[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: [ldapext] BER encoding of PasswordPolicyResponseValue?
Thanks Steven, Ludo or I will fix the ASN.1, and likely produce a
normative appendix containing the full ASN.1, wherein we'll declare
IMPLICIT TAGS.
Jim
>>> "Steven Legg" <steven.legg@adacel.com.au> 3/27/03 5:34:57 PM >>>
Mark,
Mark C Smith wrote:
> Someone asked me this week what the correct BER encoding is for a
> PasswordPolicyResponseValue (from
>
http://www.ietf.org/internet-drafts/draft-behera-ldap-password-policy-06.txt
).
>
> The ASN.1 from section 5.2 of the I-D is:
>
> PasswordPolicyResponseValue ::= SEQUENCE {
> warning [0] CHOICE OPTIONAL {
> timeBeforeExpiration [0] INTEGER (0 .. maxInt),
> graceLoginsRemaining [1] INTEGER (0 .. maxInt) }
> error [1] ENUMERATED OPTIONAL {
> passwordExpired (0),
> accountLocked (1),
> changeAfterReset (2),
> passwordModNotAllowed (3),
> mustSupplyOldPassword (4),
> invalidPasswordSyntax (5),
> passwordTooShort (6),
> passwordTooYoung (7),
> passwordInHistory (8) } }
First up, there are syntax errors in this type definition.
It should read:
PasswordPolicyResponseValue ::= SEQUENCE {
warning [0] CHOICE {
timeBeforeExpiration [0] INTEGER (0 .. maxInt),
graceLoginsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL,
error [1] ENUMERATED {
passwordExpired (0),
accountLocked (1),
changeAfterReset (2),
passwordModNotAllowed (3),
mustSupplyOldPassword (4),
invalidPasswordSyntax (5),
passwordTooShort (6),
passwordTooYoung (7),
passwordInHistory (8) } OPTIONAL }
> Notice that the warning element is both OPTIONAL (with a context
> specific tag of 0) and a CHOICE with embedded context specific tags
(0
> timeBeforeExpiration and 1 for graceLoginsRemaining).
> Normally, a CHOICE
> is encoded simply as whatever element as chosen, e.g., if
> timeBeforeExpiration is chosen one would just encode an INTEGER with
a
> context specific primitive tag of 0. But the tag associated with the
> outer element (warning) also needs to be included so the decoder can
> tell that a warning element was included (remember, it is optional).
> What is the right way to encode this?
If the tag default is IMPLICIT TAGS then the encoding is as
you've stated above. The implicit tagging suppresses the universal tag
of the INTEGER, but there is no universal tag (or length) for CHOICE
and implicit tagging never applies to a CHOICE.
With IMPLICIT tags the warning element, when present, is encoded as
[constructed 0] length [primitive 0] length integer-value-octets
With EXPLICIT tags the warning element, when present, is encoded as
[constructed 0] length [constructed 0] length
[primitive UNIVERSAL 2] length integer-value-octets
> One ASN.1 compiler I used encoded the warning element as a
constructed
> element that contains one integer (which allows two tags to
> be encoded,
> one associated with the constructed/container element and one with
the
> integer itself). Is that the right thing to do?
Yes, if the tag default is IMPLICIT TAGS, though the draft doesn't say
whether EXPLICIT or IMPLICIT tagging should apply.
Regards,
Steven
> Can any of the ASN.1
> experts out there help?
>
> Thanks.
>
> -Mark Smith
> Netscape
>
>
> _______________________________________________
> Ldapext mailing list
> Ldapext@ietf.org
> https://www1.ietf.org/mailman/listinfo/ldapext
>
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext