You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc4211.py 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396
  1. # coding: utf-8
  2. #
  3. # This file is part of pyasn1-modules software.
  4. #
  5. # Created by Stanisław Pitucha with asn1ate tool.
  6. # Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com>
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # Internet X.509 Public Key Infrastructure Certificate Request
  10. # Message Format (CRMF)
  11. #
  12. # ASN.1 source from:
  13. # http://www.ietf.org/rfc/rfc4211.txt
  14. #
  15. from pyasn1.type import char
  16. from pyasn1.type import constraint
  17. from pyasn1.type import namedtype
  18. from pyasn1.type import namedval
  19. from pyasn1.type import tag
  20. from pyasn1.type import univ
  21. from pyasn1_modules import rfc3280
  22. from pyasn1_modules import rfc3852
  23. MAX = float('inf')
  24. def _buildOid(*components):
  25. output = []
  26. for x in tuple(components):
  27. if isinstance(x, univ.ObjectIdentifier):
  28. output.extend(list(x))
  29. else:
  30. output.append(int(x))
  31. return univ.ObjectIdentifier(output)
  32. id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
  33. id_pkip = _buildOid(id_pkix, 5)
  34. id_regCtrl = _buildOid(id_pkip, 1)
  35. class SinglePubInfo(univ.Sequence):
  36. pass
  37. SinglePubInfo.componentType = namedtype.NamedTypes(
  38. namedtype.NamedType('pubMethod', univ.Integer(
  39. namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
  40. namedtype.OptionalNamedType('pubLocation', rfc3280.GeneralName())
  41. )
  42. class UTF8Pairs(char.UTF8String):
  43. pass
  44. class PKMACValue(univ.Sequence):
  45. pass
  46. PKMACValue.componentType = namedtype.NamedTypes(
  47. namedtype.NamedType('algId', rfc3280.AlgorithmIdentifier()),
  48. namedtype.NamedType('value', univ.BitString())
  49. )
  50. class POPOSigningKeyInput(univ.Sequence):
  51. pass
  52. POPOSigningKeyInput.componentType = namedtype.NamedTypes(
  53. namedtype.NamedType(
  54. 'authInfo', univ.Choice(
  55. componentType=namedtype.NamedTypes(
  56. namedtype.NamedType(
  57. 'sender', rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))
  58. ),
  59. namedtype.NamedType(
  60. 'publicKeyMAC', PKMACValue()
  61. )
  62. )
  63. )
  64. ),
  65. namedtype.NamedType('publicKey', rfc3280.SubjectPublicKeyInfo())
  66. )
  67. class POPOSigningKey(univ.Sequence):
  68. pass
  69. POPOSigningKey.componentType = namedtype.NamedTypes(
  70. namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(
  71. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  72. namedtype.NamedType('algorithmIdentifier', rfc3280.AlgorithmIdentifier()),
  73. namedtype.NamedType('signature', univ.BitString())
  74. )
  75. class Attributes(univ.SetOf):
  76. pass
  77. Attributes.componentType = rfc3280.Attribute()
  78. class PrivateKeyInfo(univ.Sequence):
  79. pass
  80. PrivateKeyInfo.componentType = namedtype.NamedTypes(
  81. namedtype.NamedType('version', univ.Integer()),
  82. namedtype.NamedType('privateKeyAlgorithm', rfc3280.AlgorithmIdentifier()),
  83. namedtype.NamedType('privateKey', univ.OctetString()),
  84. namedtype.OptionalNamedType('attributes',
  85. Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
  86. )
  87. class EncryptedValue(univ.Sequence):
  88. pass
  89. EncryptedValue.componentType = namedtype.NamedTypes(
  90. namedtype.OptionalNamedType('intendedAlg', rfc3280.AlgorithmIdentifier().subtype(
  91. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  92. namedtype.OptionalNamedType('symmAlg', rfc3280.AlgorithmIdentifier().subtype(
  93. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  94. namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(
  95. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
  96. namedtype.OptionalNamedType('keyAlg', rfc3280.AlgorithmIdentifier().subtype(
  97. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
