Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc5126.py 15KB

1 year ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley with assistance from asn1ate v.0.6.0.
  5. #
  6. # Copyright (c) 2019, Vigil Security, LLC
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # CMS Advanced Electronic Signatures (CAdES)
  10. #
  11. # ASN.1 source from:
  12. # https://www.rfc-editor.org/rfc/rfc5126.txt
  13. #
  14. from pyasn1.type import char
  15. from pyasn1.type import constraint
  16. from pyasn1.type import namedtype
  17. from pyasn1.type import opentype
  18. from pyasn1.type import tag
  19. from pyasn1.type import useful
  20. from pyasn1.type import univ
  21. from pyasn1_modules import rfc5280
  22. from pyasn1_modules import rfc5652
  23. from pyasn1_modules import rfc5035
  24. from pyasn1_modules import rfc5755
  25. from pyasn1_modules import rfc6960
  26. from pyasn1_modules import rfc3161
  27. MAX = float('inf')
  28. # Maps for OpenTypes
  29. commitmentQualifierMap = { }
  30. sigQualifiersMap = { }
  31. otherRevRefMap = { }
  32. otherRevValMap = { }
  33. # Imports from RFC 5652
  34. ContentInfo = rfc5652.ContentInfo
  35. ContentType = rfc5652.ContentType
  36. SignedData = rfc5652.SignedData
  37. EncapsulatedContentInfo = rfc5652.EncapsulatedContentInfo
  38. SignerInfo = rfc5652.SignerInfo
  39. MessageDigest = rfc5652.MessageDigest
  40. SigningTime = rfc5652.SigningTime
  41. Countersignature = rfc5652.Countersignature
  42. id_data = rfc5652.id_data
  43. id_signedData = rfc5652.id_signedData
  44. id_contentType= rfc5652.id_contentType
  45. id_messageDigest = rfc5652.id_messageDigest
  46. id_signingTime = rfc5652.id_signingTime
  47. id_countersignature = rfc5652.id_countersignature
  48. # Imports from RFC 5035
  49. SigningCertificate = rfc5035.SigningCertificate
  50. IssuerSerial = rfc5035.IssuerSerial
  51. ContentReference = rfc5035.ContentReference
  52. ContentIdentifier = rfc5035.ContentIdentifier
  53. id_aa_contentReference = rfc5035.id_aa_contentReference
  54. id_aa_contentIdentifier = rfc5035.id_aa_contentIdentifier
  55. id_aa_signingCertificate = rfc5035.id_aa_signingCertificate
  56. id_aa_signingCertificateV2 = rfc5035.id_aa_signingCertificateV2
  57. # Imports from RFC 5280
  58. Certificate = rfc5280.Certificate
  59. AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
  60. CertificateList = rfc5280.CertificateList
  61. Name = rfc5280.Name
  62. Attribute = rfc5280.Attribute
  63. GeneralNames = rfc5280.GeneralNames
  64. GeneralName = rfc5280.GeneralName
  65. PolicyInformation = rfc5280.PolicyInformation
  66. DirectoryString = rfc5280.DirectoryString
  67. # Imports from RFC 5755
  68. AttributeCertificate = rfc5755.AttributeCertificate
  69. # Imports from RFC 6960
  70. BasicOCSPResponse = rfc6960.BasicOCSPResponse
  71. ResponderID = rfc6960.ResponderID
  72. # Imports from RFC 3161
  73. TimeStampToken = rfc3161.TimeStampToken
  74. # OID used referencing electronic signature mechanisms
  75. id_etsi_es_IDUP_Mechanism_v1 = univ.ObjectIdentifier('0.4.0.1733.1.4.1')
  76. # OtherSigningCertificate - deprecated
  77. id_aa_ets_otherSigCert = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.19')
  78. class OtherHashValue(univ.OctetString):
  79. pass
  80. class OtherHashAlgAndValue(univ.Sequence):
  81. componentType = namedtype.NamedTypes(
  82. namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
  83. namedtype.NamedType('hashValue', OtherHashValue())
  84. )
  85. class OtherHash(univ.Choice):
  86. componentType = namedtype.NamedTypes(
  87. namedtype.NamedType('sha1Hash', OtherHashValue()),
  88. namedtype.NamedType('otherHash', OtherHashAlgAndValue())
  89. )
  90. class OtherCertID(univ.Sequence):
  91. componentType = namedtype.NamedTypes(
  92. namedtype.NamedType('otherCertHash', OtherHash()),
  93. namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
  94. )
  95. class OtherSigningCertificate(univ.Sequence):
  96. componentType = namedtype.NamedTypes(
  97. namedtype.NamedType('certs',
  98. univ.SequenceOf(componentType=OtherCertID())),
  99. namedtype.OptionalNamedType('policies',
