypes ID ::= {module dsaOperationalAttributeTypes(22) 3}
-schemaAdministration ID ::= {module schemaAdministration(23) 3}
-basicAccessControl ID ::= {module basicAccessControl(24) 3}
-directoryOperationalBindingTypes ID ::= {module directoryOperationalBindingTypes(25) 3}
-certificateExtensions ID ::= {module certificateExtensions(26) 0}
-directoryManagement ID ::= {module directoryManagement(27) 1}
-enhancedSecurity ID ::= {module enhancedSecurity(28) 1}
-iDMProtocolSpecification ID ::= {module iDMProtocolSpecification(30) 4}
-directoryIDMProtocols ID ::= {module directoryIDMProtocols(31) 4}
-
--- synonyms
-id-oc ID ::= objectClass
-id-at ID ::= attributeType
-id-as ID ::= abstractSyntax
-id-mr ID ::= matchingRule
-id-nf ID ::= nameForm
-id-sc ID ::= subentry
-id-oa ID ::= operationalAttributeType
-id-ob ID ::= operationalBinding
-id-doa ID ::= dsaOperationalAttribute
-id-kmr ID ::= knowledgeMatchingRule
-id-soc ID ::= schemaObjectClass
-id-soa ID ::= schemaOperationalAttribute
-id-ar ID ::= administrativeRoles
-id-aca ID ::= accessControlAttribute
-id-ac ID ::= applicationContext
-id-rosObject ID ::= rosObject
-id-contract ID ::= contract
-id-package ID ::= package
-id-acScheme ID ::= accessControlSchemes
-id-ce ID ::= certificateExtension
-id-mgt ID ::= managementObject
-id-idm ID ::= idmProtocol
-id-avc ID ::= attributeValueContext
-id-pr ID ::= problem
-id-not ID ::= notification
-id-mre ID ::= matchingRestriction
-id-cat ID ::= controlAttributeType
-
-END -- UsefulDefinitions
-
diff --git a/priv/kep/clean.sh b/priv/kep/clean.sh
deleted file mode 100755
index 3db9a41..0000000
--- a/priv/kep/clean.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-rm *.asn1db *.beam *.erl *.hrl
\ No newline at end of file