diff options
author | Ilya Etingof <etingof@gmail.com> | 2017-11-21 22:59:33 +0100 |
---|---|---|
committer | Ilya Etingof <etingof@gmail.com> | 2017-11-21 22:59:33 +0100 |
commit | bb8afab7c503f99bc61bdaeb3c075f37ace534bd (patch) | |
tree | 48be57e3248c63a318db61ae2cc00a346715fd5a /pyasn1_modules | |
parent | 620874bd43fb650b19d3c7b1a306888b7acd840a (diff) | |
parent | 5d61d1c03da165e4b7d082ddadf8be4462801eed (diff) | |
download | pyasn1-modules-bb8afab7c503f99bc61bdaeb3c075f37ace534bd.tar.gz |
Merge branch 'devel-0.2.1'
Diffstat (limited to 'pyasn1_modules')
-rw-r--r-- | pyasn1_modules/__init__.py | 2 | ||||
-rw-r--r-- | pyasn1_modules/rfc2315.py | 32 | ||||
-rw-r--r-- | pyasn1_modules/rfc2459.py | 539 | ||||
-rw-r--r-- | pyasn1_modules/rfc5280.py | 105 |
4 files changed, 369 insertions, 309 deletions
diff --git a/pyasn1_modules/__init__.py b/pyasn1_modules/__init__.py index ba164a2..d0c5e53 100644 --- a/pyasn1_modules/__init__.py +++ b/pyasn1_modules/__init__.py @@ -1,2 +1,2 @@ # http://www.python.org/dev/peps/pep-0396/ -__version__ = '0.1.5' +__version__ = '0.2.1' diff --git a/pyasn1_modules/rfc2315.py b/pyasn1_modules/rfc2315.py index cf732b0..158aee7 100644 --- a/pyasn1_modules/rfc2315.py +++ b/pyasn1_modules/rfc2315.py @@ -25,7 +25,8 @@ class Attribute(univ.Sequence): class AttributeValueAssertion(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('attributeType', AttributeType()), - namedtype.NamedType('attributeValue', AttributeValue()) + namedtype.NamedType('attributeValue', AttributeValue(), + openType=opentype.OpenType('type', certificateAttributesMap)) ) @@ -50,12 +51,19 @@ class EncryptedContent(univ.OctetString): pass +contentTypeMap = {} + + class EncryptedContentInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('contentType', ContentType()), namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()), - namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) + namedtype.OptionalNamedType( + 'encryptedContent', EncryptedContent().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) + ), + openType=opentype.OpenType('contentType', contentTypeMap) + ) ) @@ -85,8 +93,11 @@ class Digest(univ.OctetString): class ContentInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('contentType', ContentType()), - namedtype.OptionalNamedType('content', univ.Any().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) + namedtype.OptionalNamedType( + 'content', + univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)), + openType=opentype.OpenType('contentType', contentTypeMap) + ) ) @@ -270,3 +281,14 @@ class SignedData(univ.Sequence): class Data(univ.OctetString): pass + +_contentTypeMapUpdate = { + data: Data(), + signedData: SignedData(), + envelopedData: EnvelopedData(), + signedAndEnvelopedData: SignedAndEnvelopedData(), + digestedData: DigestedData(), + encryptedData: EncryptedData() +} + +contentTypeMap.update(_contentTypeMapUpdate)
\ No newline at end of file diff --git a/pyasn1_modules/rfc2459.py b/pyasn1_modules/rfc2459.py index c988c4f..6855482 100644 --- a/pyasn1_modules/rfc2459.py +++ b/pyasn1_modules/rfc2459.py @@ -13,7 +13,7 @@ # Sample captures from: # http://wiki.wireshark.org/SampleCaptures/ # -from pyasn1.type import tag, namedtype, namedval, univ, constraint, char, useful +from pyasn1.type import tag, namedtype, namedval, opentype, univ, constraint, char, useful MAX = float('inf') @@ -84,26 +84,6 @@ id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1') id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2') -class AttributeValue(univ.Any): - pass - - -class AttributeType(univ.ObjectIdentifier): - pass - - -class AttributeTypeAndValue(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('type', AttributeType()), - namedtype.NamedType('value', AttributeValue()) - ) - - -class Attribute(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('type', AttributeType()), - namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) - ) id_at = univ.ObjectIdentifier('2.5.4') @@ -277,19 +257,6 @@ class DSAPrivateKey(univ.Sequence): # ---- -class RelativeDistinguishedName(univ.SetOf): - componentType = AttributeTypeAndValue() - - -class RDNSequence(univ.SequenceOf): - componentType = RelativeDistinguishedName() - - -class Name(univ.Choice): - componentType = namedtype.NamedTypes( - namedtype.NamedType('', RDNSequence()) - ) - class DirectoryString(univ.Choice): componentType = namedtype.NamedTypes( @@ -316,111 +283,6 @@ class AlgorithmIdentifier(univ.Sequence): ) -class Extension(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('extnID', univ.ObjectIdentifier()), - namedtype.DefaultedNamedType('critical', univ.Boolean('False')), - namedtype.NamedType('extnValue', univ.Any()) - ) - - -class Extensions(univ.SequenceOf): - componentType = Extension() - sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) - - -class SubjectPublicKeyInfo(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('algorithm', AlgorithmIdentifier()), - namedtype.NamedType('subjectPublicKey', univ.BitString()) - ) - - -class