1# 2# This file is part of pyasn1-modules software. 3# 4# Updated by Russ Housley to resolve the TODO regarding the Certificate 5# Policies Certificate Extension. 6# 7# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> 8# License: http://snmplabs.com/pyasn1/license.html 9# 10# X.509 message syntax 11# 12# ASN.1 source from: 13# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn 14# http://www.ietf.org/rfc/rfc2459.txt 15# 16# Sample captures from: 17# http://wiki.wireshark.org/SampleCaptures/ 18# 19from pyasn1.type import char 20from pyasn1.type import constraint 21from pyasn1.type import namedtype 22from pyasn1.type import namedval 23from pyasn1.type import opentype 24from pyasn1.type import tag 25from pyasn1.type import univ 26from pyasn1.type import useful 27 28MAX = float('inf') 29 30# 31# PKIX1Explicit88 32# 33 34# Upper Bounds 35ub_name = univ.Integer(32768) 36ub_common_name = univ.Integer(64) 37ub_locality_name = univ.Integer(128) 38ub_state_name = univ.Integer(128) 39ub_organization_name = univ.Integer(64) 40ub_organizational_unit_name = univ.Integer(64) 41ub_title = univ.Integer(64) 42ub_match = univ.Integer(128) 43ub_emailaddress_length = univ.Integer(128) 44ub_common_name_length = univ.Integer(64) 45ub_country_name_alpha_length = univ.Integer(2) 46ub_country_name_numeric_length = univ.Integer(3) 47ub_domain_defined_attributes = univ.Integer(4) 48ub_domain_defined_attribute_type_length = univ.Integer(8) 49ub_domain_defined_attribute_value_length = univ.Integer(128) 50ub_domain_name_length = univ.Integer(16) 51ub_extension_attributes = univ.Integer(256) 52ub_e163_4_number_length = univ.Integer(15) 53ub_e163_4_sub_address_length = univ.Integer(40) 54ub_generation_qualifier_length = univ.Integer(3) 55ub_given_name_length = univ.Integer(16) 56ub_initials_length = univ.Integer(5) 57ub_integer_options = univ.Integer(256) 58ub_numeric_user_id_length = univ.Integer(32) 59ub_organization_name_length = univ.Integer(64) 60ub_organizational_unit_name_length = univ.Integer(32) 61ub_organizational_units = univ.Integer(4) 62ub_pds_name_length = univ.Integer(16) 63ub_pds_parameter_length = univ.Integer(30) 64ub_pds_physical_address_lines = univ.Integer(6) 65ub_postal_code_length = univ.Integer(16) 66ub_surname_length = univ.Integer(40) 67ub_terminal_id_length = univ.Integer(24) 68ub_unformatted_address_length = univ.Integer(180) 69ub_x121_address_length = univ.Integer(16) 70 71 72class UniversalString(char.UniversalString): 73 pass 74 75 76class BMPString(char.BMPString): 77 pass 78 79 80class UTF8String(char.UTF8String): 81 pass 82 83 84id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7') 85id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1') 86id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2') 87id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3') 88id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48') 89 90id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1') 91id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2') 92 93id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1') 94id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2') 95 96 97 98 99id_at = univ.ObjectIdentifier('2.5.4') 100id_at_name = univ.ObjectIdentifier('2.5.4.41') 101# preserve misspelled variable for compatibility 102id_at_sutname = id_at_surname = univ.ObjectIdentifier('2.5.4.4') 103id_at_givenName = univ.ObjectIdentifier('2.5.4.42') 104id_at_initials = univ.ObjectIdentifier('2.5.4.43') 105id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44') 106 107 108class X520name(univ.Choice): 109 componentType = namedtype.NamedTypes( 110 namedtype.NamedType('teletexString', 111 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 112 namedtype.NamedType('printableString', 113 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 114 namedtype.NamedType('universalString', 115 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 116 namedtype.NamedType('utf8String', 117 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), 118 namedtype.NamedType('bmpString', 119 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))) 120 ) 121 122 123id_at_commonName = univ.ObjectIdentifier('2.5.4.3') 124 125 126class X520CommonName(univ.Choice): 127 componentType = namedtype.NamedTypes( 128 namedtype.NamedType('teletexString', char.TeletexString().subtype( 129 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 130 namedtype.NamedType('printableString', char.PrintableString().subtype( 131 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 132 namedtype.NamedType('universalString', char.UniversalString().subtype( 133 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 134 namedtype.NamedType('utf8String', 135 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), 136 namedtype.NamedType('bmpString', 137 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))) 138 ) 139 140 141id_at_localityName = univ.ObjectIdentifier('2.5.4.7') 142 143 144class X520LocalityName(univ.Choice): 145 componentType = namedtype.NamedTypes( 146 namedtype.NamedType('teletexString', char.TeletexString().subtype( 147 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 148 namedtype.NamedType('printableString', char.PrintableString().subtype( 149 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 150 namedtype.NamedType('universalString', char.UniversalString().subtype( 151 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 152 namedtype.NamedType('utf8String', 153 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), 154 namedtype.NamedType('bmpString', 155 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))) 