Adding upstream version 4.2.2.upstream/4.2.2

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

6 files changed, 1556 insertions, 0 deletions

diff --git a/epan/dissectors/asn1/x509if/CMakeLists.txt b/epan/dissectors/asn1/x509if/CMakeLists.txt
new file mode 100644
index 00000000..c7c98257
--- /dev/null
+++ b/epan/dissectors/asn1/x509if/CMakeLists.txt
@@ -0,0 +1,44 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME x509if )
+
+set( PROTO_OPT )
+
+set( EXPORT_FILES
+	${PROTOCOL_NAME}-exp.cnf
+)
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	InformationFramework.asn
+	ServiceAdministration.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b )
+
+set( EXTRA_CNF
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf"
+)
+
+ASN2WRS()
diff --git a/epan/dissectors/asn1/x509if/InformationFramework.asn b/epan/dissectors/asn1/x509if/InformationFramework.asn
new file mode 100644
index 00000000..fda46efa
--- /dev/null
+++ b/epan/dissectors/asn1/x509if/InformationFramework.asn
@@ -0,0 +1,685 @@
+-- Module InformationFramework (X.501:08/2005)
+InformationFramework {joint-iso-itu-t ds(5) module(1) informationFramework(1)
+  5} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  directoryAbstractService, id-ar, id-at, id-mr, id-nf, id-oa, id-oc,
+    id-sc, selectedAttributeTypes, serviceAdministration, upperBounds
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 5}
+  SearchRule
+    FROM ServiceAdministration serviceAdministration
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+  TypeAndContextAssertion
+    FROM DirectoryAbstractService directoryAbstractService
+  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
+  booleanMatch, commonName, DirectoryString{}, generalizedTimeMatch,
+    generalizedTimeOrderingMatch, integerFirstComponentMatch, integerMatch,
+    integerOrderingMatch, objectIdentifierFirstComponentMatch
+    FROM SelectedAttributeTypes selectedAttributeTypes
+  ub-search
+    FROM UpperBounds upperBounds;
+
+-- attribute data types
+Attribute ::= SEQUENCE {
+  type               ATTRIBUTE.&id({SupportedAttributes}),
+  values
+    SET SIZE (0..MAX) OF ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+  valuesWithContext
+    SET SIZE (1..MAX) OF
+      SEQUENCE {value        ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+                contextList  SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+AttributeType ::= ATTRIBUTE.&id
+
+AttributeValue ::= ATTRIBUTE.&Type
+
+Context ::= SEQUENCE {
+  contextType    CONTEXT.&id({SupportedContexts}),
+  contextValues
+    SET SIZE (1..MAX) OF CONTEXT.&Type({SupportedContexts}{@contextType}),
+  fallback       BOOLEAN DEFAULT FALSE
+}
+
+AttributeValueAssertion ::= SEQUENCE {
+  type              ATTRIBUTE.&id({SupportedAttributes}),
+  assertion
+    ATTRIBUTE.&equality-match.&AssertionType({SupportedAttributes}{@type}),
+  assertedContexts
+    CHOICE {allContexts       [0]  NULL,
+            selectedContexts  [1]  SET SIZE (1..MAX) OF ContextAssertion
+  } OPTIONAL
+}
+
+ContextAssertion ::= SEQUENCE {
+  contextType    CONTEXT.&id({SupportedContexts}),
+  contextValues
+    SET SIZE (1..MAX) OF CONTEXT.&Assertion({SupportedContexts}{@contextType})
+}
+
+AttributeTypeAssertion ::= SEQUENCE {
+  type              ATTRIBUTE.&id({SupportedAttributes}),
+  assertedContexts  SEQUENCE SIZE (1..MAX) OF ContextAssertion OPTIONAL
+}
+
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the values component of Attribute, the value component
+-- of AttributeTypeAndValue, and the assertion component of AttributeValueAssertion.
+SupportedAttributes ATTRIBUTE ::=
+  {objectClass | aliasedEntryName, ...}
+
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the context specifications
+SupportedContexts CONTEXT ::=
+  {...}
+
+-- naming data types
+Name ::= CHOICE { -- only one possibility for now --rdnSequence  RDNSequence
+}
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::= RDNSequence
+
+RelativeDistinguishedName ::=
+  SET SIZE (1..MAX) OF AttributeTypeAndDistinguishedValue
+
+AttributeTypeAndDistinguishedValue ::= SEQUENCE {
+  type                  ATTRIBUTE.&id({SupportedAttributes}),
+  value                 ATTRIBUTE.&Type({SupportedAttributes}{@type}),
+  primaryDistinguished  BOOLEAN DEFAULT TRUE,
+  valuesWithContext
+    SET SIZE (1..MAX) OF
+      SEQUENCE {distingAttrValue
+                  [0]  ATTRIBUTE.&Type({SupportedAttributes}{@type}) OPTIONAL,
+                contextList       SET SIZE (1..MAX) OF Context} OPTIONAL
+}
+
+-- subtree data types
+SubtreeSpecification ::= SEQUENCE {
+  base                 [0]  LocalName DEFAULT {},
+  COMPONENTS OF ChopSpecification,
+  specificationFilter  [4]  Refinement OPTIONAL
+}
+
+-- empty sequence specifies whole administrative area
+LocalName ::= RDNSequence
+
+ChopSpecification ::= SEQUENCE {
+  specificExclusions
+    [1]  SET SIZE (1..MAX) OF
+           CHOICE {chopBefore  [0]  LocalName,
+                   chopAfter   [1]  LocalName} OPTIONAL,
+  minimum             [2]  BaseDistance DEFAULT 0,
+  maximum             [3]  BaseDistance OPTIONAL
+}
+
+BaseDistance ::= INTEGER(0..MAX)
+
+Refinement ::= CHOICE {
+  item  [0]  OBJECT-CLASS.&id,
+  and   [1]  SET OF Refinement,
+  or    [2]  SET OF Refinement,
+  not   [3]  Refinement
+}
+
+-- OBJECT-CLASS information object class specification
+OBJECT-CLASS ::= CLASS {
+  &Superclasses         OBJECT-CLASS OPTIONAL,
+  &kind                 ObjectClassKind DEFAULT structural,
+  &MandatoryAttributes  ATTRIBUTE OPTIONAL,
+  &OptionalAttributes   ATTRIBUTE OPTIONAL,
+  &id                   OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  [SUBCLASS OF &Superclasses]
+  [KIND &kind]
+  [MUST CONTAIN &MandatoryAttributes]
+  [MAY CONTAIN &OptionalAttributes]
+  ID &id
