Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc3125.py 16KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley with assistance from asn1ate v.0.6.0.
  5. #
  6. # Copyright (c) 2019, Vigil Security, LLC
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # Electronic Signature Policies
  10. #
  11. # ASN.1 source from:
  12. # https://www.rfc-editor.org/rfc/rfc3125.txt
  13. # https://www.rfc-editor.org/errata/eid5901
  14. # https://www.rfc-editor.org/errata/eid5902
  15. #
  16. from pyasn1.type import constraint
  17. from pyasn1.type import namedtype
  18. from pyasn1.type import namedval
  19. from pyasn1.type import tag
  20. from pyasn1.type import useful
  21. from pyasn1.type import univ
  22. from pyasn1_modules import rfc5280
  23. MAX = float('inf')
  24. # Imports from RFC 5280
  25. AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
  26. Attribute = rfc5280.Attribute
  27. AttributeType = rfc5280.AttributeType
  28. AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
  29. AttributeValue = rfc5280.AttributeValue
  30. Certificate = rfc5280.Certificate
  31. CertificateList = rfc5280.CertificateList
  32. DirectoryString = rfc5280.DirectoryString
  33. GeneralName = rfc5280.GeneralName
  34. GeneralNames = rfc5280.GeneralNames
  35. Name = rfc5280.Name
  36. PolicyInformation = rfc5280.PolicyInformation
  37. # Electronic Signature Policies
  38. class CertPolicyId(univ.ObjectIdentifier):
  39. pass
  40. class AcceptablePolicySet(univ.SequenceOf):
  41. componentType = CertPolicyId()
  42. class SignPolExtn(univ.Sequence):
  43. componentType = namedtype.NamedTypes(
  44. namedtype.NamedType('extnID', univ.ObjectIdentifier()),
  45. namedtype.NamedType('extnValue', univ.OctetString())
  46. )
  47. class SignPolExtensions(univ.SequenceOf):
  48. componentType = SignPolExtn()
  49. class AlgAndLength(univ.Sequence):
  50. componentType = namedtype.NamedTypes(
  51. namedtype.NamedType('algID', univ.ObjectIdentifier()),
  52. namedtype.OptionalNamedType('minKeyLength', univ.Integer()),
  53. namedtype.OptionalNamedType('other', SignPolExtensions())
  54. )
  55. class AlgorithmConstraints(univ.SequenceOf):
  56. componentType = AlgAndLength()
  57. class AlgorithmConstraintSet(univ.Sequence):
  58. componentType = namedtype.NamedTypes(
  59. namedtype.OptionalNamedType('signerAlgorithmConstraints',
  60. AlgorithmConstraints().subtype(explicitTag=tag.Tag(
  61. tag.tagClassContext, tag.tagFormatSimple, 0))),
  62. namedtype.OptionalNamedType('eeCertAlgorithmConstraints',
  63. AlgorithmConstraints().subtype(explicitTag=tag.Tag(
  64. tag.tagClassContext, tag.tagFormatSimple, 1))),
  65. namedtype.OptionalNamedType('caCertAlgorithmConstraints',
  66. AlgorithmConstraints().subtype(explicitTag=tag.Tag(
  67. tag.tagClassContext, tag.tagFormatSimple, 2))),
  68. namedtype.OptionalNamedType('aaCertAlgorithmConstraints',
  69. AlgorithmConstraints().subtype(explicitTag=tag.Tag(
  70. tag.tagClassContext, tag.tagFormatSimple, 3))),
  71. namedtype.OptionalNamedType('tsaCertAlgorithmConstraints',
  72. AlgorithmConstraints().subtype(explicitTag=tag.Tag(
  73. tag.tagClassContext, tag.tagFormatSimple, 4)))
  74. )
  75. class AttributeValueConstraints(univ.SequenceOf):
  76. componentType = AttributeTypeAndValue()
