aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnders Broman <anders.broman@ericsson.com>2008-08-31 21:00:06 +0000
committerAnders Broman <anders.broman@ericsson.com>2008-08-31 21:00:06 +0000
commit47d612ccc9f0738bafd291d7bbc13c690928a397 (patch)
treecd0a58a0666ef76d0421859b3815205101215076
parent48dbffeda48d0409fb4af332aadaf954b265db1c (diff)
Update to X.509:08/2005.
svn path=/trunk/; revision=26105
Diffstat
-rw-r--r--asn1/x509ce/CertificateExtensions.asn791
-rw-r--r--asn1/x509ce/x509ce.cnf41
-rw-r--r--epan/dissectors/packet-x509ce.c511
-rw-r--r--epan/dissectors/packet-x509ce.h2
4 files changed, 936 insertions, 409 deletions
diff --git a/asn1/x509ce/CertificateExtensions.asn b/asn1/x509ce/CertificateExtensions.asn
index 2f1a9bfe44..b9359a7cf1 100644
--- a/asn1/x509ce/CertificateExtensions.asn
+++ b/asn1/x509ce/CertificateExtensions.asn
@@ -1,6 +1,7 @@
--- Module CertificateExtensions (X.509:03/2000)
+-- $Id:$
+-- Module CertificateExtensions (X.509:08/2005)
CertificateExtensions {joint-iso-itu-t ds(5) module(1)
- certificateExtensions(26) 4} DEFINITIONS IMPLICIT TAGS ::=
+ certificateExtensions(26) 5} DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS ALL
@@ -8,19 +9,16 @@ IMPORTS
id-at, id-ce, id-mr, informationFramework, authenticationFramework,
selectedAttributeTypes, upperBounds
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
- usefulDefinitions(0) 4}
+ usefulDefinitions(0) 5}
Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE
- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
- informationFramework(1) 4}
+ FROM InformationFramework informationFramework
CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION,
Time, PolicyID
- FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
- authenticationFramework(7) 4}
- DirectoryString
- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
- selectedAttributeTypes(5) 4}
+ FROM AuthenticationFramework authenticationFramework
+ DirectoryString{}
+ FROM SelectedAttributeTypes selectedAttributeTypes
ub-name
- FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}
+ FROM UpperBounds upperBounds
ORAddress
FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
mts-abstract-service(1) version-1999(1)};
@@ -28,75 +26,75 @@ IMPORTS
-- Unless explicitly noted otherwise, there is no significance to the ordering
-- of components of a SEQUENCE OF construct in this Specification.
-- public-key certificate and CRL extensions
--- authorityKeyIdentifier EXTENSION ::= {
--- SYNTAX AuthorityKeyIdentifier
--- IDENTIFIED BY id-ce-authorityKeyIdentifier
--- }
+authorityKeyIdentifier EXTENSION ::= {
+ SYNTAX AuthorityKeyIdentifier
+ IDENTIFIED BY id-ce-authorityKeyIdentifier
+}
AuthorityKeyIdentifier ::= SEQUENCE {
- keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL,
- authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL,
- authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL
-}
--- (WITH COMPONENTS {
--- ...,
--- authorityCertIssuer PRESENT,
--- authorityCertSerialNumber PRESENT
--- } |
--- WITH COMPONENTS {
--- ...,
--- authorityCertIssuer ABSENT,
--- authorityCertSerialNumber ABSENT
--- })
+ keyIdentifier [0] KeyIdentifier OPTIONAL,
+ authorityCertIssuer [1] GeneralNames OPTIONAL,
+ authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
+}
+(WITH COMPONENTS {
+ ...,
+ authorityCertIssuer PRESENT,
+ authorityCertSerialNumber PRESENT
+ } |
+ WITH COMPONENTS {
+ ...,
+ authorityCertIssuer ABSENT,
+ authorityCertSerialNumber ABSENT
+ })
KeyIdentifier ::= OCTET STRING
--- subjectKeyIdentifier EXTENSION ::= {
--- SYNTAX SubjectKeyIdentifier
--- IDENTIFIED BY id-ce-subjectKeyIdentifier
--- }
+subjectKeyIdentifier EXTENSION ::= {
+ SYNTAX SubjectKeyIdentifier
+ IDENTIFIED BY id-ce-subjectKeyIdentifier
+}
SubjectKeyIdentifier ::= KeyIdentifier
--- keyUsage EXTENSION ::= {SYNTAX KeyUsage
--- IDENTIFIED BY id-ce-keyUsage
--- }
+keyUsage EXTENSION ::= {SYNTAX KeyUsage
+ IDENTIFIED BY id-ce-keyUsage
+}
KeyUsage ::= BIT STRING {
- digitalSignature(0), nonRepudiation(1), keyEncipherment(2),
+ digitalSignature(0), contentCommitment(1), keyEncipherment(2),
dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6),
encipherOnly(7), decipherOnly(8)}
--- extKeyUsage EXTENSION ::= {
--- SYNTAX KeyPurposeIDs
--- IDENTIFIED BY id-ce-extKeyUsage
--- }
-
-KeyPurposeIDs ::= SEQUENCE OF KeyPurposeId
+extKeyUsage EXTENSION ::= {
+ SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ IDENTIFIED BY id-ce-extKeyUsage
+}
KeyPurposeId ::= OBJECT IDENTIFIER
--- privateKeyUsagePeriod EXTENSION ::= {
--- SYNTAX PrivateKeyUsagePeriod
--- IDENTIFIED BY id-ce-privateKeyUsagePeriod
--- }
+KeyPurposeIDs ::= SEQUENCE OF KeyPurposeId
+
+privateKeyUsagePeriod EXTENSION ::= {
+ SYNTAX PrivateKeyUsagePeriod
+ IDENTIFIED BY id-ce-privateKeyUsagePeriod
+}
PrivateKeyUsagePeriod ::= SEQUENCE {
- notBefore [0] IMPLICIT GeneralizedTime OPTIONAL,
- notAfter [1] IMPLICIT GeneralizedTime OPTIONAL
-}
--- (WITH COMPONENTS {
--- ...,
--- notBefore PRESENT
--- } | WITH COMPONENTS {
--- ...,
--- notAfter PRESENT
--- })
---
--- certificatePolicies EXTENSION ::= {
--- SYNTAX CertificatePoliciesSyntax
--- IDENTIFIED BY id-ce-certificatePolicies
--- }
+ notBefore [0] GeneralizedTime OPTIONAL,
+ notAfter [1] GeneralizedTime OPTIONAL
+}
+(WITH COMPONENTS {
+ ...,
+ notBefore PRESENT
+ } | WITH COMPONENTS {
+ ...,
+ notAfter PRESENT
+ })
+
+certificatePolicies EXTENSION ::= {
+ SYNTAX CertificatePoliciesSyntax
+ IDENTIFIED BY id-ce-certificatePolicies
+}
CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
@@ -107,54 +105,52 @@ PolicyInformation ::= SEQUENCE {
CertPolicyId ::= OBJECT IDENTIFIER
-PolicyQualifierId ::= OBJECT IDENTIFIER
+PolicyQualifierInfo ::= SEQUENCE {
+ policyQualifierId CERT-POLICY-QUALIFIER.&id({SupportedPolicyQualifiers}),
+ qualifier
+ CERT-POLICY-QUALIFIER.&Qualifier
+ ({SupportedPolicyQualifiers}{@policyQualifierId}) OPTIONAL
+}
-PolicyQualifierValue ::= ANY
+SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::=
+ {...}
-PolicyQualifierInfo ::= SEQUENCE {
- policyQualifierId PolicyQualifierId,
- qualifier PolicyQualifierValue OPTIONAL
-}
-
--- SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::=
--- {...}
---
--- anyPolicy OBJECT IDENTIFIER ::= {2 5 29 32 0}
---
--- CERT-POLICY-QUALIFIER ::= CLASS {
--- &id OBJECT IDENTIFIER UNIQUE,
--- &Qualifier OPTIONAL
--- }WITH SYNTAX {POLICY-QUALIFIER-ID &id
--- [QUALIFIER-TYPE &Qualifier]
--- }
---
--- policyMappings EXTENSION ::= {
--- SYNTAX PolicyMappingsSyntax
--- IDENTIFIED BY id-ce-policyMappings
--- }
+anyPolicy OBJECT IDENTIFIER ::= {2 5 29 32 0}
+
+CERT-POLICY-QUALIFIER ::= CLASS {
+ &id OBJECT IDENTIFIER UNIQUE,
+ &Qualifier OPTIONAL
+}WITH SYNTAX {POLICY-QUALIFIER-ID &id
+ [QUALIFIER-TYPE &Qualifier]
+}
+
+policyMappings EXTENSION ::= {
+ SYNTAX PolicyMappingsSyntax
+ IDENTIFIED BY id-ce-policyMappings
+}
PolicyMappingsSyntax ::=
SEQUENCE SIZE (1..MAX) OF
SEQUENCE {issuerDomainPolicy CertPolicyId,
subjectDomainPolicy CertPolicyId}
--- subjectAltName EXTENSION ::= {
--- SYNTAX GeneralNames
--- IDENTIFIED BY id-ce-subjectAltName
--- }
+subjectAltName EXTENSION ::= {
+ SYNTAX GeneralNames
+ IDENTIFIED BY id-ce-subjectAltName
+}
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
- otherName [0] IMPLICIT --INSTANCE OF OTHER-NAME-- OtherName,
- rfc822Name [1] IMPLICIT IA5String,
- dNSName [2] IMPLICIT IA5String,
- x400Address [3] IMPLICIT ORAddress,
- directoryName [4] IMPLICIT Name,
- ediPartyName [5] IMPLICIT EDIPartyName,
- uniformResourceIdentifier [6] IMPLICIT IA5String,
- iPAddress [7] IMPLICIT OCTET STRING,
- registeredID [8] IMPLICIT OBJECT IDENTIFIER
+ otherName [0] -- INSTANCE OF OTHER-NAME-- OtherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ORAddress,
+ directoryName [4] Name,
+ ediPartyName [5] EDIPartyName,
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER
}
-- OTHER-NAME ::= TYPE-IDENTIFIER
@@ -166,147 +162,146 @@ OtherName ::= SEQUENCE {
