OID value: 2.23.42.6.4
OID description:
SetCertificateExtensions
{ joint-iso-itu-t(2) internationalRA(23) set(42) module(6) 4 }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
--
-- Defines X.509 Version 3 certificate extensions.
--
-- EXPORTS All;
IMPORTS
Name, SETString {}, SupportedAlgorithms
FROM SetAttribute
CertificateSerialNumber, SubjectPublicKeyInfo
FROM SetCertificate
BIN, CountryCode, Language, MerchantID, URL
FROM SetMessage
DD {}, DetachedDigest
FROM SetPKCS7Plus;
-- X.509v3 Certificate Extensions
EXTENSION ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&critical BOOLEAN DEFAULT FALSE,
&ExtenType
}
WITH SYNTAX {
SYNTAX &ExtenType
[ CRITICAL &critical ]
IDENTIFIED BY &id
}
Extensions ::= SEQUENCE OF Extension
ExtensionSet EXTENSION ::= { -- Information Object Set
--
-- Standard X.509v3 extensions
--
authorityKeyIdentifier | -- not critical
keyUsage | -- critical
privateKeyUsagePeriod | -- not critical
certificatePolicies | -- critical
subjectAltName | -- not critical
issuerAltName | -- not critical
basicConstraints | -- critical
cRLNumber | -- not critical
--
-- SET Private extensions
--
hashedRootKey | -- critical
certificateType | -- critical
merchantData | -- not critical
cardCertRequired | -- not critical
tunneling | -- not critical
setExtensions, -- not critical
...
}
Extension ::= SEQUENCE {
extnID EXTENSION.&id({ExtensionSet}),
critical EXTENSION.&critical({ExtensionSet}{@extnID}) DEFAULT FALSE,
extnValue OCTET STRING -- DER representation of &ExtenType extension
-- object for the object identified by extnID
}
-- Key and policy information extensions --
authorityKeyIdentifier EXTENSION ::= {
SYNTAX AuthorityKeyIdentifier
IDENTIFIED BY id-ce-authorityKeyIdentifier
}
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
} ( WITH COMPONENTS { keyIdentifier ABSENT,
authorityCertIssuer PRESENT, authorityCertSerialNumber PRESENT } )
KeyIdentifier ::= OCTET STRING
keyUsage EXTENSION ::= {
SYNTAX KeyUsage
CRITICAL TRUE
IDENTIFIED BY id-ce-keyUsage
}
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5), -- For use in CA-certificates only
cRLSign (6) -- For use in CA-certificates only
}
privateKeyUsagePeriod EXTENSION ::= {
SYNTAX PrivateKeyUsagePeriod
IDENTIFIED BY id-ce-privateKeyUsagePeriod
}
PrivateKeyUsagePeriod ::= SEQUENCE {
notBefore [0] GeneralizedTime OPTIONAL,
notAfter [1] GeneralizedTime OPTIONAL
} ( WITH COMPONENTS { ..., notBefore PRESENT } |
WITH COMPONENTS { ..., notAfter PRESENT } )
certificatePolicies EXTENSION ::= {
SYNTAX CertificatePoliciesSyntax
CRITICAL TRUE
IDENTIFIED BY id-ce-certificatePolicies
}
CertificatePoliciesSyntax ::= SEQUENCE SIZE(1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
policyQualifiers SEQUENCE SIZE(1..MAX) OF
PolicyQualifierInfo OPTIONAL
}
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
policyQualifierId CERT-POLICY-QUALIFIER.&id
({SupportedPolicyQualifiers}),
qualifier CERT-POLICY-QUALIFIER.&Qualifier
({SupportedPolicyQualifiers}{@policyQualifierId})
OPTIONAL
}
SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= {
setPolicyQualifier,
...
