1 files changed, 283 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/x509af/AuthenticationFramework.asn b/epan/dissectors/asn1/x509af/AuthenticationFramework.asn
new file mode 100644
index 0000000000..9ccb7a13b0
--- /dev/null
+++ b/epan/dissectors/asn1/x509af/AuthenticationFramework.asn
@@ -0,0 +1,283 @@
+-- Module AuthenticationFramework (X.509:08/1997)
+
+AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+  authenticationFramework(7) 3} DEFINITIONS ::=
+BEGIN
+
+--  EXPORTS All 
+--  The types and values defined in this module are exported for use in the other ASN.1 modules contained
+--  within the Directory Specifications, and for the use of other applications which will use them to access
+--  Directory services. Other applications may use them for their own purposes, but this will not constrain
+--  extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  id-at, id-mr, informationFramework, upperBounds, selectedAttributeTypes,
+    basicAccessControl, certificateExtensions
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 3}
+  Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute, RDNSequence
+    FROM InformationFramework informationFramework
+  ub-user-password
+    FROM UpperBounds upperBounds
+  AuthenticationLevel
+    FROM BasicAccessControl basicAccessControl
+  UniqueIdentifier, octetStringMatch
+    FROM SelectedAttributeTypes selectedAttributeTypes
+  certificateExactMatch, certificatePairExactMatch, certificateListExactMatch,
+    GeneralNames
+    FROM CertificateExtensions certificateExtensions;
+
+--  basic certificate definition
+Certificate ::= SEQUENCE {
+  signedCertificate SEQUENCE {
+               version                  [0]  Version DEFAULT v1,
+               serialNumber             CertificateSerialNumber,
+               signature                AlgorithmIdentifier,
+               issuer                   Name, 
+               validity                 Validity,
+               subject                  SubjectName,
+               subjectPublicKeyInfo     SubjectPublicKeyInfo,
+               issuerUniqueIdentifier   [1] IMPLICIT UniqueIdentifier OPTIONAL,
+               --  if present, version must be v2 or v3
+               subjectUniqueIdentifier  [2] IMPLICIT UniqueIdentifier OPTIONAL,
+               --  if present, version must be v2 or v3
+               extensions               [3]  Extensions OPTIONAL
+               --  If present, version must be v3 -- },
+  algorithmIdentifier  AlgorithmIdentifier,
+  encrypted            BIT STRING
+}
+
+-- imported to allow labelling
+SubjectName ::= CHOICE {
+   rdnSequence  RDNSequence
+}
+
+Version ::= INTEGER {v1(0), v2(1), v3(2)}
+
+CertificateSerialNumber ::= INTEGER
+
+AlgorithmIdentifier ::= SEQUENCE {
+  algorithmId OBJECT IDENTIFIER,
+  parameters  ANY OPTIONAL
+}
+
+--	Definition of the following information object set is deferred, perhaps to standardized
+--	profiles or to protocol implementation conformance statements. The set is required to
+--	specify a table constraint on the parameters component of AlgorithmIdentifier.
+--SupportedAlgorithms ALGORITHM ::=
+--{...}
+
+Validity ::= SEQUENCE {notBefore  Time,
+                       notAfter   Time
+}
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+  algorithm         AlgorithmIdentifier,
+  subjectPublicKey  BIT STRING
+}
+
+Time ::= CHOICE {utcTime          UTCTime,
+                 generalizedTime  GeneralizedTime
+}
+
+Extensions ::= SEQUENCE OF Extension
+
+--  For those extensions where ordering of individual extensions within the SEQUENCE is significant, the
+--  specification of those individual extensions shall include the rules for the significance of the order therein
+Extension ::= SEQUENCE {
+  extnId     OBJECT IDENTIFIER,
+  critical   BOOLEAN OPTIONAL,
+  extnValue  OCTET STRING
+--    contains a DER encoding of a value of type &ExtnType
+--    for the extension object identified by extnId 
+}
+
+--ExtensionSet EXTENSION ::=
+--  {...}
+
+EXTENSION ::= CLASS {&id        OBJECT IDENTIFIER UNIQUE,
+                     &ExtnType  
+}WITH SYNTAX {SYNTAX &ExtnType
+              IDENTIFIED BY &id
+}
+
+--  other certificate constructs
+Certificates ::= SEQUENCE {
+  userCertificate    Certificate,
+  certificationPath  ForwardCertificationPath OPTIONAL
+}
+
+ForwardCertificationPath ::= SEQUENCE OF CrossCertificates
+
+CrossCertificates ::= SET OF Certificate
+
+CertificationPath ::= SEQUENCE {
+  userCertificate    Certificate,
+  theCACertificates  SEQUENCE OF CertificatePair OPTIONAL
+}
+
+CertificatePair ::= SEQUENCE {
+  issuedByThisCA  [0]  Certificate OPTIONAL,
+  issuedToThisCA  [1]  Certificate OPTIONAL
+  --  at least one of the pair shall be present 
+}
+
+--  Certificate Revocation List (CRL)
+CertificateList ::= SEQUENCE {
+    signedCertificateList SEQUENCE {
+               version              Version OPTIONAL,
+               --  if present, version must be v2