OtherNameType ::= OBJECT IDENTIFIER
OtherNameValue ::= ANY
-
+
EDIPartyName ::= SEQUENCE {
- nameAssigner [0] IMPLICIT DirectoryString OPTIONAL,
- partyName [1] IMPLICIT DirectoryString
+ nameAssigner [0] DirectoryString{ub-name} OPTIONAL,
+ partyName [1] DirectoryString{ub-name}
+}
+
+issuerAltName EXTENSION ::= {
+ SYNTAX GeneralNames
+ IDENTIFIED BY id-ce-issuerAltName
}
--- issuerAltName EXTENSION ::= {
--- SYNTAX GeneralNames
--- IDENTIFIED BY id-ce-issuerAltName
--- }
---
--- subjectDirectoryAttributes EXTENSION ::= {
--- SYNTAX AttributesSyntax
--- IDENTIFIED BY id-ce-subjectDirectoryAttributes
--- }
+subjectDirectoryAttributes EXTENSION ::= {
+ SYNTAX AttributesSyntax
+ IDENTIFIED BY id-ce-subjectDirectoryAttributes
+}
AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute
--- basicConstraints EXTENSION ::= {
--- SYNTAX BasicConstraintsSyntax
--- IDENTIFIED BY id-ce-basicConstraints
--- }
+basicConstraints EXTENSION ::= {
+ SYNTAX BasicConstraintsSyntax
+ IDENTIFIED BY id-ce-basicConstraints
+}
BasicConstraintsSyntax ::= SEQUENCE {
cA BOOLEAN DEFAULT FALSE,
- pathLenConstraint INTEGER OPTIONAL
+ pathLenConstraint INTEGER(0..MAX) OPTIONAL
}
--- nameConstraints EXTENSION ::= {
--- SYNTAX NameConstraintsSyntax
--- IDENTIFIED BY id-ce-nameConstraints
--- }
+nameConstraints EXTENSION ::= {
+ SYNTAX NameConstraintsSyntax
+ IDENTIFIED BY id-ce-nameConstraints
+}
NameConstraintsSyntax ::= SEQUENCE {
- permittedSubtrees [0] IMPLICIT GeneralSubtrees OPTIONAL,
- excludedSubtrees [1] IMPLICIT GeneralSubtrees OPTIONAL
-}
+ permittedSubtrees [0] GeneralSubtrees OPTIONAL,
+ excludedSubtrees [1] GeneralSubtrees OPTIONAL
+}(-- ALL EXCEPT -- ({ --none; at least one component shall be present--}))
-GeneralSubtrees ::= SEQUENCE OF GeneralSubtree
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
GeneralSubtree ::= SEQUENCE {
base GeneralName,
- minimum [0] IMPLICIT BaseDistance DEFAULT 0,
- maximum [1] IMPLICIT BaseDistance OPTIONAL
+ minimum [0] BaseDistance DEFAULT 0,
+ maximum [1] BaseDistance OPTIONAL
}
BaseDistance ::= INTEGER(0..MAX)
--- policyConstraints EXTENSION ::= {
--- SYNTAX PolicyConstraintsSyntax
--- IDENTIFIED BY id-ce-policyConstraints
--- }
+policyConstraints EXTENSION ::= {
+ SYNTAX PolicyConstraintsSyntax
+ IDENTIFIED BY id-ce-policyConstraints
+}
PolicyConstraintsSyntax ::= SEQUENCE {
- requireExplicitPolicy [0] IMPLICIT SkipCerts OPTIONAL,
- inhibitPolicyMapping [1] IMPLICIT SkipCerts OPTIONAL
+ requireExplicitPolicy [0] SkipCerts OPTIONAL,
+ inhibitPolicyMapping [1] SkipCerts OPTIONAL
}
SkipCerts ::= INTEGER(0..MAX)
--- cRLNumber EXTENSION ::= {
--- SYNTAX CRLNumber
--- IDENTIFIED BY id-ce-cRLNumber
--- }
+cRLNumber EXTENSION ::= {
+ SYNTAX CRLNumber
+ IDENTIFIED BY id-ce-cRLNumber
+}
CRLNumber ::= INTEGER(0..MAX)
--- reasonCode EXTENSION ::= {
--- SYNTAX CRLReason
--- IDENTIFIED BY id-ce-reasonCode
--- }
+reasonCode EXTENSION ::= {
+ SYNTAX CRLReason
+ IDENTIFIED BY id-ce-reasonCode
+}
CRLReason ::= ENUMERATED {
unspecified(0), keyCompromise(1), cACompromise(2), affiliationChanged(3),
superseded(4), cessationOfOperation(5), certificateHold(6), removeFromCRL(8),
privilegeWithdrawn(9), aaCompromise(10)}
--- holdInstructionCode EXTENSION ::= {
--- SYNTAX HoldInstruction
--- IDENTIFIED BY id-ce-instructionCode
--- }
+holdInstructionCode EXTENSION ::= {
+ SYNTAX HoldInstruction
+ IDENTIFIED BY id-ce-instructionCode
+}
HoldInstruction ::= OBJECT IDENTIFIER
--- invalidityDate EXTENSION ::= {
--- SYNTAX GeneralizedTime
--- IDENTIFIED BY id-ce-invalidityDate
--- }
---
--- crlScope EXTENSION ::= {
--- SYNTAX CRLScopeSyntax
--- IDENTIFIED BY id-ce-cRLScope
--- }
+invalidityDate EXTENSION ::= {
+ SYNTAX GeneralizedTime
+ IDENTIFIED BY id-ce-invalidityDate
+}
+
+crlScope EXTENSION ::= {
+ SYNTAX CRLScopeSyntax
+ IDENTIFIED BY id-ce-cRLScope
+}
CRLScopeSyntax ::= SEQUENCE SIZE (1..MAX) OF PerAuthorityScope
PerAuthorityScope ::= SEQUENCE {
- authorityName [0] IMPLICIT GeneralName OPTIONAL,
- distributionPoint [1] IMPLICIT DistributionPointName OPTIONAL,
- onlyContains [2] IMPLICIT OnlyCertificateTypes OPTIONAL,
- onlySomeReasons [4] IMPLICIT ReasonFlags OPTIONAL,
- serialNumberRange [5] IMPLICIT NumberRange OPTIONAL,
- subjectKeyIdRange [6] IMPLICIT NumberRange OPTIONAL,
- nameSubtrees [7] IMPLICIT GeneralNames OPTIONAL,
- baseRevocationInfo [9] IMPLICIT BaseRevocationInfo OPTIONAL
+ authorityName [0] GeneralName OPTIONAL,
+ distributionPoint [1] DistributionPointName OPTIONAL,
+ onlyContains [2] OnlyCertificateTypes OPTIONAL,
+ onlySomeReasons [4] ReasonFlags OPTIONAL,
+ serialNumberRange [5] NumberRange OPTIONAL,
+ subjectKeyIdRange [6] NumberRange OPTIONAL,
+ nameSubtrees [7] GeneralNames OPTIONAL,
+ baseRevocationInfo [9] BaseRevocationInfo OPTIONAL
}
-OnlyCertificateTypes ::= BIT STRING {
- userPublicKey(0), cA(1), userAttribute(2), aA(3), sOAPublicKey(4)}
+OnlyCertificateTypes ::= BIT STRING {user(0), authority(1), attribute(2)}
NumberRange ::= SEQUENCE {
- startingNumber [0] IMPLICIT INTEGER OPTIONAL,
- endingNumber [1] IMPLICIT INTEGER OPTIONAL,
+ startingNumber [0] INTEGER OPTIONAL,
+ endingNumber [1] INTEGER OPTIONAL,
modulus INTEGER OPTIONAL
}
BaseRevocationInfo ::= SEQUENCE {
- cRLStreamIdentifier [0] IMPLICIT CRLStreamIdentifier OPTIONAL,
- cRLNumber [1] IMPLICIT CRLNumber,
- baseThisUpdate [2] IMPLICIT GeneralizedTime
+ cRLStreamIdentifier [0] CRLStreamIdentifier OPTIONAL,
+ cRLNumber [1] CRLNumber,
+ baseThisUpdate [2] GeneralizedTime
}
--- statusReferrals EXTENSION ::= {
--- SYNTAX StatusReferrals
--- IDENTIFIED BY id-ce-statusReferrals
--- }
+statusReferrals EXTENSION ::= {
+ SYNTAX StatusReferrals
+ IDENTIFIED BY id-ce-statusReferrals
+}
StatusReferrals ::= SEQUENCE SIZE (1..MAX) OF StatusReferral
StatusReferral ::= CHOICE {
- cRLReferral [0] IMPLICIT CRLReferral
--- otherReferral [1] IMPLICIT INSTANCE OF OTHER-REFERRAL
+ cRLReferral [0] CRLReferral
+-- otherReferral [1] INSTANCE OF OTHER-REFERRAL
}
CRLReferral ::= SEQUENCE {
- issuer [0] IMPLICIT GeneralName OPTIONAL,
- location [1] IMPLICIT GeneralName OPTIONAL,
- deltaRefInfo [2] IMPLICIT DeltaRefInfo OPTIONAL,
+ issuer [0] GeneralName OPTIONAL,
+ location [1] GeneralName OPTIONAL,
+ deltaRefInfo [2] DeltaRefInfo OPTIONAL,
cRLScope CRLScopeSyntax,
- lastUpdate [3] IMPLICIT GeneralizedTime OPTIONAL,
- lastChangedCRL [4] IMPLICIT GeneralizedTime OPTIONAL
+ lastUpdate [3] GeneralizedTime OPTIONAL,
+ lastChangedCRL [4] GeneralizedTime OPTIONAL
}
DeltaRefInfo ::= SEQUENCE {
@@ -314,48 +309,48 @@ DeltaRefInfo ::= SEQUENCE {
lastDelta GeneralizedTime OPTIONAL
}
--- OTHER-REFERRAL ::= TYPE-IDENTIFIER
---
--- cRLStreamIdentifier EXTENSION ::= {
--- SYNTAX CRLStreamIdentifier
--- IDENTIFIED BY id-ce-cRLStreamIdentifier
--- }
+--OTHER-REFERRAL ::= TYPE-IDENTIFIER
+--
+cRLStreamIdentifier EXTENSION ::= {
+ SYNTAX CRLStreamIdentifier
+ IDENTIFIED BY id-ce-cRLStreamIdentifier
+}
CRLStreamIdentifier ::= INTEGER(0..MAX)
--- orderedList EXTENSION ::= {
--- SYNTAX OrderedListSyntax
--- IDENTIFIED BY id-ce-orderedList
--- }
+orderedList EXTENSION ::= {
+ SYNTAX OrderedListSyntax
+ IDENTIFIED BY id-ce-orderedList
+}
OrderedListSyntax ::= ENUMERATED {ascSerialNum(0), ascRevDate(1)}
--- deltaInfo EXTENSION ::= {
--- SYNTAX DeltaInformation
--- IDENTIFIED BY id-ce-deltaInfo
--- }
+deltaInfo EXTENSION ::= {
+ SYNTAX DeltaInformation
+ IDENTIFIED BY id-ce-deltaInfo
+}
DeltaInformation ::= SEQUENCE {
deltaLocation GeneralName,
nextDelta GeneralizedTime OPTIONAL
}
--- cRLDistributionPoints EXTENSION ::= {
--- SYNTAX CRLDistPointsSyntax
--- IDENTIFIED BY id-ce-cRLDistributionPoints
--- }
+cRLDistributionPoints EXTENSION ::= {
+ SYNTAX CRLDistPointsSyntax
+ IDENTIFIED BY id-ce-cRLDistributionPoints
+}
CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE {
- distributionPoint [0] IMPLICIT DistributionPointName OPTIONAL,
- reasons [1] IMPLICIT ReasonFlags OPTIONAL,
- cRLIssuer [2] IMPLICIT GeneralNames OPTIONAL
+ distributionPoint [0] DistributionPointName OPTIONAL,
+ reasons [1] ReasonFlags OPTIONAL,
+ cRLIssuer [2] GeneralNames OPTIONAL
}
DistributionPointName ::= CHOICE {
- fullName [0] IMPLICIT GeneralNames,
- nameRelativeToCRLIssuer [1] IMPLICIT RelativeDistinguishedName
+ fullName [0] GeneralNames,
+ nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}
ReasonFlags ::= BIT STRING {
@@ -363,82 +358,150 @@ ReasonFlags ::= BIT STRING {
superseded(4), cessationOfOperation(5), certificateHold(6),
privilegeWithdrawn(7), aACompromise(8)}
--- issuingDistributionPoint EXTENSION ::= {
--- SYNTAX IssuingDistPointSyntax
--- IDENTIFIED BY id-ce-issuingDistributionPoint
--- }
+issuingDistributionPoint EXTENSION ::= {
+ SYNTAX IssuingDistPointSyntax
+ IDENTIFIED BY id-ce-issuingDistributionPoint
+}
IssuingDistPointSyntax ::= SEQUENCE {
--- If containsUserPublicKeyCerts, containsCACerts, containsUserAttributeCerts,
--- containsAACerts, and containsSOAPublicKeyCerts s are all absent, or not set to TRUE, (),
--- the CRL covers allthese certificate types
- distributionPoint [0] IMPLICIT DistributionPointName OPTIONAL,
- containsUserPublicKeyCerts [1] IMPLICIT BOOLEAN DEFAULT FALSE,
- containsCACerts [2] IMPLICIT BOOLEAN DEFAULT FALSE,
- onlySomeReasons [3] IMPLICIT ReasonFlags OPTIONAL,
- indirectCRL [4] IMPLICIT BOOLEAN DEFAULT FALSE,
- containsUserAttributeCerts [5] IMPLICIT BOOLEAN DEFAULT FALSE,
- containsAACerts [6] IMPLICIT BOOLEAN DEFAULT FALSE,
- containsSOAPublicKeyCerts [7] IMPLICIT BOOLEAN DEFAULT FALSE
-}
-
--- certificateIssuer EXTENSION ::= {
--- SYNTAX GeneralNames
--- IDENTIFIED BY id-ce-certificateIssuer
--- }
---
--- deltaCRLIndicator EXTENSION ::= {
--- SYNTAX BaseCRLNumber
--- IDENTIFIED BY id-ce-deltaCRLIndicator
--- }
+ -- If onlyContainsUserPublicKeyCerts and onlyContainsCACerts are both FALSE,
+ -- the CRL covers both certificate types
+ distributionPoint [0] DistributionPointName OPTIONAL,
+ onlyContainsUserPublicKeyCerts [1] BOOLEAN DEFAULT FALSE,
+ onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
+ onlySomeReasons [3] ReasonFlags OPTIONAL,
+ indirectCRL [4] BOOLEAN DEFAULT FALSE
+}
+
+certificateIssuer EXTENSION ::= {
+ SYNTAX GeneralNames
+ IDENTIFIED BY id-ce-certificateIssuer
+}
+
+deltaCRLIndicator EXTENSION ::= {
+ SYNTAX BaseCRLNumber
+ IDENTIFIED BY id-ce-deltaCRLIndicator
+}
BaseCRLNumber ::= CRLNumber
--- baseUpdateTime EXTENSION ::= {
--- SYNTAX GeneralizedTime
--- IDENTIFIED BY id-ce-baseUpdateTime
--- }
---
--- freshestCRL EXTENSION ::= {
--- SYNTAX CRLDistPointsSyntax
--- IDENTIFIED BY id-ce-freshestCRL
--- }
---
--- inhibitAnyPolicy EXTENSION ::= {
--- SYNTAX SkipCerts
--- IDENTIFIED BY id-ce-inhibitAnyPolicy
--- }
---
+toBeRevoked EXTENSION ::= {
+ SYNTAX ToBeRevokedSyntax
+ IDENTIFIED BY id-ce-toBeRevoked
+}
+
+ToBeRevokedSyntax ::= SEQUENCE SIZE (1..MAX) OF ToBeRevokedGroup
+
+ToBeRevokedGroup ::= SEQUENCE {
+ certificateIssuer [0] GeneralName OPTIONAL,
+ reasonInfo [1] ReasonInfo OPTIONAL,
+ revocationTime GeneralizedTime,
+ certificateGroup CertificateGroup
+}
+
+ReasonInfo ::= SEQUENCE {
+ reasonCode CRLReason,
+ holdInstructionCode HoldInstruction OPTIONAL
+}
+
+CertificateGroup ::= CHOICE {
+ serialNumbers [0] CertificateSerialNumbers,
+ serialNumberRange [1] CertificateGroupNumberRange,
+ nameSubtree [2] GeneralName
+}
+
+CertificateGroupNumberRange ::= SEQUENCE {
+ startingNumber [0] INTEGER,
+ endingNumber [1] INTEGER
+}
+
+CertificateSerialNumbers ::= SEQUENCE SIZE (1..MAX) OF CertificateSerialNumber
+
+revokedGroups EXTENSION ::= {
+ SYNTAX RevokedGroupsSyntax
+ IDENTIFIED BY id-ce-RevokedGroups
+}
+
+RevokedGroupsSyntax ::= SEQUENCE SIZE (1..MAX) OF RevokedGroup
+
+RevokedGroup ::= SEQUENCE {
+ certificateIssuer [0] GeneralName OPTIONAL,
+ reasonInfo [1] ReasonInfo OPTIONAL,
+ invalidityDate [2] GeneralizedTime OPTIONAL,
+ revokedcertificateGroup [3] RevokedCertificateGroup
+}
+
+RevokedCertificateGroup ::= CHOICE {
+ serialNumberRange NumberRange,
+ nameSubtree GeneralName
+}
+
+expiredCertsOnCRL EXTENSION ::= {
+ SYNTAX ExpiredCertsOnCRL
+ IDENTIFIED BY id-ce-expiredCertsOnCRL
+}
+
+ExpiredCertsOnCRL ::= GeneralizedTime
+
+baseUpdateTime EXTENSION ::= {
+ SYNTAX GeneralizedTime
+ IDENTIFIED BY id-ce-baseUpdateTime
+}
+
+freshestCRL EXTENSION ::= {
+ SYNTAX CRLDistPointsSyntax
+ IDENTIFIED BY id-ce-freshestCRL
+}
+
+aAissuingDistributionPoint EXTENSION ::= {
+ SYNTAX AAIssuingDistPointSyntax
+ IDENTIFIED BY id-ce-aAissuingDistributionPoint
+}
+
+AAIssuingDistPointSyntax ::= SEQUENCE {
+ distributionPoint [0] DistributionPointName OPTIONAL,
+ onlySomeReasons [1] ReasonFlags OPTIONAL,
+ indirectCRL [2] BOOLEAN DEFAULT FALSE,
+ containsUserAttributeCerts [3] BOOLEAN DEFAULT TRUE,
+ containsAACerts [4] BOOLEAN DEFAULT TRUE,
+ containsSOAPublicKeyCerts [5] BOOLEAN DEFAULT TRUE
+}
+
+inhibitAnyPolicy EXTENSION ::= {
+ SYNTAX SkipCerts
+ IDENTIFIED BY id-ce-inhibitAnyPolicy
+}
+
-- PKI matching rules
--- certificateExactMatch MATCHING-RULE ::= {
--- SYNTAX CertificateExactAssertion
--- ID id-mr-certificateExactMatch
--- }
+certificateExactMatch MATCHING-RULE ::= {
+ SYNTAX CertificateExactAssertion
+ ID id-mr-certificateExactMatch
+}
CertificateExactAssertion ::= SEQUENCE {
serialNumber CertificateSerialNumber,
issuer Name
}
--- certificateMatch MATCHING-RULE ::= {
--- SYNTAX CertificateAssertion
--- ID id-mr-certificateMatch
--- }
+certificateMatch MATCHING-RULE ::= {
+ SYNTAX CertificateAssertion
+ ID id-mr-certificateMatch
+}
CertificateAssertion ::= SEQUENCE {
- serialNumber [0] IMPLICIT CertificateSerialNumber OPTIONAL,
- issuer [1] IMPLICIT Name OPTIONAL,
- subjectKeyIdentifier [2] IMPLICIT SubjectKeyIdentifier OPTIONAL,
- authorityKeyIdentifier [3] IMPLICIT AuthorityKeyIdentifier OPTIONAL,
--- certificateValid [4] IMPLICIT Time OPTIONAL,
- privateKeyValid [5] IMPLICIT GeneralizedTime OPTIONAL,
- subjectPublicKeyAlgID [6] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
- keyUsage [7] IMPLICIT KeyUsage OPTIONAL,
- subjectAltName [8] IMPLICIT AltNameType OPTIONAL,
- policy [9] IMPLICIT CertPolicySet OPTIONAL,
- pathToName [10] IMPLICIT Name OPTIONAL,
- subject [11] IMPLICIT Name OPTIONAL,
- nameConstraints [12] IMPLICIT NameConstraintsSyntax OPTIONAL
+ serialNumber [0] CertificateSerialNumber OPTIONAL,
+ issuer [1] Name OPTIONAL,
+ subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL,
+ authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
+ certificateValid [4] Time OPTIONAL,
+ privateKeyValid [5] GeneralizedTime OPTIONAL,
+ subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL,
+ keyUsage [7] KeyUsage OPTIONAL,
+ subjectAltName [8] AltNameType OPTIONAL,
+ policy [9] CertPolicySet OPTIONAL,
+ pathToName [10] Name OPTIONAL,
+ subject [11] Name OPTIONAL,
+ nameConstraints [12] NameConstraintsSyntax OPTIONAL
}
AltNameType ::= CHOICE {
@@ -451,87 +514,114 @@ AltNameType ::= CHOICE {
CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId
--- certificatePairExactMatch MATCHING-RULE ::= {
--- SYNTAX CertificatePairExactAssertion
--- ID id-mr-certificatePairExactMatch
--- }
+certificatePairExactMatch MATCHING-RULE ::= {
+ SYNTAX CertificatePairExactAssertion
+ ID id-mr-certificatePairExactMatch
+}
CertificatePairExactAssertion ::= SEQUENCE {
- issuedToThisCAAssertion [0] IMPLICIT CertificateExactAssertion OPTIONAL,
- issuedByThisCAAssertion [1] IMPLICIT CertificateExactAssertion OPTIONAL
-}
--- (WITH COMPONENTS {
--- ...,
--- issuedToThisCAAssertion PRESENT
--- } | WITH COMPONENTS {
--- ...,
--- issuedByThisCAAssertion PRESENT
--- })
---
--- certificatePairMatch MATCHING-RULE ::= {
--- SYNTAX CertificatePairAssertion
--- ID id-mr-certificatePairMatch
--- }
+ issuedToThisCAAssertion [0] CertificateExactAssertion OPTIONAL,
+ issuedByThisCAAssertion [1] CertificateExactAssertion OPTIONAL
+}
+(WITH COMPONENTS {
+ ...,
+ issuedToThisCAAssertion PRESENT
