[英]Subtype constraint for the OBJECT IDENTIFIER type: How to constrain an OID to some arc?
I am writing a specification in ASN.1.我正在 ASN.1 中编写规范。 What is the formally correct syntax to restrict the range of values of an attribute with type
OBJECT IDENTIFIER
to a particular OID arc?将类型为
OBJECT IDENTIFIER
的属性的值范围限制为特定 OID 弧的形式上正确的语法是什么? Eg I would like to achieve something like例如,我想实现类似的目标
foo OBJECT IDENTIFIER ( BELOW SUBTREE { 2 1 1 } )
The keyword BELOW SUBTREE
has been made up by me for the sake of an example to make clear what I am looking for.关键字
BELOW SUBTREE
是我BELOW SUBTREE
,只是为了举例说明我在找什么。
Elaborated example详细示例
Seemingly, my question above is not sufficiently clear as some answers suggest solutions that do not address the problem.表面上,我上面的问题不够清楚,因为有些答案提出了没有解决问题的解决方案。 I'll elaborate a little bit more on what I am doing and what I want to achieve.
我将详细说明我正在做什么以及我想要实现什么。 I am writing a X.509 certificate policy and must specify a X.509 profile in chapter 7. This means I have to substantiate some choices or degree of freedom which exist in the general syntax for the scope of my application.
我正在编写 X.509 证书策略,并且必须在第 7 章中指定 X.509 配置文件。这意味着我必须证实存在于我的应用程序范围的通用语法中的一些选择或自由度。 Especially, I cannot nor must not change any attribute types because this would make the result incompatible to a X.509 certificate, ie I can only specialize some types as long as the specialization remains compatible to the generalization.
特别是,我不能也不能更改任何属性类型,因为这会使结果与 X.509 证书不兼容,即,只要专业化与泛化保持兼容,我只能专业化某些类型。
Object identifiers are used all over the place in X.509.对象标识符在 X.509 中无处不在。
As a tangible example, let's take the attribute policyIdentifier
whose type is an alias of OBJECT IDENTIFIER
within the object of type PolicyInformation
within the certificate extention CertificatePolicies
.为有形例如,让我们采取属性
policyIdentifier
其类型为一个的别名OBJECT IDENTIFIER
类型的对象内PolicyInformation
证书extention内CertificatePolicies
。
CertificatePolicies ::= SEQUENCE SIZE (1) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
policyIdentifier CertPolicyId,
}
CertPolicyId ::= OBJECT IDENTIFIER
(I have already shortened down the ASN.1 syntax to the needs of my application.) (我已经根据我的应用程序的需要缩短了 ASN.1 语法。)
Let's assume I have defined the following constants假设我已经定义了以下常量
id-cp-my-policies OBJECT IDENTIFIER -- some OID arc in the private enterprise arc under my control
id-cp-my-policy-v10 OBJECT IDENTIFIER ::= { id-cp-my-policies 1 0 }
id-cp-my-policy-v11 OBJECT IDENTIFIER ::= { id-cp-my-policies 1 1 }
id-cp-my-policy-v12 OBJECT IDENTIFIER ::= { id-cp-my-policies 1 2 }
id-cp-my-policy-v20 OBJECT IDENTIFIER ::= { id-cp-my-policies 2 0 }
id-cp-my-policy-v30 OBJECT IDENTIFIER ::= { id-cp-my-policies 3 0 }
id-cp-my-policy-v31 OBJECT IDENTIFIER ::= { id-cp-my-policies 3 1 }
I want to express that CertPolicyId
is a specialization of OBJECT IDENTIFIER
which can only take values from the list above.我想表示
CertPolicyId
是OBJECT IDENTIFIER
,它只能从上面的列表中获取值。 Of course, I could explicitly enumerate all policy IDs by the "OR"-sytax, ie I could write当然,我可以通过“OR”-sytax显式枚举所有策略ID,即我可以写
CertPolicyId ::= OBJECT IDENTIFIER ( id-cp-my-policy-v10 | id-cp-my-policy-v11 | id-cp-my-policy-v12 | id-cp-my-policy-v20 | id-cp-my-policy-v30 | id-cp-my-policy-v31 )
However, this does not seem very future-proof.然而,这似乎不太能适应未来。 Instead, I would like to write something like
相反,我想写一些类似的东西
CertPolicyId ::= OBJECT IDENTIFIER ( BELOW SUBTREE id-cp-my-policies )
I hope this example helps to understand what I want to do.我希望这个例子有助于理解我想要做什么。
没有正式的方法可以将 OBJECT IDENTIFIER 类型限制在某个范围内。
You can use the RELATIVE-OID type您可以使用 RELATIVE-OID 类型
You can either make the root oid implicit (let's say foo is a component of a SEQUENCE)您可以使根 oid 隐式(假设 foo 是 SEQUENCE 的一个组件)
{
foo RELATIVE-OID -- relative to root { 2 1 1 }
}
or explicit或明确的
{
foo SEQUENCE {
root OBJECT IDENTIFIER DEFAULT { 2 1 1 },
object-id RELATIVE-OID -- relative to root
}
}
You can use this approach:您可以使用这种方法:
foo OBJECT IDENTIFIER ::= { 1 2 3 }
foo-bar OBJECT IDENTIFIER ::= { foo 4 }
thus, foo-bar
will result in 1.2.3.4
OID value in dotted notation.因此,
foo-bar
将导致1.2.3.4
OID 值以点号表示。 Is this what you are looking for?这是你想要的?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.