1# 2# This file is part of pyasn1-modules software. 3# 4# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 5# License: http://pyasn1.sf.net/license.html 6# 7# X.509 message syntax 8# 9# ASN.1 source from: 10# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn 11# http://www.ietf.org/rfc/rfc2459.txt 12# 13# Sample captures from: 14# http://wiki.wireshark.org/SampleCaptures/ 15# 16from pyasn1.type import tag, namedtype, namedval, univ, constraint, char, useful 17 18MAX = float('inf') 19 20# 21# PKIX1Explicit88 22# 23 24# Upper Bounds 25ub_name = univ.Integer(32768) 26ub_common_name = univ.Integer(64) 27ub_locality_name = univ.Integer(128) 28ub_state_name = univ.Integer(128) 29ub_organization_name = univ.Integer(64) 30ub_organizational_unit_name = univ.Integer(64) 31ub_title = univ.Integer(64) 32ub_match = univ.Integer(128) 33ub_emailaddress_length = univ.Integer(128) 34ub_common_name_length = univ.Integer(64) 35ub_country_name_alpha_length = univ.Integer(2) 36ub_country_name_numeric_length = univ.Integer(3) 37ub_domain_defined_attributes = univ.Integer(4) 38ub_domain_defined_attribute_type_length = univ.Integer(8) 39ub_domain_defined_attribute_value_length = univ.Integer(128) 40ub_domain_name_length = univ.Integer(16) 41ub_extension_attributes = univ.Integer(256) 42ub_e163_4_number_length = univ.Integer(15) 43ub_e163_4_sub_address_length = univ.Integer(40) 44ub_generation_qualifier_length = univ.Integer(3) 45ub_given_name_length = univ.Integer(16) 46ub_initials_length = univ.Integer(5) 47ub_integer_options = univ.Integer(256) 48ub_numeric_user_id_length = univ.Integer(32) 49ub_organization_name_length = univ.Integer(64) 50ub_organizational_unit_name_length = univ.Integer(32) 51ub_organizational_units = univ.Integer(4) 52ub_pds_name_length = univ.Integer(16) 53ub_pds_parameter_length = univ.Integer(30) 54ub_pds_physical_address_lines = univ.Integer(6) 55ub_postal_code_length = univ.Integer(16) 56ub_surname_length = univ.Integer(40) 57ub_terminal_id_length = univ.Integer(24) 58ub_unformatted_address_length = univ.Integer(180) 59ub_x121_address_length = univ.Integer(16) 60 61 62class UniversalString(char.UniversalString): 63 pass 64 65 66class BMPString(char.BMPString): 67 pass 68 69 70class UTF8String(char.UTF8String): 71 pass 72 73 74id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7') 75id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1') 76id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2') 77id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3') 78id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48') 79 80id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1') 81id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2') 82 83id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1') 84id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2') 85 86 87class AttributeValue(univ.Any): 88 pass 89 90 91class AttributeType(univ.ObjectIdentifier): 92 pass 93 94 95class AttributeTypeAndValue(univ.Sequence): 96 componentType = namedtype.NamedTypes( 97 namedtype.NamedType('type', AttributeType()), 98 namedtype.NamedType('value', AttributeValue()) 99 ) 100 101 102class Attribute(univ.Sequence): 103 componentType = namedtype.NamedTypes( 104 namedtype.NamedType('type', AttributeType()), 105 namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) 106 ) 107 108 109id_at = univ.ObjectIdentifier('2.5.4') 110id_at_name = univ.ObjectIdentifier('2.5.4.41') 111# preserve misspelled variable for compatibility 112id_at_sutname = id_at_surname = univ.ObjectIdentifier('2.5.4.4') 113id_at_givenName = univ.ObjectIdentifier('2.5.4.42') 114id_at_initials = univ.ObjectIdentifier('2.5.4.43') 115id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44') 116 117 118class X520name(univ.Choice): 119 componentType = namedtype.NamedTypes( 120 namedtype.NamedType('teletexString', 121 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 122 namedtype.NamedType('printableString', 123 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 124 namedtype.NamedType('universalString', 125 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 126 namedtype.NamedType('utf8String', 127 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 128 namedtype.NamedType('bmpString', 129 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))) 130 ) 131 132 133id_at_commonName = univ.ObjectIdentifier('2.5.4.3') 134 135 136class X520CommonName(univ.Choice): 137 componentType = namedtype.NamedTypes( 138 namedtype.NamedType('teletexString', char.TeletexString().subtype( 139 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 140 namedtype.NamedType('printableString', char.PrintableString().subtype( 141 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 142 namedtype.NamedType('universalString', char.UniversalString().subtype( 143 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 144 namedtype.NamedType('utf8String', 145 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 146 namedtype.NamedType('bmpString', 147 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))) 148 ) 149 150 151id_at_localityName = univ.ObjectIdentifier('2.5.4.7') 152 153 154class X520LocalityName(univ.Choice): 155 componentType = namedtype.NamedTypes( 156 namedtype.NamedType('teletexString', char.TeletexString().subtype( 157 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 158 namedtype.NamedType('printableString', char.PrintableString().subtype( 159 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 160 