Redigera

Dela via


Constructed Types

A constructed Abstract Syntax Notation One (ASN.1) type is made up from basic types, string types, or other constructed types. For example, an X.509 certificate extension is composed from three basic ASN.1 types as shown by the following example.

Extension ::= SEQUENCE 
{
   extnId              OBJECT IDENTIFIER,
   critical            BOOLEAN DEFAULT FALSE,
   extnValue           OCTET STRING
}

An extension consists of an object identifier (OID), a Boolean value that identifies whether the extension is critical, and a byte array that contains the value. The Certificate Enrollment API supports the following constructed ASN.1 types.

SEQUENCE and SEQUENCE OF

Encoding tag: 0x30

Contains an ordered series of fields of one or more types. Fields can be markedOPTIONAL or DEFAULT. Also, to avoid ambiguity when decoding, successive optional fields should differ from one another by use of a unique identifier (a bracketed integer such as [1]) and from a following required field as shown by the following example.

SomeValue ::= SEQUENCE 
{
   a     INTEGER,
   b     [0] INTEGER OPTIONAL,
   c     [1] INTEGER DEFAULT 1,
   d     INTEGER
}

The difference between SEQUENCE and SEQUENCE OF is that the elements of a SEQUENCE OF construct must be of the same type. See the following example. Both constructs have the same tag value (0x30) when encoded.

PolicyQualifiers ::=  SEQUENCE OF PolicyQualifierInfo

PolicyQualifierInfo ::= SEQUENCE 
{
   policyQualifierId   OBJECT IDENTIFIER,
   qualifier           ANY OPTIONAL
}

Another way to look at the difference between SEQUENCE and SEQUENCE OF is to compare them to their counterparts in the C programming language. That is, SEQUENCE is roughly equivalent to a structure and SEQUENCE OF is roughly equivalent to an array.

SET and SET OF

Encoding tag: 0x31

Contains an unordered series of fields of one or more types. This differs from a SEQUENCE which contains an ordered list. Specifying an unordered list enables an application to provide the structure fields to the encoder in the most appropriate order. As with SEQUENCE, the fields of a SET construct can be marked with OPTIONAL or DEFAULT, and unique identifiers must be used to disambiguate the decoding process. The difference between SET and SET OF is that the elements of a SET OF construct must be of the same type.

Name ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::= SET OF AttributeTypeValue

AttributeTypeValue ::= SEQUENCE 
{
   type       OBJECT IDENTIFIER,
   value      ANY 
}

CHOICE

Encoding tag: not applicable

Defines a choice between alternatives. Each alternative must be uniquely identified by a bracketed integer to avoid ambiguity when decoding. When encoded, the CHOICE construct will have the encoding tag value of the chosen alternative.

AltNames ::= SEQUENCE OF GeneralName

GeneralNames ::= AltNames

GeneralName ::= CHOICE 
{
   otherName               [0] IMPLICIT OtherName,
   rfc822Name              [1] IMPLICIT IA5String,
   dNSName                 [2] IMPLICIT IA5String,
   x400Address             [3] IMPLICIT SeqOfAny,
   directoryName           [4] EXPLICIT Name,
   ediPartyName            [5] IMPLICIT SEQUENCE OF ANY,
   uniformResourceLocator  [6] IMPLICIT IA5String,
   iPAddress               [7] IMPLICIT OCTET STRING,
   registeredID            [8] IMPLICIT OBJECT IDENTIFIER
}

ASN.1 Type System

DER Encoding of ASN.1 Types

Distinguished Encoding Rules