}
CERT-POLICY-QUALIFIER ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Qualifier OPTIONAL
}
WITH SYNTAX {
POLICY-QUALIFIER-ID &id
[ QUALIFIER-TYPE &Qualifier ]
}
setPolicyQualifier CERT-POLICY-QUALIFIER ::= {
POLICY-QUALIFIER-ID id-set-setQualifier
QUALIFIER-TYPE SetPolicyQualifier
}
SetPolicyQualifier ::= SEQUENCE {
rootQualifier SETQualifier,
additionalPolicies AdditionalPolicies OPTIONAL
}
AdditionalPolicies ::= SEQUENCE SIZE(1..3) OF AdditionalPolicy
AdditionalPolicy ::= SEQUENCE {
policyOID CertPolicyId OPTIONAL,
policyQualifier SETQualifier OPTIONAL,
policyAddedBy CertificateTypeSyntax
}
SETQualifier ::= SEQUENCE {
policyDigest DetachedDigest OPTIONAL,
terseStatement SETString {ub-terseStatement} OPTIONAL,
policyURL [0] URL OPTIONAL,
policyEmail [1] URL OPTIONAL
}
-- Certificate subject and certificate issuer attributes extensions --
subjectAltName EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-subjectAltName
}
GeneralNames ::= SEQUENCE SIZE(1..MAX) OF GeneralName
GeneralName ::= CHOICE {
directoryName [4] EXPLICIT Name,
uniformResourceIdentifier [6] IA5String,
registeredID [8] OBJECT IDENTIFIER
-- Other choices defined in X.509 not used by SET
}
issuerAltName EXTENSION ::= {
SYNTAX GeneralNames
IDENTIFIED BY id-ce-issuerAltName
}
-- Certification path constraints extensions --
basicConstraints EXTENSION ::= {
SYNTAX BasicConstraintsSyntax
CRITICAL TRUE
IDENTIFIED BY id-ce-basicConstraints
}
BasicConstraintsSyntax ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
pathLenConstraint INTEGER (0..MAX) OPTIONAL
}
-- Basic CRL extensions --
cRLNumber EXTENSION ::= { -- For use in CRLs only
SYNTAX CRLNumber
IDENTIFIED BY id-ce-cRLNumber
}
CRLNumber ::= INTEGER (0..MAX)
-- Set protocol private extensions --
hashedRootKey EXTENSION ::= { -- Only in root certificates
SYNTAX HashedRootKeySyntax
CRITICAL TRUE
IDENTIFIED BY id-set-hashedRootKey
}
HashedRootKeySyntax ::= RootKeyThumb
RootKeyThumb ::= SEQUENCE {
rootKeyThumbprint DD { SubjectPublicKeyInfo{{SupportedAlgorithms}} }
}
certificateType EXTENSION ::= {
SYNTAX CertificateTypeSyntax
CRITICAL TRUE
IDENTIFIED BY id-set-certificateType
}
CertificateTypeSyntax ::= BIT STRING {
card (0),
mer (1),
pgwy (2),
cca (3),
mca (4),
pca (5),
gca (6),
bca (7),
rca (8),
acq (9)
}
merchantData EXTENSION ::= {
SYNTAX MerchantDataSyntax
IDENTIFIED BY id-set-merchantData
}
MerchantDataSyntax ::= SEQUENCE {
merID MerchantID,
merAcquirerBIN BIN,
merNameSeq MerNameSeq,
merCountry CountryCode,
merAuthFlag BOOLEAN DEFAULT TRUE
}
MerNameSeq ::= SEQUENCE SIZE(1..32) OF MerNames
MerNames::= SEQUENCE {
language [0] Language OPTIONAL,
name [1] EXPLICIT SETString { ub-merName },
city [2] EXPLICIT SETString { ub-cityName },
stateProvince [3] EXPLICIT SETString { ub-stateProvince } OPTIONAL,
postalCode [4] EXPLICIT SETString { ub-postalCode } OPTIONAL,
countryName [5] EXPLICIT SETString { ub-countryName }
