Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc2985.py 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley with assistance from asn1ate v.0.6.0.
  5. #
  6. # Copyright (c) 2019, Vigil Security, LLC
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # PKCS#9: Selected Attribute Types (Version 2.0)
  10. #
  11. # ASN.1 source from:
  12. # https://www.rfc-editor.org/rfc/rfc2985.txt
  13. #
  14. from pyasn1.type import char
  15. from pyasn1.type import constraint
  16. from pyasn1.type import namedtype
  17. from pyasn1.type import namedval
  18. from pyasn1.type import opentype
  19. from pyasn1.type import tag
  20. from pyasn1.type import univ
  21. from pyasn1.type import useful
  22. from pyasn1_modules import rfc7292
  23. from pyasn1_modules import rfc5958
  24. from pyasn1_modules import rfc5652
  25. from pyasn1_modules import rfc5280
  26. def _OID(*components):
  27. output = []
  28. for x in tuple(components):
  29. if isinstance(x, univ.ObjectIdentifier):
  30. output.extend(list(x))
  31. else:
  32. output.append(int(x))
  33. return univ.ObjectIdentifier(output)
  34. MAX = float('inf')
  35. # Imports from RFC 5280
  36. AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
  37. Attribute = rfc5280.Attribute
  38. EmailAddress = rfc5280.EmailAddress
  39. Extensions = rfc5280.Extensions
  40. Time = rfc5280.Time
  41. X520countryName = rfc5280.X520countryName
  42. X520SerialNumber = rfc5280.X520SerialNumber
  43. # Imports from RFC 5652
  44. ContentInfo = rfc5652.ContentInfo
  45. ContentType = rfc5652.ContentType
  46. Countersignature = rfc5652.Countersignature
  47. MessageDigest = rfc5652.MessageDigest
  48. SignerInfo = rfc5652.SignerInfo
  49. SigningTime = rfc5652.SigningTime
  50. # Imports from RFC 5958
  51. EncryptedPrivateKeyInfo = rfc5958.EncryptedPrivateKeyInfo
  52. # Imports from RFC 7292
  53. PFX = rfc7292.PFX
  54. # TODO:
  55. # Need a place to import PKCS15Token; it does not yet appear in an RFC
  56. # SingleAttribute is the same as Attribute in RFC 5280, except that the
  57. # attrValues SET must have one and only one member
  58. class AttributeType(univ.ObjectIdentifier):
  59. pass
  60. class AttributeValue(univ.Any):
  61. pass
  62. class AttributeValues(univ.SetOf):
  63. pass
  64. AttributeValues.componentType = AttributeValue()
  65. class SingleAttributeValues(univ.SetOf):
  66. pass
  67. SingleAttributeValues.componentType = AttributeValue()
  68. class SingleAttribute(univ.Sequence):
  69. pass
  70. SingleAttribute.componentType = namedtype.NamedTypes(
  71. namedtype.NamedType('type', AttributeType()),
  72. namedtype.NamedType('values',
  73. AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
  74. openType=opentype.OpenType('type', rfc5280.certificateAttributesMap)
  75. )
  76. )
  77. # CMSAttribute is the same as Attribute in RFC 5652, and CMSSingleAttribute
  78. # is the companion where the attrValues SET must have one and only one member
  79. CMSAttribute = rfc5652.Attribute
  80. class CMSSingleAttribute(univ.Sequence):
  81. pass
  82. CMSSingleAttribute.componentType = namedtype.NamedTypes(
  83. namedtype.NamedType('attrType', AttributeType()),