UniqueIdentifier(univ.BitString): - pass - - -class Time(univ.Choice): - componentType = namedtype.NamedTypes( - namedtype.NamedType('utcTime', useful.UTCTime()), - namedtype.NamedType('generalTime', useful.GeneralizedTime()) - ) - - -class Validity(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('notBefore', Time()), - namedtype.NamedType('notAfter', Time()) - ) - - -class CertificateSerialNumber(univ.Integer): - pass - - -class Version(univ.Integer): - namedValues = namedval.NamedValues( - ('v1', 0), ('v2', 1), ('v3', 2) - ) - - -class TBSCertificate(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.DefaultedNamedType('version', Version('v1').subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('serialNumber', CertificateSerialNumber()), - namedtype.NamedType('signature', AlgorithmIdentifier()), - namedtype.NamedType('issuer', Name()), - namedtype.NamedType('validity', Validity()), - namedtype.NamedType('subject', Name()), - namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), - namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.OptionalNamedType('extensions', Extensions().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) - ) - - -class Certificate(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('tbsCertificate', TBSCertificate()), - namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), - namedtype.NamedType('signatureValue', univ.BitString()) - ) - - -# CRL structures - -class RevokedCertificate(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('userCertificate', CertificateSerialNumber()), - namedtype.NamedType('revocationDate', Time()), - namedtype.OptionalNamedType('crlEntryExtensions', Extensions()) - ) - - -class TBSCertList(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.OptionalNamedType('version', Version()), - namedtype.NamedType('signature', AlgorithmIdentifier()), - namedtype.NamedType('issuer', Name()), - namedtype.NamedType('thisUpdate', Time()), - namedtype.OptionalNamedType('nextUpdate', Time()), - namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())), - namedtype.OptionalNamedType('crlExtensions', Extensions().subtype( - explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) - ) - - -class CertificateList(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('tbsCertList', TBSCertList()), - namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), - namedtype.NamedType('signature', univ.BitString()) - ) - # Algorithm OIDs and parameter structures @@ -972,11 +834,6 @@ class BasicConstraints(univ.Sequence): id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9') -class SubjectDirectoryAttributes(univ.SequenceOf): - componentType = Attribute() - subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) - - class EDIPartyName(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype( @@ -986,76 +843,10 @@ class EDIPartyName(univ.Sequence): ) -class AnotherName(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('type-id', univ.ObjectIdentifier()), - namedtype.NamedType('value', - univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) - ) - - -class GeneralName(univ.Choice): - componentType = namedtype.NamedTypes( - namedtype.NamedType('otherName', - AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('rfc822Name', - char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.NamedType('dNSName', - char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.NamedType('x400Address', - ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), - namedtype.NamedType('directoryName', - Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), - namedtype.NamedType('ediPartyName', - EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), - namedtype.NamedType('uniformResourceIdentifier', - char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), - namedtype.NamedType('iPAddress', univ.OctetString().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), - namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) - ) - - -class GeneralNames(univ.SequenceOf): - componentType = GeneralName() - subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) - - -class AccessDescription(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('accessMethod', univ.ObjectIdentifier()), - namedtype.NamedType('accessLocation', GeneralName()) - ) - - -class AuthorityInfoAccessSyntax(univ.SequenceOf): - componentType = AccessDescription() - subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) - id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27') -class DistributionPointName(univ.Choice): - componentType = namedtype.NamedTypes( - namedtype.NamedType('fullName', GeneralNames().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) - ) - - -class DistributionPoint(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.OptionalNamedType('reasons', ReasonFlags().