  100. univ.SequenceOf(componentType=PolicyInformation()))
  101. )
  102. # Signature Policy Identifier
  103. id_aa_ets_sigPolicyId = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.15')
  104. class SigPolicyId(univ.ObjectIdentifier):
  105. pass
  106. class SigPolicyHash(OtherHashAlgAndValue):
  107. pass
  108. class SigPolicyQualifierId(univ.ObjectIdentifier):
  109. pass
  110. class SigPolicyQualifierInfo(univ.Sequence):
  111. componentType = namedtype.NamedTypes(
  112. namedtype.NamedType('sigPolicyQualifierId', SigPolicyQualifierId()),
  113. namedtype.NamedType('sigQualifier', univ.Any(),
  114. openType=opentype.OpenType('sigPolicyQualifierId', sigQualifiersMap))
  115. )
  116. class SignaturePolicyId(univ.Sequence):
  117. componentType = namedtype.NamedTypes(
  118. namedtype.NamedType('sigPolicyId', SigPolicyId()),
  119. namedtype.NamedType('sigPolicyHash', SigPolicyHash()),
  120. namedtype.OptionalNamedType('sigPolicyQualifiers',
  121. univ.SequenceOf(componentType=SigPolicyQualifierInfo()).subtype(
  122. subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
  123. )
  124. class SignaturePolicyImplied(univ.Null):
  125. pass
  126. class SignaturePolicy(univ.Choice):
  127. componentType = namedtype.NamedTypes(
  128. namedtype.NamedType('signaturePolicyId', SignaturePolicyId()),
  129. namedtype.NamedType('signaturePolicyImplied', SignaturePolicyImplied())
  130. )
  131. id_spq_ets_unotice = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.2')
  132. class DisplayText(univ.Choice):
  133. componentType = namedtype.NamedTypes(
  134. namedtype.NamedType('visibleString', char.VisibleString().subtype(
  135. subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
  136. namedtype.NamedType('bmpString', char.BMPString().subtype(
  137. subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
  138. namedtype.NamedType('utf8String', char.UTF8String().subtype(
  139. subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
  140. )
  141. class NoticeReference(univ.Sequence):
  142. componentType = namedtype.NamedTypes(
  143. namedtype.NamedType('organization', DisplayText()),
  144. namedtype.NamedType('noticeNumbers',
  145. univ.SequenceOf(componentType=univ.Integer()))
  146. )
  147. class SPUserNotice(univ.Sequence):
  148. componentType = namedtype.NamedTypes(
  149. namedtype.OptionalNamedType('noticeRef', NoticeReference()),
  150. namedtype.OptionalNamedType('explicitText', DisplayText())
  151. )
  152. noticeToUser = SigPolicyQualifierInfo()
  153. noticeToUser['sigPolicyQualifierId'] = id_spq_ets_unotice
  154. noticeToUser['sigQualifier'] = SPUserNotice()
  155. id_spq_ets_uri = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.1')
  156. class SPuri(char.IA5String):
  157. pass
  158. pointerToSigPolSpec = SigPolicyQualifierInfo()
  159. pointerToSigPolSpec['sigPolicyQualifierId'] = id_spq_ets_uri
  160. pointerToSigPolSpec['sigQualifier'] = SPuri()
  161. # Commitment Type
  162. id_aa_ets_commitmentType = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.16')
  163. class CommitmentTypeIdentifier(univ.ObjectIdentifier):
  164. pass
  165. class CommitmentTypeQualifier(univ.Sequence):
  166. componentType = namedtype.NamedTypes(
  167. namedtype.NamedType('commitmentTypeIdentifier',
  168. CommitmentTypeIdentifier()),
  169. namedtype.NamedType('qualifier', univ.Any(),
  170. openType=opentype.OpenType('commitmentTypeIdentifier',
  171. commitmentQualifierMap))
  172. )
  173. class CommitmentTypeIndication(univ.Sequence):
  174. componentType = namedtype.NamedTypes(
  175. namedtype.NamedType('commitmentTypeId', CommitmentTypeIdentifier()),
  176. namedtype.OptionalNamedType('commitmentTypeQualifier',
  177. univ.SequenceOf(componentType=CommitmentTypeQualifier()).subtype(
  178. subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
  179. )
  180. id_cti_ets_proofOfOrigin = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.1')
  181. id_cti_ets_proofOfReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.2')
  182. id_cti_ets_proofOfDelivery = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.3')
  183. id_cti_ets_proofOfSender = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.4')