156 ) 157 158 159id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8') 160 161 162class X520StateOrProvinceName(univ.Choice): 163 componentType = namedtype.NamedTypes( 164 namedtype.NamedType('teletexString', 165 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 166 namedtype.NamedType('printableString', char.PrintableString().subtype( 167 subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 168 namedtype.NamedType('universalString', char.UniversalString().subtype( 169 subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 170 namedtype.NamedType('utf8String', 171 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), 172 namedtype.NamedType('bmpString', 173 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))) 174 ) 175 176 177id_at_organizationName = univ.ObjectIdentifier('2.5.4.10') 178 179 180class X520OrganizationName(univ.Choice): 181 componentType = namedtype.NamedTypes( 182 namedtype.NamedType('teletexString', char.TeletexString().subtype( 183 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 184 namedtype.NamedType('printableString', char.PrintableString().subtype( 185 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 186 namedtype.NamedType('universalString', char.UniversalString().subtype( 187 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 188 namedtype.NamedType('utf8String', char.UTF8String().subtype( 189 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), 190 namedtype.NamedType('bmpString', char.BMPString().subtype( 191 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))) 192 ) 193 194 195id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11') 196 197 198class X520OrganizationalUnitName(univ.Choice): 199 componentType = namedtype.NamedTypes( 200 namedtype.NamedType('teletexString', char.TeletexString().subtype( 201 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 202 namedtype.NamedType('printableString', char.PrintableString().subtype( 203 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 204 namedtype.NamedType('universalString', char.UniversalString().subtype( 205 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 206 namedtype.NamedType('utf8String', char.UTF8String().subtype( 207 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), 208 namedtype.NamedType('bmpString', char.BMPString().subtype( 209 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))) 210 ) 211 212 213id_at_title = univ.ObjectIdentifier('2.5.4.12') 214 215 216class X520Title(univ.Choice): 217 componentType = namedtype.NamedTypes( 218 namedtype.NamedType('teletexString', 219 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 220 namedtype.NamedType('printableString', 221 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 222 namedtype.NamedType('universalString', 223 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 224 namedtype.NamedType('utf8String', 225 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), 226 namedtype.NamedType('bmpString', 227 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))) 228 ) 229 230 231id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46') 232 233 234class X520dnQualifier(char.PrintableString): 235 pass 236 237 238id_at_countryName = univ.ObjectIdentifier('2.5.4.6') 239 240 241class X520countryName(char.PrintableString): 242 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2) 243 244 245pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9') 246 247emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1') 248 249 250class Pkcs9email(char.IA5String): 251 subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length) 252 253 254# ---- 255 256class DSAPrivateKey(univ.Sequence): 257 """PKIX compliant DSA private key structure""" 258 componentType = namedtype.NamedTypes( 259 namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))), 260 namedtype.NamedType('p', univ.Integer()), 261 namedtype.NamedType('q', univ.Integer()), 262 namedtype.NamedType('g', univ.Integer()), 263 namedtype.NamedType('public', univ.Integer()), 264 namedtype.NamedType('private', univ.Integer()) 265 ) 266 267 268# ---- 269 270 271class DirectoryString(univ.Choice): 272 componentType = namedtype.NamedTypes( 273 namedtype.NamedType('teletexString', 274 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 275 namedtype.NamedType('printableString', 276 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 277 namedtype.NamedType('universalString', 278 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 279 namedtype.NamedType('utf8String', 280 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 281 namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 282 namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 283 # hm, this should not be here!? XXX 284 ) 285 286 287# certificate and CRL specific structures begin here 288 289class AlgorithmIdentifier(univ.Sequence): 290 componentType = namedtype.NamedTypes( 291 namedtype.NamedType('algorithm', univ.ObjectIdentifier()), 292 namedtype.OptionalNamedType('parameters', univ.Any()) 293 ) 294 295 296 297# Algorithm OIDs and parameter structures 298 299pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1') 300rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1') 301md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2') 302md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4') 303sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5') 304id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3') 305 306 307class Dss_Sig_Value(univ.Sequence): 308 componentType = namedtype.NamedTypes( 309 namedtype.NamedType('r', univ.Integer()), 310 