123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469 |
- #
- # This file is part of pyasn1-modules software.
- #
- # Created by Russ Housley with assistance from asn1ate v.0.6.0.
- #
- # Copyright (c) 2019, Vigil Security, LLC
- # License: http://snmplabs.com/pyasn1/license.html
- #
- # Electronic Signature Policies
- #
- # ASN.1 source from:
- # https://www.rfc-editor.org/rfc/rfc3125.txt
- # https://www.rfc-editor.org/errata/eid5901
- # https://www.rfc-editor.org/errata/eid5902
- #
-
- from pyasn1.type import constraint
- from pyasn1.type import namedtype
- from pyasn1.type import namedval
- from pyasn1.type import tag
- from pyasn1.type import useful
- from pyasn1.type import univ
-
- from pyasn1_modules import rfc5280
-
- MAX = float('inf')
-
-
- # Imports from RFC 5280
-
- AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
-
- Attribute = rfc5280.Attribute
-
- AttributeType = rfc5280.AttributeType
-
- AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
-
- AttributeValue = rfc5280.AttributeValue
-
- Certificate = rfc5280.Certificate
-
- CertificateList = rfc5280.CertificateList
-
- DirectoryString = rfc5280.DirectoryString
-
- GeneralName = rfc5280.GeneralName
-
- GeneralNames = rfc5280.GeneralNames
-
- Name = rfc5280.Name
-
- PolicyInformation = rfc5280.PolicyInformation
-
-
- # Electronic Signature Policies
-
- class CertPolicyId(univ.ObjectIdentifier):
- pass
-
-
- class AcceptablePolicySet(univ.SequenceOf):
- componentType = CertPolicyId()
-
-
- class SignPolExtn(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('extnID', univ.ObjectIdentifier()),
- namedtype.NamedType('extnValue', univ.OctetString())
- )
-
-
- class SignPolExtensions(univ.SequenceOf):
- componentType = SignPolExtn()
-
-
- class AlgAndLength(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('algID', univ.ObjectIdentifier()),
- namedtype.OptionalNamedType('minKeyLength', univ.Integer()),
- namedtype.OptionalNamedType('other', SignPolExtensions())
- )
-
-
- class AlgorithmConstraints(univ.SequenceOf):
- componentType = AlgAndLength()
-
-
- class AlgorithmConstraintSet(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('signerAlgorithmConstraints',
- AlgorithmConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('eeCertAlgorithmConstraints',
- AlgorithmConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1))),
- namedtype.OptionalNamedType('caCertAlgorithmConstraints',
- AlgorithmConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 2))),
- namedtype.OptionalNamedType('aaCertAlgorithmConstraints',
- AlgorithmConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 3))),
- namedtype.OptionalNamedType('tsaCertAlgorithmConstraints',
- AlgorithmConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 4)))
- )
-
-
- class AttributeValueConstraints(univ.SequenceOf):
- componentType = AttributeTypeAndValue()
-
-
- class AttributeTypeConstraints(univ.SequenceOf):
- componentType = AttributeType()
-
-
- class AttributeConstraints(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('attributeTypeConstarints',
- AttributeTypeConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('attributeValueConstarints',
- AttributeValueConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- class HowCertAttribute(univ.Enumerated):
- namedValues = namedval.NamedValues(
- ('claimedAttribute', 0),
- ('certifiedAttribtes', 1),
- ('either', 2)
- )
-
-
- class SkipCerts(univ.Integer):
- subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
-
-
- class PolicyConstraints(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('requireExplicitPolicy',
- SkipCerts().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('inhibitPolicyMapping',
- SkipCerts().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- class BaseDistance(univ.Integer):
- subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
-
-
- class GeneralSubtree(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('base', GeneralName()),
- namedtype.DefaultedNamedType('minimum',
- BaseDistance().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
- value=0)),
- namedtype.OptionalNamedType('maximum',
- BaseDistance().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- class GeneralSubtrees(univ.SequenceOf):
- componentType = GeneralSubtree()
- subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
-
-
- class NameConstraints(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('permittedSubtrees',
- GeneralSubtrees().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('excludedSubtrees',
- GeneralSubtrees().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- class PathLenConstraint(univ.Integer):
- subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
-
-
- class CertificateTrustPoint(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('trustpoint', Certificate()),
- namedtype.OptionalNamedType('pathLenConstraint',
- PathLenConstraint().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('acceptablePolicySet',
- AcceptablePolicySet().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1))),
- namedtype.OptionalNamedType('nameConstraints',
- NameConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 2))),
- namedtype.OptionalNamedType('policyConstraints',
- PolicyConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 3)))
- )
-
-
- class CertificateTrustTrees(univ.SequenceOf):
- componentType = CertificateTrustPoint()
-
-
- class EnuRevReq(univ.Enumerated):
- namedValues = namedval.NamedValues(
- ('clrCheck', 0),
- ('ocspCheck', 1),
- ('bothCheck', 2),
- ('eitherCheck', 3),
- ('noCheck', 4),
- ('other', 5)
- )
-
-
- class RevReq(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('enuRevReq', EnuRevReq()),
- namedtype.OptionalNamedType('exRevReq', SignPolExtensions())
- )
-
-
- class CertRevReq(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('endCertRevReq', RevReq()),
- namedtype.NamedType('caCerts',
- RevReq().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 0)))
- )
-
-
- class AttributeTrustCondition(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('attributeMandated', univ.Boolean()),
- namedtype.NamedType('howCertAttribute', HowCertAttribute()),
- namedtype.OptionalNamedType('attrCertificateTrustTrees',
- CertificateTrustTrees().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('attrRevReq',
- CertRevReq().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 1))),
- namedtype.OptionalNamedType('attributeConstraints',
- AttributeConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 2)))
- )
-
-
- class CMSAttrs(univ.SequenceOf):
- componentType = univ.ObjectIdentifier()
-
-
- class CertInfoReq(univ.Enumerated):
- namedValues = namedval.NamedValues(
- ('none', 0),
- ('signerOnly', 1),
- ('fullPath', 2)
- )
-
-
- class CertRefReq(univ.Enumerated):
- namedValues = namedval.NamedValues(
- ('signerOnly', 1),
- ('fullPath', 2)
- )
-
-
- class DeltaTime(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('deltaSeconds', univ.Integer()),
- namedtype.NamedType('deltaMinutes', univ.Integer()),
- namedtype.NamedType('deltaHours', univ.Integer()),
- namedtype.NamedType('deltaDays', univ.Integer())
- )
-
-
- class TimestampTrustCondition(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('ttsCertificateTrustTrees',
- CertificateTrustTrees().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('ttsRevReq',
- CertRevReq().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 1))),
- namedtype.OptionalNamedType('ttsNameConstraints',
- NameConstraints().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 2))),
- namedtype.OptionalNamedType('cautionPeriod',
- DeltaTime().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 3))),
- namedtype.OptionalNamedType('signatureTimestampDelay',
- DeltaTime().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 4)))
- )
-
-
- class SignerRules(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('externalSignedData', univ.Boolean()),
- namedtype.NamedType('mandatedSignedAttr', CMSAttrs()),
- namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()),
- namedtype.DefaultedNamedType('mandatedCertificateRef',
- CertRefReq().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
- value='signerOnly')),
- namedtype.DefaultedNamedType('mandatedCertificateInfo',
- CertInfoReq().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
- value='none')),
- namedtype.OptionalNamedType('signPolExtensions',
- SignPolExtensions().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 2)))
- )
-
-
- class MandatedUnsignedAttr(CMSAttrs):
- pass
-
-
- class VerifierRules(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()),
- namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
- )
-
-
- class SignerAndVerifierRules(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('signerRules', SignerRules()),
- namedtype.NamedType('verifierRules', VerifierRules())
- )
-
-
- class SigningCertTrustCondition(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()),
- namedtype.NamedType('signerRevReq', CertRevReq())
- )
-
-
- class CommitmentTypeIdentifier(univ.ObjectIdentifier):
- pass
-
-
- class FieldOfApplication(DirectoryString):
- pass
-
-
- class CommitmentType(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('identifier', CommitmentTypeIdentifier()),
- namedtype.OptionalNamedType('fieldOfApplication',
- FieldOfApplication().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 0))),
- namedtype.OptionalNamedType('semantics',
- DirectoryString().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 1)))
- )
-
-
- class SelectedCommitmentTypes(univ.SequenceOf):
- componentType = univ.Choice(componentType=namedtype.NamedTypes(
- namedtype.NamedType('empty', univ.Null()),
- namedtype.NamedType('recognizedCommitmentType', CommitmentType())
- ))
-
-
- class CommitmentRule(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()),
- namedtype.OptionalNamedType('signerAndVeriferRules',
- SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 0))),
- namedtype.OptionalNamedType('signingCertTrustCondition',
- SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 1))),
- namedtype.OptionalNamedType('timeStampTrustCondition',
- TimestampTrustCondition().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 2))),
- namedtype.OptionalNamedType('attributeTrustCondition',
- AttributeTrustCondition().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 3))),
- namedtype.OptionalNamedType('algorithmConstraintSet',
- AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 4))),
- namedtype.OptionalNamedType('signPolExtensions',
- SignPolExtensions().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 5)))
- )
-
-
- class CommitmentRules(univ.SequenceOf):
- componentType = CommitmentRule()
-
-
- class CommonRules(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType('signerAndVeriferRules',
- SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 0))),
- namedtype.OptionalNamedType('signingCertTrustCondition',
- SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 1))),
- namedtype.OptionalNamedType('timeStampTrustCondition',
- TimestampTrustCondition().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 2))),
- namedtype.OptionalNamedType('attributeTrustCondition',
- AttributeTrustCondition().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 3))),
- namedtype.OptionalNamedType('algorithmConstraintSet',
- AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatConstructed, 4))),
- namedtype.OptionalNamedType('signPolExtensions',
- SignPolExtensions().subtype(explicitTag=tag.Tag(
- tag.tagClassContext, tag.tagFormatSimple, 5)))
- )
-
-
- class PolicyIssuerName(GeneralNames):
- pass
-
-
- class SignPolicyHash(univ.OctetString):
- pass
-
-
- class SignPolicyId(univ.ObjectIdentifier):
- pass
-
-
- class SigningPeriod(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('notBefore', useful.GeneralizedTime()),
- namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime())
- )
-
-
- class SignatureValidationPolicy(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('signingPeriod', SigningPeriod()),
- namedtype.NamedType('commonRules', CommonRules()),
- namedtype.NamedType('commitmentRules', CommitmentRules()),
- namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
- )
-
-
- class SignPolicyInfo(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('signPolicyIdentifier', SignPolicyId()),
- namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()),
- namedtype.NamedType('policyIssuerName', PolicyIssuerName()),
- namedtype.NamedType('fieldOfApplication', FieldOfApplication()),
- namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()),
- namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
- )
-
-
- class SignaturePolicy(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()),
- namedtype.NamedType('signPolicyInfo', SignPolicyInfo()),
- namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash())
- )
-
|