diff options
author | Ilya Etingof <etingof@gmail.com> | 2019-01-26 18:20:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-26 18:20:17 +0100 |
commit | 456d3f2987b901b3cd9dbb7774926b9d362c2f59 (patch) | |
tree | 0a62eb0dcd39f24502ab3b9307c64a07be9653ca /pyasn1_modules/rfc8226.py | |
parent | ee7f9f20a2464bf52b3895efe5f6c5ab999520eb (diff) | |
download | pyasn1-modules-456d3f2987b901b3cd9dbb7774926b9d362c2f59.tar.gz |
Add RFC8226 (#21)
Implement RFC8226
Implements JWT Claim Constraints and TN Authorization List for X.509
certificate extensions.
Also fixes bug in `rfc5280.AlgorithmIdentifier` ANY type definition.
Diffstat (limited to 'pyasn1_modules/rfc8226.py')
-rw-r--r-- | pyasn1_modules/rfc8226.py | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/pyasn1_modules/rfc8226.py b/pyasn1_modules/rfc8226.py new file mode 100644 index 0000000..cd9bfd1 --- /dev/null +++ b/pyasn1_modules/rfc8226.py @@ -0,0 +1,123 @@ +# This file is being contributed to pyasn1-modules software. +# +# Created by Russ Housley with assistance from the asn1ate tool, with manual +# changes to implement appropriate constraints and added comments +# +# Copyright (c) 2019, Vigil Security, LLC +# License: http://snmplabs.com/pyasn1/license.html +# +# JWT Claim Constraints and TN Authorization List for certificate extensions. +# +# ASN.1 source from: +# https://www.rfc-editor.org/rfc/rfc8226.txt (with errata corrected) + +from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful + + +MAX = float('inf') + + +def _OID(*components): + output = [] + for x in tuple(components): + if isinstance(x, univ.ObjectIdentifier): + output.extend(list(x)) + else: + output.append(int(x)) + + return univ.ObjectIdentifier(output) + + +class JWTClaimName(char.IA5String): + pass + + +class JWTClaimNames(univ.SequenceOf): + pass + + +JWTClaimNames.componentType = JWTClaimName() +JWTClaimNames.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) + + +class JWTClaimPermittedValues(univ.Sequence): + pass + + +JWTClaimPermittedValues.componentType = namedtype.NamedTypes( + namedtype.NamedType('claim', JWTClaimName()), + namedtype.NamedType('permitted', univ.SequenceOf(componentType=char.UTF8String()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) +) + + +class JWTClaimPermittedValuesList(univ.SequenceOf): + pass + + +JWTClaimPermittedValuesList.componentType = JWTClaimPermittedValues() +JWTClaimPermittedValuesList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) + + +class JWTClaimConstraints(univ.Sequence): + pass + + +JWTClaimConstraints.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('mustInclude', JWTClaimNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('permittedValues', JWTClaimPermittedValuesList().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +JWTClaimConstraints.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2) + + +id_pe_JWTClaimConstraints = _OID(1, 3, 6, 1, 5, 5, 7, 1, 27) + + +class ServiceProviderCode(char.IA5String): + pass + + +class TelephoneNumber(char.IA5String): + pass + + +TelephoneNumber.subtypeSpec = constraint.ConstraintsIntersection( + constraint.ValueSizeConstraint(1, 15), + constraint.PermittedAlphabetConstraint('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*') +) + + +class TelephoneNumberRange(univ.Sequence): + pass + + +TelephoneNumberRange.componentType = namedtype.NamedTypes( + namedtype.NamedType('start', TelephoneNumber()), + namedtype.NamedType('count', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(2, MAX))) +) + + +class TNEntry(univ.Choice): + pass + + +TNEntry.componentType = namedtype.NamedTypes( + namedtype.NamedType('spc', ServiceProviderCode().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('range', TelephoneNumberRange().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.NamedType('one', TelephoneNumber().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) + + +class TNAuthorizationList(univ.SequenceOf): + pass + + +TNAuthorizationList.componentType = TNEntry() +TNAuthorizationList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) + + +id_pe_TNAuthList = _OID(1, 3, 6, 1, 5, 5, 7, 1, 26) + + +id_ad_stirTNList = _OID(1, 3, 6, 1, 5, 5, 7, 48, 14) |