  98. namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(
  99. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
  100. namedtype.NamedType('encValue', univ.BitString())
  101. )
  102. class EncryptedKey(univ.Choice):
  103. pass
  104. EncryptedKey.componentType = namedtype.NamedTypes(
  105. namedtype.NamedType('encryptedValue', EncryptedValue()),
  106. namedtype.NamedType('envelopedData', rfc3852.EnvelopedData().subtype(
  107. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
  108. )
  109. class KeyGenParameters(univ.OctetString):
  110. pass
  111. class PKIArchiveOptions(univ.Choice):
  112. pass
  113. PKIArchiveOptions.componentType = namedtype.NamedTypes(
  114. namedtype.NamedType('encryptedPrivKey',
  115. EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  116. namedtype.NamedType('keyGenParameters',
  117. KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  118. namedtype.NamedType('archiveRemGenPrivKey',
  119. univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
  120. )
  121. id_regCtrl_authenticator = _buildOid(id_regCtrl, 2)
  122. id_regInfo = _buildOid(id_pkip, 2)
  123. id_regInfo_certReq = _buildOid(id_regInfo, 2)
  124. class ProtocolEncrKey(rfc3280.SubjectPublicKeyInfo):
  125. pass
  126. class Authenticator(char.UTF8String):
  127. pass
  128. class SubsequentMessage(univ.Integer):
  129. pass
  130. SubsequentMessage.namedValues = namedval.NamedValues(
  131. ('encrCert', 0),
  132. ('challengeResp', 1)
  133. )
  134. class AttributeTypeAndValue(univ.Sequence):
  135. pass
  136. AttributeTypeAndValue.componentType = namedtype.NamedTypes(
  137. namedtype.NamedType('type', univ.ObjectIdentifier()),
  138. namedtype.NamedType('value', univ.Any())
  139. )
  140. class POPOPrivKey(univ.Choice):
  141. pass
  142. POPOPrivKey.componentType = namedtype.NamedTypes(
  143. namedtype.NamedType('thisMessage',
  144. univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  145. namedtype.NamedType('subsequentMessage',
  146. SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  147. namedtype.NamedType('dhMAC',
  148. univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
  149. namedtype.NamedType('agreeMAC',
  150. PKMACValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
  151. namedtype.NamedType('encryptedKey', rfc3852.EnvelopedData().subtype(
  152. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
  153. )
  154. class ProofOfPossession(univ.Choice):
  155. pass
  156. ProofOfPossession.componentType = namedtype.NamedTypes(
  157. namedtype.NamedType('raVerified',
  158. univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  159. namedtype.NamedType('signature', POPOSigningKey().subtype(
  160. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
  161. namedtype.NamedType('keyEncipherment',
  162. POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
  163. namedtype.NamedType('keyAgreement',
  164. POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
  165. )
  166. class OptionalValidity(univ.Sequence):
  167. pass
  168. OptionalValidity.componentType = namedtype.NamedTypes(
  169. namedtype.OptionalNamedType('notBefore', rfc3280.Time().subtype(
  170. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  171. namedtype.OptionalNamedType('notAfter', rfc3280.Time().subtype(
  172. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
  173. )
  174. class CertTemplate(univ.Sequence):
  175. pass
  176. CertTemplate.componentType = namedtype.NamedTypes(
  177. namedtype.OptionalNamedType('version', rfc3280.Version().subtype(
  178. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  179. namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(
  180. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  181. namedtype.OptionalNamedType('signingAlg', rfc3280.AlgorithmIdentifier().subtype(
  182. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