+ } | WITH COMPONENTS {
+ ...,
+ issuedByThisCAAssertion PRESENT
+ })
+
+certificatePairMatch MATCHING-RULE ::= {
+ SYNTAX CertificatePairAssertion
+ ID id-mr-certificatePairMatch
+}
CertificatePairAssertion ::= SEQUENCE {
- issuedToThisCAAssertion [0] IMPLICIT CertificateAssertion OPTIONAL,
- issuedByThisCAAssertion [1] IMPLICIT CertificateAssertion OPTIONAL
-}
--- (WITH COMPONENTS {
--- ...,
--- issuedToThisCAAssertion PRESENT
--- } | WITH COMPONENTS {
--- ...,
--- issuedByThisCAAssertion PRESENT
--- })
---
--- certificateListExactMatch MATCHING-RULE ::= {
--- SYNTAX CertificateListExactAssertion
--- ID id-mr-certificateListExactMatch
--- }
+ issuedToThisCAAssertion [0] CertificateAssertion OPTIONAL,
+ issuedByThisCAAssertion [1] CertificateAssertion OPTIONAL
+}
+(WITH COMPONENTS {
+ ...,
+ issuedToThisCAAssertion PRESENT
+ } | WITH COMPONENTS {
+ ...,
+ issuedByThisCAAssertion PRESENT
+ })
+
+certificateListExactMatch MATCHING-RULE ::= {
+ SYNTAX CertificateListExactAssertion
+ ID id-mr-certificateListExactMatch
+}
CertificateListExactAssertion ::= SEQUENCE {
issuer Name,
--- thisUpdate Time,
+ thisUpdate Time,
distributionPoint DistributionPointName OPTIONAL
}
--- certificateListMatch MATCHING-RULE ::= {
--- SYNTAX CertificateListAssertion
--- ID id-mr-certificateListMatch
--- }
+certificateListMatch MATCHING-RULE ::= {
+ SYNTAX CertificateListAssertion
+ ID id-mr-certificateListMatch
+}
CertificateListAssertion ::= SEQUENCE {
issuer Name OPTIONAL,
- minCRLNumber [0] IMPLICIT CRLNumber OPTIONAL,
- maxCRLNumber [1] IMPLICIT CRLNumber OPTIONAL,
+ minCRLNumber [0] CRLNumber OPTIONAL,
+ maxCRLNumber [1] CRLNumber OPTIONAL,
reasonFlags ReasonFlags OPTIONAL,
--- dateAndTime Time OPTIONAL,
- distributionPoint [2] IMPLICIT DistributionPointName OPTIONAL,
- authorityKeyIdentifier [3] IMPLICIT AuthorityKeyIdentifier OPTIONAL
-}
-
--- algorithmIdentifierMatch MATCHING-RULE ::= {
--- SYNTAX AlgorithmIdentifier
--- ID id-mr-algorithmIdentifierMatch
--- }
---
--- policyMatch MATCHING-RULE ::= {SYNTAX PolicyID
--- ID id-mr-policyMatch
--- }
---
--- pkiPathMatch MATCHING-RULE ::= {
--- SYNTAX PkiPathMatchSyntax
--- ID id-mr-pkiPathMatch
--- }
+ dateAndTime Time OPTIONAL,
+ distributionPoint [2] DistributionPointName OPTIONAL,
+ authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL
+}
+
+algorithmIdentifierMatch MATCHING-RULE ::= {
+ SYNTAX AlgorithmIdentifier
+ ID id-mr-algorithmIdentifierMatch
+}
+
+policyMatch MATCHING-RULE ::= {SYNTAX PolicyID
+ ID id-mr-policyMatch
+}
+
+pkiPathMatch MATCHING-RULE ::= {
+ SYNTAX PkiPathMatchSyntax
+ ID id-mr-pkiPathMatch
+}
PkiPathMatchSyntax ::= SEQUENCE {firstIssuer Name,
lastSubject Name
}
+enhancedCertificateMatch MATCHING-RULE ::= {
+ SYNTAX EnhancedCertificateAssertion
+ ID id-mr-enhancedCertificateMatch
+}
+
+EnhancedCertificateAssertion ::= SEQUENCE {
+ serialNumber [0] CertificateSerialNumber OPTIONAL,
+ issuer [1] Name OPTIONAL,
+ subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL,
+ authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
+ certificateValid [4] Time OPTIONAL,
+ privateKeyValid [5] GeneralizedTime OPTIONAL,
+ subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL,
+ keyUsage [7] KeyUsage OPTIONAL,
+ subjectAltName [8] AltName OPTIONAL,
+ policy [9] CertPolicySet OPTIONAL,
+ pathToName [10] GeneralNames OPTIONAL,
+ subject [11] Name OPTIONAL,
+ nameConstraints [12] NameConstraintsSyntax OPTIONAL
+}(--ALL EXCEPT-- ({ -- none; at least one component shall be present --}))
+
+AltName ::= SEQUENCE {
+ altnameType AltNameType,
+ altNameValue GeneralName OPTIONAL
+}
+
-- Object identifier assignments
-id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9}
-
+id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=
+ {id-ce 9}
+
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14}
id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15}
@@ -567,8 +657,8 @@ id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32}
id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33}
-- deprecated OBJECT IDENTIFIER ::= {id-ce 34}
-
-id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35}
+id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=
+ {id-ce 35}
id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36}
@@ -590,26 +680,36 @@ id-ce-deltaInfo OBJECT IDENTIFIER ::= {id-ce 53}
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54}
+id-ce-toBeRevoked OBJECT IDENTIFIER ::= {id-ce 58}
+
+id-ce-RevokedGroups OBJECT IDENTIFIER ::= {id-ce 59}
+
+id-ce-expiredCertsOnCRL OBJECT IDENTIFIER ::= {id-ce 60}
+
+id-ce-aAissuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 63}
+
-- matching rule OIDs
--- id-mr-certificateExactMatch OBJECT IDENTIFIER ::=
--- {id-mr 34}
---
--- id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35}
---
--- id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36}
---
--- id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37}
---
--- id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38}
---
--- id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39}
---
--- id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40}
---
--- id-mr-policyMatch OBJECT IDENTIFIER ::= {id-mr 60}
---
--- id-mr-pkiPathMatch OBJECT IDENTIFIER ::= {id-mr 62}
---
+id-mr-certificateExactMatch OBJECT IDENTIFIER ::=
+ {id-mr 34}
+
+id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35}
+
+id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36}
+
+id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37}
+
+id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38}
+
+id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39}
+
+id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40}
+
+id-mr-policyMatch OBJECT IDENTIFIER ::= {id-mr 60}
+
+id-mr-pkiPathMatch OBJECT IDENTIFIER ::= {id-mr 62}
+
+id-mr-enhancedCertificateMatch OBJECT IDENTIFIER ::= {id-mr 65}
+
-- The following OBJECT IDENTIFIERS are not used by this Specification:
-- {id-ce 2}, {id-ce 3}, {id-ce 4}, {id-ce 5}, {id-ce 6}, {id-ce 7},
-- {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13},
@@ -626,3 +726,4 @@ CertificateTemplate ::= SEQUENCE {
END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/asn1/x509ce/x509ce.cnf b/asn1/x509ce/x509ce.cnf
index 6006a97e05..b5680405c7 100644
--- a/asn1/x509ce/x509ce.cnf
+++ b/asn1/x509ce/x509ce.cnf
@@ -11,6 +11,32 @@ MTSAbstractService x411
#.IMPORT ../x509sat/x509sat-exp.cnf
#.IMPORT ../x411/x411-exp.cnf
+# Forward declaration
+#.CLASS CERT-POLICY-QUALIFIER
+&id ObjectIdentifierType
+&Qualifier
+#.END
+
+# InformationFramework classes
+#.CLASS ATTRIBUTE
+&derivation ClassReference ATTRIBUTE
+&Type
+&equality-match ClassReference MATCHING-RULE
+&ordering-match ClassReference MATCHING-RULE
+&substrings-match ClassReference MATCHING-RULE
+&single-valued BooleanType
+&collective BooleanType
+&no-user-modification BooleanType
+&usage
+&id ObjectIdentifierType
+#.END
+
+#.CLASS MATCHING-RULE
+&ParentMatchingRules ClassReference MATCHING-RULE
+&AssertionType
+&uniqueMatchIndicator ClassReference ATTRIBUTE
+&id ObjectIdentifierType
+#.END
#.EXPORTS
AltNameType
AttributesSyntax
@@ -66,6 +92,7 @@ StatusReferrals
SubjectKeyIdentifier
#.REGISTER
+PolicyInformationOld B "2.5.29.3" "id-ce-certificatePolicies(Depreciated)"
AttributesSyntax B "2.5.29.9" "id-ce-subjectDirectoryAttributes"
SubjectKeyIdentifier B "2.5.29.14" "id-ce-subjectKeyIdentifier"
KeyUsage B "2.5.29.15" "id-ce-keyUsage"
@@ -93,6 +120,16 @@ CRLDistPointsSyntax B "2.5.29.46" "id-ce-freshestCRL"
OrderedListSyntax B "2.5.29.47" "id-ce-orderedList"
DeltaInformation B "2.5.29.53" "id-ce-deltaInfo"
SkipCerts B "2.5.29.54" "id-ce-inhibitAnyPolicy"
+ToBeRevokedSyntax B "2.5.29.58" "id-ce-toBeRevoked"
+RevokedGroupsSyntax B "2.5.29.59" "id-ce-RevokedGroups"
+ExpiredCertsOnCRL B "2.5.29.60" "id-ce-expiredCertsOnCRL"
+AAIssuingDistPointSyntax B "2.5.29.61" "id-ce-aAissuingDistributionPoint"
+
+# These are obsolete???