  77. class AttributeTypeConstraints(univ.SequenceOf):
  78. componentType = AttributeType()
  79. class AttributeConstraints(univ.Sequence):
  80. componentType = namedtype.NamedTypes(
  81. namedtype.OptionalNamedType('attributeTypeConstarints',
  82. AttributeTypeConstraints().subtype(explicitTag=tag.Tag(
  83. tag.tagClassContext, tag.tagFormatSimple, 0))),
  84. namedtype.OptionalNamedType('attributeValueConstarints',
  85. AttributeValueConstraints().subtype(explicitTag=tag.Tag(
  86. tag.tagClassContext, tag.tagFormatSimple, 1)))
  87. )
  88. class HowCertAttribute(univ.Enumerated):
  89. namedValues = namedval.NamedValues(
  90. ('claimedAttribute', 0),
  91. ('certifiedAttribtes', 1),
  92. ('either', 2)
  93. )
  94. class SkipCerts(univ.Integer):
  95. subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  96. class PolicyConstraints(univ.Sequence):
  97. componentType = namedtype.NamedTypes(
  98. namedtype.OptionalNamedType('requireExplicitPolicy',
  99. SkipCerts().subtype(explicitTag=tag.Tag(
  100. tag.tagClassContext, tag.tagFormatSimple, 0))),
  101. namedtype.OptionalNamedType('inhibitPolicyMapping',
  102. SkipCerts().subtype(explicitTag=tag.Tag(
  103. tag.tagClassContext, tag.tagFormatSimple, 1)))
  104. )
  105. class BaseDistance(univ.Integer):
  106. subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  107. class GeneralSubtree(univ.Sequence):
  108. componentType = namedtype.NamedTypes(
  109. namedtype.NamedType('base', GeneralName()),
  110. namedtype.DefaultedNamedType('minimum',
  111. BaseDistance().subtype(explicitTag=tag.Tag(
  112. tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
  113. value=0)),
  114. namedtype.OptionalNamedType('maximum',
  115. BaseDistance().subtype(explicitTag=tag.Tag(
  116. tag.tagClassContext, tag.tagFormatSimple, 1)))
  117. )
  118. class GeneralSubtrees(univ.SequenceOf):
  119. componentType = GeneralSubtree()
  120. subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
  121. class NameConstraints(univ.Sequence):
  122. componentType = namedtype.NamedTypes(
  123. namedtype.OptionalNamedType('permittedSubtrees',
  124. GeneralSubtrees().subtype(explicitTag=tag.Tag(
  125. tag.tagClassContext, tag.tagFormatSimple, 0))),
  126. namedtype.OptionalNamedType('excludedSubtrees',
  127. GeneralSubtrees().subtype(explicitTag=tag.Tag(
  128. tag.tagClassContext, tag.tagFormatSimple, 1)))
  129. )
  130. class PathLenConstraint(univ.Integer):
  131. subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
  132. class CertificateTrustPoint(univ.Sequence):
  133. componentType = namedtype.NamedTypes(
  134. namedtype.NamedType('trustpoint', Certificate()),
  135. namedtype.OptionalNamedType('pathLenConstraint',
  136. PathLenConstraint().subtype(explicitTag=tag.Tag(
  137. tag.tagClassContext, tag.tagFormatSimple, 0))),
  138. namedtype.OptionalNamedType('acceptablePolicySet',
  139. AcceptablePolicySet().subtype(explicitTag=tag.Tag(
  140. tag.tagClassContext, tag.tagFormatSimple, 1))),
  141. namedtype.OptionalNamedType('nameConstraints',
  142. NameConstraints().subtype(explicitTag=tag.Tag(
  143. tag.tagClassContext, tag.tagFormatConstructed, 2))),
  144. namedtype.OptionalNamedType('policyConstraints',
  145. PolicyConstraints().subtype(explicitTag=tag.Tag(
