OID value: 2.23.42.6.1
OID description:
SetCertMsgs
{ joint-iso-itu-t(2) internationalRA(23) set(42) module(6) 1}
DEFINITIONS IMPLICIT TAGS ::= BEGIN
--
-- Types used in the SET Certificate Management Protocol messages.
--
-- EXPORTS All;
IMPORTS
SETString {}, SignatureAlgorithms
FROM SetAttribute
SubjectPublicKeyInfo{}
FROM SetCertificate
BackKeyData, BIN, BrandCRLIdentifier, BrandID,
CertThumb,Challenge, Currency, Date, Language, LocalID, MerchantID,
Nonce, PAN, PANData0, RRPID, Thumbs, ub-acqBusinessID, URL
FROM SetMessage
CA, EE, Enc {}, EncK {}, EncX {}, EXH {}, KeyEncryptionAlgorithms, L {},
S {}, SO {}
FROM SetPKCS7Plus;
-- Certificate Management Payload Components
AcctInfo ::= CHOICE {
panData0 [0] EXPLICIT PANData0,
acctData [1] EXPLICIT AcctData
}
AcctData ::= SEQUENCE {
acctIdentification AcctIdentification,
exNonce Nonce
}
AcctIdentification ::= VisibleString (SIZE(ub-acctIdentification))
IDData ::= CHOICE { -- Merchants and Acquirers only
merchantAcquirerID [0] MerchantAcquirerID,
acquirerID [1] AcquirerID
}
MerchantAcquirerID ::= SEQUENCE {
merchantBIN BIN,
merchantID MerchantID -- By prior agreement of Merchant/Acquirer
}
AcquirerID ::= SEQUENCE {
acquirerBIN BIN,
acquirerBusinessID AcquirerBusinessID OPTIONAL
}
AcquirerBusinessID ::= NumericString (SIZE(1..ub-acqBusinessID))
RequestType ::= ENUMERATED { -- Indicates requestor and type of request
cardInitialSig (1),
-- cardInitialEnc (2), Reserved
-- cardInitialBoth (3), Reserved
merInitialSig (4),
merInitialEnc (5),
merInitialBoth (6),
pgwyInitialSig (7),
pgwyInitialEnc (8),
pgwyInitialBoth (9),
cardRenewalSig (10),
-- cardRenewalEnc (11), Reserved
-- cardRenewalBoth (12), Reserved
merRenewalSig (13),
merRenewalEnc (14),
merRenewalBoth (15),
pgwyRenewalSig (16),
pgwyRenewalEnc (17),
pgwyRenewalBoth (18)
}
RegFormOrReferral ::= CHOICE {
regFormData [0] RegFormData,
referralData [1] ReferralData
}
RegFormData ::= SEQUENCE {
regTemplate RegTemplate OPTIONAL,
policy PolicyText
}
RegTemplate ::= SEQUENCE {
regFormID INTEGER (0..MAX), -- CA assigned identifier
brandLogoURL [0] URL OPTIONAL,
cardLogoURL [1] URL OPTIONAL,
regFieldSeq RegFieldSeq OPTIONAL
}
RegFieldSeq ::= SEQUENCE SIZE(1..ub-FieldList) OF RegField
RegField ::= SEQUENCE {
fieldId [0] OBJECT IDENTIFIER OPTIONAL,
fieldName FieldName,
fieldDesc [1] EXPLICIT SETString { ub-FieldDesc } OPTIONAL,
fieldLen INTEGER (1..ub-FieldValue) DEFAULT ub-FieldValue,
fieldRequired [2] BOOLEAN DEFAULT FALSE,
fieldInvisible [3] BOOLEAN DEFAULT FALSE
}
ReferralData ::= SEQUENCE {
reason Reason OPTIONAL, -- Displayed on requestor's system
referralURLSeq ReferralURLSeq OPTIONAL
} ( WITH COMPONENTS { ..., reason PRESENT } |
WITH COMPONENTS { ..., referralURLSeq PRESENT } )
Reason ::= SETString { ub-Reason }
ReferralURLSeq ::= SEQUENCE OF ReferralURL -- Ordered by preference
ReferralURL ::= URL
PolicyText ::= SETString { ub-PolicyText }
-- Certificate Initialization Pair - Cardholder
CardCInitReq ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE Challenge,
brandID BrandID,
thumbs [0] EXPLICIT Thumbs OPTIONAL
}
CardCInitRes ::= S { CA, CardCInitResTBS }
CardCInitResTBS ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE Challenge,
lid-CA LocalID OPTIONAL,
caeThumb [0] EXPLICIT CertThumb,
brandCRLIdentifier [1] EXPLICIT BrandCRLIdentifier OPTIONAL,
thumbs [2] EXPLICIT Thumbs OPTIONAL
}
-- Certificate Initialization Pair - Merchant or Payment Gateway
Me-AqCInitReq ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE Challenge,
requestType RequestType,
idData IDData,
brandID BrandID,
language Language,
thumbs [0] EXPLICIT Thumbs OPTIONAL
}
Me-AqCInitRes ::= S { CA, Me-AqCInitResTBS }
Me-AqCInitResTBS ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE Challenge,
lid-CA [0] LocalID OPTIONAL,
chall-CA Challenge,
requestType RequestType,
regFormOrReferral RegFormOrReferral,
acctDataField [1] RegField OPTIONAL,
caeThumb [2] EXPLICIT CertThumb,
brandCRLIdentifier [3] EXPLICIT BrandCRLIdentifier OPTIONAL,
thumbs [4] EXPLICIT Thumbs OPTIONAL
}
-- Registration Form Pair - Cardholder Only
RegFormReq ::= EXH { CA, RegFormReqData, PANOnly }