+# The following OBJECT IDENTIFIERS are not used by this Specification:
+# {id-ce 2}, {id-ce 3}, {id-ce 4}, {id-ce 5}, {id-ce 6}, {id-ce 7},
+# {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13},
+# {id-ce 22}, {id-ce 25}, {id-ce 26}
# Microsoft extensions
CertificateTemplate B "1.3.6.1.4.1.311.21.7" "id-ms-certificate-template"
@@ -107,10 +144,10 @@ CRLReferral/issuer crlr_issuer
CertificatePairExactAssertion/issuedToThisCAAssertion cpea_issuedToThisCAAssertion
CertificatePairExactAssertion/issuedByThisCAAssertion cpea_issuedByThisCAAssertion
-#.FN_PARS PolicyQualifierId
+#.FN_PARS PolicyQualifierInfo/policyQualifierId
FN_VARIANT = _str HF_INDEX = hf_x509ce_object_identifier_id VAL_PTR = &object_identifier_id
-#.FN_BODY PolicyQualifierValue
+#.FN_BODY PolicyQualifierInfo/qualifier
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
#.FN_BODY GeneralName/iPAddress
diff --git a/epan/dissectors/packet-x509ce.c b/epan/dissectors/packet-x509ce.c
index 08e7f4a751..694cd7589e 100644
--- a/epan/dissectors/packet-x509ce.c
+++ b/epan/dissectors/packet-x509ce.c
@@ -87,6 +87,10 @@ static int hf_x509ce_DeltaInformation_PDU = -1; /* DeltaInformation */
static int hf_x509ce_CRLDistPointsSyntax_PDU = -1; /* CRLDistPointsSyntax */
static int hf_x509ce_IssuingDistPointSyntax_PDU = -1; /* IssuingDistPointSyntax */
static int hf_x509ce_BaseCRLNumber_PDU = -1; /* BaseCRLNumber */
+static int hf_x509ce_ToBeRevokedSyntax_PDU = -1; /* ToBeRevokedSyntax */
+static int hf_x509ce_RevokedGroupsSyntax_PDU = -1; /* RevokedGroupsSyntax */
+static int hf_x509ce_ExpiredCertsOnCRL_PDU = -1; /* ExpiredCertsOnCRL */
+static int hf_x509ce_AAIssuingDistPointSyntax_PDU = -1; /* AAIssuingDistPointSyntax */
static int hf_x509ce_CertificateTemplate_PDU = -1; /* CertificateTemplate */
static int hf_x509ce_keyIdentifier = -1; /* KeyIdentifier */
static int hf_x509ce_authorityCertIssuer = -1; /* GeneralNames */
@@ -98,8 +102,8 @@ static int hf_x509ce_CertificatePoliciesSyntax_item = -1; /* PolicyInformation
static int hf_x509ce_policyIdentifier = -1; /* CertPolicyId */
static int hf_x509ce_policyQualifiers = -1; /* SEQUENCE_SIZE_1_MAX_OF_PolicyQualifierInfo */
static int hf_x509ce_policyQualifiers_item = -1; /* PolicyQualifierInfo */
-static int hf_x509ce_policyQualifierId = -1; /* PolicyQualifierId */
-static int hf_x509ce_qualifier = -1; /* PolicyQualifierValue */
+static int hf_x509ce_policyQualifierId = -1; /* T_policyQualifierId */
+static int hf_x509ce_qualifier = -1; /* T_qualifier */
static int hf_x509ce_PolicyMappingsSyntax_item = -1; /* PolicyMappingsSyntax_item */
static int hf_x509ce_issuerDomainPolicy = -1; /* CertPolicyId */
static int hf_x509ce_subjectDomainPolicy = -1; /* CertPolicyId */
@@ -119,7 +123,7 @@ static int hf_x509ce_nameAssigner = -1; /* DirectoryString */
static int hf_x509ce_partyName = -1; /* DirectoryString */
static int hf_x509ce_AttributesSyntax_item = -1; /* Attribute */
static int hf_x509ce_cA = -1; /* BOOLEAN */
-static int hf_x509ce_pathLenConstraint = -1; /* INTEGER */
+static int hf_x509ce_pathLenConstraint = -1; /* INTEGER_0_MAX */
static int hf_x509ce_permittedSubtrees = -1; /* GeneralSubtrees */
static int hf_x509ce_excludedSubtrees = -1; /* GeneralSubtrees */
static int hf_x509ce_GeneralSubtrees_item = -1; /* GeneralSubtree */
@@ -159,9 +163,23 @@ static int hf_x509ce_reasons = -1; /* ReasonFlags */
static int hf_x509ce_cRLIssuer = -1; /* GeneralNames */
static int hf_x509ce_fullName = -1; /* GeneralNames */
static int hf_x509ce_nameRelativeToCRLIssuer = -1; /* RelativeDistinguishedName */
-static int hf_x509ce_containsUserPublicKeyCerts = -1; /* BOOLEAN */
-static int hf_x509ce_containsCACerts = -1; /* BOOLEAN */
+static int hf_x509ce_onlyContainsUserPublicKeyCerts = -1; /* BOOLEAN */
+static int hf_x509ce_onlyContainsCACerts = -1; /* BOOLEAN */
static int hf_x509ce_indirectCRL = -1; /* BOOLEAN */
+static int hf_x509ce_ToBeRevokedSyntax_item = -1; /* ToBeRevokedGroup */
+static int hf_x509ce_certificateIssuer = -1; /* GeneralName */
+static int hf_x509ce_reasonInfo = -1; /* ReasonInfo */
+static int hf_x509ce_revocationTime = -1; /* GeneralizedTime */
+static int hf_x509ce_certificateGroup = -1; /* CertificateGroup */
+static int hf_x509ce_reasonCode = -1; /* CRLReason */
+static int hf_x509ce_holdInstructionCode = -1; /* HoldInstruction */
+static int hf_x509ce_serialNumbers = -1; /* CertificateSerialNumbers */
+static int hf_x509ce_serialNumberRange_01 = -1; /* CertificateGroupNumberRange */
+static int hf_x509ce_nameSubtree = -1; /* GeneralName */
+static int hf_x509ce_CertificateSerialNumbers_item = -1; /* CertificateSerialNumber */
+static int hf_x509ce_RevokedGroupsSyntax_item = -1; /* RevokedGroup */
+static int hf_x509ce_invalidityDate = -1; /* GeneralizedTime */
+static int hf_x509ce_revokedcertificateGroup = -1; /* RevokedCertificateGroup */
static int hf_x509ce_containsUserAttributeCerts = -1; /* BOOLEAN */
static int hf_x509ce_containsAACerts = -1; /* BOOLEAN */
static int hf_x509ce_containsSOAPublicKeyCerts = -1; /* BOOLEAN */
@@ -169,6 +187,7 @@ static int hf_x509ce_serialNumber = -1; /* CertificateSerialNumber */
static int hf_x509ce_issuer = -1; /* Name */
static int hf_x509ce_subjectKeyIdentifier = -1; /* SubjectKeyIdentifier */
static int hf_x509ce_authorityKeyIdentifier = -1; /* AuthorityKeyIdentifier */
+static int hf_x509ce_certificateValid = -1; /* Time */
static int hf_x509ce_privateKeyValid = -1; /* GeneralizedTime */
static int hf_x509ce_subjectPublicKeyAlgID = -1; /* OBJECT_IDENTIFIER */
static int hf_x509ce_keyUsage = -1; /* KeyUsage */
@@ -184,17 +203,23 @@ static int hf_x509ce_cpea_issuedToThisCAAssertion = -1; /* CertificateExactAsse
static int hf_x509ce_cpea_issuedByThisCAAssertion = -1; /* CertificateExactAssertion */
static int hf_x509ce_issuedToThisCAAssertion = -1; /* CertificateAssertion */
static int hf_x509ce_issuedByThisCAAssertion = -1; /* CertificateAssertion */
+static int hf_x509ce_thisUpdate = -1; /* Time */
static int hf_x509ce_minCRLNumber = -1; /* CRLNumber */
static int hf_x509ce_maxCRLNumber = -1; /* CRLNumber */
static int hf_x509ce_reasonFlags = -1; /* ReasonFlags */
+static int hf_x509ce_dateAndTime = -1; /* Time */
static int hf_x509ce_firstIssuer = -1; /* Name */
static int hf_x509ce_lastSubject = -1; /* Name */
+static int hf_x509ce_subjectAltName_01 = -1; /* AltName */
+static int hf_x509ce_pathToName_01 = -1; /* GeneralNames */
+static int hf_x509ce_altnameType = -1; /* AltNameType */
+static int hf_x509ce_altNameValue = -1; /* GeneralName */
static int hf_x509ce_templateID = -1; /* OBJECT_IDENTIFIER */
static int hf_x509ce_templateMajorVersion = -1; /* INTEGER */
static int hf_x509ce_templateMinorVersion = -1; /* INTEGER */
/* named bits */
static int hf_x509ce_KeyUsage_digitalSignature = -1;
-static int hf_x509ce_KeyUsage_nonRepudiation = -1;
+static int hf_x509ce_KeyUsage_contentCommitment = -1;
static int hf_x509ce_KeyUsage_keyEncipherment = -1;
static int hf_x509ce_KeyUsage_dataEncipherment = -1;
static int hf_x509ce_KeyUsage_keyAgreement = -1;
@@ -202,11 +227,9 @@ static int hf_x509ce_KeyUsage_keyCertSign = -1;
static int hf_x509ce_KeyUsage_cRLSign = -1;
static int hf_x509ce_KeyUsage_encipherOnly = -1;
static int hf_x509ce_KeyUsage_decipherOnly = -1;
-static int hf_x509ce_OnlyCertificateTypes_userPublicKey = -1;
-static int hf_x509ce_OnlyCertificateTypes_cA = -1;
-static int hf_x509ce_OnlyCertificateTypes_userAttribute = -1;
-static int hf_x509ce_OnlyCertificateTypes_aA = -1;
-static int hf_x509ce_OnlyCertificateTypes_sOAPublicKey = -1;
+static int hf_x509ce_OnlyCertificateTypes_user = -1;
+static int hf_x509ce_OnlyCertificateTypes_authority = -1;
+static int hf_x509ce_OnlyCertificateTypes_attribute = -1;
static int hf_x509ce_ReasonFlags_unused = -1;
static int hf_x509ce_ReasonFlags_keyCompromise = -1;
static int hf_x509ce_ReasonFlags_cACompromise = -1;
@@ -259,6 +282,16 @@ static gint ett_x509ce_DistributionPoint = -1;
static gint ett_x509ce_DistributionPointName = -1;
static gint ett_x509ce_ReasonFlags = -1;
static gint ett_x509ce_IssuingDistPointSyntax = -1;
+static gint ett_x509ce_ToBeRevokedSyntax = -1;
+static gint ett_x509ce_ToBeRevokedGroup = -1;
+static gint ett_x509ce_ReasonInfo = -1;
+static gint ett_x509ce_CertificateGroup = -1;
+static gint ett_x509ce_CertificateGroupNumberRange = -1;
+static gint ett_x509ce_CertificateSerialNumbers = -1;
+static gint ett_x509ce_RevokedGroupsSyntax = -1;
+static gint ett_x509ce_RevokedGroup = -1;
+static gint ett_x509ce_RevokedCertificateGroup = -1;
+static gint ett_x509ce_AAIssuingDistPointSyntax = -1;
static gint ett_x509ce_CertificateExactAssertion = -1;
static gint ett_x509ce_CertificateAssertion = -1;
static gint ett_x509ce_AltNameType = -1;
@@ -268,6 +301,8 @@ static gint ett_x509ce_CertificatePairAssertion = -1;
static gint ett_x509ce_CertificateListExactAssertion = -1;
static gint ett_x509ce_CertificateListAssertion = -1;
static gint ett_x509ce_PkiPathMatchSyntax = -1;
+static gint ett_x509ce_EnhancedCertificateAssertion = -1;
+static gint ett_x509ce_AltName = -1;
static gint ett_x509ce_CertificateTemplate = -1;
/*--- End of included file: packet-x509ce-ett.c ---*/
@@ -301,7 +336,7 @@ dissect_x509ce_OtherNameType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_x509ce_OtherNameValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 124 "x509ce.cnf"
+#line 161 "x509ce.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -358,7 +393,7 @@ dissect_x509ce_T_uniformResourceIdentifier(gboolean implicit_tag _U_, tvbuff_t *
actx, tree, tvb, offset, hf_index,
NULL);
-#line 127 "x509ce.cnf"
+#line 164 "x509ce.cnf"
PROTO_ITEM_SET_URL(actx->created_item);
@@ -370,7 +405,7 @@ dissect_x509ce_T_uniformResourceIdentifier(gboolean implicit_tag _U_, tvbuff_t *
static int
dissect_x509ce_T_iPAddress(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 117 "x509ce.cnf"
+#line 154 "x509ce.cnf"
proto_tree_add_item(tree, hf_x509ce_IPAddress, tvb, offset, 4, FALSE);
offset+=4;
@@ -465,7 +500,7 @@ dissect_x509ce_SubjectKeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
static const asn_namedbit KeyUsage_bits[] = {
{ 0, &hf_x509ce_KeyUsage_digitalSignature, -1, -1, "digitalSignature", NULL },