+}
+
+ObjectClassKind ::= ENUMERATED {abstract(0), structural(1), auxiliary(2)}
+
+-- object classes
+top OBJECT-CLASS ::= {
+  KIND          abstract
+  MUST CONTAIN  {objectClass}
+  ID            id-oc-top
+}
+
+alias OBJECT-CLASS ::= {
+  SUBCLASS OF   {top}
+  MUST CONTAIN  {aliasedEntryName}
+  ID            id-oc-alias
+}
+
+parent OBJECT-CLASS ::= {KIND  abstract
+                         ID    id-oc-parent
+}
+
+child OBJECT-CLASS ::= {KIND  auxiliary
+                        ID    id-oc-child
+}
+
+-- ATTRIBUTE information object class specification
+ATTRIBUTE ::= CLASS {
+  &derivation            ATTRIBUTE OPTIONAL,
+  &Type                  OPTIONAL, -- either &Type or &derivation required
+  &equality-match        MATCHING-RULE OPTIONAL,
+  &ordering-match        MATCHING-RULE OPTIONAL,
+  &substrings-match      MATCHING-RULE OPTIONAL,
+  &single-valued         BOOLEAN DEFAULT FALSE,
+  &collective            BOOLEAN DEFAULT FALSE,
+  &dummy                 BOOLEAN DEFAULT FALSE,
+  -- operational extensions
+  &no-user-modification  BOOLEAN DEFAULT FALSE,
+  &usage                 AttributeUsage DEFAULT userApplications,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  [SUBTYPE OF &derivation]
+  [WITH SYNTAX &Type]
+  [EQUALITY MATCHING RULE &equality-match]
+  [ORDERING MATCHING RULE &ordering-match]
+  [SUBSTRINGS MATCHING RULE &substrings-match]
+  [SINGLE VALUE &single-valued]
+  [COLLECTIVE &collective]
+  [DUMMY &dummy]
+  [NO USER MODIFICATION &no-user-modification]
+  [USAGE &usage]
+  ID &id
+}
+
+AttributeUsage ::= ENUMERATED {
+  userApplications(0), directoryOperation(1), distributedOperation(2),
+  dSAOperation(3)}
+
+-- attributes
+objectClass ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  ID                      id-at-objectClass
+}
+
+aliasedEntryName ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  SINGLE VALUE            TRUE
+  ID                      id-at-aliasedEntryName
+}
+
+-- MATCHING-RULE information object class specification
+MATCHING-RULE ::= CLASS {
+  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+  &AssertionType         OPTIONAL,
+  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  [PARENT &ParentMatchingRules]
+  [SYNTAX &AssertionType]
+  [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
+  ID &id
+}
+
+-- matching rules
+objectIdentifierMatch MATCHING-RULE ::= {
+  SYNTAX  OBJECT IDENTIFIER
+  ID      id-mr-objectIdentifierMatch
+}
+
+distinguishedNameMatch MATCHING-RULE ::= {
+  SYNTAX  DistinguishedName
+  ID      id-mr-distinguishedNameMatch
+}
+
+MAPPING-BASED-MATCHING{SelectedBy, BOOLEAN:combinable, MappingResult,
+                       OBJECT IDENTIFIER:matchingRule} ::= CLASS {
+  &selectBy          SelectedBy OPTIONAL,
+  &ApplicableTo      ATTRIBUTE,
+  &subtypesIncluded  BOOLEAN DEFAULT TRUE,
+  &combinable        BOOLEAN(combinable),
+  &mappingResults    MappingResult OPTIONAL,
+  &userControl       BOOLEAN DEFAULT FALSE,
+  &exclusive         BOOLEAN DEFAULT TRUE,
+  &matching-rule     MATCHING-RULE.&id(matchingRule),
+  &id                OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  [SELECT BY &selectBy]
+  APPLICABLE TO &ApplicableTo
+  [SUBTYPES INCLUDED &subtypesIncluded]
+  COMBINABLE &combinable
+  [MAPPING RESULTS &mappingResults]
+  [USER CONTROL &userControl]
+  [EXCLUSIVE &exclusive]
+  MATCHING RULE &matching-rule
+  ID &id
+}
+
+-- NAME-FORM information object class specification
+NAME-FORM ::= CLASS {
+  &namedObjectClass     OBJECT-CLASS,
+  &MandatoryAttributes  ATTRIBUTE,
+  &OptionalAttributes   ATTRIBUTE OPTIONAL,
+  &id                   OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  NAMES &namedObjectClass
+  WITH ATTRIBUTES &MandatoryAttributes
+  [AND OPTIONALLY &OptionalAttributes]
+  ID &id
+}
+
+-- STRUCTURE-RULE class and DIT structure rule data types
+STRUCTURE-RULE ::= CLASS {
+  &nameForm                NAME-FORM,
+  &SuperiorStructureRules  STRUCTURE-RULE OPTIONAL,
+  &id                      RuleIdentifier
+}
+WITH SYNTAX {
+  NAME FORM &nameForm
+  [SUPERIOR RULES &SuperiorStructureRules]
+  ID &id
+}
+
+DITStructureRule ::= SEQUENCE {
+  ruleIdentifier          RuleIdentifier,
+  -- shall be unique within the scope of the subschema
+  nameForm                NAME-FORM.&id,
+  superiorStructureRules  SET SIZE (1..MAX) OF RuleIdentifier OPTIONAL
+}
+
+RuleIdentifier ::= INTEGER
+
+-- CONTENT-RULE class and DIT content rule data types
+CONTENT-RULE ::= CLASS {
+  &structuralClass  OBJECT-CLASS.&id UNIQUE,
+  &Auxiliaries      OBJECT-CLASS OPTIONAL,
+  &Mandatory        ATTRIBUTE OPTIONAL,
+  &Optional         ATTRIBUTE OPTIONAL,
+  &Precluded        ATTRIBUTE OPTIONAL
+}
+WITH SYNTAX {
+  STRUCTURAL OBJECT-CLASS &structuralClass
+  [AUXILIARY OBJECT-CLASSES &Auxiliaries]
+  [MUST CONTAIN &Mandatory]
+  [MAY CONTAIN &Optional]
+  [MUST-NOT CONTAIN &Precluded]
+}
+
+DITContentRule ::= SEQUENCE {
+  structuralObjectClass  OBJECT-CLASS.&id,
+  auxiliaries            SET SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL,
+  mandatory              [1]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
+  optional               [2]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL,
+  precluded              [3]  SET SIZE (1..MAX) OF ATTRIBUTE.&id OPTIONAL
+}
+
+CONTEXT ::= CLASS {
+  &Type          ,
+  &DefaultValue  OPTIONAL,
+  &Assertion     OPTIONAL,
+  &absentMatch   BOOLEAN DEFAULT TRUE,
+  &id            OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  WITH SYNTAX &Type
+  [DEFAULT-VALUE &DefaultValue]
+  [ASSERTED AS &Assertion]
+  [ABSENT-MATCH &absentMatch]
+  ID &id
+}
+
+DITContextUse ::= SEQUENCE {
+  attributeType      ATTRIBUTE.&id,
+  mandatoryContexts  [1]  SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL,
