1#
2# This file is part of pyasn1-modules software.
3#
4# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
5# License: http://pyasn1.sf.net/license.html
6#
7# PKCS#7 message syntax
8#
9# ASN.1 source from:
10# https://opensource.apple.com/source/Security/Security-55179.1/libsecurity_asn1/asn1/pkcs7.asn.auto.html
11#
12# Sample captures from:
13# openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b
14#
15from pyasn1_modules.rfc2459 import *
16
17
18class Attribute(univ.Sequence):
19    componentType = namedtype.NamedTypes(
20        namedtype.NamedType('type', AttributeType()),
21        namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
22    )
23
24
25class AttributeValueAssertion(univ.Sequence):
26    componentType = namedtype.NamedTypes(
27        namedtype.NamedType('attributeType', AttributeType()),
28        namedtype.NamedType('attributeValue', AttributeValue())
29    )
30
31
32pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7')
33data = univ.ObjectIdentifier('1.2.840.113549.1.7.1')
34signedData = univ.ObjectIdentifier('1.2.840.113549.1.7.2')
35envelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.3')
36signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4')
37digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5')
38encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6')
39
40
41class ContentType(univ.ObjectIdentifier):
42    pass
43
44
45class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
46    pass
47
48
49class EncryptedContent(univ.OctetString):
50    pass
51
52
53class EncryptedContentInfo(univ.Sequence):
54    componentType = namedtype.NamedTypes(
55        namedtype.NamedType('contentType', ContentType()),
56        namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
57        namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
58            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
59    )
60
61
62class Version(univ.Integer):  # overrides x509.Version
63    pass
64
65
66class EncryptedData(univ.Sequence):
67    componentType = namedtype.NamedTypes(
68        namedtype.NamedType('version', Version()),
69        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
70    )
71
72
73class DigestAlgorithmIdentifier(AlgorithmIdentifier):
74    pass
75
76
77class DigestAlgorithmIdentifiers(univ.SetOf):
78    componentType = DigestAlgorithmIdentifier()
79
80
81class Digest(univ.OctetString):
82    pass
83
84
85class ContentInfo(univ.Sequence):
86    componentType = namedtype.NamedTypes(
87        namedtype.NamedType('contentType', ContentType()),
88        namedtype.OptionalNamedType('content', univ.Any().subtype(
89            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
90    )
91
92
93class DigestedData(univ.Sequence):
94    componentType = namedtype.NamedTypes(
95        namedtype.NamedType('version', Version()),
96        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
97        namedtype.NamedType('contentInfo', ContentInfo()),
98        namedtype.NamedType('digest', Digest())
99    )
100
101
102class IssuerAndSerialNumber(univ.Sequence):
103    componentType = namedtype.NamedTypes(
104        namedtype.NamedType('issuer', Name()),
105        namedtype.NamedType('serialNumber', CertificateSerialNumber())
106    )
107
108
109class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
110    pass
111
112
113class EncryptedKey(univ.OctetString):
114    pass
115
116
117class RecipientInfo(univ.Sequence):
118    componentType = namedtype.NamedTypes(
119        namedtype.NamedType('version', Version()),
120        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
121        namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
122        namedtype.NamedType('encryptedKey', EncryptedKey())
123    )
124
125
126class RecipientInfos(univ.SetOf):
127    componentType = RecipientInfo()
128
129
130class Attributes(univ.SetOf):
131    componentType = Attribute()
132
133
134class ExtendedCertificateInfo(univ.Sequence):
135    componentType = namedtype.NamedTypes(
136        namedtype.NamedType('version', Version()),
137        namedtype.NamedType('certificate', Certificate()),
138        namedtype.NamedType('attributes', Attributes())
139    )
140
141
142class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
143    pass
144
145
146class Signature(univ.BitString):
147    pass
148
149
150class ExtendedCertificate(univ.Sequence):
151    componentType = namedtype.NamedTypes(
152        namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
153        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
154        namedtype.NamedType('signature', Signature())
155    )
156
157
158class ExtendedCertificateOrCertificate(univ.Choice):
159    componentType = namedtype.NamedTypes(
160        namedtype.NamedType('certificate', Certificate()),
161        namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
162            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
163    )
164
165
166class ExtendedCertificatesAndCertificates(univ.SetOf):
167    componentType = ExtendedCertificateOrCertificate()
168
169
170class SerialNumber(univ.Integer):
171    pass
172
173
174class CRLEntry(univ.Sequence):
175    componentType = namedtype.NamedTypes(
176        namedtype.NamedType('userCertificate', SerialNumber()),
177        namedtype.NamedType('revocationDate', useful.UTCTime())
178    )
179
180
181class TBSCertificateRevocationList(univ.Sequence):
182    componentType = namedtype.NamedTypes(
183        namedtype.NamedType('signature', AlgorithmIdentifier()),
184        namedtype.NamedType('issuer', Name()),
185        namedtype.NamedType('lastUpdate', useful.UTCTime()),
186        namedtype.NamedType('nextUpdate', useful.UTCTime()),
187        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry()))
188    )
189
190
191class CertificateRevocationList(univ.Sequence):
192    componentType = namedtype.NamedTypes(
193        namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()),
194        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
195        namedtype.NamedType('signature', univ.BitString())
196    )
197
198
199class CertificateRevocationLists(univ.SetOf):
200    componentType = CertificateRevocationList()
201
202
203class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
204    pass
205
206
207class EncryptedDigest(univ.OctetString):
208    pass
209
210
211class SignerInfo(univ.Sequence):
212    componentType = namedtype.NamedTypes(
213        namedtype.NamedType('version', Version()),
214        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
215        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
216        namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(
217            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
218        namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()),
219        namedtype.NamedType('encryptedDigest', EncryptedDigest()),
220        namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(
221            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
222    )
223
224
225class SignerInfos(univ.SetOf):
226    componentType = SignerInfo()
227
228
229class SignedAndEnvelopedData(univ.Sequence):
230    componentType = namedtype.NamedTypes(
231        namedtype.NamedType('version', Version()),
232        namedtype.NamedType('recipientInfos', RecipientInfos()),
233        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
234        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
235        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
236            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
237        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
238            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
239        namedtype.NamedType('signerInfos', SignerInfos())
240    )
241
242
243class EnvelopedData(univ.Sequence):
244    componentType = namedtype.NamedTypes(
245        namedtype.NamedType('version', Version()),
246        namedtype.NamedType('recipientInfos', RecipientInfos()),
247        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
248    )
249
250
251class DigestInfo(univ.Sequence):
252    componentType = namedtype.NamedTypes(
253        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
254        namedtype.NamedType('digest', Digest())
255    )
256
257
258class SignedData(univ.Sequence):
259    componentType = namedtype.NamedTypes(
260        namedtype.NamedType('version', Version()),
261        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
262        namedtype.NamedType('contentInfo', ContentInfo()),
263        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
264            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
265        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
266            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
267        namedtype.NamedType('signerInfos', SignerInfos())
268    )
269
270
271class Data(univ.OctetString):
272    pass
273