|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336 |
- #
- # This file is part of pyasn1-modules software.
- #
- # Created by Russ Housley with assistance from asn1ate v.0.6.0.
- # Modified by Russ Housley to add a map for use with opentypes.
- #
- # Copyright (c) 2019, Vigil Security, LLC
- # License: http://snmplabs.com/pyasn1/license.html
- #
- # Enhanced Security Services for S/MIME
- #
- # ASN.1 source from:
- # https://www.rfc-editor.org/rfc/rfc2634.txt
- #
-
- from pyasn1.type import char
- from pyasn1.type import constraint
- from pyasn1.type import namedval
- from pyasn1.type import namedtype
- from pyasn1.type import tag
- from pyasn1.type import univ
- from pyasn1.type import useful
-
- from pyasn1_modules import rfc5652
- from pyasn1_modules import rfc5280
-
- MAX = float('inf')
-
- ContentType = rfc5652.ContentType
-
- IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
-
- SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier
-
- PolicyInformation = rfc5280.PolicyInformation
-
- GeneralNames = rfc5280.GeneralNames
-
- CertificateSerialNumber = rfc5280.CertificateSerialNumber
-
-
- # Signing Certificate Attribute
- # Warning: It is better to use SigningCertificateV2 from RFC 5035
-
- id_aa_signingCertificate = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.12')
-
- class Hash(univ.OctetString):
- pass # SHA-1 hash of entire certificate; RFC 5035 supports other hash algorithms
-
-
- class IssuerSerial(univ.Sequence):
- pass
-
- IssuerSerial.componentType = namedtype.NamedTypes(
- namedtype.NamedType('issuer', GeneralNames()),
- namedtype.NamedType('serialNumber', CertificateSerialNumber())
- )
-
-
- class ESSCertID(univ.Sequence):
- pass
-
- ESSCertID.componentType = namedtype.NamedTypes(
- namedtype.NamedType('certHash', Hash()),
- namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
- )
-
-
- class SigningCertificate(univ.Sequence):
- pass
-
- SigningCertificate.componentType = namedtype.NamedTypes(
- namedtype.NamedType('certs', univ.SequenceOf(
- componentType=ESSCertID())),
- namedtype.OptionalNamedType('policies', univ.SequenceOf(
- componentType=PolicyInformation()))
- )
-
-
- # Mail List Expansion History Attribute
-
- id_aa_mlExpandHistory = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.3')
-
- ub_ml_expansion_history = univ.Integer(64)
-
-
- class EntityIdentifier(univ.Choice):
- pass
-
- EntityIdentifier.componentType = namedtype.NamedTypes(
- namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
- namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier())
- )
-
-
- class MLReceiptPolicy(univ.Choice):
- pass
-
- MLReceiptPolicy.componentType = namedtype.NamedTypes(
- namedtype.NamedType('none', univ.Null().subtype(implicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.NamedType('insteadOf', univ.SequenceOf(
- componentType=GeneralNames()).subtype(
- sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
- implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
- namedtype.NamedType('inAdditionTo', univ.SequenceOf(
- componentType=GeneralNames()).subtype(
- sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
- implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
- )
-
-
- class MLData(univ.Sequence):
- pass
-
- MLData.componentType = namedtype.NamedTypes(
- namedtype.NamedType('mailListIdentifier', EntityIdentifier()),
- namedtype.NamedType('expansionTime', useful.GeneralizedTime()),
- namedtype.OptionalNamedType('mlReceiptPolicy', MLReceiptPolicy())
- )
-
- class MLExpansionHistory(univ.SequenceOf):
- pass
-
- MLExpansionHistory.componentType = MLData()
- MLExpansionHistory.sizeSpec = constraint.ValueSizeConstraint(1, ub_ml_expansion_history)
-
-
- # ESS Security Label Attribute
-
- id_aa_securityLabel = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.2')
-
- ub_privacy_mark_length = univ.Integer(128)
-
- ub_security_categories = univ.Integer(64)
-
- ub_integer_options = univ.Integer(256)
-
-
- class ESSPrivacyMark(univ.Choice):
- pass
-
- ESSPrivacyMark.componentType = namedtype.NamedTypes(
- namedtype.NamedType('pString', char.PrintableString().subtype(
- subtypeSpec=constraint.ValueSizeConstraint(1, ub_privacy_mark_length))),
- namedtype.NamedType('utf8String', char.UTF8String().subtype(
- subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
- )
-
-
- class SecurityClassification(univ.Integer):
- pass
-
- SecurityClassification.subtypeSpec=constraint.ValueRangeConstraint(0, ub_integer_options)
-
- SecurityClassification.namedValues = namedval.NamedValues(
- ('unmarked', 0),
- ('unclassified', 1),
- ('restricted', 2),
- ('confidential', 3),
- ('secret', 4),
- ('top-secret', 5)
- )
-
-