namedtype.NamedType('universalString', char.UniversalString().subtype( 161 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 162 namedtype.NamedType('utf8String', 163 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 164 namedtype.NamedType('bmpString', 165 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))) 166 ) 167 168 169id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8') 170 171 172class X520StateOrProvinceName(univ.Choice): 173 componentType = namedtype.NamedTypes( 174 namedtype.NamedType('teletexString', 175 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 176 namedtype.NamedType('printableString', char.PrintableString().subtype( 177 subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 178 namedtype.NamedType('universalString', char.UniversalString().subtype( 179 subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 180 namedtype.NamedType('utf8String', 181 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 182 namedtype.NamedType('bmpString', 183 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))) 184 ) 185 186 187id_at_organizationName = univ.ObjectIdentifier('2.5.4.10') 188 189 190class X520OrganizationName(univ.Choice): 191 componentType = namedtype.NamedTypes( 192 namedtype.NamedType('teletexString', char.TeletexString().subtype( 193 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 194 namedtype.NamedType('printableString', char.PrintableString().subtype( 195 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 196 namedtype.NamedType('universalString', char.UniversalString().subtype( 197 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 198 namedtype.NamedType('utf8String', char.UTF8String().subtype( 199 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 200 namedtype.NamedType('bmpString', char.BMPString().subtype( 201 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))) 202 ) 203 204 205id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11') 206 207 208class X520OrganizationalUnitName(univ.Choice): 209 componentType = namedtype.NamedTypes( 210 namedtype.NamedType('teletexString', char.TeletexString().subtype( 211 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 212 namedtype.NamedType('printableString', char.PrintableString().subtype( 213 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 214 namedtype.NamedType('universalString', char.UniversalString().subtype( 215 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 216 namedtype.NamedType('utf8String', char.UTF8String().subtype( 217 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 218 namedtype.NamedType('bmpString', char.BMPString().subtype( 219 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))) 220 ) 221 222 223id_at_title = univ.ObjectIdentifier('2.5.4.12') 224 225 226class X520Title(univ.Choice): 227 componentType = namedtype.NamedTypes( 228 namedtype.NamedType('teletexString', 229 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 230 namedtype.NamedType('printableString', 231 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 232 namedtype.NamedType('universalString', 233 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 234 namedtype.NamedType('utf8String', 235 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 236 namedtype.NamedType('bmpString', 237 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))) 238 ) 239 240 241id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46') 242 243 244class X520dnQualifier(char.PrintableString): 245 pass 246 247 248id_at_countryName = univ.ObjectIdentifier('2.5.4.6') 249 250 251class X520countryName(char.PrintableString): 252 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2) 253 254 255pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9') 256 257emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1') 258 259 260class Pkcs9email(char.IA5String): 261 subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length) 262 263 264# ---- 265 266class DSAPrivateKey(univ.Sequence): 267 """PKIX compliant DSA private key structure""" 268 componentType = namedtype.NamedTypes( 269 namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))), 270 namedtype.NamedType('p', univ.Integer()), 271 namedtype.NamedType('q', univ.Integer()), 272 namedtype.NamedType('g', univ.Integer()), 273 namedtype.NamedType('public', univ.Integer()), 274 namedtype.NamedType('private', univ.Integer()) 275 ) 276 277 278# ---- 279 280class RelativeDistinguishedName(univ.SetOf): 281 componentType = AttributeTypeAndValue() 282 283 284class RDNSequence(univ.SequenceOf): 285 componentType = RelativeDistinguishedName() 286 287 288class Name(univ.Choice): 289 componentType = namedtype.NamedTypes( 290 namedtype.NamedType('', RDNSequence()) 291 ) 292 293 294class DirectoryString(univ.Choice): 295 componentType = namedtype.NamedTypes( 296 namedtype.NamedType('teletexString', 297 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 298 namedtype.NamedType('printableString', 299 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 300 namedtype.NamedType('universalString', 301 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 302 namedtype.NamedType('utf8String', 303 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 304 namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 305 namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 306 # hm, this should not be here!? XXX 307 ) 308 309 310# certificate and CRL specific structures begin here 311 312class AlgorithmIdentifier(univ.Sequence): 313 componentType = namedtype.NamedTypes( 314 