- { 1, &hf_x509ce_KeyUsage_nonRepudiation, -1, -1, "nonRepudiation", NULL },
+ { 1, &hf_x509ce_KeyUsage_contentCommitment, -1, -1, "contentCommitment", NULL },
{ 2, &hf_x509ce_KeyUsage_keyEncipherment, -1, -1, "keyEncipherment", NULL },
{ 3, &hf_x509ce_KeyUsage_dataEncipherment, -1, -1, "dataEncipherment", NULL },
{ 4, &hf_x509ce_KeyUsage_keyAgreement, -1, -1, "keyAgreement", NULL },
@@ -543,7 +578,7 @@ dissect_x509ce_CertPolicyId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
static int
-dissect_x509ce_PolicyQualifierId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+dissect_x509ce_T_policyQualifierId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_object_identifier_str(implicit_tag, actx, tree, tvb, offset, hf_x509ce_object_identifier_id, &object_identifier_id);
return offset;
@@ -552,8 +587,8 @@ dissect_x509ce_PolicyQualifierId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i
static int
-dissect_x509ce_PolicyQualifierValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 114 "x509ce.cnf"
+dissect_x509ce_T_qualifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 151 "x509ce.cnf"
offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
@@ -563,8 +598,8 @@ dissect_x509ce_PolicyQualifierValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
static const ber_sequence_t PolicyQualifierInfo_sequence[] = {
- { &hf_x509ce_policyQualifierId, BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_x509ce_PolicyQualifierId },
- { &hf_x509ce_qualifier , BER_CLASS_ANY, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_PolicyQualifierValue },
+ { &hf_x509ce_policyQualifierId, BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_x509ce_T_policyQualifierId },
+ { &hf_x509ce_qualifier , BER_CLASS_ANY, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_T_qualifier },
{ NULL, 0, 0, 0, NULL }
};
@@ -670,9 +705,9 @@ dissect_x509ce_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
-dissect_x509ce_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+dissect_x509ce_INTEGER_0_MAX(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
- NULL);
+ NULL);
return offset;
}
@@ -680,7 +715,7 @@ dissect_x509ce_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static const ber_sequence_t BasicConstraintsSyntax_sequence[] = {
{ &hf_x509ce_cA , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_BOOLEAN },
- { &hf_x509ce_pathLenConstraint, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_INTEGER },
+ { &hf_x509ce_pathLenConstraint, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_INTEGER_0_MAX },
{ NULL, 0, 0, 0, NULL }
};
@@ -697,7 +732,7 @@ dissect_x509ce_BasicConstraintsSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _
int
dissect_x509ce_BaseDistance(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
- NULL);
+ NULL);
return offset;
}
@@ -751,7 +786,7 @@ dissect_x509ce_NameConstraintsSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U
int
dissect_x509ce_SkipCerts(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
- NULL);
+ NULL);
return offset;
}
@@ -776,7 +811,7 @@ dissect_x509ce_PolicyConstraintsSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb
int
dissect_x509ce_CRLNumber(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
- NULL);
+ NULL);
return offset;
}
@@ -838,11 +873,9 @@ dissect_x509ce_DistributionPointName(gboolean implicit_tag _U_, tvbuff_t *tvb _U
static const asn_namedbit OnlyCertificateTypes_bits[] = {
- { 0, &hf_x509ce_OnlyCertificateTypes_userPublicKey, -1, -1, "userPublicKey", NULL },
- { 1, &hf_x509ce_OnlyCertificateTypes_cA, -1, -1, "cA", NULL },
- { 2, &hf_x509ce_OnlyCertificateTypes_userAttribute, -1, -1, "userAttribute", NULL },
- { 3, &hf_x509ce_OnlyCertificateTypes_aA, -1, -1, "aA", NULL },
- { 4, &hf_x509ce_OnlyCertificateTypes_sOAPublicKey, -1, -1, "sOAPublicKey", NULL },
+ { 0, &hf_x509ce_OnlyCertificateTypes_user, -1, -1, "user", NULL },
+ { 1, &hf_x509ce_OnlyCertificateTypes_authority, -1, -1, "authority", NULL },
+ { 2, &hf_x509ce_OnlyCertificateTypes_attribute, -1, -1, "attribute", NULL },
{ 0, NULL, 0, 0, NULL, NULL }
};
@@ -879,6 +912,16 @@ dissect_x509ce_ReasonFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
}
+
+static int
+dissect_x509ce_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+ NULL);
+
+ return offset;
+}
+
+
static const ber_sequence_t NumberRange_sequence[] = {
{ &hf_x509ce_startingNumber, BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_INTEGER },
{ &hf_x509ce_endingNumber , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_INTEGER },
@@ -899,7 +942,7 @@ dissect_x509ce_NumberRange(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
int
dissect_x509ce_CRLStreamIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
- NULL);
+ NULL);
return offset;
}
@@ -1084,13 +1127,10 @@ dissect_x509ce_CRLDistPointsSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static const ber_sequence_t IssuingDistPointSyntax_sequence[] = {
{ &hf_x509ce_distributionPoint, BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_DistributionPointName },
- { &hf_x509ce_containsUserPublicKeyCerts, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
- { &hf_x509ce_containsCACerts, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
+ { &hf_x509ce_onlyContainsUserPublicKeyCerts, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
+ { &hf_x509ce_onlyContainsCACerts, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
{ &hf_x509ce_onlySomeReasons, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_ReasonFlags },
{ &hf_x509ce_indirectCRL , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
- { &hf_x509ce_containsUserAttributeCerts, BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
- { &hf_x509ce_containsAACerts, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
- { &hf_x509ce_containsSOAPublicKeyCerts, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
{ NULL, 0, 0, 0, NULL }
};
@@ -1112,6 +1152,183 @@ dissect_x509ce_BaseCRLNumber(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
}
+static const ber_sequence_t ReasonInfo_sequence[] = {
+ { &hf_x509ce_reasonCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_x509ce_CRLReason },
+ { &hf_x509ce_holdInstructionCode, BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_HoldInstruction },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_ReasonInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ ReasonInfo_sequence, hf_index, ett_x509ce_ReasonInfo);
+
+ return offset;
+}
+
+
+static const ber_sequence_t CertificateSerialNumbers_sequence_of[1] = {
+ { &hf_x509ce_CertificateSerialNumbers_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_x509af_CertificateSerialNumber },
+};
+
+static int
+dissect_x509ce_CertificateSerialNumbers(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+ CertificateSerialNumbers_sequence_of, hf_index, ett_x509ce_CertificateSerialNumbers);
+
+ return offset;
+}
+
+
+static const ber_sequence_t CertificateGroupNumberRange_sequence[] = {
+ { &hf_x509ce_startingNumber, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_x509ce_INTEGER },
+ { &hf_x509ce_endingNumber , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_x509ce_INTEGER },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_CertificateGroupNumberRange(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ CertificateGroupNumberRange_sequence, hf_index, ett_x509ce_CertificateGroupNumberRange);
+
+ return offset;
+}
+
+
+static const value_string x509ce_CertificateGroup_vals[] = {
+ { 0, "serialNumbers" },
+ { 1, "serialNumberRange" },
+ { 2, "nameSubtree" },
+ { 0, NULL }
+};
+
+static const ber_choice_t CertificateGroup_choice[] = {
+ { 0, &hf_x509ce_serialNumbers, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_x509ce_CertificateSerialNumbers },
+ { 1, &hf_x509ce_serialNumberRange_01, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_x509ce_CertificateGroupNumberRange },
+ { 2, &hf_x509ce_nameSubtree , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_x509ce_GeneralName },
+ { 0, NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_CertificateGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_choice(actx, tree, tvb, offset,
+ CertificateGroup_choice, hf_index, ett_x509ce_CertificateGroup,
+ NULL);
+
+ return offset;
+}
+
+
+static const ber_sequence_t ToBeRevokedGroup_sequence[] = {
+ { &hf_x509ce_certificateIssuer, BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_GeneralName },
+ { &hf_x509ce_reasonInfo , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_ReasonInfo },
+ { &hf_x509ce_revocationTime, BER_CLASS_UNI, BER_UNI_TAG_GeneralizedTime, BER_FLAGS_NOOWNTAG, dissect_x509ce_GeneralizedTime },
+ { &hf_x509ce_certificateGroup, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_CertificateGroup },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_ToBeRevokedGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ ToBeRevokedGroup_sequence, hf_index, ett_x509ce_ToBeRevokedGroup);
+
+ return offset;
+}
+
+
+static const ber_sequence_t ToBeRevokedSyntax_sequence_of[1] = {
+ { &hf_x509ce_ToBeRevokedSyntax_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509ce_ToBeRevokedGroup },
+};
+
+static int
+dissect_x509ce_ToBeRevokedSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+ ToBeRevokedSyntax_sequence_of, hf_index, ett_x509ce_ToBeRevokedSyntax);
+
+ return offset;
+}
+
+
+static const value_string x509ce_RevokedCertificateGroup_vals[] = {
+ { 0, "serialNumberRange" },
+ { 1, "nameSubtree" },
+ { 0, NULL }
+};
+
+static const ber_choice_t RevokedCertificateGroup_choice[] = {
+ { 0, &hf_x509ce_serialNumberRange, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509ce_NumberRange },
+ { 1, &hf_x509ce_nameSubtree , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_x509ce_GeneralName },
+ { 0, NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_RevokedCertificateGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_choice(actx, tree, tvb, offset,
+ RevokedCertificateGroup_choice, hf_index, ett_x509ce_RevokedCertificateGroup,
+ NULL);
+
+ return offset;
+}
+
+
+static const ber_sequence_t RevokedGroup_sequence[] = {