  84. namedtype.NamedType('attrValues',
  85. AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
  86. openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap)
  87. )
  88. )
  89. # DirectoryString is the same as RFC 5280, except the length is limited to 255
  90. class DirectoryString(univ.Choice):
  91. pass
  92. DirectoryString.componentType = namedtype.NamedTypes(
  93. namedtype.NamedType('teletexString', char.TeletexString().subtype(
  94. subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
  95. namedtype.NamedType('printableString', char.PrintableString().subtype(
  96. subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
  97. namedtype.NamedType('universalString', char.UniversalString().subtype(
  98. subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
  99. namedtype.NamedType('utf8String', char.UTF8String().subtype(
  100. subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
  101. namedtype.NamedType('bmpString', char.BMPString().subtype(
  102. subtypeSpec=constraint.ValueSizeConstraint(1, 255)))
  103. )
  104. # PKCS9String is DirectoryString with an additional choice of IA5String,
  105. # and the SIZE is limited to 255
  106. class PKCS9String(univ.Choice):
  107. pass
  108. PKCS9String.componentType = namedtype.NamedTypes(
  109. namedtype.NamedType('ia5String', char.IA5String().subtype(
  110. subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
  111. namedtype.NamedType('directoryString', DirectoryString())
  112. )
  113. # Upper Bounds
  114. pkcs_9_ub_pkcs9String = univ.Integer(255)
  115. pkcs_9_ub_challengePassword = univ.Integer(pkcs_9_ub_pkcs9String)
  116. pkcs_9_ub_emailAddress = univ.Integer(pkcs_9_ub_pkcs9String)
  117. pkcs_9_ub_friendlyName = univ.Integer(pkcs_9_ub_pkcs9String)
  118. pkcs_9_ub_match = univ.Integer(pkcs_9_ub_pkcs9String)
  119. pkcs_9_ub_signingDescription = univ.Integer(pkcs_9_ub_pkcs9String)
  120. pkcs_9_ub_unstructuredAddress = univ.Integer(pkcs_9_ub_pkcs9String)
  121. pkcs_9_ub_unstructuredName = univ.Integer(pkcs_9_ub_pkcs9String)
  122. ub_name = univ.Integer(32768)
  123. pkcs_9_ub_placeOfBirth = univ.Integer(ub_name)
  124. pkcs_9_ub_pseudonym = univ.Integer(ub_name)
  125. # Object Identifier Arcs
  126. ietf_at = _OID(1, 3, 6, 1, 5, 5, 7, 9)
  127. id_at = _OID(2, 5, 4)
  128. pkcs_9 = _OID(1, 2, 840, 113549, 1, 9)
  129. pkcs_9_mo = _OID(pkcs_9, 0)
  130. smime = _OID(pkcs_9, 16)
  131. certTypes = _OID(pkcs_9, 22)
  132. crlTypes = _OID(pkcs_9, 23)
  133. pkcs_9_oc = _OID(pkcs_9, 24)
  134. pkcs_9_at = _OID(pkcs_9, 25)
  135. pkcs_9_sx = _OID(pkcs_9, 26)
  136. pkcs_9_mr = _OID(pkcs_9, 27)
  137. # Object Identifiers for Syntaxes for use with LDAP-accessible directories
  138. pkcs_9_sx_pkcs9String = _OID(pkcs_9_sx, 1)
  139. pkcs_9_sx_signingTime = _OID(pkcs_9_sx, 2)
  140. # Object Identifiers for object classes
  141. pkcs_9_oc_pkcsEntity = _OID(pkcs_9_oc, 1)
  142. pkcs_9_oc_naturalPerson = _OID(pkcs_9_oc, 2)
  143. # Object Identifiers for matching rules
  144. pkcs_9_mr_caseIgnoreMatch = _OID(pkcs_9_mr, 1)
  145. pkcs_9_mr_signingTimeMatch = _OID(pkcs_9_mr, 2)
  146. # PKCS #7 PDU
  147. pkcs_9_at_pkcs7PDU = _OID(pkcs_9_at, 5)
  148. pKCS7PDU = Attribute()