+  optionalContexts   [2]  SET SIZE (1..MAX) OF CONTEXT.&id OPTIONAL
+}
+
+DIT-CONTEXT-USE-RULE ::= CLASS {
+  &attributeType  ATTRIBUTE.&id UNIQUE,
+  &Mandatory      CONTEXT OPTIONAL,
+  &Optional       CONTEXT OPTIONAL
+}
+WITH SYNTAX {
+  ATTRIBUTE TYPE &attributeType
+  [MANDATORY CONTEXTS &Mandatory]
+  [OPTIONAL CONTEXTS &Optional]
+}
+
+FRIENDS ::= CLASS {&anchor   ATTRIBUTE.&id UNIQUE,
+                   &Friends  ATTRIBUTE
+}WITH SYNTAX {ANCHOR &anchor
+              FRIENDS &Friends
+}
+
+-- system schema information objects
+-- object classes
+subentry OBJECT-CLASS ::= {
+  SUBCLASS OF   {top}
+  KIND          structural
+  MUST CONTAIN  {commonName | subtreeSpecification}
+  ID            id-sc-subentry
+}
+
+subentryNameForm NAME-FORM ::= {
+  NAMES            subentry
+  WITH ATTRIBUTES  {commonName}
+  ID               id-nf-subentryNameForm
+}
+
+accessControlSubentry OBJECT-CLASS ::= {
+  KIND  auxiliary
+  ID    id-sc-accessControlSubentry
+}
+
+collectiveAttributeSubentry OBJECT-CLASS ::= {
+  KIND  auxiliary
+  ID    id-sc-collectiveAttributeSubentry
+}
+
+contextAssertionSubentry OBJECT-CLASS ::= {
+  KIND          auxiliary
+  MUST CONTAIN  {contextAssertionDefaults}
+  ID            id-sc-contextAssertionSubentry
+}
+
+serviceAdminSubentry OBJECT-CLASS ::= {
+  KIND          auxiliary
+  MUST CONTAIN  {searchRules}
+  ID            id-sc-serviceAdminSubentry
+}
+
+-- attributes
+subtreeSpecification ATTRIBUTE ::= {
+  WITH SYNTAX  SubtreeSpecification
+  USAGE        directoryOperation
+  ID           id-oa-subtreeSpecification
+}
+
+administrativeRole ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT-CLASS.&id
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  USAGE                   directoryOperation
+  ID                      id-oa-administrativeRole
+}
+
+createTimestamp ATTRIBUTE ::= {
+  WITH SYNTAX             GeneralizedTime
+  -- as per 42.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+  EQUALITY MATCHING RULE  generalizedTimeMatch
+  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-createTimestamp
+}
+
+modifyTimestamp ATTRIBUTE ::= {
+  WITH SYNTAX             GeneralizedTime
+  -- as per 42.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+  EQUALITY MATCHING RULE  generalizedTimeMatch
+  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-modifyTimestamp
+}
+
+subschemaTimestamp ATTRIBUTE ::= {
+  WITH SYNTAX             GeneralizedTime
+  -- as per 42.3 b) or c) of ITU-T Rec. X.680 | ISO/IEC 8824-1
+  EQUALITY MATCHING RULE  generalizedTimeMatch
+  ORDERING MATCHING RULE  generalizedTimeOrderingMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-subschemaTimestamp
+}
+
+creatorsName ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-creatorsName
+}
+
+modifiersName ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-modifiersName
+}
+
+subschemaSubentryList ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-subschemaSubentryList
+}
+
+accessControlSubentryList ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-accessControlSubentryList
+}
+
+collectiveAttributeSubentryList ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-collectiveAttributeSubentryList
+}
+
+contextDefaultSubentryList ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-contextDefaultSubentryList
+}
+
+serviceAdminSubentryList ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-serviceAdminSubentryList
+}
+
+hasSubordinates ATTRIBUTE ::= {
+  WITH SYNTAX             BOOLEAN
+  EQUALITY MATCHING RULE  booleanMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-hasSubordinates
+}
+
+collectiveExclusions ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  USAGE                   directoryOperation
+  ID                      id-oa-collectiveExclusions
+}
+
+contextAssertionDefaults ATTRIBUTE ::= {
+  WITH SYNTAX             TypeAndContextAssertion
+  EQUALITY MATCHING RULE  objectIdentifierFirstComponentMatch
+  USAGE                   directoryOperation
+  ID                      id-oa-contextAssertionDefault
+}
+
+searchRules ATTRIBUTE ::= {
+  WITH SYNTAX             SearchRuleDescription
+  EQUALITY MATCHING RULE  integerFirstComponentMatch
+  USAGE                   directoryOperation
+  ID                      id-oa-searchRules
+}
+
+SearchRuleDescription ::= SEQUENCE {
+  COMPONENTS OF SearchRule,
+  name         [28]  SET SIZE (1..MAX) OF DirectoryString{ub-search} OPTIONAL,
+  description  [29]  DirectoryString{ub-search} OPTIONAL
+}
+
+hierarchyLevel ATTRIBUTE ::= {
+  WITH SYNTAX             HierarchyLevel
+  EQUALITY MATCHING RULE  integerMatch
+  ORDERING MATCHING RULE  integerOrderingMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-hierarchyLevel
+}
+
+HierarchyLevel ::= INTEGER
+
+hierarchyBelow ATTRIBUTE ::= {
+  WITH SYNTAX             HierarchyBelow
+  EQUALITY MATCHING RULE  booleanMatch
+  SINGLE VALUE            TRUE
+  NO USER MODIFICATION    TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-hierarchyBelow
+}
+
+HierarchyBelow ::= BOOLEAN
+
+hierarchyParent ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  SINGLE VALUE            TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-hierarchyParent
+}
+
+hierarchyTop ATTRIBUTE ::= {
+  WITH SYNTAX             DistinguishedName
+  EQUALITY MATCHING RULE  distinguishedNameMatch
+  SINGLE VALUE            TRUE
+  USAGE                   directoryOperation
+  ID                      id-oa-hierarchyTop
+}
+
+-- object identifier assignments
+-- object classes
+id-oc-top OBJECT IDENTIFIER ::=
+  {id-oc 0}
+
+id-oc-alias OBJECT IDENTIFIER ::= {id-oc 1}
+
+id-oc-parent OBJECT IDENTIFIER ::= {id-oc 28}
+
+id-oc-child OBJECT IDENTIFIER ::= {id-oc 29}
+
+-- attributes
+id-at-objectClass OBJECT IDENTIFIER ::= {id-at 0}
+
