Fingercomp/x509v3-certificate-structure.txt

## x509v3-certificate-structure.txt
Certificate = SEQUENCE {
  tbsCertificate = TBSCertificate = SEQUENCE {
    version = EXPLICIT (Version = INTEGER {v1(0), v2(0), v3(2)}) DEFAULT v1,
    serialNumber = CertificateSerialNumber = INTEGER,
    signature = AlgorithmIdentifier = SEQUENCE {
      algorithm = OBJECT IDENTIFIER,
      parameters = ANY DEFINED BY algorithm OPTIONAL
    },
    issuer = Name = CHOICE {
      -- only one possibility for now --
      rdnSequence = RDNSequence = SEQUENCE OF RelativeDistinguishedName = SET SIZE (1..MAX) OF AttributeTypeAndValue = SEQUENCE {
        type = AttributeType = OBJECT IDENTIFIER,
        value = AttributeValue = ANY -- DEFINED BY AttributeType
      }
    },
    validity = Validity = SEQUENCE {
      notBefore = Time = CHOICE {
        utcTime = UTCTime,
        generalTime = GeneralizedTime
      },
      notAfter = Time = CHOICE {
        utcTime = UTCTime,
        generalTime = GeneralizedTime
      }
    },
    subject = Name = CHOICE {
      -- only one possibility for now --
      rdnSequence = RDNSequence = SEQUENCE OF RelativeDistinguishedName = SET SIZE (1..MAX) OF AttributeTypeAndValue = SEQUENCE {
        type = AttributeType = OBJECT IDENTIFIER,
        value = AttributeValue = ANY -- DEFINED BY AttributeType
      }
    },
    subjectPublicKeyInfo = SubjectPublicKeyInfo = SEQUENCE {
      algorithm = AlgorithmIdentifier = SEQUENCE {
        algorithm = OBJECT IDENTIFIER,
        parameters = ANY DEFINED BY algorithm OPTIONAL
      },
      subjectPublicKey = BIT STRING
    },
    issuerUniqueID = IMPLICIT (UniqueIdentifier = BIT STRING) OPTIONAL,
                     -- If present, version MUST be v2 or v3
    subjectUniqueID = IMPLICIT (UniqueIdentifier = BIT STRING) OPTIONAL,
                      -- If present, version MUST be v2 or v3
    extensions = EXPLICIT (Extensions = SEQUENCE SIZE (1..MAX) OF Extension = SEQUENCE {
      extnID = OBJECT IDENTIFIER,
      critical = BOOLEAN DEFAULT FALSE,
      extnValue = OCTET STRING
                  -- contains the DER encoding of an ASN.1 value
                  -- corresponding to the extension type identified
                  -- by extnID
    }) OPTIONAL
      -- If present, version MUST be v3
  }
}
	Certificate = SEQUENCE {
	tbsCertificate = TBSCertificate = SEQUENCE {
	version = EXPLICIT (Version = INTEGER {v1(0), v2(0), v3(2)}) DEFAULT v1,
	serialNumber = CertificateSerialNumber = INTEGER,
	signature = AlgorithmIdentifier = SEQUENCE {
	algorithm = OBJECT IDENTIFIER,
	parameters = ANY DEFINED BY algorithm OPTIONAL
	},
	issuer = Name = CHOICE {
	-- only one possibility for now --
	rdnSequence = RDNSequence = SEQUENCE OF RelativeDistinguishedName = SET SIZE (1..MAX) OF AttributeTypeAndValue = SEQUENCE {
	type = AttributeType = OBJECT IDENTIFIER,
	value = AttributeValue = ANY -- DEFINED BY AttributeType
	}
	},
	validity = Validity = SEQUENCE {
	notBefore = Time = CHOICE {
	utcTime = UTCTime,
	generalTime = GeneralizedTime
	},
	notAfter = Time = CHOICE {
	utcTime = UTCTime,
	generalTime = GeneralizedTime
	}
	},
	subject = Name = CHOICE {
	-- only one possibility for now --
	rdnSequence = RDNSequence = SEQUENCE OF RelativeDistinguishedName = SET SIZE (1..MAX) OF AttributeTypeAndValue = SEQUENCE {
	type = AttributeType = OBJECT IDENTIFIER,
	value = AttributeValue = ANY -- DEFINED BY AttributeType
	}
	},
	subjectPublicKeyInfo = SubjectPublicKeyInfo = SEQUENCE {
	algorithm = AlgorithmIdentifier = SEQUENCE {
	algorithm = OBJECT IDENTIFIER,
	parameters = ANY DEFINED BY algorithm OPTIONAL
	},
	subjectPublicKey = BIT STRING
	},
	issuerUniqueID = IMPLICIT (UniqueIdentifier = BIT STRING) OPTIONAL,
	-- If present, version MUST be v2 or v3
	subjectUniqueID = IMPLICIT (UniqueIdentifier = BIT STRING) OPTIONAL,
	-- If present, version MUST be v2 or v3
	extensions = EXPLICIT (Extensions = SEQUENCE SIZE (1..MAX) OF Extension = SEQUENCE {
	extnID = OBJECT IDENTIFIER,
	critical = BOOLEAN DEFAULT FALSE,
	extnValue = OCTET STRING
	-- contains the DER encoding of an ASN.1 value
	-- corresponding to the extension type identified
	-- by extnID
	}) OPTIONAL
	-- If present, version MUST be v3
	}
	}