namedtype.NamedType('algorithm', univ.ObjectIdentifier()), 315 namedtype.OptionalNamedType('parameters', univ.Any()) 316 ) 317 318 319class Extension(univ.Sequence): 320 componentType = namedtype.NamedTypes( 321 namedtype.NamedType('extnID', univ.ObjectIdentifier()), 322 namedtype.DefaultedNamedType('critical', univ.Boolean('False')), 323 namedtype.NamedType('extnValue', univ.Any()) 324 ) 325 326 327class Extensions(univ.SequenceOf): 328 componentType = Extension() 329 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 330 331 332class SubjectPublicKeyInfo(univ.Sequence): 333 componentType = namedtype.NamedTypes( 334 namedtype.NamedType('algorithm', AlgorithmIdentifier()), 335 namedtype.NamedType('subjectPublicKey', univ.BitString()) 336 ) 337 338 339class UniqueIdentifier(univ.BitString): 340 pass 341 342 343class Time(univ.Choice): 344 componentType = namedtype.NamedTypes( 345 namedtype.NamedType('utcTime', useful.UTCTime()), 346 namedtype.NamedType('generalTime', useful.GeneralizedTime()) 347 ) 348 349 350class Validity(univ.Sequence): 351 componentType = namedtype.NamedTypes( 352 namedtype.NamedType('notBefore', Time()), 353 namedtype.NamedType('notAfter', Time()) 354 ) 355 356 357class CertificateSerialNumber(univ.Integer): 358 pass 359 360 361class Version(univ.Integer): 362 namedValues = namedval.NamedValues( 363 ('v1', 0), ('v2', 1), ('v3', 2) 364 ) 365 366 367class TBSCertificate(univ.Sequence): 368 componentType = namedtype.NamedTypes( 369 namedtype.DefaultedNamedType('version', Version('v1').subtype( 370 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 371 namedtype.NamedType('serialNumber', CertificateSerialNumber()), 372 namedtype.NamedType('signature', AlgorithmIdentifier()), 373 namedtype.NamedType('issuer', Name()), 374 namedtype.NamedType('validity', Validity()), 375 namedtype.NamedType('subject', Name()), 376 namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), 377 namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype( 378 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 379 namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype( 380 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 381 namedtype.OptionalNamedType('extensions', Extensions().subtype( 382 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 383 ) 384 385 386class Certificate(univ.Sequence): 387 componentType = namedtype.NamedTypes( 388 namedtype.NamedType('tbsCertificate', TBSCertificate()), 389 namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), 390 namedtype.NamedType('signatureValue', univ.BitString()) 391 ) 392 393 394# CRL structures 395 396class RevokedCertificate(univ.Sequence): 397 componentType = namedtype.NamedTypes( 398 namedtype.NamedType('userCertificate', CertificateSerialNumber()), 399 namedtype.NamedType('revocationDate', Time()), 400 namedtype.OptionalNamedType('crlEntryExtensions', Extensions()) 401 ) 402 403 404class TBSCertList(univ.Sequence): 405 componentType = namedtype.NamedTypes( 406 namedtype.OptionalNamedType('version', Version()), 407 namedtype.NamedType('signature', AlgorithmIdentifier()), 408 namedtype.NamedType('issuer', Name()), 409 namedtype.NamedType('thisUpdate', Time()), 410 namedtype.OptionalNamedType('nextUpdate', Time()), 411 namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())), 412 namedtype.OptionalNamedType('crlExtensions', Extensions().subtype( 413 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) 414 ) 415 416 417class CertificateList(univ.Sequence): 418 componentType = namedtype.NamedTypes( 419 namedtype.NamedType('tbsCertList', TBSCertList()), 420 namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), 421 namedtype.NamedType('signature', univ.BitString()) 422 ) 423 424 425# Algorithm OIDs and parameter structures 426 427pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1') 428rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1') 429md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2') 430md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4') 431sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5') 432id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3') 433 434 435class Dss_Sig_Value(univ.Sequence): 436 componentType = namedtype.NamedTypes( 437 namedtype.NamedType('r', univ.Integer()), 438 namedtype.NamedType('s', univ.Integer()) 439 ) 440 441 442dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1') 443 444 445class ValidationParms(univ.Sequence): 446 componentType = namedtype.NamedTypes( 447 namedtype.NamedType('seed', univ.BitString()), 448 namedtype.NamedType('pgenCounter', univ.Integer()) 449 ) 450 451 452class DomainParameters(univ.Sequence): 453 componentType = namedtype.NamedTypes( 454 namedtype.NamedType('p', univ.Integer()), 455 namedtype.NamedType('g', univ.Integer()), 456 namedtype.NamedType('q', univ.Integer()), 457 namedtype.NamedType('j', univ.Integer()), 458 namedtype.OptionalNamedType('validationParms', ValidationParms()) 459 ) 460 461 462id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1') 463 464 465class Dss_Parms(univ.Sequence): 466 componentType = namedtype.NamedTypes( 467 namedtype.NamedType('p', univ.Integer()), 468 namedtype.NamedType('q', univ.Integer()), 469 namedtype.NamedType('g', univ.Integer()) 470 ) 471 472 473# x400 address syntax starts here 474 475teletex_domain_defined_attributes = univ.Integer(6) 476 477 478class TeletexDomainDefinedAttribute(univ.Sequence): 479 componentType = namedtype.NamedTypes( 480 namedtype.NamedType('type', char.TeletexString().subtype( 