+id-at-aliasedEntryName OBJECT IDENTIFIER ::= {id-at 1}
+
+-- matching rules
+id-mr-objectIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 0}
+
+id-mr-distinguishedNameMatch OBJECT IDENTIFIER ::= {id-mr 1}
+
+-- operational attributes
+id-oa-excludeAllCollectiveAttributes OBJECT IDENTIFIER ::=
+  {id-oa 0}
+
+id-oa-createTimestamp OBJECT IDENTIFIER ::= {id-oa 1}
+
+id-oa-modifyTimestamp OBJECT IDENTIFIER ::= {id-oa 2}
+
+id-oa-creatorsName OBJECT IDENTIFIER ::= {id-oa 3}
+
+id-oa-modifiersName OBJECT IDENTIFIER ::= {id-oa 4}
+
+id-oa-administrativeRole OBJECT IDENTIFIER ::= {id-oa 5}
+
+id-oa-subtreeSpecification OBJECT IDENTIFIER ::= {id-oa 6}
+
+id-oa-collectiveExclusions OBJECT IDENTIFIER ::= {id-oa 7}
+
+id-oa-subschemaTimestamp OBJECT IDENTIFIER ::= {id-oa 8}
+
+id-oa-hasSubordinates OBJECT IDENTIFIER ::= {id-oa 9}
+
+id-oa-subschemaSubentryList OBJECT IDENTIFIER ::= {id-oa 10}
+
+id-oa-accessControlSubentryList OBJECT IDENTIFIER ::= {id-oa 11}
+
+id-oa-collectiveAttributeSubentryList OBJECT IDENTIFIER ::= {id-oa 12}
+
+id-oa-contextDefaultSubentryList OBJECT IDENTIFIER ::= {id-oa 13}
+
+id-oa-contextAssertionDefault OBJECT IDENTIFIER ::= {id-oa 14}
+
+id-oa-serviceAdminSubentryList OBJECT IDENTIFIER ::= {id-oa 15}
+
+id-oa-searchRules OBJECT IDENTIFIER ::= {id-oa 16}
+
+id-oa-hierarchyLevel OBJECT IDENTIFIER ::= {id-oa 17}
+
+id-oa-hierarchyBelow OBJECT IDENTIFIER ::= {id-oa 18}
+
+id-oa-hierarchyParent OBJECT IDENTIFIER ::= {id-oa 19}
+
+id-oa-hierarchyTop OBJECT IDENTIFIER ::= {id-oa 20}
+
+-- subentry classes
+id-sc-subentry OBJECT IDENTIFIER ::= {id-sc 0}
+
+id-sc-accessControlSubentry OBJECT IDENTIFIER ::= {id-sc 1}
+
+id-sc-collectiveAttributeSubentry OBJECT IDENTIFIER ::= {id-sc 2}
+
+id-sc-contextAssertionSubentry OBJECT IDENTIFIER ::= {id-sc 3}
+
+id-sc-serviceAdminSubentry OBJECT IDENTIFIER ::= {id-sc 4}
+
+--  Name forms
+id-nf-subentryNameForm OBJECT IDENTIFIER ::= {id-nf 16}
+
+-- administrative roles
+id-ar-autonomousArea OBJECT IDENTIFIER ::= {id-ar 1}
+
+id-ar-accessControlSpecificArea OBJECT IDENTIFIER ::= {id-ar 2}
+
+id-ar-accessControlInnerArea OBJECT IDENTIFIER ::= {id-ar 3}
+
+id-ar-subschemaAdminSpecificArea OBJECT IDENTIFIER ::= {id-ar 4}
+
+id-ar-collectiveAttributeSpecificArea OBJECT IDENTIFIER ::= {id-ar 5}
+
+id-ar-collectiveAttributeInnerArea OBJECT IDENTIFIER ::= {id-ar 6}
+
+id-ar-contextDefaultSpecificArea OBJECT IDENTIFIER ::= {id-ar 7}
+
+id-ar-serviceSpecificArea OBJECT IDENTIFIER ::= {id-ar 8}
+
+END -- InformationFramework
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/epan/dissectors/asn1/x509if/ServiceAdministration.asn b/epan/dissectors/asn1/x509if/ServiceAdministration.asn
new file mode 100644
index 00000000..fdd61fb2
--- /dev/null
+++ b/epan/dissectors/asn1/x509if/ServiceAdministration.asn
@@ -0,0 +1,239 @@
+-- Module ServiceAdministration (X.501:08/2005)
+ServiceAdministration {joint-iso-itu-t ds(5) module(1)
+  serviceAdministration(33) 5} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All 
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
+-- within the Directory Specifications, and for the use of other applications which will use them to access 
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  directoryAbstractService, informationFramework
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 5}
+  ATTRIBUTE, AttributeType, CONTEXT, MATCHING-RULE, OBJECT-CLASS,
+    SupportedAttributes, SupportedContexts
+    FROM InformationFramework informationFramework
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+  FamilyGrouping, FamilyReturn, HierarchySelections, SearchControlOptions,
+    ServiceControlOptions
+    FROM DirectoryAbstractService directoryAbstractService;
+
+-- types 
+SearchRule ::= SEQUENCE {
+  COMPONENTS OF SearchRuleId,
+  serviceType           [1]  OBJECT IDENTIFIER OPTIONAL,
+  userClass             [2]  INTEGER OPTIONAL,
+  inputAttributeTypes
+    [3]  SEQUENCE SIZE (0..MAX) OF RequestAttribute OPTIONAL,
+  attributeCombination  [4]  AttributeCombination DEFAULT and:{},
+  outputAttributeTypes  [5]  SEQUENCE SIZE (1..MAX) OF ResultAttribute OPTIONAL,
+  defaultControls       [6]  ControlOptions OPTIONAL,
+  mandatoryControls     [7]  ControlOptions OPTIONAL,
+  searchRuleControls    [8]  ControlOptions OPTIONAL,
+  familyGrouping        [9]  FamilyGrouping OPTIONAL,
+  familyReturn          [10]  FamilyReturn OPTIONAL,
+  relaxation            [11]  RelaxationPolicy OPTIONAL,
+  additionalControl     [12]  SEQUENCE SIZE (1..MAX) OF AttributeType OPTIONAL,
+  allowedSubset         [13]  AllowedSubset DEFAULT '111'B,
+  imposedSubset         [14]  ImposedSubset OPTIONAL,
+  entryLimit            [15]  EntryLimit OPTIONAL
+}
+
+SearchRuleId ::= SEQUENCE {id     INTEGER,
+                           dmdId  [0]  OBJECT IDENTIFIER
+}
+
+AllowedSubset ::= BIT STRING {baseObject(0), oneLevel(1), wholeSubtree(2)}
+
+ImposedSubset ::= ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)}
+
+RequestAttribute ::= SEQUENCE {
+  attributeType       ATTRIBUTE.&id({SupportedAttributes}),
+  includeSubtypes     [0]  BOOLEAN DEFAULT FALSE,
+  selectedValues
+    [1]  SEQUENCE SIZE (0..MAX) OF
+           ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}) OPTIONAL,
+  defaultValues
+    [2]  SEQUENCE SIZE (0..MAX) OF
+           SEQUENCE {entryType  OBJECT-CLASS.&id OPTIONAL,
+                     values
+                       SEQUENCE OF
+                         ATTRIBUTE.&Type({SupportedAttributes}{@attributeType})
+           } OPTIONAL,
+  contexts            [3]  SEQUENCE SIZE (0..MAX) OF ContextProfile OPTIONAL,
+  contextCombination  [4]  ContextCombination DEFAULT and:{},
+  matchingUse         [5]  SEQUENCE SIZE (1..MAX) OF MatchingUse OPTIONAL
+}
+
+ContextProfile ::= SEQUENCE {