namedtype.NamedType('s', univ.Integer()) 311 ) 312 313 314dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1') 315 316 317class ValidationParms(univ.Sequence): 318 componentType = namedtype.NamedTypes( 319 namedtype.NamedType('seed', univ.BitString()), 320 namedtype.NamedType('pgenCounter', univ.Integer()) 321 ) 322 323 324class DomainParameters(univ.Sequence): 325 componentType = namedtype.NamedTypes( 326 namedtype.NamedType('p', univ.Integer()), 327 namedtype.NamedType('g', univ.Integer()), 328 namedtype.NamedType('q', univ.Integer()), 329 namedtype.NamedType('j', univ.Integer()), 330 namedtype.OptionalNamedType('validationParms', ValidationParms()) 331 ) 332 333 334id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1') 335 336 337class Dss_Parms(univ.Sequence): 338 componentType = namedtype.NamedTypes( 339 namedtype.NamedType('p', univ.Integer()), 340 namedtype.NamedType('q', univ.Integer()), 341 namedtype.NamedType('g', univ.Integer()) 342 ) 343 344 345# x400 address syntax starts here 346 347teletex_domain_defined_attributes = univ.Integer(6) 348 349 350class TeletexDomainDefinedAttribute(univ.Sequence): 351 componentType = namedtype.NamedTypes( 352 namedtype.NamedType('type', char.TeletexString().subtype( 353 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), 354 namedtype.NamedType('value', char.TeletexString()) 355 ) 356 357 358class TeletexDomainDefinedAttributes(univ.SequenceOf): 359 componentType = TeletexDomainDefinedAttribute() 360 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) 361 362 363terminal_type = univ.Integer(23) 364 365 366class TerminalType(univ.Integer): 367 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options) 368 namedValues = namedval.NamedValues( 369 ('telex', 3), 370 ('teletelex', 4), 371 ('g3-facsimile', 5), 372 ('g4-facsimile', 6), 373 ('ia5-terminal', 7), 374 ('videotex', 8) 375 ) 376 377 378class PresentationAddress(univ.Sequence): 379 componentType = namedtype.NamedTypes( 380 namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype( 381 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 382 namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype( 383 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 384 namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype( 385 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 386 namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype( 387 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3), 388 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 389 ) 390 391 392extended_network_address = univ.Integer(22) 393 394 395class E163_4_address(univ.Sequence): 396 componentType = namedtype.NamedTypes( 397 namedtype.NamedType('number', char.NumericString().subtype( 398 subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length), 399 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 400 namedtype.OptionalNamedType('sub-address', char.NumericString().subtype( 401 subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length), 402 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 403 ) 404 405 406class ExtendedNetworkAddress(univ.Choice): 407 componentType = namedtype.NamedTypes( 408 namedtype.NamedType('e163-4-address', E163_4_address()), 409 namedtype.NamedType('psap-address', PresentationAddress().subtype( 410 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 411 ) 412 413 414class PDSParameter(univ.Set): 415 componentType = namedtype.NamedTypes( 416 namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype( 417 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))), 418 namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype( 419 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))) 420 ) 421 422 423local_postal_attributes = univ.Integer(21) 424 425 426class LocalPostalAttributes(PDSParameter): 427 pass 428 429 430class UniquePostalName(PDSParameter): 431 pass 432 433 434unique_postal_name = univ.Integer(20) 435 436poste_restante_address = univ.Integer(19) 437 438 439class PosteRestanteAddress(PDSParameter): 440 pass 441 442 443post_office_box_address = univ.Integer(18) 444 445 446class PostOfficeBoxAddress(PDSParameter): 447 pass 448 449 450street_address = univ.Integer(17) 451 452 453class StreetAddress(PDSParameter): 454 pass 455 456 457class UnformattedPostalAddress(univ.Set): 458 componentType = namedtype.NamedTypes( 459 namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype( 460 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype( 461 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))), 462 namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype( 463 subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length))) 464 ) 465 466 467physical_delivery_office_name = univ.Integer(10) 468 469 470class PhysicalDeliveryOfficeName(PDSParameter): 471 pass 472 473 474physical_delivery_office_number = univ.Integer(11) 475 476 477class PhysicalDeliveryOfficeNumber(PDSParameter): 478 pass 479 480 481extension_OR_address_components = univ.Integer(12) 482 483 484class ExtensionORAddressComponents(PDSParameter): 485 pass 486 487 488physical_delivery_personal_name = univ.Integer(13) 489 490 491class PhysicalDeliveryPersonalName(PDSParameter): 492 pass 493 494 495physical_delivery_organization_name = univ.Integer(14) 496 497 498class PhysicalDeliveryOrganizationName(PDSParameter): 499 pass 500 501 502extension_physical_delivery_address_components = univ.Integer(15) 503 504 505class ExtensionPhysicalDeliveryAddressComponents(PDSParameter): 506 pass 507 508 509unformatted_postal_address = univ.Integer(16) 510 511postal_code = univ.Integer(9) 