diff options
author | Russ Housley <housley@vigilsec.com> | 2019-09-01 12:21:48 -0400 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2019-09-01 18:21:48 +0200 |
commit | 3f4a9e498ccd2c2998adbf2c9e7ddda87e87d7aa (patch) | |
tree | bce6b26b2e4b9ec241fc5b642a5c0173a3ea97a2 | |
parent | 1c6cf63a2d8767879dc6e1ca0862bb4815111aca (diff) | |
download | pyasn1-modules-3f4a9e498ccd2c2998adbf2c9e7ddda87e87d7aa.tar.gz |
Updates to RFC2459, RFC5280, and RFC6211 (#60)
Add `WithComponentsConstraint` where applicable.
-rw-r--r-- | CHANGES.txt | 1 | ||||
-rw-r--r-- | pyasn1_modules/rfc2459.py | 6 | ||||
-rw-r--r-- | pyasn1_modules/rfc5280.py | 2 | ||||
-rw-r--r-- | pyasn1_modules/rfc6211.py | 18 |
4 files changed, 14 insertions, 13 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index de550b9..d5b7902 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -19,6 +19,7 @@ Revision 0.2.7, released XX-08-2019 RFC6402, RFC7191, and RFC8226 when the module is imported - Added RFC6211 providing CMS Algorithm Identifier Protection Attribute - Added RFC8449 providing Certificate Extension for Hash Of Root Key +- Updated RFC2459 and RFC5280 for TODO in the certificate extension map Revision 0.2.6, released 31-07-2019 ----------------------------------- diff --git a/pyasn1_modules/rfc2459.py b/pyasn1_modules/rfc2459.py index 2a2e696..9f35787 100644 --- a/pyasn1_modules/rfc2459.py +++ b/pyasn1_modules/rfc2459.py @@ -1,6 +1,9 @@ # # This file is part of pyasn1-modules software. # +# Updated by Russ Housley to resolve the TODO regarding the Certificate +# Policies Certificate Extension. +# # Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> # License: http://snmplabs.com/pyasn1/license.html # @@ -1312,8 +1315,7 @@ _certificateExtensionsMapUpdate = { id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(), id_ce_keyUsage: KeyUsage(), id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(), -# TODO -# id_ce_certificatePolicies: PolicyInformation(), # could be a sequence of concat'ed objects? + id_ce_certificatePolicies: CertificatePolicies(), id_ce_policyMappings: PolicyMappings(), id_ce_subjectAltName: SubjectAltName(), id_ce_issuerAltName: IssuerAltName(), diff --git a/pyasn1_modules/rfc5280.py b/pyasn1_modules/rfc5280.py index 181584c..f2b52b2 100644 --- a/pyasn1_modules/rfc5280.py +++ b/pyasn1_modules/rfc5280.py @@ -1635,7 +1635,7 @@ _certificateExtensionsMap = { id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(), id_ce_keyUsage: KeyUsage(), id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(), - id_ce_certificatePolicies: PolicyInformation(), # could be a sequence of concat'ed objects? + id_ce_certificatePolicies: CertificatePolicies(), id_ce_policyMappings: PolicyMappings(), id_ce_subjectAltName: SubjectAltName(), id_ce_issuerAltName: IssuerAltName(), diff --git a/pyasn1_modules/rfc6211.py b/pyasn1_modules/rfc6211.py index 3853817..abd7a86 100644 --- a/pyasn1_modules/rfc6211.py +++ b/pyasn1_modules/rfc6211.py @@ -47,16 +47,14 @@ CMSAlgorithmProtection.componentType = namedtype.NamedTypes( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) -# TODO: Add constraints to implement the WITH COMPONENTS part of the ASN.1: -# -# CMSAlgorithmProtection.subtypeSpec = constraint.ConstraintsIntersection( -# constraint.WithComponentsConstraint( -# ('signatureAlgorithm', constraint.ComponentPresentConstraint()), -# ('macAlgorithm', constraint.ComponentAbsentConstraint())), -# constraint.WithComponentsConstraint( -# ('signatureAlgorithm', constraint.ComponentAbsentConstraint()), -# ('macAlgorithm', constraint.ComponentPresentConstraint())) -# ) +CMSAlgorithmProtection.subtypeSpec = constraint.ConstraintsUnion( + constraint.WithComponentsConstraint( + ('signatureAlgorithm', constraint.ComponentPresentConstraint()), + ('macAlgorithm', constraint.ComponentAbsentConstraint())), + constraint.WithComponentsConstraint( + ('signatureAlgorithm', constraint.ComponentAbsentConstraint()), + ('macAlgorithm', constraint.ComponentPresentConstraint())) +) aa_cmsAlgorithmProtection = rfc5652.Attribute() |