1# coding: utf-8 2# 3# This file is part of pyasn1-modules software. 4# 5# Created by Stanisław Pitucha with asn1ate tool. 6# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 7# License: http://pyasn1.sf.net/license.html 8# 9# Internet X.509 Public Key Infrastructure Certificate Request 10# Message Format (CRMF) 11# 12# ASN.1 source from: 13# http://www.ietf.org/rfc/rfc4211.txt 14# 15from pyasn1.type import univ, char, namedtype, namedval, tag, constraint 16 17from pyasn1_modules import rfc3280 18from pyasn1_modules import rfc3852 19 20MAX = float('inf') 21 22 23def _buildOid(*components): 24 output = [] 25 for x in tuple(components): 26 if isinstance(x, univ.ObjectIdentifier): 27 output.extend(list(x)) 28 else: 29 output.append(int(x)) 30 31 return univ.ObjectIdentifier(output) 32 33 34id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7) 35 36id_pkip = _buildOid(id_pkix, 5) 37 38id_regCtrl = _buildOid(id_pkip, 1) 39 40 41class SinglePubInfo(univ.Sequence): 42 pass 43 44 45SinglePubInfo.componentType = namedtype.NamedTypes( 46 namedtype.NamedType('pubMethod', univ.Integer( 47 namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))), 48 namedtype.OptionalNamedType('pubLocation', rfc3280.GeneralName()) 49) 50 51 52class UTF8Pairs(char.UTF8String): 53 pass 54 55 56class PKMACValue(univ.Sequence): 57 pass 58 59 60PKMACValue.componentType = namedtype.NamedTypes( 61 namedtype.NamedType('algId', rfc3280.AlgorithmIdentifier()), 62 namedtype.NamedType('value', univ.BitString()) 63) 64 65 66class POPOSigningKeyInput(univ.Sequence): 67 pass 68 69 70POPOSigningKeyInput.componentType = namedtype.NamedTypes( 71 namedtype.NamedType( 72 'authInfo', univ.Choice( 73 componentType=namedtype.NamedTypes( 74 namedtype.NamedType( 75 'sender', rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) 76 ), 77 namedtype.NamedType( 78 'publicKeyMAC', PKMACValue() 79 ) 80 ) 81 ) 82 ), 83 namedtype.NamedType('publicKey', rfc3280.SubjectPublicKeyInfo()) 84) 85 86 87class POPOSigningKey(univ.Sequence): 88 pass 89 90 91POPOSigningKey.componentType = namedtype.NamedTypes( 92 namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype( 93 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 94 namedtype.NamedType('algorithmIdentifier', rfc3280.AlgorithmIdentifier()), 95 namedtype.NamedType('signature', univ.BitString()) 96) 97 98 99class Attributes(univ.SetOf): 100 pass 101 102 103Attributes.componentType = rfc3280.Attribute() 104 105 106class PrivateKeyInfo(univ.Sequence): 107 pass 108 109 110PrivateKeyInfo.componentType = namedtype.NamedTypes( 111 namedtype.NamedType('version', univ.Integer()), 112 namedtype.NamedType('privateKeyAlgorithm', rfc3280.AlgorithmIdentifier()), 113 namedtype.NamedType('privateKey', univ.OctetString()), 114 namedtype.OptionalNamedType('attributes', 115 Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 116) 117 118 119class EncryptedValue(univ.Sequence): 120 pass 121 122 123EncryptedValue.componentType = namedtype.NamedTypes( 124 namedtype.OptionalNamedType('intendedAlg', rfc3280.AlgorithmIdentifier().subtype( 125 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 126 namedtype.OptionalNamedType('symmAlg', rfc3280.AlgorithmIdentifier().subtype( 127 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 128 namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype( 129 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 130 namedtype.OptionalNamedType('keyAlg', rfc3280.AlgorithmIdentifier().subtype( 131 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 132 namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype( 133 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 134 namedtype.NamedType('encValue', univ.BitString()) 135) 136 137 138class EncryptedKey(univ.Choice): 139 pass 140 141 142EncryptedKey.componentType = namedtype.NamedTypes( 143 namedtype.NamedType('encryptedValue', EncryptedValue()), 144 namedtype.NamedType('envelopedData', rfc3852.EnvelopedData().subtype( 145 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 146) 147 148 149class KeyGenParameters(univ.OctetString): 150 pass 151 152 153class PKIArchiveOptions(univ.Choice): 154 pass 155 156 157PKIArchiveOptions.componentType = namedtype.NamedTypes( 158 namedtype.NamedType('encryptedPrivKey', 159 EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 160 namedtype.NamedType('keyGenParameters', 161 KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 162 namedtype.NamedType('archiveRemGenPrivKey', 163 univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 164) 165 166id_regCtrl_authenticator = _buildOid(id_regCtrl, 2) 167 168id_regInfo = _buildOid(id_pkip, 2) 169 170id_regInfo_certReq = _buildOid(id_regInfo, 2) 171 172 173class ProtocolEncrKey(rfc3280.SubjectPublicKeyInfo): 174 pass 175 176 177class Authenticator(char.UTF8String): 178 pass 179 180 181class SubsequentMessage(univ.Integer): 182 pass 183 184 185SubsequentMessage.namedValues = namedval.NamedValues( 186 ('encrCert', 0), 187 ('challengeResp', 1) 188) 189 190 191class AttributeTypeAndValue(univ.Sequence): 192 pass 193 194 195AttributeTypeAndValue.componentType = namedtype.NamedTypes( 196 namedtype.NamedType('type', univ.ObjectIdentifier()), 197 namedtype.NamedType('value', univ.Any()) 198) 199 200 201class POPOPrivKey(univ.Choice): 202 pass 203 204 205POPOPrivKey.componentType = namedtype.NamedTypes( 206 namedtype.NamedType('thisMessage', 207 univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 208 namedtype.NamedType('subsequentMessage', 209 SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 210 namedtype.NamedType('dhMAC', 211 univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 212 namedtype.NamedType('agreeMAC', 213 PKMACValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), 214 namedtype.NamedType('encryptedKey', rfc3852.EnvelopedData().subtype( 215 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) 216) 217 218 219class ProofOfPossession(univ.Choice): 220 pass 221 222 223ProofOfPossession.componentType = namedtype.NamedTypes( 224 namedtype.NamedType('raVerified', 225 univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 226 namedtype.NamedType('signature', POPOSigningKey().subtype( 227 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 228 namedtype.NamedType('keyEncipherment', 229 POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), 230 namedtype.NamedType('keyAgreement', 231 POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) 232) 233 234 235class OptionalValidity(univ.Sequence): 236 pass 237 238 239OptionalValidity.componentType = namedtype.NamedTypes( 240 namedtype.OptionalNamedType('notBefore', rfc3280.Time().subtype( 241 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 242 namedtype.OptionalNamedType('notAfter', rfc3280.Time().subtype( 243 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 244) 245 246 247class CertTemplate(univ.Sequence): 248 pass 249 250 251CertTemplate.componentType = namedtype.NamedTypes( 252 namedtype.OptionalNamedType('version', rfc3280.Version().subtype( 253 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 254 namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype( 255 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 256 namedtype.OptionalNamedType('signingAlg', rfc3280.AlgorithmIdentifier().subtype( 257 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 258 namedtype.OptionalNamedType('issuer', rfc3280.Name().subtype( 259 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), 260 namedtype.OptionalNamedType('validity', OptionalValidity().subtype( 261 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), 262 namedtype.OptionalNamedType('subject', rfc3280.Name().subtype( 263 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), 264 namedtype.OptionalNamedType('publicKey', rfc3280.SubjectPublicKeyInfo().subtype( 265 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 266 namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier().subtype( 267 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), 268 namedtype.OptionalNamedType('subjectUID', rfc3280.UniqueIdentifier().subtype( 269 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), 270 namedtype.OptionalNamedType('extensions', rfc3280.Extensions().subtype( 271 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))) 272) 273 274 275class Controls(univ.SequenceOf): 276 pass 277 278 279Controls.componentType = AttributeTypeAndValue() 280Controls.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 281 282 283class CertRequest(univ.Sequence): 284 pass 285 286 287CertRequest.componentType = namedtype.NamedTypes( 288 namedtype.NamedType('certReqId', univ.Integer()), 289 namedtype.NamedType('certTemplate', CertTemplate()), 290 namedtype.OptionalNamedType('controls', Controls()) 291) 292 293 294class CertReqMsg(univ.Sequence): 295 pass 296 297 298CertReqMsg.componentType = namedtype.NamedTypes( 299 namedtype.NamedType('certReq', CertRequest()), 300 namedtype.OptionalNamedType('popo', ProofOfPossession()), 301 namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue())) 302) 303 304 305class CertReqMessages(univ.SequenceOf): 306 pass 307 308 309CertReqMessages.componentType = CertReqMsg() 310CertReqMessages.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 311 312 313class CertReq(CertRequest): 314 pass 315 316 317id_regCtrl_pkiPublicationInfo = _buildOid(id_regCtrl, 3) 318 319 320class CertId(univ.Sequence): 321 pass 322 323 324CertId.componentType = namedtype.NamedTypes( 325 namedtype.NamedType('issuer', rfc3280.GeneralName()), 326 namedtype.NamedType('serialNumber', univ.Integer()) 327) 328 329 330class OldCertId(CertId): 331 pass 332 333 334class PKIPublicationInfo(univ.Sequence): 335 pass 336 337 338PKIPublicationInfo.componentType = namedtype.NamedTypes( 339 namedtype.NamedType('action', 340 univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))), 341 namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo())) 342) 343 344 345class EncKeyWithID(univ.Sequence): 346 pass 347 348 349EncKeyWithID.componentType = namedtype.NamedTypes( 350 namedtype.NamedType('privateKey', PrivateKeyInfo()), 351 namedtype.OptionalNamedType( 352 'identifier', univ.Choice( 353 componentType=namedtype.NamedTypes( 354 namedtype.NamedType('string', char.UTF8String()), 355 namedtype.NamedType('generalName', rfc3280.GeneralName()) 356 ) 357 ) 358 ) 359) 360 361id_regCtrl_protocolEncrKey = _buildOid(id_regCtrl, 6) 362 363id_regCtrl_oldCertID = _buildOid(id_regCtrl, 5) 364 365id_smime = _buildOid(1, 2, 840, 113549, 1, 9, 16) 366 367 368class PBMParameter(univ.Sequence): 369 pass 370 371 372PBMParameter.componentType = namedtype.NamedTypes( 373 namedtype.NamedType('salt', univ.OctetString()), 374 namedtype.NamedType('owf', rfc3280.AlgorithmIdentifier()), 375 namedtype.NamedType('iterationCount', univ.Integer()), 376 namedtype.NamedType('mac', rfc3280.AlgorithmIdentifier()) 377) 378 379id_regCtrl_regToken = _buildOid(id_regCtrl, 1) 380 381id_regCtrl_pkiArchiveOptions = _buildOid(id_regCtrl, 4) 382 383id_regInfo_utf8Pairs = _buildOid(id_regInfo, 1) 384 385id_ct = _buildOid(id_smime, 1) 386 387id_ct_encKeyWithID = _buildOid(id_ct, 21) 388 389 390class RegToken(char.UTF8String): 391 pass 392