}
cardCertRequired EXTENSION ::= {
SYNTAX BOOLEAN
IDENTIFIED BY id-set-cardCertRequired
}
tunneling EXTENSION ::= {
SYNTAX TunnelingSyntax
IDENTIFIED BY id-set-tunneling
}
TunnelingSyntax ::= SEQUENCE {
tunneling BOOLEAN DEFAULT TRUE,
tunnelAlgIDs TunnelAlg
}
TunnelAlg ::= SEQUENCE OF OBJECT IDENTIFIER
setExtensions EXTENSION ::= {
SYNTAX SETExtensionsSyntax
IDENTIFIED BY id-set-setExtensions
}
SETExtensionsSyntax ::= SEQUENCE OF OBJECT IDENTIFIER
-- Upper bounds of SETString{} types
ub-countryName INTEGER ::= 50
ub-cityName INTEGER ::= 50
ub-merName INTEGER ::= 25
ub-postalCode INTEGER ::= 14
ub-stateProvince INTEGER ::= 50
ub-terseStatement INTEGER ::= 2048
-- Object identifiers
id-ce OBJECT IDENTIFIER ::= { 2 5 29 }
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
id-set OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) internationalRA(23) set(42) }
-- Object identifiers assigned under id-set arc
OID ::= OBJECT IDENTIFIER
id-set-contentType OID ::= { id-set 0 }
id-set-msgExt OID ::= { id-set 1 }
id-set-field OID ::= { id-set 2 }
id-set-attribute OID ::= { id-set 3 }
id-set-algorithm OID ::= { id-set 4 }
id-set-policy OID ::= { id-set 5 }
id-set-module OID ::= { id-set 6 }
id-set-certExt OID ::= { id-set 7 }
id-set-brand OID ::= { id-set 8 }
id-set-vendor OID ::= { id-set 9 }
id-set-national OID ::= { id-set 10 }
-- Content type
id-set-content-PANData OID ::= { id-set-contentType 0 }
id-set-content-PANToken OID ::= { id-set-contentType 1 }
id-set-content-PANOnly OID ::= { id-set-contentType 2 }
id-set-content-OIData OID ::= { id-set-contentType 3 }
id-set-content-PI OID ::= { id-set-contentType 4 }
id-set-content-PIData OID ::= { id-set-contentType 5 }
id-set-content-PIDataUnsigned OID ::= { id-set-contentType 6 }
id-set-content-HODInput OID ::= { id-set-contentType 7 }
id-set-content-AuthResBaggage OID ::= { id-set-contentType 8 }
id-set-content-AuthRevReqBaggage OID ::= { id-set-contentType 9 }
id-set-content-AuthRevResBaggage OID ::= { id-set-contentType 10 }
id-set-content-CapTokenSeq OID ::= { id-set-contentType 11 }
id-set-content-PInitResData OID ::= { id-set-contentType 12 }
id-set-content-PI-TBS OID ::= { id-set-contentType 13 }
id-set-content-PResData OID ::= { id-set-contentType 14 }
id-set-content-InqReqData OID ::= { id-set-contentType 15 }
id-set-content-AuthReqTBS OID ::= { id-set-contentType 16 }
id-set-content-AuthResTBS OID ::= { id-set-contentType 17 }
id-set-content-AuthResTBSX OID ::= { id-set-contentType 18 }
id-set-content-AuthTokenTBS OID ::= { id-set-contentType 19 }
id-set-content-CapTokenData OID ::= { id-set-contentType 20 }
id-set-content-CapTokenTBS OID ::= { id-set-contentType 21 }
id-set-content-AcqCardCodeMsg OID ::= { id-set-contentType 22 }
id-set-content-AuthRevReqTBS OID ::= { id-set-contentType 23 }
id-set-content-AuthRevResData OID ::= { id-set-contentType 24 }