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) - ) - class BaseDistance(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX) @@ -1064,56 +855,14 @@ class BaseDistance(univ.Integer): id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31') -class CRLDistPointsSyntax(univ.SequenceOf): - componentType = DistributionPoint() - subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) - - id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28') -class IssuingDistributionPoint(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), - namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) - ) - - -class GeneralSubtree(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.NamedType('base', GeneralName()), - namedtype.DefaultedNamedType('minimum', BaseDistance(0).subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.OptionalNamedType('maximum', BaseDistance().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) - ) - - -class GeneralSubtrees(univ.SequenceOf): - componentType = GeneralSubtree() - subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30') -class NameConstraints(univ.Sequence): - componentType = namedtype.NamedTypes( - namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) - ) - - class DisplayText(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('visibleString', @@ -1232,6 +981,110 @@ class SubjectKeyIdentifier(KeyIdentifier): pass +id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29') + + +id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17') + + +id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18') + + +class AttributeValue(univ.Any): + pass + + +class AttributeType(univ.ObjectIdentifier): + pass + +certificateAttributesMap = {} + + +class AttributeTypeAndValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeType()), + namedtype.NamedType('value', AttributeValue(), + openType=opentype.OpenType('type', certificateAttributesMap)) + ) + + +class Attribute(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeType()), + namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) + ) + + +class SubjectDirectoryAttributes(univ.SequenceOf): + componentType = Attribute() + subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) + + +class RelativeDistinguishedName(univ.SetOf): + componentType = AttributeTypeAndValue() + + +class RDNSequence(univ.SequenceOf): + componentType = RelativeDistinguishedName() + + +class Name(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('', RDNSequence()) + ) + +class CertificateSerialNumber(univ.Integer): + pass + + +class AnotherName(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type-id', univ.ObjectIdentifier()), + namedtype.NamedType('value', + univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) + ) + + +class GeneralName(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('otherName', + AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('rfc822Name', + char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('dNSName', + char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.NamedType('x400Address', + ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.NamedType('directoryName', + Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), + namedtype.NamedType('ediPartyName', + EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), + namedtype.NamedType('uniformResourceIdentifier', + char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), + namedtype.NamedType('iPAddress', univ.OctetString().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), + namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) + ) + + +class GeneralNames(univ.SequenceOf): + componentType = GeneralName() + subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) + + +class AccessDescription(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('accessMethod', univ.ObjectIdentifier()), + namedtype.NamedType('accessLocation', GeneralName()) + ) + + +class AuthorityInfoAccessSyntax(univ.SequenceOf): + componentType = AccessDescription() + subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) + + class AuthorityKeyIdentifier(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype( @@ -1243,30 +1096,189 @@ class AuthorityKeyIdentifier(univ.Sequence): ) -id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29') +class DistributionPointName(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('fullName', GeneralNames().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + ) + + +class DistributionPoint(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('reasons', ReasonFlags().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) + ) + + +class CRLDistPointsSyntax(univ.SequenceOf): + componentType = DistributionPoint() + subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) + + +class IssuingDistributionPoint(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) + ) + + +class GeneralSubtree(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('base', GeneralName()), + namedtype.DefaultedNamedType('minimum', BaseDistance(0).subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('maximum', BaseDistance().