481 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), 482 namedtype.NamedType('value', char.TeletexString()) 483 ) 484 485 486class TeletexDomainDefinedAttributes(univ.SequenceOf): 487 componentType = TeletexDomainDefinedAttribute() 488 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) 489 490 491terminal_type = univ.Integer(23) 492 493 494class TerminalType(univ.Integer): 495 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options) 496 namedValues = namedval.NamedValues( 497 ('telex', 3), 498 ('teletelex', 4), 499 ('g3-facsimile', 5), 500 ('g4-facsimile', 6), 501 ('ia5-terminal', 7), 502 ('videotex', 8) 503 ) 504 505 506class PresentationAddress(univ.Sequence): 507 componentType = namedtype.NamedTypes( 508 namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype( 509 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 510 namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype( 511 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 512 namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype( 513 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 514 namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype( 515 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3), 516 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 517 ) 518 519 520extended_network_address = univ.Integer(22) 521 522 523class E163_4_address(univ.Sequence): 524 componentType = namedtype.NamedTypes( 525 namedtype.NamedType('number', char.NumericString().subtype( 526 subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length), 527 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 528 namedtype.OptionalNamedType('sub-address', char.NumericString().subtype( 529 subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length), 530 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 531 ) 532 533 534class ExtendedNetworkAddress(univ.Choice): 535 componentType = namedtype.NamedTypes( 536 namedtype.NamedType('e163-4-address', E163_4_address()), 537 namedtype.NamedType('psap-address', PresentationAddress().subtype( 538 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 539 ) 540 541 542class PDSParameter(univ.Set): 543 componentType = namedtype.NamedTypes( 544 namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype( 545 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))), 546 namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype( 547 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))) 548 ) 549 550 551local_postal_attributes = univ.Integer(21) 552 553 554class LocalPostalAttributes(PDSParameter): 555 pass 556 557 558class UniquePostalName(PDSParameter): 559 pass 560 561 562unique_postal_name = univ.Integer(20) 563 564poste_restante_address = univ.Integer(19) 565 566 567class PosteRestanteAddress(PDSParameter): 568 pass 569 570 571post_office_box_address = univ.Integer(18) 572 573 574class PostOfficeBoxAddress(PDSParameter): 575 pass 576 577 578street_address = univ.Integer(17) 579 580 581class StreetAddress(PDSParameter): 582 pass 583 584 585class UnformattedPostalAddress(univ.Set): 586 componentType = namedtype.NamedTypes( 587 namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype( 588 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype( 589 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))), 590 namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype( 591 subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length))) 592 ) 593 594 595physical_delivery_office_name = univ.Integer(10) 596 597 598class PhysicalDeliveryOfficeName(PDSParameter): 599 pass 600 601 602physical_delivery_office_number = univ.Integer(11) 603 604 605class PhysicalDeliveryOfficeNumber(PDSParameter): 606 pass 607 608 609extension_OR_address_components = univ.Integer(12) 610 611 612class ExtensionORAddressComponents(PDSParameter): 613 pass 614 615 616physical_delivery_personal_name = univ.Integer(13) 617 618 619class PhysicalDeliveryPersonalName(PDSParameter): 620 pass 621 622 623physical_delivery_organization_name = univ.Integer(14) 624 625 626class PhysicalDeliveryOrganizationName(PDSParameter): 627 pass 628 629 630extension_physical_delivery_address_components = univ.Integer(15) 631 632 633class ExtensionPhysicalDeliveryAddressComponents(PDSParameter): 634 pass 635 636 637unformatted_postal_address = univ.Integer(16) 638 639postal_code = univ.Integer(9) 640 641 642class PostalCode(univ.Choice): 643 componentType = namedtype.NamedTypes( 644 namedtype.NamedType('numeric-code', char.NumericString().subtype( 645 subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))), 646 namedtype.NamedType('printable-code', char.PrintableString().subtype( 647 subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))) 648 ) 649 650 651class PhysicalDeliveryCountryName(univ.Choice): 652 componentType = namedtype.NamedTypes( 653 namedtype.NamedType('x121-dcc-code', char.NumericString().subtype( 654 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, 655 ub_country_name_numeric_length))), 656 namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype( 657 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) 658 ) 659 660 661class PDSName(char.PrintableString): 662 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length) 663 664 665physical_delivery_country_name = univ.Integer(8) 666 667 668class TeletexOrganizationalUnitName(char.TeletexString): 669 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) 670 671 672pds_name = univ.Integer(7) 673 674teletex_organizational_unit_names = univ.Integer(5) 675 676 677class TeletexOrganizationalUnitNames(univ.SequenceOf): 678 componentType = TeletexOrganizationalUnitName() 679 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units) 680 681 682teletex_personal_name = univ.Integer(4) 683 684 685class TeletexPersonalName(univ.Set): 686 componentType = namedtype.NamedTypes( 687 namedtype.NamedType('surname', char.TeletexString().subtype( 688 subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), 689 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 690 namedtype.OptionalNamedType('given-name', char.TeletexString().subtype( 691 subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), 692 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 693 namedtype.OptionalNamedType('initials', char.TeletexString().subtype( 694 subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), 695 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 696 namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype( 697 subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), 698 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 699 ) 700 701 702teletex_organization_name = univ.Integer(3) 703 704 705class TeletexOrganizationName(char.TeletexString): 706 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length) 707 708 709teletex_common_name = univ.Integer(2) 710 711 712class TeletexCommonName(char.TeletexString): 713 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length) 714 715 716class CommonName(char.PrintableString): 717 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length) 718 719 720common_name = univ.Integer(1) 721 722 723class ExtensionAttribute(univ.Sequence): 724 componentType = namedtype.NamedTypes( 725 namedtype.NamedType('extension-attribute-type', univ.Integer().subtype( 726 subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes), 727 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 728 namedtype.NamedType('extension-attribute-value', 729 univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 730 ) 731 732 733class ExtensionAttributes(univ.SetOf): 734 componentType = ExtensionAttribute() 735 subtypeSpec = univ.SetOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes) 736 737 738class BuiltInDomainDefinedAttribute(univ.Sequence): 739 componentType = namedtype.NamedTypes( 740 namedtype.NamedType('type', char.PrintableString().subtype( 741 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), 742 namedtype.NamedType('value', char.PrintableString().subtype( 743 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length))) 744 ) 745 746 747class BuiltInDomainDefinedAttributes(univ.SequenceOf): 748 componentType = BuiltInDomainDefinedAttribute() 749 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) 750 751 752class OrganizationalUnitName(char.PrintableString): 753 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) 754 755 756class OrganizationalUnitNames(univ.SequenceOf): 757 componentType = OrganizationalUnitName() 758 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units) 759 760 761class PersonalName(univ.Set): 762 componentType = namedtype.NamedTypes( 763 namedtype.NamedType('surname', char.PrintableString().subtype( 764 subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), 765 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 766 namedtype.OptionalNamedType('given-name', char.PrintableString().subtype( 767 subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), 768 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 769 namedtype.OptionalNamedType('initials', char.PrintableString().subtype( 770 subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), 771 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 772 namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype( 773 subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), 774 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 775 ) 776 777 778class NumericUserIdentifier(char.NumericString): 779 subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length) 780 781 782class OrganizationName(char.PrintableString): 783 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length) 784 785 786class PrivateDomainName(univ.Choice): 787 componentType = namedtype.NamedTypes( 788 namedtype.NamedType('numeric', char.NumericString().subtype( 789 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))), 790 namedtype.NamedType('printable', char.PrintableString().subtype( 791 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))) 792 ) 793 794 795class TerminalIdentifier(char.PrintableString): 796 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length) 797 798 799class X121Address(char.NumericString): 800 subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length) 801 802 803class NetworkAddress(X121Address): 804 pass 805 806 807class AdministrationDomainName(univ.Choice): 808 tagSet = univ.Choice.tagSet.tagExplicitly( 809 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2) 810 ) 811 componentType = namedtype.NamedTypes( 812 namedtype.NamedType('numeric', char.NumericString().subtype( 813 subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))), 814 namedtype.NamedType('printable', char.PrintableString().subtype( 815 subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))) 816 ) 817 818 819class CountryName(univ.Choice): 820 tagSet = univ.Choice.tagSet.tagExplicitly( 821 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1) 822 ) 823 componentType = namedtype.NamedTypes( 824 