id-set-content-AuthRevResTBS OID ::= { id-set-contentType 25 }
id-set-content-CapReqTBS OID ::= { id-set-contentType 26 }
id-set-content-CapReqTBSX OID ::= { id-set-contentType 27 }
id-set-content-CapResData OID ::= { id-set-contentType 28 }
id-set-content-CapRevReqTBS OID ::= { id-set-contentType 29 }
id-set-content-CapRevReqTBSX OID ::= { id-set-contentType 30 }
id-set-content-CapRevResData OID ::= { id-set-contentType 31 }
id-set-content-CredReqTBS OID ::= { id-set-contentType 32 }
id-set-content-CredReqTBSX OID ::= { id-set-contentType 33 }
id-set-content-CredResData OID ::= { id-set-contentType 34 }
id-set-content-CredRevReqTBS OID ::= { id-set-contentType 35 }
id-set-content-CredRevReqTBSX OID ::= { id-set-contentType 36 }
id-set-content-CredRevResData OID ::= { id-set-contentType 37 }
id-set-content-PCertReqData OID ::= { id-set-contentType 38 }
id-set-content-PCertResTBS OID ::= { id-set-contentType 39 }
id-set-content-BatchAdminReqData OID ::= { id-set-contentType 40 }
id-set-content-BatchAdminResData OID ::= { id-set-contentType 41 }
id-set-content-CardCInitResTBS OID ::= { id-set-contentType 42 }
id-set-content-Me-AqCInitResTBS OID ::= { id-set-contentType 43 }
id-set-content-RegFormResTBS OID ::= { id-set-contentType 44 }
id-set-content-CertReqData OID ::= { id-set-contentType 45 }
id-set-content-CertReqTBS OID ::= { id-set-contentType 46 }
id-set-content-CertResData OID ::= { id-set-contentType 47 }
id-set-content-CertInqReqTBS OID ::= { id-set-contentType 48 }
id-set-content-ErrorTBS OID ::= { id-set-contentType 49 }
id-set-content-PIDualSignedTBE OID ::= { id-set-contentType 50 }
id-set-content-PIUnsignedTBE OID ::= { id-set-contentType 51 }
id-set-content-AuthReqTBE OID ::= { id-set-contentType 52 }
id-set-content-AuthResTBE OID ::= { id-set-contentType 53 }
id-set-content-AuthResTBEX OID ::= { id-set-contentType 54 }
id-set-content-AuthTokenTBE OID ::= { id-set-contentType 55 }
id-set-content-CapTokenTBE OID ::= { id-set-contentType 56 }
id-set-content-CapTokenTBEX OID ::= { id-set-contentType 57 }
id-set-content-AcqCardCodeMsgTBE OID ::= { id-set-contentType 58 }
id-set-content-AuthRevReqTBE OID ::= { id-set-contentType 59 }
id-set-content-AuthRevResTBE OID ::= { id-set-contentType 60 }
id-set-content-AuthRevResTBEB OID ::= { id-set-contentType 61 }
id-set-content-CapReqTBE OID ::= { id-set-contentType 62 }
id-set-content-CapReqTBEX OID ::= { id-set-contentType 63 }
id-set-content-CapResTBE OID ::= { id-set-contentType 64 }
id-set-content-CapRevReqTBE OID ::= { id-set-contentType 65 }
id-set-content-CapRevReqTBEX OID ::= { id-set-contentType 66 }
id-set-content-CapRevResTBE OID ::= { id-set-contentType 67 }
id-set-content-CredReqTBE OID ::= { id-set-contentType 68 }
id-set-content-CredReqTBEX OID ::= { id-set-contentType 69 }
id-set-content-CredResTBE OID ::= { id-set-contentType 70 }
id-set-content-CredRevReqTBE OID ::= { id-set-contentType 71 }