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + ) + + +class GeneralSubtrees(univ.SequenceOf): + componentType = GeneralSubtree() + subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) + + +class NameConstraints(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) + ) class CertificateIssuer(GeneralNames): pass -id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17') +class SubjectAltName(GeneralNames): + pass -class SubjectAltName(GeneralNames): +class IssuerAltName(GeneralNames): pass -id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18') +certificateExtensionsMap = {} -class IssuerAltName(GeneralNames): +class Extension(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('extnID', univ.ObjectIdentifier()), + namedtype.DefaultedNamedType('critical', univ.Boolean('False')), + namedtype.NamedType('extnValue', univ.OctetString(), + openType=opentype.OpenType('extnID', certificateExtensionsMap)) + ) + + +class Extensions(univ.SequenceOf): + componentType = Extension() + sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) + + +class SubjectPublicKeyInfo(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('algorithm', AlgorithmIdentifier()), + namedtype.NamedType('subjectPublicKey', univ.BitString()) + ) + + +class UniqueIdentifier(univ.BitString): pass +class Time(univ.Choice): + componentType = namedtype.NamedTypes( + namedtype.NamedType('utcTime', useful.UTCTime()), + namedtype.NamedType('generalTime', useful.GeneralizedTime()) + ) + + +class Validity(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('notBefore', Time()), + namedtype.NamedType('notAfter', Time()) + ) + + +class Version(univ.Integer): + namedValues = namedval.NamedValues( + ('v1', 0), ('v2', 1), ('v3', 2) + ) + + +class TBSCertificate(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.DefaultedNamedType('version', Version('v1').subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('serialNumber', CertificateSerialNumber()), + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('issuer', Name()), + namedtype.NamedType('validity', Validity()), + namedtype.NamedType('subject', Name()), + namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), + namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype( + implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('extensions', Extensions().subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) + ) + + +class Certificate(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('tbsCertificate', TBSCertificate()), + namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('signatureValue', univ.BitString()) + ) + +# CRL structures + +class RevokedCertificate(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('userCertificate', CertificateSerialNumber()), + namedtype.NamedType('revocationDate', Time()), + namedtype.OptionalNamedType('crlEntryExtensions', Extensions()) + ) + + +class TBSCertList(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('version', Version()), + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('issuer', Name()), + namedtype.NamedType('thisUpdate', Time()), + namedtype.OptionalNamedType('nextUpdate', Time()), + namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())), + namedtype.OptionalNamedType('crlExtensions', Extensions().subtype( + explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) + ) + + +class CertificateList(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('tbsCertList', TBSCertList()), + namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('signature', univ.BitString()) + ) + # map of AttributeType -> AttributeValue -certificateAttributesMap = { +_certificateAttributesMapUpdate = { id_at_name: X520name(), id_at_surname: X520name(), id_at_givenName: X520name(), @@ -1283,14 +1295,18 @@ certificateAttributesMap = { emailAddress: Pkcs9email(), } +certificateAttributesMap.update(_certificateAttributesMapUpdate) + + # map of Certificate Extension OIDs to Extensions -certificateExtensionsMap = { +_certificateExtensionsMapUpdate = { id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(), id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(), id_ce_keyUsage: KeyUsage(), id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(), - id_ce_certificatePolicies: PolicyInformation(), # could be a sequence of concat'ed objects? +# TODO +# id_ce_certificatePolicies: PolicyInformation(), # could be a sequence of concat'ed objects? id_ce_policyMappings: PolicyMappings(), id_ce_subjectAltName: SubjectAltName(), id_ce_issuerAltName: IssuerAltName(), @@ -1309,3 +1325,6 @@ certificateExtensionsMap = { id_ce_invalidityDate: useful.GeneralizedTime(), id_ce_certificateIssuer: GeneralNames(), } + +certificateExtensionsMap.update(_certificateExtensionsMapUpdate) + diff --git a/pyasn1_modules/rfc5280.py b/pyasn1_modules/rfc5280.py index 7d3aa69..c750f28 100644 --- a/pyasn1_modules/rfc5280.py +++ b/pyasn1_modules/rfc5280.py @@ -16,6 +16,7 @@ from pyasn1.type import univ from pyasn1.type