512 513 514class PostalCode(univ.Choice): 515 componentType = namedtype.NamedTypes( 516 namedtype.NamedType('numeric-code', char.NumericString().subtype( 517 subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))), 518 namedtype.NamedType('printable-code', char.PrintableString().subtype( 519 subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))) 520 ) 521 522 523class PhysicalDeliveryCountryName(univ.Choice): 524 componentType = namedtype.NamedTypes( 525 namedtype.NamedType('x121-dcc-code', char.NumericString().subtype( 526 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, 527 ub_country_name_numeric_length))), 528 namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype( 529 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) 530 ) 531 532 533class PDSName(char.PrintableString): 534 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length) 535 536 537physical_delivery_country_name = univ.Integer(8) 538 539 540class TeletexOrganizationalUnitName(char.TeletexString): 541 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) 542 543 544pds_name = univ.Integer(7) 545 546teletex_organizational_unit_names = univ.Integer(5) 547 548 549class TeletexOrganizationalUnitNames(univ.SequenceOf): 550 componentType = TeletexOrganizationalUnitName() 551 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units) 552 553 554teletex_personal_name = univ.Integer(4) 555 556 557class TeletexPersonalName(univ.Set): 558 componentType = namedtype.NamedTypes( 559 namedtype.NamedType('surname', char.TeletexString().subtype( 560 subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), 561 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 562 namedtype.OptionalNamedType('given-name', char.TeletexString().subtype( 563 subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), 564 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 565 namedtype.OptionalNamedType('initials', char.TeletexString().subtype( 566 subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), 567 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 568 namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype( 569 subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), 570 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 571 ) 572 573 574teletex_organization_name = univ.Integer(3) 575 576 577class TeletexOrganizationName(char.TeletexString): 578 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length) 579 580 581teletex_common_name = univ.Integer(2) 582 583 584class TeletexCommonName(char.TeletexString): 585 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length) 586 587 588class CommonName(char.PrintableString): 589 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length) 590 591 592common_name = univ.Integer(1) 593 594 595class ExtensionAttribute(univ.Sequence): 596 componentType = namedtype.NamedTypes( 597 namedtype.NamedType('extension-attribute-type', univ.Integer().subtype( 598 subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes), 599 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 600 namedtype.NamedType('extension-attribute-value', 601 univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 602 ) 603 604 605class ExtensionAttributes(univ.SetOf): 606 componentType = ExtensionAttribute() 607 sizeSpec = univ.SetOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes) 608 609 610class BuiltInDomainDefinedAttribute(univ.Sequence): 611 componentType = namedtype.NamedTypes( 612 namedtype.NamedType('type', char.PrintableString().subtype( 613 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), 614 namedtype.NamedType('value', char.PrintableString().subtype( 615 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length))) 616 ) 617 618 619class BuiltInDomainDefinedAttributes(univ.SequenceOf): 620 componentType = BuiltInDomainDefinedAttribute() 621 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) 622 623 624class OrganizationalUnitName(char.PrintableString): 625 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) 626 627 628class OrganizationalUnitNames(univ.SequenceOf): 629 componentType = OrganizationalUnitName() 630 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units) 631 632 633class PersonalName(univ.Set): 634 componentType = namedtype.NamedTypes( 635 namedtype.NamedType('surname', char.PrintableString().subtype( 636 subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), 637 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 638 namedtype.OptionalNamedType('given-name', char.PrintableString().subtype( 639 subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), 640 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 641 namedtype.OptionalNamedType('initials', char.PrintableString().subtype( 642 subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), 643 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 644 namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype( 645 subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), 646 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 647 ) 648 649 650class NumericUserIdentifier(char.NumericString): 651 subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length) 652 653 654class OrganizationName(char.PrintableString): 655 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length) 656 657 658class PrivateDomainName(univ.Choice): 659 componentType = namedtype.NamedTypes( 660 namedtype.NamedType('numeric', char.NumericString().subtype( 661 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))), 662 namedtype.NamedType('printable', char.PrintableString().subtype( 663 