id-set-content-CredRevReqTBEX OID ::= { id-set-contentType 72 }
id-set-content-CredRevResTBE OID ::= { id-set-contentType 73 }
id-set-content-BatchAdminReqTBE OID ::= { id-set-contentType 74 }
id-set-content-BatchAdminResTBE OID ::= { id-set-contentType 75 }
id-set-content-RegFormReqTBE OID ::= { id-set-contentType 76 }
id-set-content-CertReqTBE OID ::= { id-set-contentType 77 }
id-set-content-CertReqTBEX OID ::= { id-set-contentType 78 }
id-set-content-CertResTBE OID ::= { id-set-contentType 79 }
id-set-content-CRLNotificationTBS OID ::= { id-set-contentType 80 }
id-set-content-CRLNotificationResTBS OID ::= { id-set-contentType 81 }
id-set-content-BCIDistributionTBS OID ::= { id-set-contentType 82 }
-- Message extensions
-- None currently defined
-- Fields
id-set-fullName OID ::= { id-set-field 0 }
id-set-givenName OID ::= { id-set-field 1 }
id-set-familyName OID ::= { id-set-field 2 }
id-set-birthFamilyName OID ::= { id-set-field 3 }
id-set-placeName OID ::= { id-set-field 4 }
id-set-identificationNumber OID ::= { id-set-field 5 }
id-set-month OID ::= { id-set-field 6 }
id-set-date OID ::= { id-set-field 7 }
id-set-address OID ::= { id-set-field 8 }
id-set-telephone OID ::= { id-set-field 9 }
id-set-amount OID ::= { id-set-field 10 }
id-set-accountNumber OID ::= { id-set-field 11 }
id-set-passPhrase OID ::= { id-set-field 12 }
-- Attributes
id-set-attribute-cert OID ::= { id-set-attribute 0 }
id-set-rootKeyThumb OID ::= { id-set-attribute-cert 0 }
id-set-additionalPolicy OID ::= { id-set-attribute-cert 1 }
-- Algorithms
-- None currently defined
-- Policy
id-set-policy-root OID ::= { id-set-policy 0 }
-- SET private certificate extensions
id-set-hashedRootKey OID ::= { id-set-certExt 0 }
id-set-certificateType OID ::= { id-set-certExt 1 }
id-set-merchantData OID ::= { id-set-certExt 2 }
id-set-cardCertRequired OID ::= { id-set-certExt 3 }
id-set-tunneling OID ::= { id-set-certExt 4 }
id-set-setExtensions OID ::= { id-set-certExt 5 }
id-set-setQualifier OID ::= { id-set-certExt 6 }
-- Brands
id-set-IATA-ATA OID ::= { id-set-brand 1 }
-- contact: rfcrum@air-travel-card.com
id-set-Diners OID ::= { id-set-brand 30 }
-- contact: william.burnett@citicorp.com
id-set-AmericanExpress OID ::= { id-set-brand 34 }
-- contact: david.armes@aexp.com
id-set-JCB OID ::= { id-set-brand 35 }
-- contact: ohashi@cp.jcb.co.jp
id-set-Visa OID ::= { id-set-brand 4 }
-- contact: tlewis@visa.com
id-set-MasterCard OID ::= { id-set-brand 5 }
-- contact: paul_hollis@mastercard.com
id-set-Novus OID ::= { id-set-brand 6011 }
-- contact: gallman@novusnet.com
-- Vendors
id-set-GlobeSet OID ::= { id-set-vendor 0 }
-- contact: terence@globeset.com
id-set-IBM OID ::= { id-set-vendor 1 }
-- contact: mepeters@raleigh.ibm.com
id-set-Cybercash OID ::= { id-set-vendor 2 }
-- contact: dee@cybercash.com
id-set-Terisa OID ::= { id-set-vendor 3 }