  149. pKCS7PDU['type'] = pkcs_9_at_pkcs7PDU
  150. pKCS7PDU['values'][0] = ContentInfo()
  151. # PKCS #12 token
  152. pkcs_9_at_userPKCS12 = _OID(2, 16, 840, 1, 113730, 3, 1, 216)
  153. userPKCS12 = Attribute()
  154. userPKCS12['type'] = pkcs_9_at_userPKCS12
  155. userPKCS12['values'][0] = PFX()
  156. # PKCS #15 token
  157. pkcs_9_at_pkcs15Token = _OID(pkcs_9_at, 1)
  158. # TODO: Once PKCS15Token can be imported, this can be included
  159. #
  160. # pKCS15Token = Attribute()
  161. # userPKCS12['type'] = pkcs_9_at_pkcs15Token
  162. # userPKCS12['values'][0] = PKCS15Token()
  163. # PKCS #8 encrypted private key information
  164. pkcs_9_at_encryptedPrivateKeyInfo = _OID(pkcs_9_at, 2)
  165. encryptedPrivateKeyInfo = Attribute()
  166. encryptedPrivateKeyInfo['type'] = pkcs_9_at_encryptedPrivateKeyInfo
  167. encryptedPrivateKeyInfo['values'][0] = EncryptedPrivateKeyInfo()
  168. # Electronic-mail address
  169. pkcs_9_at_emailAddress = rfc5280.id_emailAddress
  170. emailAddress = Attribute()
  171. emailAddress['type'] = pkcs_9_at_emailAddress
  172. emailAddress['values'][0] = EmailAddress()
  173. # Unstructured name
  174. pkcs_9_at_unstructuredName = _OID(pkcs_9, 2)
  175. unstructuredName = Attribute()
  176. unstructuredName['type'] = pkcs_9_at_unstructuredName
  177. unstructuredName['values'][0] = PKCS9String()
  178. # Unstructured address
  179. pkcs_9_at_unstructuredAddress = _OID(pkcs_9, 8)
  180. unstructuredAddress = Attribute()
  181. unstructuredAddress['type'] = pkcs_9_at_unstructuredAddress
  182. unstructuredAddress['values'][0] = DirectoryString()
  183. # Date of birth
  184. pkcs_9_at_dateOfBirth = _OID(ietf_at, 1)
  185. dateOfBirth = SingleAttribute()
  186. dateOfBirth['type'] = pkcs_9_at_dateOfBirth
  187. dateOfBirth['values'][0] = useful.GeneralizedTime()
  188. # Place of birth
  189. pkcs_9_at_placeOfBirth = _OID(ietf_at, 2)
  190. placeOfBirth = SingleAttribute()
  191. placeOfBirth['type'] = pkcs_9_at_placeOfBirth
  192. placeOfBirth['values'][0] = DirectoryString()
  193. # Gender
  194. class GenderString(char.PrintableString):
  195. pass
  196. GenderString.subtypeSpec = constraint.ValueSizeConstraint(1, 1)
  197. GenderString.subtypeSpec = constraint.SingleValueConstraint("M", "F", "m", "f")
  198. pkcs_9_at_gender = _OID(ietf_at, 3)
  199. gender = SingleAttribute()
  200. gender['type'] = pkcs_9_at_gender
  201. gender['values'][0] = GenderString()
  202. # Country of citizenship
  203. pkcs_9_at_countryOfCitizenship = _OID(ietf_at, 4)
  204. countryOfCitizenship = Attribute()
  205. countryOfCitizenship['type'] = pkcs_9_at_countryOfCitizenship
  206. countryOfCitizenship['values'][0] = X520countryName()
  207. # Country of residence
  208. pkcs_9_at_countryOfResidence = _OID(ietf_at, 5)
  209. countryOfResidence = Attribute()
  210. countryOfResidence['type'] = pkcs_9_at_countryOfResidence
  211. countryOfResidence['values'][0] = X520countryName()
  212. # Pseudonym
  213. id_at_pseudonym = _OID(2, 5, 4, 65)
  214. pseudonym = Attribute()
  215. pseudonym['type'] = id_at_pseudonym
  216. pseudonym['values'][0] = DirectoryString()
  217. # Serial number
  218. id_at_serialNumber = rfc5280.id_at_serialNumber