namedtype.NamedType('x121-dcc-code', char.NumericString().subtype( 825 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, 826 ub_country_name_numeric_length))), 827 namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype( 828 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) 829 ) 830 831 832class BuiltInStandardAttributes(univ.Sequence): 833 componentType = namedtype.NamedTypes( 834 namedtype.OptionalNamedType('country-name', CountryName()), 835 namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()), 836 namedtype.OptionalNamedType('network-address', NetworkAddress().subtype( 837 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 838 namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype( 839 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 840 namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype( 841 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 842 namedtype.OptionalNamedType('organization-name', OrganizationName().subtype( 843 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 844 namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype( 845 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 846 namedtype.OptionalNamedType('personal-name', PersonalName().subtype( 847 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 848 namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype( 849 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))) 850 ) 851 852 853class ORAddress(univ.Sequence): 854 componentType = namedtype.NamedTypes( 855 namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()), 856 namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()), 857 namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes()) 858 ) 859 860 861# 862# PKIX1Implicit88 863# 864 865id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24') 866 867 868class InvalidityDate(useful.GeneralizedTime): 869 pass 870 871 872id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1') 873id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2') 874id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3') 875 876holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2') 877 878id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23') 879 880 881class HoldInstructionCode(univ.ObjectIdentifier): 882 pass 883 884 885id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21') 886 887 888class CRLReason(univ.Enumerated): 889 namedValues = namedval.NamedValues( 890 ('unspecified', 0), 891 ('keyCompromise', 1), 892 ('cACompromise', 2), 893 ('affiliationChanged', 3), 894 ('superseded', 4), 895 ('cessationOfOperation', 5), 896 ('certificateHold', 6), 897 ('removeFromCRL', 8) 898 ) 899 900 901id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20') 902 903 904class CRLNumber(univ.Integer): 905 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(0, MAX) 906 907 908class BaseCRLNumber(CRLNumber): 909 pass 910 911 912id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1') 913id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2') 914id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3') 915id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4') 916id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5') 917id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6') 918id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7') 919id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8') 920id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1') 921id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37') 922 923 924class KeyPurposeId(univ.ObjectIdentifier): 925 pass 926 927 928class ExtKeyUsageSyntax(univ.SequenceOf): 929 componentType = KeyPurposeId() 930 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 931 932 933class ReasonFlags(univ.BitString): 934 namedValues = namedval.NamedValues( 935 ('unused', 0), 936 ('keyCompromise', 1), 937 ('cACompromise', 2), 938 ('affiliationChanged', 3), 939 ('superseded', 4), 940 ('cessationOfOperation', 5), 941 ('certificateHold', 6) 942 ) 943 944 945class SkipCerts(univ.Integer): 946 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX) 947 948 949id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36') 950 951 952class PolicyConstraints(univ.Sequence): 953 componentType = namedtype.NamedTypes( 954 namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype( 955 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 956 namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype( 957 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 958 ) 959 960 961id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19') 962 963 964class BasicConstraints(univ.Sequence): 965 componentType = namedtype.NamedTypes( 966 namedtype.DefaultedNamedType('cA', univ.Boolean(False)), 967 namedtype.OptionalNamedType('pathLenConstraint', 968 univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))) 969 ) 970 971 972id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9') 973 974 975class SubjectDirectoryAttributes(univ.SequenceOf): 976 componentType = Attribute() 977 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 978 979 980class EDIPartyName(univ.Sequence): 981 componentType = namedtype.NamedTypes( 982 namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype( 983 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 984 namedtype.NamedType('partyName', 985 DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 986 ) 987 988 989class AnotherName(univ.Sequence): 990 componentType = namedtype.NamedTypes( 991 