+ { &hf_x509ce_certificateIssuer, BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_GeneralName },
+ { &hf_x509ce_reasonInfo , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_ReasonInfo },
+ { &hf_x509ce_invalidityDate, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_GeneralizedTime },
+ { &hf_x509ce_revokedcertificateGroup, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_RevokedCertificateGroup },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_RevokedGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ RevokedGroup_sequence, hf_index, ett_x509ce_RevokedGroup);
+
+ return offset;
+}
+
+
+static const ber_sequence_t RevokedGroupsSyntax_sequence_of[1] = {
+ { &hf_x509ce_RevokedGroupsSyntax_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_x509ce_RevokedGroup },
+};
+
+static int
+dissect_x509ce_RevokedGroupsSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
+ RevokedGroupsSyntax_sequence_of, hf_index, ett_x509ce_RevokedGroupsSyntax);
+
+ return offset;
+}
+
+
+
+static int
+dissect_x509ce_ExpiredCertsOnCRL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index);
+
+ return offset;
+}
+
+
+static const ber_sequence_t AAIssuingDistPointSyntax_sequence[] = {
+ { &hf_x509ce_distributionPoint, BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_DistributionPointName },
+ { &hf_x509ce_onlySomeReasons, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_ReasonFlags },
+ { &hf_x509ce_indirectCRL , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
+ { &hf_x509ce_containsUserAttributeCerts, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
+ { &hf_x509ce_containsAACerts, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
+ { &hf_x509ce_containsSOAPublicKeyCerts, BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_BOOLEAN },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_AAIssuingDistPointSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ AAIssuingDistPointSyntax_sequence, hf_index, ett_x509ce_AAIssuingDistPointSyntax);
+
+ return offset;
+}
+
+
static const ber_sequence_t CertificateExactAssertion_sequence[] = {
{ &hf_x509ce_serialNumber , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_x509af_CertificateSerialNumber },
{ &hf_x509ce_issuer , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_x509if_Name },
@@ -1189,6 +1406,7 @@ static const ber_sequence_t CertificateAssertion_sequence[] = {
{ &hf_x509ce_issuer , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509if_Name },
{ &hf_x509ce_subjectKeyIdentifier, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_SubjectKeyIdentifier },
{ &hf_x509ce_authorityKeyIdentifier, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_AuthorityKeyIdentifier },
+ { &hf_x509ce_certificateValid, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509af_Time },
{ &hf_x509ce_privateKeyValid, BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_GeneralizedTime },
{ &hf_x509ce_subjectPublicKeyAlgID, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_OBJECT_IDENTIFIER },
{ &hf_x509ce_keyUsage , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_KeyUsage },
@@ -1241,6 +1459,7 @@ dissect_x509ce_CertificatePairAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb
static const ber_sequence_t CertificateListExactAssertion_sequence[] = {
{ &hf_x509ce_issuer , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_x509if_Name },
+ { &hf_x509ce_thisUpdate , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG, dissect_x509af_Time },
{ &hf_x509ce_distributionPoint, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_DistributionPointName },
{ NULL, 0, 0, 0, NULL }
};
@@ -1259,6 +1478,7 @@ static const ber_sequence_t CertificateListAssertion_sequence[] = {
{ &hf_x509ce_minCRLNumber , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_CRLNumber },
{ &hf_x509ce_maxCRLNumber , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_CRLNumber },
{ &hf_x509ce_reasonFlags , BER_CLASS_UNI, BER_UNI_TAG_BITSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509ce_ReasonFlags },
+ { &hf_x509ce_dateAndTime , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_x509af_Time },
{ &hf_x509ce_distributionPoint, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_DistributionPointName },
{ &hf_x509ce_authorityKeyIdentifier, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_AuthorityKeyIdentifier },
{ NULL, 0, 0, 0, NULL }
@@ -1288,6 +1508,47 @@ dissect_x509ce_PkiPathMatchSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
}
+static const ber_sequence_t AltName_sequence[] = {
+ { &hf_x509ce_altnameType , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_AltNameType },
+ { &hf_x509ce_altNameValue , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_x509ce_GeneralName },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_AltName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ AltName_sequence, hf_index, ett_x509ce_AltName);
+
+ return offset;
+}
+
+
+static const ber_sequence_t EnhancedCertificateAssertion_sequence[] = {
+ { &hf_x509ce_serialNumber , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509af_CertificateSerialNumber },
+ { &hf_x509ce_issuer , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509if_Name },
+ { &hf_x509ce_subjectKeyIdentifier, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_SubjectKeyIdentifier },
+ { &hf_x509ce_authorityKeyIdentifier, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_AuthorityKeyIdentifier },
+ { &hf_x509ce_certificateValid, BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509af_Time },
+ { &hf_x509ce_privateKeyValid, BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_GeneralizedTime },
+ { &hf_x509ce_subjectPublicKeyAlgID, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_OBJECT_IDENTIFIER },
+ { &hf_x509ce_keyUsage , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_KeyUsage },
+ { &hf_x509ce_subjectAltName_01, BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_AltName },
+ { &hf_x509ce_policy , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_CertPolicySet },
+ { &hf_x509ce_pathToName_01, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_GeneralNames },
+ { &hf_x509ce_subject , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509if_Name },
+ { &hf_x509ce_nameConstraints, BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_x509ce_NameConstraintsSyntax },
+ { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_EnhancedCertificateAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+ offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+ EnhancedCertificateAssertion_sequence, hf_index, ett_x509ce_EnhancedCertificateAssertion);
+
+ return offset;
+}
+
+
static const ber_sequence_t CertificateTemplate_sequence[] = {
{ &hf_x509ce_templateID , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_x509ce_OBJECT_IDENTIFIER },
{ &hf_x509ce_templateMajorVersion, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_x509ce_INTEGER },
@@ -1425,6 +1686,26 @@ static void dissect_BaseCRLNumber_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_,
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
dissect_x509ce_BaseCRLNumber(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_BaseCRLNumber_PDU);
}
+static void dissect_ToBeRevokedSyntax_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+ asn1_ctx_t asn1_ctx;
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+ dissect_x509ce_ToBeRevokedSyntax(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_ToBeRevokedSyntax_PDU);
+}
+static void dissect_RevokedGroupsSyntax_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+ asn1_ctx_t asn1_ctx;
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+ dissect_x509ce_RevokedGroupsSyntax(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_RevokedGroupsSyntax_PDU);
+}
+static void dissect_ExpiredCertsOnCRL_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+ asn1_ctx_t asn1_ctx;
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+ dissect_x509ce_ExpiredCertsOnCRL(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_ExpiredCertsOnCRL_PDU);
+}
+static void dissect_AAIssuingDistPointSyntax_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
+ asn1_ctx_t asn1_ctx;
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+ dissect_x509ce_AAIssuingDistPointSyntax(FALSE, tvb, 0, &asn1_ctx, tree, hf_x509ce_AAIssuingDistPointSyntax_PDU);
+}
static void dissect_CertificateTemplate_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
@@ -1572,6 +1853,22 @@ void proto_register_x509ce(void) {
{ "BaseCRLNumber", "x509ce.BaseCRLNumber",
FT_UINT32, BASE_DEC, NULL, 0,
"x509ce.BaseCRLNumber", HFILL }},
+ { &hf_x509ce_ToBeRevokedSyntax_PDU,
+ { "ToBeRevokedSyntax", "x509ce.ToBeRevokedSyntax",
+ FT_UINT32, BASE_DEC, NULL, 0,
+ "x509ce.ToBeRevokedSyntax", HFILL }},
+ { &hf_x509ce_RevokedGroupsSyntax_PDU,
+ { "RevokedGroupsSyntax", "x509ce.RevokedGroupsSyntax",
+ FT_UINT32, BASE_DEC, NULL, 0,
+ "x509ce.RevokedGroupsSyntax", HFILL }},
+ { &hf_x509ce_ExpiredCertsOnCRL_PDU,
+ { "ExpiredCertsOnCRL", "x509ce.ExpiredCertsOnCRL",
+ FT_STRING, BASE_NONE, NULL, 0,
+ "x509ce.ExpiredCertsOnCRL", HFILL }},
+ { &hf_x509ce_AAIssuingDistPointSyntax_PDU,
+ { "AAIssuingDistPointSyntax", "x509ce.AAIssuingDistPointSyntax",
+ FT_NONE, BASE_NONE, NULL, 0,
+ "x509ce.AAIssuingDistPointSyntax", HFILL }},
{ &hf_x509ce_CertificateTemplate_PDU,
{ "CertificateTemplate", "x509ce.CertificateTemplate",
FT_NONE, BASE_NONE, NULL, 0,
@@ -1619,11 +1916,11 @@ void proto_register_x509ce(void) {
{ &hf_x509ce_policyQualifierId,
{ "policyQualifierId", "x509ce.policyQualifierId",
FT_OID, BASE_NONE, NULL, 0,
- "x509ce.PolicyQualifierId", HFILL }},
+ "x509ce.T_policyQualifierId", HFILL }},
{ &hf_x509ce_qualifier,
{ "qualifier", "x509ce.qualifier",
FT_NONE, BASE_NONE, NULL, 0,
- "x509ce.PolicyQualifierValue", HFILL }},
+ "x509ce.T_qualifier", HFILL }},
{ &hf_x509ce_PolicyMappingsSyntax_item,
{ "Item", "x509ce.PolicyMappingsSyntax_item",
FT_NONE, BASE_NONE, NULL, 0,
@@ -1702,8 +1999,8 @@ void proto_register_x509ce(void) {
"x509ce.BOOLEAN", HFILL }},
{ &hf_x509ce_pathLenConstraint,
{ "pathLenConstraint", "x509ce.pathLenConstraint",
- FT_INT32, BASE_DEC, NULL, 0,
- "x509ce.INTEGER", HFILL }},
+ FT_UINT32, BASE_DEC, NULL, 0,