  219. serialNumber = Attribute()
  220. serialNumber['type'] = id_at_serialNumber
  221. serialNumber['values'][0] = X520SerialNumber()
  222. # Content type
  223. pkcs_9_at_contentType = rfc5652.id_contentType
  224. contentType = CMSSingleAttribute()
  225. contentType['attrType'] = pkcs_9_at_contentType
  226. contentType['attrValues'][0] = ContentType()
  227. # Message digest
  228. pkcs_9_at_messageDigest = rfc5652.id_messageDigest
  229. messageDigest = CMSSingleAttribute()
  230. messageDigest['attrType'] = pkcs_9_at_messageDigest
  231. messageDigest['attrValues'][0] = MessageDigest()
  232. # Signing time
  233. pkcs_9_at_signingTime = rfc5652.id_signingTime
  234. signingTime = CMSSingleAttribute()
  235. signingTime['attrType'] = pkcs_9_at_signingTime
  236. signingTime['attrValues'][0] = SigningTime()
  237. # Random nonce
  238. class RandomNonce(univ.OctetString):
  239. pass
  240. RandomNonce.subtypeSpec = constraint.ValueSizeConstraint(4, MAX)
  241. pkcs_9_at_randomNonce = _OID(pkcs_9_at, 3)
  242. randomNonce = CMSSingleAttribute()
  243. randomNonce['attrType'] = pkcs_9_at_randomNonce
  244. randomNonce['attrValues'][0] = RandomNonce()
  245. # Sequence number
  246. class SequenceNumber(univ.Integer):
  247. pass
  248. SequenceNumber.subtypeSpec = constraint.ValueRangeConstraint(1, MAX)
  249. pkcs_9_at_sequenceNumber = _OID(pkcs_9_at, 4)
  250. sequenceNumber = CMSSingleAttribute()
  251. sequenceNumber['attrType'] = pkcs_9_at_sequenceNumber
  252. sequenceNumber['attrValues'][0] = SequenceNumber()
  253. # Countersignature
  254. pkcs_9_at_counterSignature = rfc5652.id_countersignature
  255. counterSignature = CMSAttribute()
  256. counterSignature['attrType'] = pkcs_9_at_counterSignature
  257. counterSignature['attrValues'][0] = Countersignature()
  258. # Challenge password
  259. pkcs_9_at_challengePassword = _OID(pkcs_9, 7)
  260. challengePassword = SingleAttribute()
  261. challengePassword['type'] = pkcs_9_at_challengePassword
  262. challengePassword['values'][0] = DirectoryString()
  263. # Extension request
  264. class ExtensionRequest(Extensions):
  265. pass
  266. pkcs_9_at_extensionRequest = _OID(pkcs_9, 14)
  267. extensionRequest = SingleAttribute()
  268. extensionRequest['type'] = pkcs_9_at_extensionRequest
  269. extensionRequest['values'][0] = ExtensionRequest()
  270. # Extended-certificate attributes (deprecated)
  271. class AttributeSet(univ.SetOf):
  272. pass
  273. AttributeSet.componentType = Attribute()
  274. pkcs_9_at_extendedCertificateAttributes = _OID(pkcs_9, 9)
  275. extendedCertificateAttributes = SingleAttribute()
  276. extendedCertificateAttributes['type'] = pkcs_9_at_extendedCertificateAttributes
  277. extendedCertificateAttributes['values'][0] = AttributeSet()
  278. # Friendly name
  279. class FriendlyName(char.BMPString):
  280. pass
  281. FriendlyName.subtypeSpec = constraint.ValueSizeConstraint(1, pkcs_9_ub_friendlyName)
  282. pkcs_9_at_friendlyName = _OID(pkcs_9, 20)
  283. friendlyName = SingleAttribute()
  284. friendlyName['type'] = pkcs_9_at_friendlyName
  285. friendlyName['values'][0] = FriendlyName()
  286. # Local key identifier