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))) 664 ) 665 666 667class TerminalIdentifier(char.PrintableString): 668 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length) 669 670 671class X121Address(char.NumericString): 672 subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length) 673 674 675class NetworkAddress(X121Address): 676 pass 677 678 679class AdministrationDomainName(univ.Choice): 680 tagSet = univ.Choice.tagSet.tagExplicitly( 681 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2) 682 ) 683 componentType = namedtype.NamedTypes( 684 namedtype.NamedType('numeric', char.NumericString().subtype( 685 subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))), 686 namedtype.NamedType('printable', char.PrintableString().subtype( 687 subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))) 688 ) 689 690 691class CountryName(univ.Choice): 692 tagSet = univ.Choice.tagSet.tagExplicitly( 693 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1) 694 ) 695 componentType = namedtype.NamedTypes( 696 namedtype.NamedType('x121-dcc-code', char.NumericString().subtype( 697 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, 698 ub_country_name_numeric_length))), 699 namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype( 700 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) 701 ) 702 703 704class BuiltInStandardAttributes(univ.Sequence): 705 componentType = namedtype.NamedTypes( 706 namedtype.OptionalNamedType('country-name', CountryName()), 707 namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()), 708 namedtype.OptionalNamedType('network-address', NetworkAddress().subtype( 709 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 710 namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype( 711 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 712 namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype( 713 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 714 namedtype.OptionalNamedType('organization-name', OrganizationName().subtype( 715 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 716 namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype( 717 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 718 namedtype.OptionalNamedType('personal-name', PersonalName().subtype( 719 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 720 namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype( 721 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))) 722 ) 723 724 725class ORAddress(univ.Sequence): 726 componentType = namedtype.NamedTypes( 727 namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()), 728 namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()), 729 namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes()) 730 ) 731 732 733# 734# PKIX1Implicit88 735# 736 737id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24') 738 739 740class InvalidityDate(useful.GeneralizedTime): 741 pass 742 743 744id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1') 745id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2') 746id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3') 747 748holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2') 749 750id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23') 751 752 753class HoldInstructionCode(univ.ObjectIdentifier): 754 pass 755 756 757id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21') 758 759 760class CRLReason(univ.Enumerated): 761 namedValues = namedval.NamedValues( 762 ('unspecified', 0), 763 ('keyCompromise', 1), 764 ('cACompromise', 2), 765 ('affiliationChanged', 3), 766 ('superseded', 4), 767 ('cessationOfOperation', 5), 768 ('certificateHold', 6), 769 ('removeFromCRL', 8) 770 ) 771 772 773id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20') 774 775 776class CRLNumber(univ.Integer): 777 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX) 778 779 780class BaseCRLNumber(CRLNumber): 781 pass 782 783 784id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1') 785id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2') 786id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3') 787id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4') 788id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5') 789id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6') 790id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7') 791id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8') 792id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1') 793id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37') 794 795 796class KeyPurposeId(univ.ObjectIdentifier): 797 pass 798 799 800class ExtKeyUsageSyntax(univ.SequenceOf): 801 componentType = KeyPurposeId() 802 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 803 804 805class ReasonFlags(univ.BitString): 806 namedValues = namedval.NamedValues( 807 ('unused', 0), 808 ('keyCompromise', 1), 809 ('cACompromise', 2), 810 ('affiliationChanged', 3), 811 ('superseded', 4), 812 ('cessationOfOperation', 5), 813 ('certificateHold', 6) 814 ) 815 816 817class SkipCerts(univ.Integer): 818 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX) 819 820 821id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36') 822 823 824class PolicyConstraints(univ.Sequence): 825 componentType = namedtype.NamedTypes( 826 namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype( 827 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 828 namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype( 829 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 830 ) 831 832 