  184. id_cti_ets_proofOfApproval = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.5')
  185. id_cti_ets_proofOfCreation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.6')
  186. # Signer Location
  187. id_aa_ets_signerLocation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.17')
  188. class PostalAddress(univ.SequenceOf):
  189. componentType = DirectoryString()
  190. subtypeSpec = constraint.ValueSizeConstraint(1, 6)
  191. class SignerLocation(univ.Sequence):
  192. componentType = namedtype.NamedTypes(
  193. namedtype.OptionalNamedType('countryName',
  194. DirectoryString().subtype(explicitTag=tag.Tag(
  195. tag.tagClassContext, tag.tagFormatSimple, 0))),
  196. namedtype.OptionalNamedType('localityName',
  197. DirectoryString().subtype(explicitTag=tag.Tag(
  198. tag.tagClassContext, tag.tagFormatSimple, 1))),
  199. namedtype.OptionalNamedType('postalAdddress',
  200. PostalAddress().subtype(explicitTag=tag.Tag(
  201. tag.tagClassContext, tag.tagFormatSimple, 2)))
  202. )
  203. # Signature Timestamp
  204. id_aa_signatureTimeStampToken = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.14')
  205. class SignatureTimeStampToken(TimeStampToken):
  206. pass
  207. # Content Timestamp
  208. id_aa_ets_contentTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.20')
  209. class ContentTimestamp(TimeStampToken):
  210. pass
  211. # Signer Attributes
  212. id_aa_ets_signerAttr = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.18')
  213. class ClaimedAttributes(univ.SequenceOf):
  214. componentType = Attribute()
  215. class CertifiedAttributes(AttributeCertificate):
  216. pass
  217. class SignerAttribute(univ.SequenceOf):
  218. componentType = univ.Choice(componentType=namedtype.NamedTypes(
  219. namedtype.NamedType('claimedAttributes',
  220. ClaimedAttributes().subtype(explicitTag=tag.Tag(
  221. tag.tagClassContext, tag.tagFormatSimple, 0))),
  222. namedtype.NamedType('certifiedAttributes',
  223. CertifiedAttributes().subtype(explicitTag=tag.Tag(
  224. tag.tagClassContext, tag.tagFormatSimple, 1)))
  225. ))
  226. # Complete Certificate Refs
  227. id_aa_ets_certificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.21')
  228. class CompleteCertificateRefs(univ.SequenceOf):
  229. componentType = OtherCertID()
  230. # Complete Revocation Refs
  231. id_aa_ets_revocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.22')
  232. class CrlIdentifier(univ.Sequence):
  233. componentType = namedtype.NamedTypes(
  234. namedtype.NamedType('crlissuer', Name()),
  235. namedtype.NamedType('crlIssuedTime', useful.UTCTime()),
  236. namedtype.OptionalNamedType('crlNumber', univ.Integer())
  237. )
  238. class CrlValidatedID(univ.Sequence):
  239. componentType = namedtype.NamedTypes(
  240. namedtype.NamedType('crlHash', OtherHash()),
  241. namedtype.OptionalNamedType('crlIdentifier', CrlIdentifier())
  242. )
  243. class CRLListID(univ.Sequence):
  244. componentType = namedtype.NamedTypes(
  245. namedtype.NamedType('crls',
  246. univ.SequenceOf(componentType=CrlValidatedID()))
  247. )
  248. class OcspIdentifier(univ.Sequence):
  249. componentType = namedtype.NamedTypes(
  250. namedtype.NamedType('ocspResponderID', ResponderID()),
  251. namedtype.NamedType('producedAt', useful.GeneralizedTime())
  252. )
  253. class OcspResponsesID(univ.Sequence):
  254. componentType = namedtype.NamedTypes(
  255. namedtype.NamedType('ocspIdentifier', OcspIdentifier()),
  256. namedtype.OptionalNamedType('ocspRepHash', OtherHash())
  257. )
  258. class OcspListID(univ.Sequence):
  259. componentType = namedtype.NamedTypes(
  260. namedtype.NamedType('ocspResponses',
  261. univ.SequenceOf(componentType=OcspResponsesID()))
  262. )
  263. class OtherRevRefType(univ.ObjectIdentifier):
  264. pass
  265. class OtherRevRefs(univ.Sequence):
  266. componentType = namedtype.NamedTypes(
  267. namedtype.NamedType('otherRevRefType', OtherRevRefType()),
  268. namedtype.NamedType('otherRevRefs', univ.Any(),
  269. openType=opentype.OpenType('otherRevRefType', otherRevRefMap))
  270. )
  271. class CrlOcspRef(univ.Sequence):