+  contextType   CONTEXT.&id({SupportedContexts}),
+  contextValue
+    SEQUENCE SIZE (1..MAX) OF
+      CONTEXT.&Assertion({SupportedContexts}{@contextType}) OPTIONAL
+}
+
+ContextCombination ::= CHOICE {
+  context  [0]  CONTEXT.&id({SupportedContexts}),
+  and      [1]  SEQUENCE OF ContextCombination,
+  or       [2]  SEQUENCE OF ContextCombination,
+  not      [3]  ContextCombination
+}
+
+MatchingUse ::= SEQUENCE {
+  restrictionType   MATCHING-RESTRICTION.&id({SupportedMatchingRestrictions}),
+  restrictionValue
+    MATCHING-RESTRICTION.&Restriction
+      ({SupportedMatchingRestrictions}{@restrictionType})
+}
+
+-- Definition of the following information object set is deferred, perhaps to standardized
+-- profiles or to protocol implementation conformance statements. The set is required to
+-- specify a table constraint on the components of SupportedMatchingRestrictions
+SupportedMatchingRestrictions MATCHING-RESTRICTION ::=
+  {...}
+
+AttributeCombination ::= CHOICE {
+  attribute  [0]  AttributeType,
+  and        [1]  SEQUENCE OF AttributeCombination,
+  or         [2]  SEQUENCE OF AttributeCombination,
+  not        [3]  AttributeCombination
+}
+
+ResultAttribute ::= SEQUENCE {
+  attributeType  ATTRIBUTE.&id({SupportedAttributes}),
+  outputValues
+    CHOICE {selectedValues
+              SEQUENCE OF
+                ATTRIBUTE.&Type({SupportedAttributes}{@attributeType}),
+            matchedValuesOnly  NULL} OPTIONAL,
+  contexts       [0]  SEQUENCE SIZE (1..MAX) OF ContextProfile OPTIONAL
+}
+
+ControlOptions ::= SEQUENCE {
+  serviceControls   [0]  ServiceControlOptions DEFAULT {},
+  searchOptions     [1]  SearchControlOptions DEFAULT {searchAliases},
+  hierarchyOptions  [2]  HierarchySelections OPTIONAL
+}
+
+EntryLimit ::= SEQUENCE {default  INTEGER,
+                         max      INTEGER
+}
+
+RelaxationPolicy ::= SEQUENCE {
+  basic        [0]  MRMapping DEFAULT {},
+  tightenings  [1]  SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL,
+  relaxations  [2]  SEQUENCE SIZE (1..MAX) OF MRMapping OPTIONAL,
+  maximum      [3]  INTEGER OPTIONAL, -- mandatory if tightenings is present
+  minimum      [4]  INTEGER DEFAULT 1
+}
+
+MRMapping ::= SEQUENCE {
+  mapping       [0]  SEQUENCE SIZE (1..MAX) OF Mapping OPTIONAL,
+  substitution  [1]  SEQUENCE SIZE (1..MAX) OF MRSubstitution OPTIONAL
+}
+
+Mapping ::= SEQUENCE {
+  mappingFunction
+    OBJECT IDENTIFIER
+      (CONSTRAINED BY {-- shall be an--
+         
+         -- object identifier of a mapping-based matching algorithm -- }),
+  level            INTEGER DEFAULT 0
+}
+
+MRSubstitution ::= SEQUENCE {
+  attribute        AttributeType,
+  oldMatchingRule  [0]  MATCHING-RULE.&id OPTIONAL,
+  newMatchingRule  [1]  MATCHING-RULE.&id OPTIONAL
+}
+
+-- ASN.1 information object classes 
+SEARCH-RULE ::= CLASS {
+  &dmdId                 OBJECT IDENTIFIER,
+  &serviceType           OBJECT IDENTIFIER OPTIONAL,
+  &userClass             INTEGER OPTIONAL,
+  &InputAttributeTypes   REQUEST-ATTRIBUTE OPTIONAL,
+  &combination           AttributeCombination OPTIONAL,
+  &OutputAttributeTypes  RESULT-ATTRIBUTE OPTIONAL,
+  &defaultControls       ControlOptions OPTIONAL,
+  &mandatoryControls     ControlOptions OPTIONAL,
+  &searchRuleControls    ControlOptions OPTIONAL,
+  &familyGrouping        FamilyGrouping OPTIONAL,
+  &familyReturn          FamilyReturn OPTIONAL,
+  &additionalControl     AttributeType OPTIONAL,
+  &relaxation            RelaxationPolicy OPTIONAL,
+  &allowedSubset         AllowedSubset DEFAULT '111'B,
+  &imposedSubset         ImposedSubset OPTIONAL,
+  &entryLimit            EntryLimit OPTIONAL,
+  &id                    INTEGER UNIQUE
+}
+WITH SYNTAX {
+  DMD ID &dmdId
+  [SERVICE-TYPE &serviceType]
+  [USER-CLASS &userClass]
+  [INPUT ATTRIBUTES &InputAttributeTypes]
+  [COMBINATION &combination]
+  [OUTPUT ATTRIBUTES &OutputAttributeTypes]
+  [DEFAULT CONTROL &defaultControls]
+  [MANDATORY CONTROL &mandatoryControls]
+  [SEARCH-RULE CONTROL &searchRuleControls]
+  [FAMILY-GROUPING &familyGrouping]
+  [FAMILY-RETURN &familyReturn]
+  [ADDITIONAL CONTROL &additionalControl]
+  [RELAXATION &relaxation]
+  [ALLOWED SUBSET &allowedSubset]
+  [IMPOSED SUBSET &imposedSubset]
+  [ENTRY LIMIT &entryLimit]
+  ID &id
+}
+
+REQUEST-ATTRIBUTE ::= CLASS {
+  &attributeType       ATTRIBUTE.&id,
+  &SelectedValues      ATTRIBUTE.&Type OPTIONAL,
+  &DefaultValues       SEQUENCE {entryType  OBJECT-CLASS.&id OPTIONAL,
+                                 values     SEQUENCE OF ATTRIBUTE.&Type
+  } OPTIONAL,
+  &contexts            SEQUENCE OF ContextProfile OPTIONAL,
+  &contextCombination  ContextCombination OPTIONAL,
+  &MatchingUse         MatchingUse OPTIONAL,
+  &includeSubtypes     BOOLEAN DEFAULT FALSE
+}
+WITH SYNTAX {
+  ATTRIBUTE TYPE &attributeType
+  [SELECTED VALUES &SelectedValues]
+  [DEFAULT VALUES &DefaultValues]
+  [CONTEXTS &contexts]
+  [CONTEXT COMBINATION &contextCombination]
+  [MATCHING USE &MatchingUse]
+  [INCLUDE SUBTYPES &includeSubtypes]
+}
+
+RESULT-ATTRIBUTE ::= CLASS {
+  &attributeType  ATTRIBUTE.&id,
+  &outputValues   CHOICE {selectedValues     SEQUENCE OF ATTRIBUTE.&Type,
+                          matchedValuesOnly  NULL
+  } OPTIONAL,
+  &contexts       ContextProfile OPTIONAL
+}
+WITH SYNTAX {
+  ATTRIBUTE TYPE &attributeType
+  [OUTPUT VALUES &outputValues]
+  [CONTEXTS &contexts]
+}
+
+MATCHING-RESTRICTION ::= CLASS {
+  &Restriction  ,
+  &Rules        MATCHING-RULE.&id,
+  &id           OBJECT IDENTIFIER UNIQUE
+}WITH SYNTAX {RESTRICTION &Restriction
+              RULES &Rules
+              ID &id
+}
+
+END -- ServiceAdministration
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/epan/dissectors/asn1/x509if/packet-x509if-template.c b/epan/dissectors/asn1/x509if/packet-x509if-template.c