833id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19') 834 835 836class BasicConstraints(univ.Sequence): 837 componentType = namedtype.NamedTypes( 838 namedtype.DefaultedNamedType('cA', univ.Boolean(False)), 839 namedtype.OptionalNamedType('pathLenConstraint', 840 univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))) 841 ) 842 843 844id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9') 845 846 847class EDIPartyName(univ.Sequence): 848 componentType = namedtype.NamedTypes( 849 namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype( 850 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 851 namedtype.NamedType('partyName', 852 DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 853 ) 854 855 856 857id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27') 858 859 860 861class BaseDistance(univ.Integer): 862 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX) 863 864 865id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31') 866 867 868id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28') 869 870 871 872 873id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30') 874 875 876class DisplayText(univ.Choice): 877 componentType = namedtype.NamedTypes( 878 namedtype.NamedType('visibleString', 879 char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))), 880 namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))), 881 namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))) 882 ) 883 884 885class NoticeReference(univ.Sequence): 886 componentType = namedtype.NamedTypes( 887 namedtype.NamedType('organization', DisplayText()), 888 namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer())) 889 ) 890 891 892class UserNotice(univ.Sequence): 893 componentType = namedtype.NamedTypes( 894 namedtype.OptionalNamedType('noticeRef', NoticeReference()), 895 namedtype.OptionalNamedType('explicitText', DisplayText()) 896 ) 897 898 899class CPSuri(char.IA5String): 900 pass 901 902 903class PolicyQualifierId(univ.ObjectIdentifier): 904 subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice) 905 906 907class CertPolicyId(univ.ObjectIdentifier): 908 pass 909 910 911class PolicyQualifierInfo(univ.Sequence): 912 componentType = namedtype.NamedTypes( 913 namedtype.NamedType('policyQualifierId', PolicyQualifierId()), 914 namedtype.NamedType('qualifier', univ.Any()) 915 ) 916 917 918id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32') 919 920 921class PolicyInformation(univ.Sequence): 922 componentType = namedtype.NamedTypes( 923 namedtype.NamedType('policyIdentifier', CertPolicyId()), 924 namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype( 925 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 926 ) 927 928 929class CertificatePolicies(univ.SequenceOf): 930 componentType = PolicyInformation() 931 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 932 933 934id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33') 935 936 937class PolicyMapping(univ.Sequence): 938 componentType = namedtype.NamedTypes( 939 namedtype.NamedType('issuerDomainPolicy', CertPolicyId()), 940 namedtype.NamedType('subjectDomainPolicy', CertPolicyId()) 941 ) 942 943 944class PolicyMappings(univ.SequenceOf): 945 componentType = PolicyMapping() 946 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 947 948 949id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16') 950 951 952class PrivateKeyUsagePeriod(univ.Sequence): 953 componentType = namedtype.NamedTypes( 954 namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype( 955 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 956 namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype( 957 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 958 ) 959 960 961id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15') 962 963 964class KeyUsage(univ.BitString): 965 namedValues = namedval.NamedValues( 966 ('digitalSignature', 0), 967 ('nonRepudiation', 1), 968 ('keyEncipherment', 2), 969 ('dataEncipherment', 3), 970 ('keyAgreement', 4), 971 ('keyCertSign', 5), 972 ('cRLSign', 6), 973 ('encipherOnly', 7), 974 ('decipherOnly', 8) 975 ) 976 977 978id_ce = univ.ObjectIdentifier('2.5.29') 979 980id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35') 981 982 983class KeyIdentifier(univ.OctetString): 984 pass 985 986 987id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14') 988 989 990class SubjectKeyIdentifier(KeyIdentifier): 991 pass 992 993 994id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29') 995 996 997id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17') 998 999 1000id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18') 1001 1002 1003class AttributeValue(univ.Any): 1004 pass 1005 1006 1007class AttributeType(univ.ObjectIdentifier): 1008 pass 1009 1010certificateAttributesMap = {} 1011 1012 1013class AttributeTypeAndValue(univ.Sequence): 1014 componentType = namedtype.NamedTypes( 1015 namedtype.NamedType('type', AttributeType()), 1016 namedtype.NamedType('value', AttributeValue(), 1017 openType=opentype.OpenType('type', certificateAttributesMap)) 1018 ) 1019 1020 1021class Attribute(univ.Sequence): 1022 componentType = namedtype.NamedTypes( 1023 namedtype.NamedType('type', AttributeType()), 1024 namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) 1025 ) 1026 1027 1028class SubjectDirectoryAttributes(univ.SequenceOf): 1029 componentType = Attribute() 1030 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 1031 1032 1033class RelativeDistinguishedName(univ.SetOf): 1034 componentType = AttributeTypeAndValue() 1035 1036 1037class RDNSequence(univ.SequenceOf): 1038 componentType = RelativeDistinguishedName() 1039 1040 1041class Name(univ.Choice): 1042 componentType = namedtype.NamedTypes( 1043 namedtype.NamedType('', RDNSequence()) 1044 ) 1045 1046class CertificateSerialNumber(univ.Integer): 1047 pass 1048 1049 1050class AnotherName(univ.Sequence): 1051 componentType = namedtype.NamedTypes( 1052 namedtype.NamedType('type-id', univ.ObjectIdentifier()), 1053 namedtype.NamedType('value', 1054 univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 1055 ) 1056 1057 1058class GeneralName(univ.Choice): 1059 componentType = namedtype.NamedTypes( 1060 namedtype.NamedType('otherName', 1061 AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 1062 namedtype.NamedType('rfc822Name', 1063 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1064 namedtype.NamedType('dNSName', 1065 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 1066 namedtype.NamedType('x400Address', 1067 ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 1068 namedtype.NamedType('directoryName', 1069 Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 1070 namedtype.NamedType('ediPartyName', 1071 EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 1072 namedtype.NamedType('uniformResourceIdentifier', 1073 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 1074 namedtype.NamedType('iPAddress', univ.OctetString().subtype( 1075 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), 1076 namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype( 1077 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) 1078 ) 1079 1080 1081class GeneralNames(univ.SequenceOf): 1082 componentType = GeneralName() 1083 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 1084 1085 1086class AccessDescription(univ.Sequence): 1087 componentType = namedtype.NamedTypes( 1088 namedtype.NamedType('accessMethod', univ.ObjectIdentifier()), 1089 namedtype.NamedType('accessLocation', GeneralName()) 1090 ) 1091 1092 1093class AuthorityInfoAccessSyntax(univ.SequenceOf): 1094 componentType = AccessDescription() 1095 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 1096 1097 1098class AuthorityKeyIdentifier(univ.Sequence): 1099 componentType = namedtype.NamedTypes( 1100 namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype( 1101 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 1102 namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype( 1103 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1104 namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype( 1105 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 1106 ) 1107 1108 1109class DistributionPointName(univ.Choice): 1110 componentType = namedtype.NamedTypes( 1111 namedtype.NamedType('fullName', GeneralNames().subtype( 1112 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1113 namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype( 1114 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 1115 ) 1116 1117 1118class DistributionPoint(univ.Sequence): 1119 componentType = namedtype.NamedTypes( 1120 namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( 1121 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1122 namedtype.OptionalNamedType('reasons', ReasonFlags().subtype( 1123 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1124 namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype( 1125 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 1126 ) 1127 1128 1129class CRLDistPointsSyntax(univ.SequenceOf): 1130 componentType = DistributionPoint() 1131 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 1132 1133 1134class IssuingDistributionPoint(univ.Sequence): 1135 componentType = namedtype.NamedTypes( 1136 namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype( 1137 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1138 namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype( 1139 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1140 namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype( 1141 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 1142 namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype( 1143 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 1144 namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype( 1145 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) 1146 ) 1147 1148 1149class GeneralSubtree(univ.Sequence): 1150 componentType = namedtype.NamedTypes( 1151 namedtype.NamedType('base', GeneralName()), 1152 namedtype.DefaultedNamedType('minimum', BaseDistance(0).subtype( 1153 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1154 namedtype.OptionalNamedType('maximum', BaseDistance().subtype( 1155 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 1156 ) 1157 1158 1159class GeneralSubtrees(univ.SequenceOf): 1160 componentType = GeneralSubtree() 1161 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 1162 1163 1164class NameConstraints(univ.Sequence): 1165 componentType = namedtype.NamedTypes( 1166 namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype( 1167 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 1168 namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype( 1169 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 1170 ) 1171 1172 1173class CertificateIssuer(GeneralNames): 1174 pass 1175 1176 1177class SubjectAltName(GeneralNames): 1178 pass 1179 1180 1181class IssuerAltName(GeneralNames): 1182 pass 1183 1184 1185certificateExtensionsMap = {} 1186 1187 1188class Extension(univ.Sequence): 1189 componentType = namedtype.NamedTypes( 1190 namedtype.NamedType('extnID', univ.ObjectIdentifier()), 1191 namedtype.DefaultedNamedType('critical', univ.Boolean('False')), 