  272. componentType = namedtype.NamedTypes(
  273. namedtype.OptionalNamedType('crlids',
  274. CRLListID().subtype(explicitTag=tag.Tag(
  275. tag.tagClassContext, tag.tagFormatConstructed, 0))),
  276. namedtype.OptionalNamedType('ocspids',
  277. OcspListID().subtype(explicitTag=tag.Tag(
  278. tag.tagClassContext, tag.tagFormatConstructed, 1))),
  279. namedtype.OptionalNamedType('otherRev',
  280. OtherRevRefs().subtype(explicitTag=tag.Tag(
  281. tag.tagClassContext, tag.tagFormatConstructed, 2)))
  282. )
  283. class CompleteRevocationRefs(univ.SequenceOf):
  284. componentType = CrlOcspRef()
  285. # Certificate Values
  286. id_aa_ets_certValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.23')
  287. class CertificateValues(univ.SequenceOf):
  288. componentType = Certificate()
  289. # Certificate Revocation Values
  290. id_aa_ets_revocationValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.24')
  291. class OtherRevValType(univ.ObjectIdentifier):
  292. pass
  293. class OtherRevVals(univ.Sequence):
  294. componentType = namedtype.NamedTypes(
  295. namedtype.NamedType('otherRevValType', OtherRevValType()),
  296. namedtype.NamedType('otherRevVals', univ.Any(),
  297. openType=opentype.OpenType('otherRevValType', otherRevValMap))
  298. )
  299. class RevocationValues(univ.Sequence):
  300. componentType = namedtype.NamedTypes(
  301. namedtype.OptionalNamedType('crlVals',
  302. univ.SequenceOf(componentType=CertificateList()).subtype(
  303. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  304. namedtype.OptionalNamedType('ocspVals',
  305. univ.SequenceOf(componentType=BasicOCSPResponse()).subtype(
  306. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  307. namedtype.OptionalNamedType('otherRevVals',
  308. OtherRevVals().subtype(explicitTag=tag.Tag(
  309. tag.tagClassContext, tag.tagFormatConstructed, 2)))
  310. )
  311. # CAdES-C Timestamp
  312. id_aa_ets_escTimeStamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.25')
  313. class ESCTimeStampToken(TimeStampToken):
  314. pass
  315. # Time-Stamped Certificates and CRLs
  316. id_aa_ets_certCRLTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.26')
  317. class TimestampedCertsCRLs(TimeStampToken):
  318. pass
  319. # Archive Timestamp
  320. id_aa_ets_archiveTimestampV2 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.48')
  321. class ArchiveTimeStampToken(TimeStampToken):
  322. pass
  323. # Attribute certificate references
  324. id_aa_ets_attrCertificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.44')
  325. class AttributeCertificateRefs(univ.SequenceOf):
  326. componentType = OtherCertID()
  327. # Attribute revocation references
  328. id_aa_ets_attrRevocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.45')
  329. class AttributeRevocationRefs(univ.SequenceOf):
  330. componentType = CrlOcspRef()
  331. # Update the sigQualifiersMap
  332. _sigQualifiersMapUpdate = {
  333. id_spq_ets_unotice: SPUserNotice(),
  334. id_spq_ets_uri: SPuri(),
  335. }
  336. sigQualifiersMap.update(_sigQualifiersMapUpdate)
  337. # Update the CMS Attribute Map in rfc5652.py
  338. _cmsAttributesMapUpdate = {
  339. id_aa_ets_otherSigCert: OtherSigningCertificate(),
  340. id_aa_ets_sigPolicyId: SignaturePolicy(),
  341. id_aa_ets_commitmentType: CommitmentTypeIndication(),
  342. id_aa_ets_signerLocation: SignerLocation(),
  343. id_aa_signatureTimeStampToken: SignatureTimeStampToken(),
  344. id_aa_ets_contentTimestamp: ContentTimestamp(),
  345. id_aa_ets_signerAttr: SignerAttribute(),
  346. id_aa_ets_certificateRefs: CompleteCertificateRefs(),
  347. id_aa_ets_revocationRefs: CompleteRevocationRefs(),
  348. id_aa_ets_certValues: CertificateValues(),
  349. id_aa_ets_revocationValues: RevocationValues(),
  350. id_aa_ets_escTimeStamp: ESCTimeStampToken(),
  351. id_aa_ets_certCRLTimestamp: TimestampedCertsCRLs(),
  352. id_aa_ets_archiveTimestampV2: ArchiveTimeStampToken(),
  353. id_aa_ets_attrCertificateRefs: AttributeCertificateRefs(),
  354. id_aa_ets_attrRevocationRefs: AttributeRevocationRefs(),
  355. }
  356. rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)