namedtype.NamedType('type-id', univ.ObjectIdentifier()), 992 namedtype.NamedType('value', 993 univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 994 ) 995 996 997class GeneralName(univ.Choice): 998 componentType = namedtype.NamedTypes( 999 namedtype.NamedType('otherName', 1000 AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 1001 namedtype.NamedType('rfc822Name', 1002 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1003 namedtype.NamedType('dNSName', 1004 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 1005 namedtype.NamedType('x400Address', 1006 ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 1007 namedtype.NamedType('directoryName', 1008 Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 1009 namedtype.NamedType('ediPartyName', 1010 EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 1011 namedtype.NamedType('uniformResourceIdentifier', 1012 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 1013 namedtype.NamedType('iPAddress', univ.OctetString().subtype( 1014 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), 1015 namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype( 1016 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) 1017 ) 1018 1019 1020class GeneralNames(univ.SequenceOf): 1021 componentType = GeneralName() 1022 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 1023 1024 1025class AccessDescription(univ.Sequence): 1026 componentType = namedtype.NamedTypes( 1027 namedtype.NamedType('accessMethod', univ.ObjectIdentifier()), 1028 namedtype.NamedType('accessLocation', GeneralName()) 1029 ) 1030 1031 1032class AuthorityInfoAccessSyntax(univ.SequenceOf): 1033 componentType = AccessDescription() 1034 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 1035 1036 1037id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27') 1038 1039 1040class DistributionPointName(univ.Choice): 1041 componentType = namedtype.NamedTypes( 1042 namedtype.NamedType('fullName', GeneralNames().subtype( 1043 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1044 namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype( 1045 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 1046 ) 1047 1048 1049class DistributionPoint(univ.Sequence): 1050 componentType = namedtype.NamedTypes( 1051 namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( 1052 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1053 namedtype.OptionalNamedType('reasons', ReasonFlags().subtype( 1054 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1055 namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype( 1056 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 1057 ) 1058 1059 1060class BaseDistance(univ.Integer): 1061 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX) 1062 1063 1064id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31') 1065 1066 1067class CRLDistPointsSyntax(univ.SequenceOf): 1068 componentType = DistributionPoint() 1069 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 1070 1071 1072id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28') 1073 1074 1075class IssuingDistributionPoint(univ.Sequence): 1076 componentType = namedtype.NamedTypes( 1077 namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( 1078 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1079 namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype( 1080 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1081 namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype( 1082 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 1083 namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype( 1084 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 1085 namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype( 1086 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) 1087 ) 1088 1089 1090class GeneralSubtree(univ.Sequence): 1091 componentType = namedtype.NamedTypes( 1092 namedtype.NamedType('base', GeneralName()), 1093 namedtype.DefaultedNamedType('minimum', BaseDistance(0).subtype( 1094 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1095 namedtype.OptionalNamedType('maximum', BaseDistance().subtype( 1096 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 1097 ) 1098 1099 1100class GeneralSubtrees(univ.SequenceOf): 1101 componentType = GeneralSubtree() 1102 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 1103 1104 1105id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30') 1106 1107 1108class NameConstraints(univ.Sequence): 1109 componentType = namedtype.NamedTypes( 1110 namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype( 1111 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1112 namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype( 1113 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 1114 ) 1115 1116 1117class DisplayText(univ.Choice): 1118 componentType = namedtype.NamedTypes( 1119 namedtype.NamedType('visibleString', 1120 char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))), 1121 namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))), 1122 namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))) 1123 ) 1124 1125 1126class NoticeReference(univ.Sequence): 1127 componentType = namedtype.NamedTypes( 1128 namedtype.NamedType('organization', DisplayText()), 1129 namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer())) 1130 ) 1131 1132 1133class UserNotice(univ.Sequence): 1134 componentType = namedtype.NamedTypes( 1135 namedtype.OptionalNamedType('noticeRef', NoticeReference()), 1136 