import char from pyasn1.type import namedtype from pyasn1.type import namedval +from pyasn1.type import opentype from pyasn1.type import tag from pyasn1.type import constraint from pyasn1.type import useful @@ -279,13 +280,10 @@ class CertificateSerialNumber(univ.Integer): class AlgorithmIdentifier(univ.Sequence): - pass - - -AlgorithmIdentifier.componentType = namedtype.NamedTypes( - namedtype.NamedType('algorithm', univ.ObjectIdentifier()), - namedtype.OptionalNamedType('parameters', univ.Any()) -) + componentType = namedtype.NamedTypes( + namedtype.NamedType('algorithm', univ.ObjectIdentifier()), + namedtype.OptionalNamedType('parameters', univ.Any()) + ) class Time(univ.Choice): @@ -302,14 +300,17 @@ class AttributeValue(univ.Any): pass -class AttributeTypeAndValue(univ.Sequence): - pass +certificateAttributesMap = {} -AttributeTypeAndValue.componentType = namedtype.NamedTypes( - namedtype.NamedType('type', AttributeType()), - namedtype.NamedType('value', AttributeValue()) -) +class AttributeTypeAndValue(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeType()), + namedtype.NamedType( + 'value', AttributeValue(), + openType=opentype.OpenType('type', certificateAttributesMap) + ) + ) class RelativeDistinguishedName(univ.SetOf): @@ -379,18 +380,21 @@ class PhysicalDeliveryOfficeName(PDSParameter): ub_extension_attributes = univ.Integer(256) +certificateExtensionsMap = { -class ExtensionAttribute(univ.Sequence): - pass +} -ExtensionAttribute.componentType = namedtype.NamedTypes( - namedtype.NamedType('extension-attribute-type', univ.Integer().subtype( - subtypeSpec=constraint.ValueRangeConstraint(0, ub_extension_attributes)).subtype( - implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('extension-attribute-value', - univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) -) +class ExtensionAttribute(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'extension-attribute-type', + univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, ub_extension_attributes)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType( + 'extension-attribute-value', + univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)), + openType=opentype.OpenType('type', certificateExtensionsMap)) + ) id_qt = _buildOid(id_pkix, 2) @@ -737,13 +741,12 @@ X520SerialNumber.subtypeSpec = constraint.ValueSizeConstraint(1, ub_serial_numbe class Attribute(univ.Sequence): - pass - - -Attribute.componentType = namedtype.NamedTypes( - namedtype.NamedType('type', AttributeType()), - namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue())) -) + componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeType()), + namedtype.NamedType('values', + univ.SetOf(componentType=AttributeValue()), + openType=opentype.OpenType('type', certificateAttributesMap)) + ) ub_common_name = univ.Integer(64) @@ -1066,14 +1069,20 @@ PrivateKeyUsagePeriod.componentType = namedtype.NamedTypes( ) -class AnotherName(univ.Sequence): - pass +anotherNameMap = { +} -AnotherName.componentType = namedtype.NamedTypes( - namedtype.NamedType('type-id', univ.ObjectIdentifier()), - namedtype.NamedType('value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) -) + +class AnotherName(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('type-id', univ.ObjectIdentifier()), + namedtype.NamedType( + 'value', + univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)), + openType=opentype.OpenType('type-id', anotherNameMap) + ) + ) class EDIPartyName(univ.Sequence): @@ -1311,14 +1320,19 @@ class PolicyQualifierId(univ.ObjectIdentifier): pass -class PolicyQualifierInfo(univ.Sequence): - pass +policyQualifierInfoMap = { +} -PolicyQualifierInfo.componentType = namedtype.NamedTypes( - namedtype.NamedType('policyQualifierId', PolicyQualifierId()), - namedtype.NamedType('qualifier', univ.Any()) -) + +class PolicyQualifierInfo(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('policyQualifierId', PolicyQualifierId()), + namedtype.NamedType( + 'qualifier', univ.Any(), + openType=opentype.OpenType('policyQualifierId', policyQualifierInfoMap) + ) + ) class CertPolicyId(univ.ObjectIdentifier): @@ -1549,7 +1563,7 @@ id_ce_inhibitAnyPolicy = _buildOid(id_ce, 54) # map of AttributeType -> AttributeValue -certificateAttributesMap = { +_certificateAttributesMapUpdate = { id_at_name: X520name(), id_at_surname: X520name(), id_at_givenName: X520name(), @@ -1569,9 +1583,12 @@ certificateAttributesMap = { id_emailAddress: EmailAddress(), } +certificateAttributesMap.update(_certificateAttributesMapUpdate) + + # map of Certificate Extension OIDs to Extensions -certificateExtensionsMap = { +_certificateExtensionsMap = { id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(), id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(), id_ce_keyUsage: KeyUsage(), @@ -1595,3 +1612,5 @@ certificateExtensionsMap = { id_ce_invalidityDate: useful.GeneralizedTime(), id_ce_certificateIssuer: GeneralNames(), } + +certificateExtensionsMap.update(_certificateExtensionsMap) |