-- contact: briank@terisa.com
id-set-RSADSI OID ::= { id-set-vendor 4 }
-- contact: baldwin@rsa.com
id-set-VeriFone OID ::= { id-set-vendor 5 }
-- contact: trong@vfi.com
id-set-Trintech OID ::= { id-set-vendor 6 }
-- contact: doneill@trintech.com
id-set-BankGate OID ::= { id-set-vendor 7 }
-- contact: johnv@bankgate.com
id-set-GTE OID ::= { id-set-vendor 8 }
-- contact: jeanne.gorman@gsc.gte.com
id-set-CompuSource OID ::= { id-set-vendor 9 }
-- contact: simonr@compusource.co.za
id-set-Griffin OID ::= { id-set-vendor 10 }
-- contact: asn1@mindspring.com
id-set-Certicom OID ::= { id-set-vendor 11 }
-- contact: sshannon@certicom.ca
id-set-OSS OID ::= { id-set-vendor 12 }
-- contact: baos@oss.com
id-set-TenthMountain OID ::= { id-set-vendor 13 }
-- contact: dapkus@tenthmountain.com
id-set-Antares OID ::= { id-set-vendor 14 }
-- contact: bzcd0@toraag.com
id-set-ECC OID ::= { id-set-vendor 15 }
-- contact: beattie@ecconsultants.com
id-set-Maithean OID ::= { id-set-vendor 16 }
-- contact: sullivan@maithean.com
id-set-Netscape OID ::= { id-set-vendor 17 }
-- contact: rich@netscape.com
id-set-VeriSign OID ::= { id-set-vendor 18 }
-- contact: simpson@verisign.com
id-set-BlueMoney OID ::= { id-set-vendor 19 }
-- contact: jeremy@bluemoney.com
id-set-Lacerte OID ::= { id-set-vendor 20 }
-- contact: lacerte@lacerte.com
id-set-Fujitsu OID ::= { id-set-vendor 21 }
-- contact: sfuruta@inet.mmp.fujitsu.co.jp
id-set-eLab OID ::= { id-set-vendor 22 }
-- contact: rah@shipwright.com
id-set-Entrust OID ::= { id-set-vendor 23 }
-- contact: mortimer@entrust.com
id-set-VIAnet OID ::= { id-set-vendor 24 }
-- contact: via.net@mail.eunet.pt
id-set-III OID ::= { id-set-vendor 25 }
-- contact: wu@iii.org.tw
id-set-OpenMarket OID ::= { id-set-vendor 26 }
-- contact: treese@OpenMarket.com
id-set-Lexem OID ::= { id-set-vendor 27 }
-- contact: lje@lexem.fr
id-set-Intertrader OID ::= { id-set-vendor 28 }
-- contact: rachel@intertrader.com
id-set-Persimmon OID ::= { id-set-vendor 29 }
-- contact: carol.smith@persimmon.com
id-set-NABLE OID ::= { id-set-vendor 30 }
-- contact: tony@nabletech.com
id-set-espace-net OID ::= { id-set-vendor 31 }
-- contact: fm@well.com
id-set-Hitachi OID ::= { id-set-vendor 32 }
-- contact: horimai@iabs.hitachi.co.jp
id-set-Microsoft OID ::= { id-set-vendor 33 }
-- contact: rickj@microsoft.com
id-set-NEC OID ::= { id-set-vendor 34 }
-- contact: nakata@mms.mt.nec.co.jp
id-set-Mitsubishi OID ::= { id-set-vendor 35 }
-- contact: yoshitake@iss.isl.melco.co.jp
id-set-NCR OID ::= { id-set-vendor 36 }
-- contact: Julian.Inza@spain.ncr.com
id-set-e-COMM OID ::= { id-set-vendor 37 }
-- contact: 101643.426@compuserve.com
id-set-Gemplus OID ::= { id-set-vendor 38 }
-- contact: florent.neu@ccmail.edt.fr
-- National markets: The value following id-set-national corresponds
-- to ISO-3166 numeric codes
id-set-Japan OID ::= { id-set-national 392 }
END