[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: DN Handling (for BER to DN converter) (corrected again!)

To: "Arredondo, Tomas" <tArredondo@unispherenetworks.com>
Subject: RE: DN Handling (for BER to DN converter) (corrected again!)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 17 Aug 2001 11:15:02 +0200
Cc: "'openldap-devel@openldap.org'" <openldap-devel@OpenLDAP.org>
In-reply-to: <153BDA136259D311859900A0C99B52630101F438@boca-isbu-nt04.bo ca.unispheresolutions.com>

In general, LDAP uses the numericoid form (RFC 2252) transferred
as an octet string.  Of course, one could try to implement
objectClass;binary :-)

I suggest you read "ASN.1 Complete" by John Larmouth.  It goes into
the gory details of encoding object identifiers using the Basic (and
other) encoding rules.  See the FAQ for a URL to where you
can download the PDF.  You'll also find other ASN.1/BER references
in the FAQ.

Kurt

At 04:53 PM 8/10/2001, Arredondo, Tomas wrote:
>{Sorry but I'm not sure why the extra > are being put in the email but here
>is my last try to send one without them (I ran it through notepad).}
>
>I need some help with the encoding of the Object Identifier Value.
>
>I get the 06 for OBJECT ID, the length 3 octets and 
>I get the "formula": (X*40)  +  Y  but from there on I don't see
>where the 813403 comes from...
>
>Example From X690E [1]:
>An OBJECT IDENTIFIER value of:
>{joint-iso-itu-t  100  3}
>which is the same as:
>{2  100  3}
> has a first subidentifier of 180 and a second subidentifier of 3. The
>resulting encoding is:
>
>OBJECT          
>IDENTIFIER      Length  Contents
>06(base16)      03(base16)      813403(base16)
>
>
>Another ex is the one in A Layman's Guide to a Subset of ASN.1 [2] in
>section
>6.2.1 I don's see how they get the content octets for country name.  I mean
>sure 40*2 + 5 = 85 but the 5516; 4; and 6, 10, or 3 part?
>
>6.2.1 AttributeType
>
>The three AttributeType values are OCTET STRING values, so
>their DER encoding follows the primitive, definite-length
>method:
>
>06 03 55 04 06                                   countryName
>
>06 03 55 04 0a                              organizationName
>
>06 03 55 04 03                                    commonName
>
>The identifier octets follow the low-tag form, since the tag
>is 6 for OBJECT IDENTIFIER. Bits 8 and 7 have value "0,"
>indicating universal class, and bit 6 has value "0,"
>indicating that the encoding is primitive. The length octets
>follow the short form. The contents octets are the
>concatenation of three octet strings derived from
>subidentifiers (in decimal): 40 * 2 + 5 = 85 = 5516; 4; and
>6, 10, or 3.
>
>I'm assuming it's something to do with the eigth bit (?)
>
>Thanks,
>Tomas
>
>
>REFs:
>
>1- From X690E:
>
>Encoding of an object identifier value
>8.19.1  The encoding of an object identifier value shall be primitive.
>8.19.2  The contents octets shall be an (ordered) list of encodings of
>subidentifiers (see 8.19.3 and 8.19.4) concatenated together.
>Each subidentifier is represented as a series of (one or more) octets. Bit 8
>of each octet indicates whether it is the last in the series: bit 8 of the
>last octet is zero; bit 8 of each preceding octet is one. Bits 7 to 1 of the
>octets in the series collectively encode the subidentifier. Conceptually,
>these groups of bits are concatenated to form an unsigned binary number
>whose most significant bit is bit 7 of the first octet and whose least
>significant bit is bit 1 of the last octet. The subidentifier shall be
>encoded in the fewest possible octets, that is, the leading octet of the
>subidentifier shall not have the value 8016.
>
>8.19.3  The number of subidentifiers (N) shall be one less than the number
>of object identifier components in the object identifier value being
>encoded.
>
>8.19.4  The numerical value of the first subidentifier is derived from the
>values of the first two object identifier components in the object
>identifier value being encoded, using the formula:
>(X*40)  +  Y
>where X is the value of the first object identifier component and Y is the
>value of the second object identifier component.
>NOTE - This packing of the first two object identifier components recognizes
>that only three values are allocated from the root node, and at most 39
>subsequent values from nodes reached by X = 0 and X = 1.
>
>8.19.5  The numerical value of the ith subidentifier, (2 £ i £ N) is that of
>the (i + 1)th object identifier component.
>
>Example
>An OBJECT IDENTIFIER value of:
>{joint-iso-itu-t  100  3}
>which is the same as:
>{2  100  3}
> has a first subidentifier of 180 and a second subidentifier of 3. The
>resulting encoding is:
>
>OBJECT          
>IDENTIFIER      Length  Contents
>0616    0316    81340316
>
>
>2- A Layman's ...: ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc

Prev by Date: Re: subtree replication
Next by Date: attribute options on rfc2849
Index(es):
- Chronological
- Thread