namedtype.OptionalNamedType('explicitText', DisplayText()) 1137 ) 1138 1139 1140class CPSuri(char.IA5String): 1141 pass 1142 1143 1144class PolicyQualifierId(univ.ObjectIdentifier): 1145 subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice) 1146 1147 1148class CertPolicyId(univ.ObjectIdentifier): 1149 pass 1150 1151 1152class PolicyQualifierInfo(univ.Sequence): 1153 componentType = namedtype.NamedTypes( 1154 namedtype.NamedType('policyQualifierId', PolicyQualifierId()), 1155 namedtype.NamedType('qualifier', univ.Any()) 1156 ) 1157 1158 1159id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32') 1160 1161 1162class PolicyInformation(univ.Sequence): 1163 componentType = namedtype.NamedTypes( 1164 namedtype.NamedType('policyIdentifier', CertPolicyId()), 1165 namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype( 1166 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 1167 ) 1168 1169 1170class CertificatePolicies(univ.SequenceOf): 1171 componentType = PolicyInformation() 1172 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 1173 1174 1175id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33') 1176 1177 1178class PolicyMapping(univ.Sequence): 1179 componentType = namedtype.NamedTypes( 1180 namedtype.NamedType('issuerDomainPolicy', CertPolicyId()), 1181 namedtype.NamedType('subjectDomainPolicy', CertPolicyId()) 1182 ) 1183 1184 1185class PolicyMappings(univ.SequenceOf): 1186 componentType = PolicyMapping() 1187 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 1188 1189 1190id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16') 1191 1192 1193class PrivateKeyUsagePeriod(univ.Sequence): 1194 componentType = namedtype.NamedTypes( 1195 namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype( 1196 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 1197 namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype( 1198 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 1199 ) 1200 1201 1202id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15') 1203 1204 1205class KeyUsage(univ.BitString): 1206 namedValues = namedval.NamedValues( 1207 ('digitalSignature', 0), 1208 ('nonRepudiation', 1), 1209 ('keyEncipherment', 2), 1210 ('dataEncipherment', 3), 1211 ('keyAgreement', 4), 1212 ('keyCertSign', 5), 1213 ('cRLSign', 6), 1214 ('encipherOnly', 7), 1215 ('decipherOnly', 8) 1216 ) 1217 1218 1219id_ce = univ.ObjectIdentifier('2.5.29') 1220 1221id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35') 1222 1223 1224class KeyIdentifier(univ.OctetString): 1225 pass 1226 1227 1228id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14') 1229 1230 1231class SubjectKeyIdentifier(KeyIdentifier): 1232 pass 1233 1234 1235class AuthorityKeyIdentifier(univ.Sequence): 1236 componentType = namedtype.NamedTypes( 1237 namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype( 1238 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 1239 namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype( 1240 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1241 namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype( 1242 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 1243 ) 1244 1245 1246id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29') 1247 1248 1249class CertificateIssuer(GeneralNames): 1250 pass 1251 1252 1253id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17') 1254 1255 1256class SubjectAltName(GeneralNames): 1257 pass 1258 1259 1260id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18') 1261 1262 1263class IssuerAltName(GeneralNames): 1264 pass 1265 1266 1267# map of AttributeType -> AttributeValue 1268 1269certificateAttributesMap = { 1270 id_at_name: X520name(), 1271 id_at_surname: X520name(), 1272 id_at_givenName: X520name(), 1273 id_at_initials: X520name(), 1274 id_at_generationQualifier: X520name(), 1275 id_at_commonName: X520CommonName(), 1276 id_at_localityName: X520LocalityName(), 1277 id_at_stateOrProvinceName: X520StateOrProvinceName(), 1278 id_at_organizationName: X520OrganizationName(), 1279 id_at_organizationalUnitName: X520OrganizationalUnitName(), 1280 id_at_title: X520Title(), 1281 id_at_dnQualifier: X520dnQualifier(), 1282 id_at_countryName: X520countryName(), 1283 emailAddress: Pkcs9email(), 1284} 1285 1286# map of Certificate Extension OIDs to Extensions 1287 1288certificateExtensionsMap = { 1289 id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(), 1290 id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(), 1291 id_ce_keyUsage: KeyUsage(), 1292 id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(), 1293 id_ce_certificatePolicies: PolicyInformation(), # could be a sequence of concat'ed objects? 1294 id_ce_policyMappings: PolicyMappings(), 1295 id_ce_subjectAltName: SubjectAltName(), 1296 id_ce_issuerAltName: IssuerAltName(), 1297 id_ce_subjectDirectoryAttributes: SubjectDirectoryAttributes(), 1298 id_ce_basicConstraints: BasicConstraints(), 1299 id_ce_nameConstraints: NameConstraints(), 1300 id_ce_policyConstraints: PolicyConstraints(), 1301 id_ce_extKeyUsage: ExtKeyUsageSyntax(), 1302 id_ce_cRLDistributionPoints: CRLDistPointsSyntax(), 1303 id_pe_authorityInfoAccess: AuthorityInfoAccessSyntax(), 1304 id_ce_cRLNumber: univ.Integer(), 1305 id_ce_deltaCRLIndicator: BaseCRLNumber(), 1306 id_ce_issuingDistributionPoint: IssuingDistributionPoint(), 1307 id_ce_cRLReasons: CRLReason(), 1308 id_ce_holdInstructionCode: univ.ObjectIdentifier(), 1309 id_ce_invalidityDate: useful.GeneralizedTime(), 1310 id_ce_certificateIssuer: GeneralNames(), 1311} 1312