1# x509.cnf 2# X509 conformation file 3 4#.IMPORT ../x509ce/x509ce-exp.cnf 5#.IMPORT ../x509if/x509if-exp.cnf 6#.IMPORT ../x509sat/x509sat-exp.cnf 7 8#.MODULE_EXPORTS 9EXTENSION 10ACPathData 11AlgorithmIdentifier 12AttCertValidityPeriod 13AttributeCertificate 14AttributeCertificateAssertion 15AttributeCertificateInfo 16AttributeCertificationPath 17Certificate 18Certificate_PDU 19Certificates 20CertificateList 21CertificatePair 22CertificateSerialNumber 23CertificationPath 24CrossCertificates 25Extension 26Extensions 27ForwardCertificationPath 28IssuerSerial 29SubjectPublicKeyInfo 30Time 31Validity 32Version 33 34#.PDU 35 36#.REGISTER 37Certificate B "2.5.4.36" "id-at-userCertificate" 38Certificate B "2.5.4.37" "id-at-cAcertificate" 39CertificateList B "2.5.4.38" "id-at-authorityRevocationList" 40CertificateList B "2.5.4.39" "id-at-certificateRevocationList" 41CertificatePair B "2.5.4.40" "id-at-crossCertificatePair" 42CertificateList B "2.5.4.53" "id-at-deltaRevocationList" 43AttributeCertificate B "2.5.4.58" "id-at-attributeCertificate" 44CertificateList B "2.5.4.59" "id-at-attributeCertificateRevocationList" 45 46DSS-Params B "1.2.840.10040.4.1" "id-dsa" 47# WS Implemet from RFC 1274 48Userid B "0.9.2342.19200300.100.1.1" "id-userid" 49 50#.TYPE_RENAME 51AttributeCertificateInfo/subject InfoSubject 52AttributeCertificateAssertion/subject AssertionSubject 53 54#.FIELD_RENAME 55AttributeCertificateInfo/issuer issuerName 56AttributeCertificateInfo/subject info_subject 57AttributeCertificateAssertion/subject assertion_subject 58 59AttributeCertificateAssertion/issuer assertionIssuer 60 61AttributeCertificateInfo/subject/subjectName infoSubjectName 62AttributeCertificateAssertion/subject/subjectName assertionSubjectName 63IssuerSerial/issuer issuerName 64CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate revokedUserCertificate 65#.END 66 67#.FN_PARS AlgorithmIdentifier/algorithmId 68 FN_VARIANT = _str HF_INDEX = hf_x509af_algorithm_id VAL_PTR = &actx->external.direct_reference 69 70#.FN_BODY AlgorithmIdentifier/algorithmId 71 const char *name; 72 73 %(DEFAULT_BODY)s 74 75 if (algorithm_id) { 76 wmem_free(wmem_file_scope(), (void*)algorithm_id); 77 } 78 79 if(actx->external.direct_reference) { 80 algorithm_id = (const char *)wmem_strdup(wmem_file_scope(), actx->external.direct_reference); 81 82 name = oid_resolved_from_string(actx->pinfo->pool, actx->external.direct_reference); 83 84 proto_item_append_text(tree, " (%%s)", name ? name : actx->external.direct_reference); 85 } else { 86 algorithm_id = NULL; 87 } 88 89#.FN_BODY AlgorithmIdentifier/parameters 90 offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); 91 92#.FN_HDR SubjectPublicKeyInfo 93 int orig_offset = offset; 94#.FN_FTR SubjectPublicKeyInfo 95 x509af_export_publickey(tvb, actx, orig_offset, offset - orig_offset); 96#.END 97 98#.FN_BODY SubjectPublicKeyInfo/subjectPublicKey 99 tvbuff_t *bs_tvb = NULL; 100# proto_tree *subtree; 101 102 dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset, 103 NULL, 0, -1, -1, &bs_tvb); 104 105 /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID. 106 * The contents of subjectPublicKey are always explicitly tagged. */ 107 if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */ 108 offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index); 109 110# TODO: PKCS#1 only defines RSA; DH and DSA are from PKIX1Algorithms2008 111# } else if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */ 112# subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey); 113# offset += dissect_DSAPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dsa_y); 114# 115# } else if (bs_tvb && !g_strcmp0(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */ 116# subtree = proto_item_add_subtree(actx->created_item, ett_subjectpublickey); 117# offset += dissect_DHPublicKey(FALSE, bs_tvb, 0, actx, subtree, hf_dh_y); 118# 119 } else { 120 offset = dissect_ber_bitstring(FALSE, actx, tree, tvb, offset, 121 NULL, 0, hf_index, -1, NULL); 122 } 123 124#.FN_PARS Extension/extnId 125 FN_VARIANT = _str HF_INDEX = hf_x509af_extension_id VAL_PTR = &actx->external.direct_reference 126 127#.FN_BODY Extension/extnId 128 const char *name; 129 130 %(DEFAULT_BODY)s 131 132 if(actx->external.direct_reference) { 133 name = oid_resolved_from_string(actx->pinfo->pool, actx->external.direct_reference); 134 135 proto_item_append_text(tree, " (%%s)", name ? name : actx->external.direct_reference); 136 } 137 138#.FN_BODY Extension/extnValue 139 gint8 ber_class; 140 gboolean pc, ind; 141 gint32 tag; 142 guint32 len; 143 /* skip past the T and L */ 144 offset = dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &ber_class, &pc, &tag); 145 offset = dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, &ind); 146 offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); 147 148#.FN_BODY Time/utcTime 149 char *outstr, *newstr; 150 guint32 tvblen; 151 152 /* the 2-digit year can only be in the range 1950..2049 https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 */ 153 offset = dissect_ber_UTCTime(implicit_tag, actx, tree, tvb, offset, hf_index, &outstr, &tvblen); 154 if (hf_index >= 0 && outstr) { 155 newstr = wmem_strconcat(actx->pinfo->pool, outstr[0] < '5' ? "20": "19", outstr, NULL); 156 proto_tree_add_string(tree, hf_index, tvb, offset - tvblen, tvblen, newstr); 157 } 158 159#.FN_BODY SubjectName 160 161 const char* str; 162 %(DEFAULT_BODY)s 163 164 str = x509if_get_last_dn(); 165 proto_item_append_text(proto_item_get_parent(tree), " (%%s)", str?str:""); 166 167#.TYPE_ATTR 168CertificateSerialNumber TYPE = FT_BYTES DISPLAY = BASE_NONE 169DSS-Params/p TYPE = FT_BYTES DISPLAY = BASE_NONE 170DSS-Params/q TYPE = FT_BYTES DISPLAY = BASE_NONE 171DSS-Params/g TYPE = FT_BYTES DISPLAY = BASE_NONE 172 173#.FN_PARS CertificateSerialNumber FN_VARIANT = 64 174 175#.END 176