new file mode 100644
index 00000000..bce87917
--- /dev/null
+++ b/epan/dissectors/asn1/x509if/packet-x509if-template.c
@@ -0,0 +1,144 @@
+/* packet-x509if.c
+ * Routines for X.509 Information Framework packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+#include <epan/proto_data.h>
+#include <epan/strutil.h>
+
+#include "packet-ber.h"
+#include "packet-dap.h"
+#include "packet-x509if.h"
+#include "packet-x509sat.h"
+#include "packet-frame.h"
+
+#define PNAME  "X.509 Information Framework"
+#define PSNAME "X509IF"
+#define PFNAME "x509if"
+
+void proto_register_x509if(void);
+void proto_reg_handoff_x509if(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_x509if = -1;
+static int hf_x509if_object_identifier_id = -1;
+static int hf_x509if_any_string = -1;
+#include "packet-x509if-hf.c"
+
+/* Initialize the subtree pointers */
+#include "packet-x509if-ett.c"
+
+static proto_tree *top_of_dn = NULL;
+static proto_tree *top_of_rdn = NULL;
+
+static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */
+static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */
+static gboolean doing_attr = FALSE;
+
+static wmem_strbuf_t *last_dn_buf = NULL;
+static wmem_strbuf_t *last_rdn_buf = NULL;
+
+static int ava_hf_index;
+#define MAX_FMT_VALS   32
+static value_string fmt_vals[MAX_FMT_VALS];
+#define MAX_AVA_STR_LEN   64
+static char *last_ava = NULL;
+
+static void
+x509if_frame_end(void)
+{
+  top_of_dn = NULL;
+  top_of_rdn = NULL;
+
+  rdn_one_value = FALSE;
+  dn_one_rdn = FALSE;
+  doing_attr = FALSE;
+
+  last_dn_buf = NULL;
+  last_rdn_buf = NULL;
+  last_ava = NULL;
+}
+
+#include "packet-x509if-fn.c"
+
+const char * x509if_get_last_dn(void)
+{
+  return last_dn_buf ? wmem_strbuf_get_str(last_dn_buf) : NULL;
+}
+
+gboolean x509if_register_fmt(int hf_index, const gchar *fmt)
+{
+  static int idx = 0;
+
+  if(idx < (MAX_FMT_VALS - 1)) {
+
+    fmt_vals[idx].value = hf_index;
+    fmt_vals[idx].strptr = fmt;
+
+    idx++;
+
+    fmt_vals[idx].value = 0;
+    fmt_vals[idx].strptr = NULL;
+
+    return TRUE;
+
+  } else
+    return FALSE; /* couldn't register it */
+
+}
+
+const char * x509if_get_last_ava(void)
+{
+  return last_ava;
+}
+
+/*--- proto_register_x509if ----------------------------------------------*/
+void proto_register_x509if(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+    { &hf_x509if_object_identifier_id,
+      { "Object Id", "x509if.oid", FT_OID, BASE_NONE, NULL, 0,
+	"Object identifier Id", HFILL }},
+    { &hf_x509if_any_string,
+      { "AnyString", "x509if.any.String", FT_BYTES, BASE_NONE,
+	    NULL, 0, "This is any String", HFILL }},
+
+#include "packet-x509if-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-x509if-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_x509if = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_x509if, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+  /* initialise array */
+  fmt_vals[0].value = 0;
+  fmt_vals[0].strptr = NULL;
+
+}
+
+
+/*--- proto_reg_handoff_x509if -------------------------------------------*/
+void proto_reg_handoff_x509if(void) {
+#include "packet-x509if-dis-tab.c"
+}
+
diff --git a/epan/dissectors/asn1/x509if/packet-x509if-template.h b/epan/dissectors/asn1/x509if/packet-x509if-template.h
new file mode 100644
index 00000000..c01f2d7b
--- /dev/null
+++ b/epan/dissectors/asn1/x509if/packet-x509if-template.h
@@ -0,0 +1,23 @@
+/* packet-x509if.h
+ * Routines for X.509 Information Framework packet dissection
+ *  Ronnie Sahlberg 2004
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_X509IF_H
+#define PACKET_X509IF_H
+
+#include "packet-x509if-exp.h"
+
+extern const char * x509if_get_last_dn(void);
+
+extern gboolean x509if_register_fmt(int hf_index, const gchar *fmt);
+extern const char * x509if_get_last_ava(void);
+
+#endif  /* PACKET_X509IF_H */
+
diff --git a/epan/dissectors/asn1/x509if/x509if.cnf b/epan/dissectors/asn1/x509if/x509if.cnf
new file mode 100644
index 00000000..6a9f654e
--- /dev/null
+++ b/epan/dissectors/asn1/x509if/x509if.cnf
@@ -0,0 +1,421 @@
+# x509if.cnf
+# X509IF conformation file
+
+#.IMPORT ../x509sat/x509sat-exp.cnf
+
+#.MODULE_IMPORT
+DirectoryAbstractService  dap
+
+#.OMIT_ASSIGNMENT
+ObjectClassKind
+#.END
+#.CLASS ATTRIBUTE
+&derivation            ClassReference ATTRIBUTE
+&Type
+&equality-match        ClassReference MATCHING-RULE
+&ordering-match        ClassReference MATCHING-RULE
+&substrings-match      ClassReference MATCHING-RULE
+&single-valued         BooleanType
+&collective            BooleanType
+&no-user-modification  BooleanType
+&usage                 TypeReference AttributeUsage
+&id                    ObjectIdentifierType
+#.END
+#.CLASS CONTEXT
+&Type
+&Assertion
+&id         ObjectIdentifierType
+#.END
+#.CLASS OBJECT-CLASS
+&Superclasses         ClassReference OBJECT-CLASS
+&kind                 TypeReference ObjectClassKind
+&MandatoryAttributes  ClassReference ATTRIBUTE
+&OptionalAttributes   ClassReference ATTRIBUTE
+&id                   ObjectIdentifierType
+#.END
+
+#.CLASS MATCHING-RESTRICTION
+&Restriction
+&Rules        _FixedTypeValueSetFieldSpec
+&id           ObjectIdentifierType
+#.END
+
+#.CLASS MATCHING-RULE
+&ParentMatchingRules   ClassReference MATCHING-RULE
+&AssertionType
+&uniqueMatchIndicator  ClassReference ATTRIBUTE
+&id                    ObjectIdentifierType
+#.END
+
+#.EXPORTS
+OBJECT-CLASS
+ATTRIBUTE
+MATCHING-RULE
+MAPPING-BASED-MATCHING
+NAME-FORM
+STRUCTURE-RULE
+CONTENT-RULE
+CONTEXT
+SEARCH-RULE
+MATCHING-RESTRICTION
+AllowedSubset
+Attribute
+AttributeCombination
+AttributeType
+AttributeTypeAndDistinguishedValue
+AttributeTypeAssertion
+AttributeUsage
+AttributeValue
+AttributeValueAssertion
+#BaseDistance
+ChopSpecification
+Context
+ContextAssertion
+ContextCombination
