-- SPDX-License-Identifier: BSD-3-Clause
--
-- Copyright (C) 2008 IETF Trust and the persons identified as authors
-- of the code
--
-- https://www.rfc-editor.org/rfc/rfc5280#section-4

Certificate ::= SEQUENCE {
	tbsCertificate		TBSCertificate ({ lc_x509_note_tbs_certificate }),
	signatureAlgorithm	AlgorithmIdentifier ({ lc_x509_signature_algorithm }),
	signature		BIT STRING ({ lc_x509_note_signature })
	}

TBSCertificate ::= SEQUENCE {
	version           [ 0 ]	Version DEFAULT ({ lc_x509_version }),
	serialNumber		CertificateSerialNumber ({ lc_x509_note_serial }),
	signature		AlgorithmIdentifier ({ lc_x509_note_sig_algo }),
	issuer			Name ({ lc_x509_note_issuer }),
	validity		Validity,
	subject			Name ({ lc_x509_note_subject }),
	subjectPublicKeyInfo	SubjectPublicKeyInfo,
	issuerUniqueID    [ 1 ]	IMPLICIT UniqueIdentifier OPTIONAL,
	subjectUniqueID   [ 2 ]	IMPLICIT UniqueIdentifier OPTIONAL,
	extensions        [ 3 ]	Extensions OPTIONAL
	}

Version ::= INTEGER
CertificateSerialNumber ::= INTEGER

AlgorithmIdentifier ::= SEQUENCE {
	algorithm		OBJECT IDENTIFIER ({ lc_x509_note_algorithm_OID }),
	parameters		ANY OPTIONAL ({ lc_x509_note_params })
}

Name ::= SEQUENCE OF RelativeDistinguishedName ({ lc_x509_attribute_value_continue })

RelativeDistinguishedName ::= SET OF AttributeValueAssertion

AttributeValueAssertion ::= SEQUENCE {
	attributeType		OBJECT IDENTIFIER ({ lc_x509_note_attribute_type_OID }),
	attributeValue		ANY ({ lc_x509_extract_attribute_name_segment })
	}

Validity ::= SEQUENCE {
	notBefore		Time ({ lc_x509_note_not_before }),
	notAfter		Time ({ lc_x509_note_not_after })
	}

Time ::= CHOICE {
	utcTime			UTCTime ({ lc_x509_set_uct_time }),
	generalTime		GeneralizedTime ({ lc_x509_set_gen_time })
	}

SubjectPublicKeyInfo ::= SEQUENCE {
	algorithm		AlgorithmIdentifier,
	subjectPublicKey	BIT STRING ({ lc_x509_extract_key_data })
	}

UniqueIdentifier ::= BIT STRING

Extensions ::= SEQUENCE OF Extension

Extension ::= SEQUENCE {
	extnid			OBJECT IDENTIFIER ({ lc_x509_extension_OID }),
	critical		BOOLEAN DEFAULT ({ lc_x509_extension_critical }),
	extnValue		OCTET STRING ({ lc_x509_process_extension })
	} ({ lc_x509_extension_continue })