  287. pkcs_9_at_localKeyId = _OID(pkcs_9, 21)
  288. localKeyId = SingleAttribute()
  289. localKeyId['type'] = pkcs_9_at_localKeyId
  290. localKeyId['values'][0] = univ.OctetString()
  291. # Signing description
  292. pkcs_9_at_signingDescription = _OID(pkcs_9, 13)
  293. signingDescription = CMSSingleAttribute()
  294. signingDescription['attrType'] = pkcs_9_at_signingDescription
  295. signingDescription['attrValues'][0] = DirectoryString()
  296. # S/MIME capabilities
  297. class SMIMECapability(AlgorithmIdentifier):
  298. pass
  299. class SMIMECapabilities(univ.SequenceOf):
  300. pass
  301. SMIMECapabilities.componentType = SMIMECapability()
  302. pkcs_9_at_smimeCapabilities = _OID(pkcs_9, 15)
  303. smimeCapabilities = CMSSingleAttribute()
  304. smimeCapabilities['attrType'] = pkcs_9_at_smimeCapabilities
  305. smimeCapabilities['attrValues'][0] = SMIMECapabilities()
  306. # Certificate Attribute Map
  307. _certificateAttributesMapUpdate = {
  308. # Attribute types for use with the "pkcsEntity" object class
  309. pkcs_9_at_pkcs7PDU: ContentInfo(),
  310. pkcs_9_at_userPKCS12: PFX(),
  311. # TODO: Once PKCS15Token can be imported, this can be included
  312. # pkcs_9_at_pkcs15Token: PKCS15Token(),
  313. pkcs_9_at_encryptedPrivateKeyInfo: EncryptedPrivateKeyInfo(),
  314. # Attribute types for use with the "naturalPerson" object class
  315. pkcs_9_at_emailAddress: EmailAddress(),
  316. pkcs_9_at_unstructuredName: PKCS9String(),
  317. pkcs_9_at_unstructuredAddress: DirectoryString(),
  318. pkcs_9_at_dateOfBirth: useful.GeneralizedTime(),
  319. pkcs_9_at_placeOfBirth: DirectoryString(),
  320. pkcs_9_at_gender: GenderString(),
  321. pkcs_9_at_countryOfCitizenship: X520countryName(),
  322. pkcs_9_at_countryOfResidence: X520countryName(),
  323. id_at_pseudonym: DirectoryString(),
  324. id_at_serialNumber: X520SerialNumber(),
  325. # Attribute types for use with PKCS #10 certificate requests
  326. pkcs_9_at_challengePassword: DirectoryString(),
  327. pkcs_9_at_extensionRequest: ExtensionRequest(),
  328. pkcs_9_at_extendedCertificateAttributes: AttributeSet(),
  329. }
  330. rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)
  331. # CMS Attribute Map
  332. # Note: pkcs_9_at_smimeCapabilities is not included in the map because
  333. # the definition in RFC 5751 is preferred, which produces the same
  334. # encoding, but it allows different parameters for SMIMECapability
  335. # and AlgorithmIdentifier.
  336. _cmsAttributesMapUpdate = {
  337. # Attribute types for use in PKCS #7 data (a.k.a. CMS)
  338. pkcs_9_at_contentType: ContentType(),
  339. pkcs_9_at_messageDigest: MessageDigest(),
  340. pkcs_9_at_signingTime: SigningTime(),
  341. pkcs_9_at_randomNonce: RandomNonce(),
  342. pkcs_9_at_sequenceNumber: SequenceNumber(),
  343. pkcs_9_at_counterSignature: Countersignature(),
  344. # Attributes for use in PKCS #12 "PFX" PDUs or PKCS #15 tokens
  345. pkcs_9_at_friendlyName: FriendlyName(),
  346. pkcs_9_at_localKeyId: univ.OctetString(),
  347. pkcs_9_at_signingDescription: DirectoryString(),
  348. # pkcs_9_at_smimeCapabilities: SMIMECapabilities(),
  349. }
  350. rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)