+ContextProfile
+ControlOptions
+DistinguishedName
+DITContentRule
+DITContextUse
+DITStructureRule
+EntryLimit
+ImposedSubset
+LocalName
+Mapping
+MatchingUse
+MRMapping
+MRSubstitution
+Name
+Refinement
+RelativeDistinguishedName
+RelaxationPolicy
+RDNSequence
+RequestAttribute
+ResultAttribute
+RuleIdentifier
+SearchRule
+SearchRuleDescription
+SearchRuleId
+SubtreeSpecification
+
+#.PDU
+DistinguishedName
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+AttributeTypeAndDistinguishedValue/valuesWithContext	T_valWithContext
+AttributeTypeAndDistinguishedValue/valuesWithContext/_item	T_valWithContext_item
+ChopSpecification/specificExclusions			T_chopSpecificExclusions
+ChopSpecification/specificExclusions/_item		T_chopSpecificExclusions_item
+
+#.FIELD_RENAME
+AttributeTypeAssertion/assertedContexts		ata_assertedContexts
+AttributeTypeAndDistinguishedValue/value		atadv_value
+AttributeTypeAndDistinguishedValue/valuesWithContext	valueswithContext
+AttributeTypeAndDistinguishedValue/valuesWithContext/_item	valueswithContext_item
+ChopSpecification/specificExclusions			chopSpecificExclusions
+ChopSpecification/specificExclusions/_item		chopSpecificExclusions_item
+Refinement/and			refinement_and
+Refinement/and/_item		refinement_and_item
+Refinement/not			refinement_not
+Refinement/or			refinement_or
+Refinement/or/_item		refinement_or_item
+ContextAssertion/contextType		ca_contextType
+ContextAssertion/contextValues		ca_contextValues
+ContextAssertion/contextValues/_item	ca_contextValues_item
+ContextCombination/not		contextcombination_not
+ContextCombination/and		contextcombination_and
+ContextCombination/and/_item	contextcombination_and_item
+ContextCombination/or		contextcombination_or
+ContextCombination/or/_item	contextcombination_or_item
+RelaxationPolicy/maximum	maximum_relaxation
+RelaxationPolicy/minimum	minimum_relaxation
+RequestAttribute/defaultValues/_item/values		ra_values
+RequestAttribute/defaultValues/_item/values/_item	ra_values_item
+RequestAttribute/selectedValues				ra_selectedValues
+RequestAttribute/selectedValues/_item			ra_selectedValues_item
+
+#.REGISTER
+DistinguishedName	B	"2.5.4.1"	"id-at-aliasedEntryName"
+DistinguishedName	B	"2.5.4.31"	"id-at-member"
+DistinguishedName	B	"2.5.4.32"	"id-at-owner"
+DistinguishedName	B	"2.5.4.33"	"id-at-roleOccupant"
+DistinguishedName	B	"2.5.4.34"	"id-at-seeAlso"
+DistinguishedName	B	"2.5.4.49"	"id-at-distinguishedName"
+
+DistinguishedName	B	"2.5.18.3"	"id-oa-creatorsName"
+DistinguishedName	B	"2.5.18.4"	"id-oa-modifiersName"
+SubtreeSpecification 	B 	"2.5.18.6" 	"id-oa-subtreeSpecification"
+DistinguishedName	B	"2.5.18.10"	"id-oa-subschemaSubentry"
+DistinguishedName	B	"2.5.18.11"	"id-oa-accessControlSubentry"
+DistinguishedName	B	"2.5.18.12"	"id-oa-collectiveAttributeSubentry"
+DistinguishedName	B	"2.5.18.13"	"id-oa-contextDefaultSubentry"
+HierarchyLevel		B	"2.5.18.17"	"id-oa-hierarchyLevel"
+HierarchyBelow		B	"2.5.18.18"	"iid-oa-hierarchyBelow"
+# X402 - see master list in acp133.cnf
+DistinguishedName B "2.6.5.2.5" "id-at-mhs-message-store-dn"
+DistinguishedName B "2.6.5.2.14" "id-at-mhs-dl-related-lists"
+
+# ACP133 - see master list in acp133.cnf
+DistinguishedName B "2.16.840.1.101.2.2.1.3" "id-at-alternateRecipient"
+DistinguishedName B "2.16.840.1.101.2.2.1.4" "id-at-associatedOrganization"
+DistinguishedName B "2.16.840.1.101.2.2.1.6" "id-at-associatedPLA"
+DistinguishedName B "2.16.840.1.101.2.2.1.49" "id-at-aliasPointer"
+DistinguishedName B "2.16.840.1.101.2.2.1.61" "id-at-listPointer"
+DistinguishedName B "2.16.840.1.101.2.2.1.110" "id-at-administrator"
+DistinguishedName B "2.16.840.1.101.2.2.1.111" "id-at-aigsExpanded"
+DistinguishedName B "2.16.840.1.101.2.2.1.113" "id-at-associatedAL"
+DistinguishedName B "2.16.840.1.101.2.2.1.114" "id-at-copyMember"
+DistinguishedName B "2.16.840.1.101.2.2.1.117" "id-at-guard"
+DistinguishedName B "2.16.840.1.101.2.2.1.121" "id-at-networkDN"
+DistinguishedName B "2.16.840.1.101.2.2.1.138" "id-at-plasServed"
+DistinguishedName B "2.16.840.1.101.2.2.1.139" "id-at-deployed"
+DistinguishedName B "2.16.840.1.101.2.2.1.140" "id-at-garrison"
+DistinguishedName B "2.16.840.1.101.2.2.1.184" "id-at-aCPDutyOfficer"
+DistinguishedName B "2.16.840.1.101.2.2.1.188" "id-at-primaryMember"
+
+
+
+#.FN_PARS ContextAssertion/contextType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY ContextAssertion/contextValues/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS AttributeTypeAndDistinguishedValue/type
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY AttributeTypeAndDistinguishedValue/type
+  const char *fmt;
+  const char *name;
+
+  %(DEFAULT_BODY)s
+
+  if(actx->external.direct_reference) {
+    /* see if we can find a nice name */
+    name = oid_resolved_from_string(actx->pinfo->pool, actx->external.direct_reference);
+    if(!name) name = actx->external.direct_reference;
+
+    if(last_rdn_buf) { /* append it to the RDN */
+      wmem_strbuf_append(last_rdn_buf, name);
+      wmem_strbuf_append_c(last_rdn_buf, '=');
+
+     /* append it to the tree */
+     proto_item_append_text(tree, " (%%s=", name);
+    } else if(doing_attr) {
+      /* append it to the parent item */
+      proto_item_append_text(tree, " (%%s)", name);
+    }
+
+    if((fmt = val_to_str_const(hf_index, fmt_vals, "")) && *fmt) {
+      /* we have a format */
+      last_ava = (char *)wmem_alloc(actx->pinfo->pool, MAX_AVA_STR_LEN); *last_ava = '\0';
+      register_frame_end_routine (actx->pinfo, x509if_frame_end);
+
+      snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt);
+
+      proto_item_append_text(tree, " %%s", last_ava);
+
+    }
+  }
+
+#.FN_BODY AttributeTypeAndDistinguishedValue/value
+  int old_offset = offset;
+  tvbuff_t	*out_tvb;
+  char  	*value = NULL;