-- Intermediate results of EXH
RegFormReqTBE ::= L { RegFormReqData, PANOnly }
RegFormReqData ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE2 Challenge,
lid-CA [0] LocalID OPTIONAL,
requestType RequestType,
language Language,
thumbs [1] EXPLICIT Thumbs OPTIONAL
}
PANOnly ::= SEQUENCE {
pan PAN,
exNonce Nonce
}
RegFormRes ::= S { CA, RegFormResTBS }
RegFormResTBS ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE2 Challenge,
lid-CA [0] LocalID OPTIONAL,
chall-CA Challenge,
caeThumb [1] EXPLICIT CertThumb OPTIONAL,
requestType RequestType,
formOrReferal RegFormOrReferral,
brandCRLIdentifier [2] EXPLICIT BrandCRLIdentifier OPTIONAL,
thumbs [3] EXPLICIT Thumbs OPTIONAL
}
-- Certificate Request Pair
CertReq ::= CHOICE {
encx [0] EXPLICIT EncX { EE, CA, CertReqData, AcctInfo },
enc [1] EXPLICIT Enc { EE, CA, CertReqData }
}
-- Intermediate results of Enc and EncX
CertReqTBE ::= S { EE, CertReqData }
CertReqTBEX ::= SEQUENCE {
certReqData CertReqData,
s SO { EE, CertReqTBS }
}
CertReqTBS ::= SEQUENCE {
certReqData CertReqData,
acctInfo AcctInfo
}
CertReqData ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE3 Challenge,
lid-CA [0] LocalID OPTIONAL,
chall-CA [1] Challenge OPTIONAL,
requestType RequestType,
requestDate Date,
idData [2] EXPLICIT IDData OPTIONAL,
regFormID INTEGER (0..MAX), -- CA assigned identifier
regForm [3] RegForm OPTIONAL,
caBackKeyData [4] EXPLICIT BackKeyData OPTIONAL,
publicKeySorE PublicKeySorE,
eeThumb [5] EXPLICIT CertThumb OPTIONAL,
thumbs [6] EXPLICIT Thumbs OPTIONAL
}
RegForm ::= SEQUENCE SIZE(1..ub-FieldList) OF RegFormItems
RegFormItems ::= SEQUENCE {
fieldName FieldName,
fieldValue FieldValue
}
FieldName ::= SETString { ub-FieldName }
FieldValue ::= CHOICE {
setString SETString { ub-FieldValue },
octetString OCTET STRING (SIZE(1..ub-FieldValue))
}
PublicKeySorE ::= SEQUENCE {
publicKeyS [0] EXPLICIT SubjectPublicKeyInfo{{SignatureAlgorithms}}
OPTIONAL,
publicKeyE [1] EXPLICIT SubjectPublicKeyInfo{{KeyEncryptionAlgorithms}}
OPTIONAL
} --
-- At least one component shall be present. A user may request a
-- signature certificate, an encryption certificate, or both.
--
( WITH COMPONENTS { ..., publicKeyS PRESENT } |
WITH COMPONENTS { ..., publicKeyE PRESENT } )
CertRes ::= CHOICE {
certResTBS [0] EXPLICIT S { CA, CertResData },
certResTBSK [1] EXPLICIT EncK { CAKey, CA, CertResData }
}
-- Intermediate results of EncK
CertResTBE ::= S { CA, CertResData }
CertResData ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE3 Challenge,
lid-CA LocalID,
certStatus CertStatus,
certThumbs [0] EXPLICIT Thumbs OPTIONAL,
brandCRLIdentifier [1] EXPLICIT BrandCRLIdentifier OPTIONAL,
thumbs [2] EXPLICIT Thumbs OPTIONAL
}
CertStatus ::= SEQUENCE {
certStatusCode CertStatusCode,
nonceCCA [0] Nonce OPTIONAL,
eeMessage SETString { ub-eeMessage } OPTIONAL,
caMsg [1] CAMsg OPTIONAL,
failedItemSeq [2] FailedItemSeq OPTIONAL
}
FailedItemSeq ::= SEQUENCE SIZE(1..ub-FieldList) OF FailedItem
FailedItem ::= SEQUENCE {
itemNumber INTEGER (1..50),
itemReason SETString { ub-Reason }
}
CertStatusCode ::= ENUMERATED { -- In-process status of CertReq
requestComplete (1),
invalidLanguage (2),
invalidBIN (3),
sigValidationFail (4),
decryptionError (5),
requestInProgress (6),
rejectedByIssuer (7),
requestPended (8),
rejectedByAquirer (9),
regFormAnswerMalformed (10),
rejectedByCA (11),
unableToEncryptResponse (12)
}
CAMsg ::= SEQUENCE {
cardLogoURL [0] URL OPTIONAL,
brandLogoURL [1] URL OPTIONAL,
cardCurrency [2] Currency OPTIONAL,
cardholderMsg [3] EXPLICIT
SETString { ub-cardholderMsg } OPTIONAL
}
CAKey ::= BackKeyData
-- Certificate Inquiry Pair
CertInqReq ::= S { EE, CertInqReqTBS }
CertInqReqTBS ::= SEQUENCE {
rrpid RRPID,
lid-EE LocalID,
chall-EE3 Challenge,
lid-CA LocalID
}
CertInqRes ::= CertRes
-- Upper bounds of SETString{} types
ub-acctIdentification INTEGER ::= 74
ub-cardholderMsg INTEGER ::= 128
ub-eeMessage INTEGER ::= 128
ub-FieldDesc INTEGER ::= 200
ub-FieldList INTEGER ::= 50
ub-FieldName INTEGER ::= 128
ub-FieldValue INTEGER ::= 128
ub-PolicyText INTEGER ::= 20000
ub-Reason INTEGER ::= 512
END