- class SecurityPolicyIdentifier(univ.ObjectIdentifier):
- pass
-
-
- class SecurityCategory(univ.Sequence):
- pass
-
- SecurityCategory.componentType = namedtype.NamedTypes(
- namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
- implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- class SecurityCategories(univ.SetOf):
- pass
-
- SecurityCategories.componentType = SecurityCategory()
- SecurityCategories.sizeSpec = constraint.ValueSizeConstraint(1, ub_security_categories)
-
-
- class ESSSecurityLabel(univ.Set):
- pass
-
- ESSSecurityLabel.componentType = namedtype.NamedTypes(
- namedtype.NamedType('security-policy-identifier', SecurityPolicyIdentifier()),
- namedtype.OptionalNamedType('security-classification', SecurityClassification()),
- namedtype.OptionalNamedType('privacy-mark', ESSPrivacyMark()),
- namedtype.OptionalNamedType('security-categories', SecurityCategories())
- )
-
-
- # Equivalent Labels Attribute
-
- id_aa_equivalentLabels = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.9')
-
- class EquivalentLabels(univ.SequenceOf):
- pass
-
- EquivalentLabels.componentType = ESSSecurityLabel()
-
-
- # Content Identifier Attribute
-
- id_aa_contentIdentifier = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.7')
-
- class ContentIdentifier(univ.OctetString):
- pass
-
-
- # Content Reference Attribute
-
- id_aa_contentReference = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.10')
-
- class ContentReference(univ.Sequence):
- pass
-
- ContentReference.componentType = namedtype.NamedTypes(
- namedtype.NamedType('contentType', ContentType()),
- namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
- namedtype.NamedType('originatorSignatureValue', univ.OctetString())
- )
-
-
- # Message Signature Digest Attribute
-
- id_aa_msgSigDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.5')
-
- class MsgSigDigest(univ.OctetString):
- pass
-
-
- # Content Hints Attribute
-
- id_aa_contentHint = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4')
-
- class ContentHints(univ.Sequence):
- pass
-
- ContentHints.componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('contentDescription', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
- namedtype.NamedType('contentType', ContentType())
- )
-
-
- # Receipt Request Attribute
-
- class AllOrFirstTier(univ.Integer):
- pass
-
- AllOrFirstTier.namedValues = namedval.NamedValues(
- ('allReceipts', 0),
- ('firstTierRecipients', 1)
- )
-
-
- class ReceiptsFrom(univ.Choice):
- pass
-
- ReceiptsFrom.componentType = namedtype.NamedTypes(
- namedtype.NamedType('allOrFirstTier', AllOrFirstTier().subtype(
- implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.NamedType('receiptList', univ.SequenceOf(
- componentType=GeneralNames()).subtype(implicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- id_aa_receiptRequest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.1')
-
- ub_receiptsTo = univ.Integer(16)
-
- class ReceiptRequest(univ.Sequence):
- pass
-
- ReceiptRequest.componentType = namedtype.NamedTypes(
- namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
- namedtype.NamedType('receiptsFrom', ReceiptsFrom()),
- namedtype.NamedType('receiptsTo', univ.SequenceOf(componentType=GeneralNames()).subtype(sizeSpec=constraint.ValueSizeConstraint(1, ub_receiptsTo)))
- )
-
- # Receipt Content Type
-
- class ESSVersion(univ.Integer):
- pass
-
- ESSVersion.namedValues = namedval.NamedValues(
- ('v1', 1)
- )
-
-
- id_ct_receipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.1')
-
- class Receipt(univ.Sequence):
- pass
-
- Receipt.componentType = namedtype.NamedTypes(
- namedtype.NamedType('version', ESSVersion()),
- namedtype.NamedType('contentType', ContentType()),
- namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
- namedtype.NamedType('originatorSignatureValue', univ.OctetString())
- )
-
-
- # Map of Attribute Type to the Attribute structure is added to the
- # ones that are in rfc5652.py
-
- _cmsAttributesMapUpdate = {
- id_aa_signingCertificate: SigningCertificate(),
- id_aa_mlExpandHistory: MLExpansionHistory(),
- id_aa_securityLabel: ESSSecurityLabel(),
- id_aa_equivalentLabels: EquivalentLabels(),
- id_aa_contentIdentifier: ContentIdentifier(),
- id_aa_contentReference: ContentReference(),
- id_aa_msgSigDigest: MsgSigDigest(),
- id_aa_contentHint: ContentHints(),
- id_aa_receiptRequest: ReceiptRequest(),
- }
-
- rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
-
-
- # Map of Content Type OIDs to Content Types is added to the
- # ones that are in rfc5652.py
-
- _cmsContentTypesMapUpdate = {
- id_ct_receipt: Receipt(),
- }
-
- rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
|