+               signature            AlgorithmIdentifier,
+               issuer               Name, 
+               thisUpdate           Time,
+               nextUpdate           Time OPTIONAL,
+               revokedCertificates
+                 SEQUENCE OF
+                   SEQUENCE {userCertificate     CertificateSerialNumber,
+                             revocationDate      Time,
+                             crlEntryExtensions  Extensions OPTIONAL} OPTIONAL,
+               crlExtensions        [0]  Extensions OPTIONAL},
+  algorithmIdentifier  AlgorithmIdentifier,
+  encrypted            BIT STRING
+}
+
+--  attribute certificate
+AttributeCertificationPath ::= SEQUENCE {
+  attributeCertificate  AttributeCertificate,
+  acPath                SEQUENCE OF ACPathData OPTIONAL
+}
+
+ACPathData ::= SEQUENCE {
+  certificate           [0]  Certificate OPTIONAL,
+  attributeCertificate  [1]  AttributeCertificate OPTIONAL
+}
+
+--attributeCertificate ATTRIBUTE ::= {
+--  WITH SYNTAX             AttributeCertificate
+--  EQUALITY MATCHING RULE  attributeCertificateMatch
+--  ID                      id-at-attributeCertificate
+--}
+
+AttributeCertificate ::= SEQUENCE {
+  signedAttributeCertificateInfo AttributeCertificateInfo,
+  algorithmIdentifier  AlgorithmIdentifier,
+  encrypted            BIT STRING
+}
+
+AttributeCertificateInfo ::= SEQUENCE {
+  version                Version DEFAULT v1,
+  subject
+    CHOICE {baseCertificateID  [0]  IssuerSerial,
+            subjectName        [1]  GeneralNames
+           },
+  issuer                 GeneralNames,
+  signature              AlgorithmIdentifier,
+  serialNumber           CertificateSerialNumber,
+  attCertValidityPeriod  AttCertValidityPeriod,
+  attributes             SEQUENCE OF Attribute,
+  issuerUniqueID         UniqueIdentifier OPTIONAL,
+  extensions             Extensions OPTIONAL
+}
+
+IssuerSerial ::= SEQUENCE {
+  issuer     GeneralNames,
+  serial     CertificateSerialNumber,
+  issuerUID  UniqueIdentifier OPTIONAL
+}
+
+AttCertValidityPeriod ::= SEQUENCE {
+  notBeforeTime  GeneralizedTime,
+  notAfterTime   GeneralizedTime
+}
+
+--attributeCertificateMatch MATCHING-RULE ::= {
+--  SYNTAX  AttributeCertificateAssertion
+--  ID      id-mr-attributeCertificateMatch
+--}
+
+AttributeCertificateAssertion ::= SEQUENCE {
+  subject
+    [0]  CHOICE {baseCertificateID  [0]  IssuerSerial,
+                 subjectName        [1]  SubjectName} OPTIONAL,
+  issuer           [1]  Name OPTIONAL,
+  attCertValidity  [2]  GeneralizedTime OPTIONAL,
+  attType          [3]  SET OF AttributeType OPTIONAL
+}
+
+--  At least one component of the sequence must be present
+--  attribute types 
+--userPassword ATTRIBUTE ::= {
+--  WITH SYNTAX             OCTET STRING(SIZE (0..ub-user-password))
+--  EQUALITY MATCHING RULE  octetStringMatch
+--  ID                      id-at-userPassword
+--}
+
+--userCertificate ATTRIBUTE ::= {
+--  WITH SYNTAX             Certificate
+--  EQUALITY MATCHING RULE  certificateExactMatch
+--  ID                      id-at-userCertificate
+--}
+
+--cACertificate ATTRIBUTE ::= {
+--  WITH SYNTAX             Certificate
+--  EQUALITY MATCHING RULE  certificateExactMatch
+--  ID                      id-at-cAcertificate
+--}
+
+--crossCertificatePair ATTRIBUTE ::= {
+--  WITH SYNTAX             CertificatePair
+--  EQUALITY MATCHING RULE  certificatePairExactMatch
+--  ID                      id-at-crossCertificatePair
+--}
+
+--authorityRevocationList ATTRIBUTE ::= {
+--  WITH SYNTAX             CertificateList
+--  EQUALITY MATCHING RULE  certificateListExactMatch
+--  ID                      id-at-authorityRevocationList
+--}
+
+--certificateRevocationList ATTRIBUTE ::= {
+--  WITH SYNTAX             CertificateList
+--  EQUALITY MATCHING RULE  certificateListExactMatch
+--  ID                      id-at-certificateRevocationList
+--}
+
+--attributeCertificateRevocationList ATTRIBUTE ::= {
+--  WITH SYNTAX  CertificateList
+--  ID           id-at-attributeCertificateRevocationList
+--}
+
+--  information object classes 
+--ALGORITHM ::= TYPE-IDENTIFIER
+
+--  object identifier assignments 
+--id-at-userPassword OBJECT IDENTIFIER ::=
+--  {id-at 35}
+
+id-at-userCertificate OBJECT IDENTIFIER ::= {id-at 36}
+
+id-at-cAcertificate OBJECT IDENTIFIER ::= {id-at 37}
+
+id-at-authorityRevocationList OBJECT IDENTIFIER ::= {id-at 38}
+
+id-at-certificateRevocationList OBJECT IDENTIFIER ::= {id-at 39}
+
+id-at-crossCertificatePair OBJECT IDENTIFIER ::= {id-at 40}
+
+id-at-attributeCertificate OBJECT IDENTIFIER ::= {id-at 58}
+
+id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+
+--id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
+
+-- these are sneaked in from DSS - a separate dissector seems OTT
+
+DSS-Params ::= SEQUENCE {
+  p INTEGER,
+  q INTEGER,
+  g INTEGER
+}
+
+END
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+