+ "x509ce.INTEGER_0_MAX", HFILL }},
{ &hf_x509ce_permittedSubtrees,
{ "permittedSubtrees", "x509ce.permittedSubtrees",
FT_UINT32, BASE_DEC, NULL, 0,
@@ -1860,18 +2157,74 @@ void proto_register_x509ce(void) {
{ "nameRelativeToCRLIssuer", "x509ce.nameRelativeToCRLIssuer",
FT_UINT32, BASE_DEC, NULL, 0,
"x509if.RelativeDistinguishedName", HFILL }},
- { &hf_x509ce_containsUserPublicKeyCerts,
- { "containsUserPublicKeyCerts", "x509ce.containsUserPublicKeyCerts",
+ { &hf_x509ce_onlyContainsUserPublicKeyCerts,
+ { "onlyContainsUserPublicKeyCerts", "x509ce.onlyContainsUserPublicKeyCerts",
FT_BOOLEAN, 8, NULL, 0,
"x509ce.BOOLEAN", HFILL }},
- { &hf_x509ce_containsCACerts,
- { "containsCACerts", "x509ce.containsCACerts",
+ { &hf_x509ce_onlyContainsCACerts,
+ { "onlyContainsCACerts", "x509ce.onlyContainsCACerts",
FT_BOOLEAN, 8, NULL, 0,
"x509ce.BOOLEAN", HFILL }},
{ &hf_x509ce_indirectCRL,
{ "indirectCRL", "x509ce.indirectCRL",
FT_BOOLEAN, 8, NULL, 0,
"x509ce.BOOLEAN", HFILL }},
+ { &hf_x509ce_ToBeRevokedSyntax_item,
+ { "Item", "x509ce.ToBeRevokedSyntax_item",
+ FT_NONE, BASE_NONE, NULL, 0,
+ "x509ce.ToBeRevokedGroup", HFILL }},
+ { &hf_x509ce_certificateIssuer,
+ { "certificateIssuer", "x509ce.certificateIssuer",
+ FT_UINT32, BASE_DEC, VALS(x509ce_GeneralName_vals), 0,
+ "x509ce.GeneralName", HFILL }},
+ { &hf_x509ce_reasonInfo,
+ { "reasonInfo", "x509ce.reasonInfo",
+ FT_NONE, BASE_NONE, NULL, 0,
+ "x509ce.ReasonInfo", HFILL }},
+ { &hf_x509ce_revocationTime,
+ { "revocationTime", "x509ce.revocationTime",
+ FT_STRING, BASE_NONE, NULL, 0,
+ "x509ce.GeneralizedTime", HFILL }},
+ { &hf_x509ce_certificateGroup,
+ { "certificateGroup", "x509ce.certificateGroup",
+ FT_UINT32, BASE_DEC, VALS(x509ce_CertificateGroup_vals), 0,
+ "x509ce.CertificateGroup", HFILL }},
+ { &hf_x509ce_reasonCode,
+ { "reasonCode", "x509ce.reasonCode",
+ FT_UINT32, BASE_DEC, VALS(x509ce_CRLReason_vals), 0,
+ "x509ce.CRLReason", HFILL }},
+ { &hf_x509ce_holdInstructionCode,
+ { "holdInstructionCode", "x509ce.holdInstructionCode",
+ FT_OID, BASE_NONE, NULL, 0,
+ "x509ce.HoldInstruction", HFILL }},
+ { &hf_x509ce_serialNumbers,
+ { "serialNumbers", "x509ce.serialNumbers",
+ FT_UINT32, BASE_DEC, NULL, 0,
+ "x509ce.CertificateSerialNumbers", HFILL }},
+ { &hf_x509ce_serialNumberRange_01,
+ { "serialNumberRange", "x509ce.serialNumberRange",
+ FT_NONE, BASE_NONE, NULL, 0,
+ "x509ce.CertificateGroupNumberRange", HFILL }},
+ { &hf_x509ce_nameSubtree,
+ { "nameSubtree", "x509ce.nameSubtree",
+ FT_UINT32, BASE_DEC, VALS(x509ce_GeneralName_vals), 0,
+ "x509ce.GeneralName", HFILL }},
+ { &hf_x509ce_CertificateSerialNumbers_item,
+ { "Item", "x509ce.CertificateSerialNumbers_item",
+ FT_INT32, BASE_DEC, NULL, 0,
+ "x509af.CertificateSerialNumber", HFILL }},
+ { &hf_x509ce_RevokedGroupsSyntax_item,
+ { "Item", "x509ce.RevokedGroupsSyntax_item",
+ FT_NONE, BASE_NONE, NULL, 0,
+ "x509ce.RevokedGroup", HFILL }},
+ { &hf_x509ce_invalidityDate,
+ { "invalidityDate", "x509ce.invalidityDate",
+ FT_STRING, BASE_NONE, NULL, 0,
+ "x509ce.GeneralizedTime", HFILL }},
+ { &hf_x509ce_revokedcertificateGroup,
+ { "revokedcertificateGroup", "x509ce.revokedcertificateGroup",
+ FT_UINT32, BASE_DEC, VALS(x509ce_RevokedCertificateGroup_vals), 0,
+ "x509ce.RevokedCertificateGroup", HFILL }},
{ &hf_x509ce_containsUserAttributeCerts,
{ "containsUserAttributeCerts", "x509ce.containsUserAttributeCerts",
FT_BOOLEAN, 8, NULL, 0,
@@ -1900,6 +2253,10 @@ void proto_register_x509ce(void) {
{ "authorityKeyIdentifier", "x509ce.authorityKeyIdentifier",
FT_NONE, BASE_NONE, NULL, 0,
"x509ce.AuthorityKeyIdentifier", HFILL }},
+ { &hf_x509ce_certificateValid,
+ { "certificateValid", "x509ce.certificateValid",
+ FT_UINT32, BASE_DEC, VALS(x509af_Time_vals), 0,
+ "x509af.Time", HFILL }},
{ &hf_x509ce_privateKeyValid,
{ "privateKeyValid", "x509ce.privateKeyValid",
FT_STRING, BASE_NONE, NULL, 0,
@@ -1960,6 +2317,10 @@ void proto_register_x509ce(void) {
{ "issuedByThisCAAssertion", "x509ce.issuedByThisCAAssertion",
FT_NONE, BASE_NONE, NULL, 0,
"x509ce.CertificateAssertion", HFILL }},
+ { &hf_x509ce_thisUpdate,
+ { "thisUpdate", "x509ce.thisUpdate",
+ FT_UINT32, BASE_DEC, VALS(x509af_Time_vals), 0,
+ "x509af.Time", HFILL }},
{ &hf_x509ce_minCRLNumber,
{ "minCRLNumber", "x509ce.minCRLNumber",
FT_UINT32, BASE_DEC, NULL, 0,
@@ -1972,6 +2333,10 @@ void proto_register_x509ce(void) {
{ "reasonFlags", "x509ce.reasonFlags",
FT_BYTES, BASE_HEX, NULL, 0,
"x509ce.ReasonFlags", HFILL }},
+ { &hf_x509ce_dateAndTime,
+ { "dateAndTime", "x509ce.dateAndTime",
+ FT_UINT32, BASE_DEC, VALS(x509af_Time_vals), 0,
+ "x509af.Time", HFILL }},
{ &hf_x509ce_firstIssuer,
{ "firstIssuer", "x509ce.firstIssuer",
FT_UINT32, BASE_DEC, VALS(x509if_Name_vals), 0,
@@ -1980,6 +2345,22 @@ void proto_register_x509ce(void) {
{ "lastSubject", "x509ce.lastSubject",
FT_UINT32, BASE_DEC, VALS(x509if_Name_vals), 0,
"x509if.Name", HFILL }},
+ { &hf_x509ce_subjectAltName_01,
+ { "subjectAltName", "x509ce.subjectAltName",
+ FT_NONE, BASE_NONE, NULL, 0,
+ "x509ce.AltName", HFILL }},
+ { &hf_x509ce_pathToName_01,
+ { "pathToName", "x509ce.pathToName",
+ FT_UINT32, BASE_DEC, NULL, 0,
+ "x509ce.GeneralNames", HFILL }},
+ { &hf_x509ce_altnameType,
+ { "altnameType", "x509ce.altnameType",
+ FT_UINT32, BASE_DEC, VALS(x509ce_AltNameType_vals), 0,
+ "x509ce.AltNameType", HFILL }},
+ { &hf_x509ce_altNameValue,
+ { "altNameValue", "x509ce.altNameValue",
+ FT_UINT32, BASE_DEC, VALS(x509ce_GeneralName_vals), 0,
+ "x509ce.GeneralName", HFILL }},
{ &hf_x509ce_templateID,
{ "templateID", "x509ce.templateID",
FT_OID, BASE_NONE, NULL, 0,
@@ -1996,8 +2377,8 @@ void proto_register_x509ce(void) {
{ "digitalSignature", "x509ce.digitalSignature",
FT_BOOLEAN, 8, NULL, 0x80,
"", HFILL }},
- { &hf_x509ce_KeyUsage_nonRepudiation,
- { "nonRepudiation", "x509ce.nonRepudiation",
+ { &hf_x509ce_KeyUsage_contentCommitment,
+ { "contentCommitment", "x509ce.contentCommitment",
FT_BOOLEAN, 8, NULL, 0x40,
"", HFILL }},
{ &hf_x509ce_KeyUsage_keyEncipherment,
@@ -2028,26 +2409,18 @@ void proto_register_x509ce(void) {
{ "decipherOnly", "x509ce.decipherOnly",
FT_BOOLEAN, 8, NULL, 0x80,
"", HFILL }},
- { &hf_x509ce_OnlyCertificateTypes_userPublicKey,
- { "userPublicKey", "x509ce.userPublicKey",
+ { &hf_x509ce_OnlyCertificateTypes_user,
+ { "user", "x509ce.user",
FT_BOOLEAN, 8, NULL, 0x80,
"", HFILL }},
- { &hf_x509ce_OnlyCertificateTypes_cA,
- { "cA", "x509ce.cA",
+ { &hf_x509ce_OnlyCertificateTypes_authority,
+ { "authority", "x509ce.authority",
FT_BOOLEAN, 8, NULL, 0x40,
"", HFILL }},
- { &hf_x509ce_OnlyCertificateTypes_userAttribute,
- { "userAttribute", "x509ce.userAttribute",
+ { &hf_x509ce_OnlyCertificateTypes_attribute,
+ { "attribute", "x509ce.attribute",
FT_BOOLEAN, 8, NULL, 0x20,
"", HFILL }},
- { &hf_x509ce_OnlyCertificateTypes_aA,
- { "aA", "x509ce.aA",
- FT_BOOLEAN, 8, NULL, 0x10,
- "", HFILL }},
- { &hf_x509ce_OnlyCertificateTypes_sOAPublicKey,
- { "sOAPublicKey", "x509ce.sOAPublicKey",
- FT_BOOLEAN, 8, NULL, 0x08,
- "", HFILL }},
{ &hf_x509ce_ReasonFlags_unused,
{ "unused", "x509ce.unused",
FT_BOOLEAN, 8, NULL, 0x80,
@@ -2129,6 +2502,16 @@ void proto_register_x509ce(void) {
&ett_x509ce_DistributionPointName,
&ett_x509ce_ReasonFlags,
&ett_x509ce_IssuingDistPointSyntax,
+ &ett_x509ce_ToBeRevokedSyntax,
+ &ett_x509ce_ToBeRevokedGroup,
+ &ett_x509ce_ReasonInfo,
+ &ett_x509ce_CertificateGroup,
+ &ett_x509ce_CertificateGroupNumberRange,
+ &ett_x509ce_CertificateSerialNumbers,
+ &ett_x509ce_RevokedGroupsSyntax,
+ &ett_x509ce_RevokedGroup,
+ &ett_x509ce_RevokedCertificateGroup,
+ &ett_x509ce_AAIssuingDistPointSyntax,
&ett_x509ce_CertificateExactAssertion,
&ett_x509ce_CertificateAssertion,
&ett_x509ce_AltNameType,
@@ -2138,6 +2521,8 @@ void proto_register_x509ce(void) {
&ett_x509ce_CertificateListExactAssertion,
&ett_x509ce_CertificateListAssertion,
&ett_x509ce_PkiPathMatchSyntax,
+ &ett_x509ce_EnhancedCertificateAssertion,
+ &ett_x509ce_AltName,
&ett_x509ce_CertificateTemplate,
/*--- End of included file: packet-x509ce-ettarr.c ---*/
@@ -2186,6 +2571,10 @@ void proto_reg_handoff_x509ce(void) {
register_ber_oid_dissector("2.5.29.47", dissect_OrderedListSyntax_PDU, proto_x509ce, "id-ce-orderedList");
register_ber_oid_dissector("2.5.29.53", dissect_DeltaInformation_PDU, proto_x509ce, "id-ce-deltaInfo");
register_ber_oid_dissector("2.5.29.54", dissect_SkipCerts_PDU, proto_x509ce, "id-ce-inhibitAnyPolicy");
+ register_ber_oid_dissector("2.5.29.58", dissect_ToBeRevokedSyntax_PDU, proto_x509ce, "id-ce-toBeRevoked");
+ register_ber_oid_dissector("2.5.29.59", dissect_RevokedGroupsSyntax_PDU, proto_x509ce, "id-ce-RevokedGroups");
+ register_ber_oid_dissector("2.5.29.60", dissect_ExpiredCertsOnCRL_PDU, proto_x509ce, "id-ce-expiredCertsOnCRL");
+ register_ber_oid_dissector("2.5.29.61", dissect_AAIssuingDistPointSyntax_PDU, proto_x509ce, "id-ce-aAissuingDistributionPoint");
register_ber_oid_dissector("1.3.6.1.4.1.311.21.7", dissect_CertificateTemplate_PDU, proto_x509ce, "id-ms-certificate-template");
register_ber_oid_dissector("1.3.6.1.4.1.311.21.10", dissect_CertificatePoliciesSyntax_PDU, proto_x509ce, "id-ms-application-certificate-policies");
diff --git a/epan/dissectors/packet-x509ce.h b/epan/dissectors/packet-x509ce.h
index 8125791c1f..f09aa4ccc5 100644
--- a/epan/dissectors/packet-x509ce.h
+++ b/epan/dissectors/packet-x509ce.h
@@ -47,8 +47,8 @@ int dissect_x509ce_AuthorityKeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *t
int dissect_x509ce_KeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_x509ce_SubjectKeyIdentifier(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_x509ce_KeyUsage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
-int dissect_x509ce_KeyPurposeIDs(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_x509ce_KeyPurposeId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+int dissect_x509ce_KeyPurposeIDs(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_x509ce_PrivateKeyUsagePeriod(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_x509ce_CertificatePoliciesSyntax(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_x509ce_PolicyInformation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 11:20:55 +0000