  183. namedtype.OptionalNamedType('issuer', rfc3280.Name().subtype(
  184. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
  185. namedtype.OptionalNamedType('validity', OptionalValidity().subtype(
  186. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
  187. namedtype.OptionalNamedType('subject', rfc3280.Name().subtype(
  188. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
  189. namedtype.OptionalNamedType('publicKey', rfc3280.SubjectPublicKeyInfo().subtype(
  190. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
  191. namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier().subtype(
  192. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
  193. namedtype.OptionalNamedType('subjectUID', rfc3280.UniqueIdentifier().subtype(
  194. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
  195. namedtype.OptionalNamedType('extensions', rfc3280.Extensions().subtype(
  196. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9)))
  197. )
  198. class Controls(univ.SequenceOf):
  199. pass
  200. Controls.componentType = AttributeTypeAndValue()
  201. Controls.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
  202. class CertRequest(univ.Sequence):
  203. pass
  204. CertRequest.componentType = namedtype.NamedTypes(
  205. namedtype.NamedType('certReqId', univ.Integer()),
  206. namedtype.NamedType('certTemplate', CertTemplate()),
  207. namedtype.OptionalNamedType('controls', Controls())
  208. )
  209. class CertReqMsg(univ.Sequence):
  210. pass
  211. CertReqMsg.componentType = namedtype.NamedTypes(
  212. namedtype.NamedType('certReq', CertRequest()),
  213. namedtype.OptionalNamedType('popo', ProofOfPossession()),
  214. namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()))
  215. )
  216. class CertReqMessages(univ.SequenceOf):
  217. pass
  218. CertReqMessages.componentType = CertReqMsg()
  219. CertReqMessages.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
  220. class CertReq(CertRequest):
  221. pass
  222. id_regCtrl_pkiPublicationInfo = _buildOid(id_regCtrl, 3)
  223. class CertId(univ.Sequence):
  224. pass
  225. CertId.componentType = namedtype.NamedTypes(
  226. namedtype.NamedType('issuer', rfc3280.GeneralName()),
  227. namedtype.NamedType('serialNumber', univ.Integer())
  228. )
  229. class OldCertId(CertId):
  230. pass
  231. class PKIPublicationInfo(univ.Sequence):
  232. pass
  233. PKIPublicationInfo.componentType = namedtype.NamedTypes(
  234. namedtype.NamedType('action',
  235. univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
  236. namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()))
  237. )
  238. class EncKeyWithID(univ.Sequence):
  239. pass
  240. EncKeyWithID.componentType = namedtype.NamedTypes(
  241. namedtype.NamedType('privateKey', PrivateKeyInfo()),
  242. namedtype.OptionalNamedType(
  243. 'identifier', univ.Choice(
  244. componentType=namedtype.NamedTypes(
  245. namedtype.NamedType('string', char.UTF8String()),
  246. namedtype.NamedType('generalName', rfc3280.GeneralName())
  247. )
  248. )
  249. )
  250. )
  251. id_regCtrl_protocolEncrKey = _buildOid(id_regCtrl, 6)
  252. id_regCtrl_oldCertID = _buildOid(id_regCtrl, 5)
  253. id_smime = _buildOid(1, 2, 840, 113549, 1, 9, 16)
  254. class PBMParameter(univ.Sequence):
  255. pass
  256. PBMParameter.componentType = namedtype.NamedTypes(
  257. namedtype.NamedType('salt', univ.OctetString()),
  258. namedtype.NamedType('owf', rfc3280.AlgorithmIdentifier()),
  259. namedtype.NamedType('iterationCount', univ.Integer()),
  260. namedtype.NamedType('mac', rfc3280.AlgorithmIdentifier())
  261. )
  262. id_regCtrl_regToken = _buildOid(id_regCtrl, 1)
  263. id_regCtrl_pkiArchiveOptions = _buildOid(id_regCtrl, 4)
  264. id_regInfo_utf8Pairs = _buildOid(id_regInfo, 1)
  265. id_ct = _buildOid(id_smime, 1)
  266. id_ct_encKeyWithID = _buildOid(id_ct, 21)
  267. class RegToken(char.UTF8String):
  268. pass