+  const char 	*fmt;
+  const char	*name = NULL;
+  const char    *orig_oid = actx->external.direct_reference;
+
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+  /* in dissecting the value we may have overridden the OID of the value - which is
+     a problem if there are multiple values */
+  actx->external.direct_reference = orig_oid;
+
+  /* try and dissect as a string */
+  dissect_ber_octet_string(FALSE, actx, NULL, tvb, old_offset, hf_x509if_any_string, &out_tvb);
+
+  /* should also try and dissect as an OID and integer */
+  /* of course, if I can look up the syntax .... */
+
+  if(out_tvb) {
+    /* it was a string - format it */
+    value = tvb_format_text(actx->pinfo->pool, out_tvb, 0, tvb_reported_length(out_tvb));
+
+    if(last_rdn_buf) {
+      wmem_strbuf_append(last_rdn_buf, value);
+
+      /* append it to the tree*/
+      proto_item_append_text(tree, "%%s)", value);
+    }
+
+    if((fmt = val_to_str_const(ava_hf_index, fmt_vals, "")) && *fmt) {
+      /* we have a format */
+
+      if (!last_ava) {
+        last_ava = (char *)wmem_alloc(actx->pinfo->pool, MAX_AVA_STR_LEN);
+      }
+
+      if(!(name = oid_resolved_from_string(actx->pinfo->pool, actx->external.direct_reference)))
+        name = actx->external.direct_reference;
+      snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value);
+
+      proto_item_append_text(tree, " %%s", last_ava);
+
+    }
+  }
+
+#.FN_PARS RequestAttribute/attributeType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY RequestAttribute/selectedValues/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS RequestAttribute/defaultValues/_item/entryType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY RequestAttribute/defaultValues/_item/values/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_BODY Attribute/valuesWithContext/_item/value
+  offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS ResultAttribute/attributeType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY ResultAttribute/outputValues/selectedValues/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS Context/contextType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY Context/contextValues/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS AttributeType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY AttributeValue
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS AttributeValueAssertion/type
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY AttributeValueAssertion/assertion
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS Attribute/type
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY Attribute/values/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS ContextProfile/contextType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY ContextProfile/contextValue/_item
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_PARS MatchingUse/restrictionType
+  FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &actx->external.direct_reference
+
+#.FN_BODY MatchingUse/restrictionValue
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_BODY AttributeTypeAndDistinguishedValue/valuesWithContext/_item/distingAttrValue
+  offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
+
+#.FN_BODY RelativeDistinguishedName
+  rdn_one_value = FALSE;
+  top_of_rdn = tree;
+  last_rdn_buf = wmem_strbuf_new(actx->pinfo->pool, "");
+  register_frame_end_routine (actx->pinfo, x509if_frame_end);
+
+  %(DEFAULT_BODY)s
+
+  /* we've finished - close the bracket */
+  proto_item_append_text(top_of_rdn, " (%%s)", wmem_strbuf_get_str(last_rdn_buf));
+
+  /* now append this to the DN */
+  if (last_dn_buf) {
+    if(wmem_strbuf_get_len(last_dn_buf) > 0) {
+      wmem_strbuf_t *temp_dn_buf = wmem_strbuf_new_sized(actx->pinfo->pool, wmem_strbuf_get_len(last_rdn_buf) + wmem_strbuf_get_len(last_dn_buf) + 1);
+      wmem_strbuf_append(temp_dn_buf, wmem_strbuf_get_str(last_rdn_buf));
+      wmem_strbuf_append_c(temp_dn_buf, ',');
+      wmem_strbuf_append(temp_dn_buf, wmem_strbuf_get_str(last_dn_buf));
+      wmem_strbuf_destroy(last_dn_buf);
+      last_dn_buf = temp_dn_buf;
+    } else {
+      wmem_strbuf_append(last_dn_buf, wmem_strbuf_get_str(last_rdn_buf));
+    }
+  }
+
+  last_rdn_buf = NULL; /* it will get freed when the next packet is dissected */
+
+#.FN_BODY RelativeDistinguishedName/_item
+
+  if(!rdn_one_value) {
+    top_of_rdn = tree;
+  } else {
+
+   if(last_rdn_buf)
+     /* this is an additional value - delimit */
+     wmem_strbuf_append_c(last_rdn_buf, '+');
+  }
+
+  %(DEFAULT_BODY)s
+
+  rdn_one_value = TRUE;
+
+#.FN_BODY RDNSequence
+  const char *fmt;
+
+  dn_one_rdn = FALSE; /* reset */
+  last_dn_buf = wmem_strbuf_new(actx->pinfo->pool, "");
+  top_of_dn = NULL;
+  register_frame_end_routine (actx->pinfo, x509if_frame_end);
+
+
+  %(DEFAULT_BODY)s
+
+  /* we've finished - append the dn */
+  proto_item_append_text(top_of_dn, " (%%s)", wmem_strbuf_get_str(last_dn_buf));
+
+ /* see if we should append this to the col info */
+  if((fmt = val_to_str_const(hf_index, fmt_vals, "")) && *fmt) {
+    /* we have a format */
+    col_append_fstr(actx->pinfo->cinfo, COL_INFO, " %%s%%s", fmt, wmem_strbuf_get_str(last_dn_buf));
+  }
+
+
+#.FN_BODY RDNSequence/_item
+
+  if(!dn_one_rdn)  {
+    /* this is the first element - record the top */
+    top_of_dn = tree;
+  }
+
+  %(DEFAULT_BODY)s
+
+  dn_one_rdn = TRUE;
+
+#.FN_BODY AttributeValueAssertion
+
+	ava_hf_index = hf_index;
+	last_ava = (char *)wmem_alloc(actx->pinfo->pool, MAX_AVA_STR_LEN); *last_ava = '\0';
+	register_frame_end_routine (actx->pinfo, x509if_frame_end);
+
+	%(DEFAULT_BODY)s
+
+	ava_hf_index=-1;
+
+#.FN_BODY Attribute
+	doing_attr = TRUE;
+	register_frame_end_routine (actx->pinfo, x509if_frame_end);
+
+	%(DEFAULT_BODY)s
+#.END
+
+