1192 namedtype.NamedType('extnValue', univ.OctetString(), 1193 openType=opentype.OpenType('extnID', certificateExtensionsMap)) 1194 ) 1195 1196 1197class Extensions(univ.SequenceOf): 1198 componentType = Extension() 1199 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 1200 1201 1202class SubjectPublicKeyInfo(univ.Sequence): 1203 componentType = namedtype.NamedTypes( 1204 namedtype.NamedType('algorithm', AlgorithmIdentifier()), 1205 namedtype.NamedType('subjectPublicKey', univ.BitString()) 1206 ) 1207 1208 1209class UniqueIdentifier(univ.BitString): 1210 pass 1211 1212 1213class Time(univ.Choice): 1214 componentType = namedtype.NamedTypes( 1215 namedtype.NamedType('utcTime', useful.UTCTime()), 1216 namedtype.NamedType('generalTime', useful.GeneralizedTime()) 1217 ) 1218 1219 1220class Validity(univ.Sequence): 1221 componentType = namedtype.NamedTypes( 1222 namedtype.NamedType('notBefore', Time()), 1223 namedtype.NamedType('notAfter', Time()) 1224 ) 1225 1226 1227class Version(univ.Integer): 1228 namedValues = namedval.NamedValues( 1229 ('v1', 0), ('v2', 1), ('v3', 2) 1230 ) 1231 1232 1233class TBSCertificate(univ.Sequence): 1234 componentType = namedtype.NamedTypes( 1235 namedtype.DefaultedNamedType('version', Version('v1').subtype( 1236 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 1237 namedtype.NamedType('serialNumber', CertificateSerialNumber()), 1238 namedtype.NamedType('signature', AlgorithmIdentifier()), 1239 namedtype.NamedType('issuer', Name()), 1240 namedtype.NamedType('validity', Validity()), 1241 namedtype.NamedType('subject', Name()), 1242 namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), 1243 namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype( 1244 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 1245 namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype( 1246 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 1247 namedtype.OptionalNamedType('extensions', Extensions().subtype( 1248 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) 1249 ) 1250 1251 1252class Certificate(univ.Sequence): 1253 componentType = namedtype.NamedTypes( 1254 namedtype.NamedType('tbsCertificate', TBSCertificate()), 1255 namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), 1256 namedtype.NamedType('signatureValue', univ.BitString()) 1257 ) 1258 1259# CRL structures 1260 1261class RevokedCertificate(univ.Sequence): 1262 componentType = namedtype.NamedTypes( 1263 namedtype.NamedType('userCertificate', CertificateSerialNumber()), 1264 namedtype.NamedType('revocationDate', Time()), 1265 namedtype.OptionalNamedType('crlEntryExtensions', Extensions()) 1266 ) 1267 1268 1269class TBSCertList(univ.Sequence): 1270 componentType = namedtype.NamedTypes( 1271 namedtype.OptionalNamedType('version', Version()), 1272 namedtype.NamedType('signature', AlgorithmIdentifier()), 1273 namedtype.NamedType('issuer', Name()), 1274 namedtype.NamedType('thisUpdate', Time()), 1275 namedtype.OptionalNamedType('nextUpdate', Time()), 1276 namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())), 1277 namedtype.OptionalNamedType('crlExtensions', Extensions().subtype( 1278 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) 1279 ) 1280 1281 1282class CertificateList(univ.Sequence): 1283 componentType = namedtype.NamedTypes( 1284 namedtype.NamedType('tbsCertList', TBSCertList()), 1285 namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), 1286 namedtype.NamedType('signature', univ.BitString()) 1287 ) 1288 1289# map of AttributeType -> AttributeValue 1290 1291_certificateAttributesMapUpdate = { 1292 id_at_name: X520name(), 1293 id_at_surname: X520name(), 1294 id_at_givenName: X520name(), 1295 id_at_initials: X520name(), 1296 id_at_generationQualifier: X520name(), 1297 id_at_commonName: X520CommonName(), 1298 id_at_localityName: X520LocalityName(), 1299 id_at_stateOrProvinceName: X520StateOrProvinceName(), 1300 id_at_organizationName: X520OrganizationName(), 1301 id_at_organizationalUnitName: X520OrganizationalUnitName(), 1302 id_at_title: X520Title(), 1303 id_at_dnQualifier: X520dnQualifier(), 1304 id_at_countryName: X520countryName(), 1305 emailAddress: Pkcs9email(), 1306} 1307 1308certificateAttributesMap.update(_certificateAttributesMapUpdate) 1309 1310 1311# map of Certificate Extension OIDs to Extensions 1312 1313_certificateExtensionsMapUpdate = { 1314 id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(), 1315 id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(), 1316 id_ce_keyUsage: KeyUsage(), 1317 id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(), 1318 id_ce_certificatePolicies: CertificatePolicies(), 1319 id_ce_policyMappings: PolicyMappings(), 1320 id_ce_subjectAltName: SubjectAltName(), 1321 id_ce_issuerAltName: IssuerAltName(), 1322 id_ce_subjectDirectoryAttributes: SubjectDirectoryAttributes(), 1323 id_ce_basicConstraints: BasicConstraints(), 1324 id_ce_nameConstraints: NameConstraints(), 1325 id_ce_policyConstraints: PolicyConstraints(), 1326 id_ce_extKeyUsage: ExtKeyUsageSyntax(), 1327 id_ce_cRLDistributionPoints: CRLDistPointsSyntax(), 1328 id_pe_authorityInfoAccess: AuthorityInfoAccessSyntax(), 1329 id_ce_cRLNumber: univ.Integer(), 1330 id_ce_deltaCRLIndicator: BaseCRLNumber(), 1331 id_ce_issuingDistributionPoint: IssuingDistributionPoint(), 1332 id_ce_cRLReasons: CRLReason(), 1333 id_ce_holdInstructionCode: univ.ObjectIdentifier(), 1334 id_ce_invalidityDate: useful.GeneralizedTime(), 1335 id_ce_certificateIssuer: GeneralNames(), 1336} 1337 1338certificateExtensionsMap.update(_certificateExtensionsMapUpdate) 1339 1340