On Mar 21, 2007, at 9:59 AM, Ron Teitelbaum wrote:
Rob,
I think what we have is a
3.2 Constructed, definite-length method This method applies to simple string types, structured types, types derived simple string types and structured types by implicit tagging, and types derived from anything by explicit tagging. It requires that the length of the value be known in advance. The parts of the BER encoding are as follows: Identifier octets. As described in Section 3.1, except that bit 6 has value "1," indicating that the encoding is constructed.
It turns out to be Implicit, which means you don't have the value encoded with explicit tags. The definition specifies the type, in this case a Sequence.
The value 160 (1 in bit 6) should be considered a Constructed, Definite-length field. I’m still researching it but it would seem to me that this is how you define a user object within a value. Instead of having a primitive data type within an explicit context value you have a constructed data type (in our world an object with ivars).
It is constructed because it is not a simple "primitive" type.
I’m still reading but I think that we may be able to replace 160 with ASN1ExplicitContextValueConstructed that has a definite length and holds the values in a sequence. Do you have the actual ANS.1 definition for this extension? I’d be interested if it says that it’s explicit constructed.
It's Implicit constructed. Here is the definition:
-- subject alternative name extension OID and syntax
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
AnotherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE { nameAssigner [0] DirectoryString OPTIONAL, partyName [1] DirectoryString }
and my bytes specify:
Sequence { dNSName [2] IA5String, otherName [0] AnotherName}
where AnotherName is an Implicit sequence.
Rob