  146. tag.tagClassContext, tag.tagFormatConstructed, 3)))
  147. )
  148. class CertificateTrustTrees(univ.SequenceOf):
  149. componentType = CertificateTrustPoint()
  150. class EnuRevReq(univ.Enumerated):
  151. namedValues = namedval.NamedValues(
  152. ('clrCheck', 0),
  153. ('ocspCheck', 1),
  154. ('bothCheck', 2),
  155. ('eitherCheck', 3),
  156. ('noCheck', 4),
  157. ('other', 5)
  158. )
  159. class RevReq(univ.Sequence):
  160. componentType = namedtype.NamedTypes(
  161. namedtype.NamedType('enuRevReq', EnuRevReq()),
  162. namedtype.OptionalNamedType('exRevReq', SignPolExtensions())
  163. )
  164. class CertRevReq(univ.Sequence):
  165. componentType = namedtype.NamedTypes(
  166. namedtype.NamedType('endCertRevReq', RevReq()),
  167. namedtype.NamedType('caCerts',
  168. RevReq().subtype(explicitTag=tag.Tag(
  169. tag.tagClassContext, tag.tagFormatConstructed, 0)))
  170. )
  171. class AttributeTrustCondition(univ.Sequence):
  172. componentType = namedtype.NamedTypes(
  173. namedtype.NamedType('attributeMandated', univ.Boolean()),
  174. namedtype.NamedType('howCertAttribute', HowCertAttribute()),
  175. namedtype.OptionalNamedType('attrCertificateTrustTrees',
  176. CertificateTrustTrees().subtype(explicitTag=tag.Tag(
  177. tag.tagClassContext, tag.tagFormatSimple, 0))),
  178. namedtype.OptionalNamedType('attrRevReq',
  179. CertRevReq().subtype(explicitTag=tag.Tag(
  180. tag.tagClassContext, tag.tagFormatConstructed, 1))),
  181. namedtype.OptionalNamedType('attributeConstraints',
  182. AttributeConstraints().subtype(explicitTag=tag.Tag(
  183. tag.tagClassContext, tag.tagFormatConstructed, 2)))
  184. )
  185. class CMSAttrs(univ.SequenceOf):
  186. componentType = univ.ObjectIdentifier()
  187. class CertInfoReq(univ.Enumerated):
  188. namedValues = namedval.NamedValues(
  189. ('none', 0),
  190. ('signerOnly', 1),
  191. ('fullPath', 2)
  192. )
  193. class CertRefReq(univ.Enumerated):
  194. namedValues = namedval.NamedValues(
  195. ('signerOnly', 1),
  196. ('fullPath', 2)
  197. )
  198. class DeltaTime(univ.Sequence):
  199. componentType = namedtype.NamedTypes(
  200. namedtype.NamedType('deltaSeconds', univ.Integer()),
  201. namedtype.NamedType('deltaMinutes', univ.Integer()),
  202. namedtype.NamedType('deltaHours', univ.Integer()),
  203. namedtype.NamedType('deltaDays', univ.Integer())
  204. )
  205. class TimestampTrustCondition(univ.Sequence):
  206. componentType = namedtype.NamedTypes(
  207. namedtype.OptionalNamedType('ttsCertificateTrustTrees',
  208. CertificateTrustTrees().subtype(explicitTag=tag.Tag(
  209. tag.tagClassContext, tag.tagFormatSimple, 0))),
  210. namedtype.OptionalNamedType('ttsRevReq',
  211. CertRevReq().subtype(explicitTag=tag.Tag(
  212. tag.tagClassContext, tag.tagFormatConstructed, 1))),
  213. namedtype.OptionalNamedType('ttsNameConstraints',
  214. NameConstraints().subtype(explicitTag=tag.Tag(
  215. tag.tagClassContext, tag.tagFormatConstructed, 2))),
  216. namedtype.OptionalNamedType('cautionPeriod',
  217. DeltaTime().subtype(explicitTag=tag.Tag(
  218. tag.tagClassContext, tag.tagFormatConstructed, 3))),
  219. namedtype.OptionalNamedType('signatureTimestampDelay',
  220. DeltaTime().subtype(explicitTag=tag.Tag(
  221. tag.tagClassContext, tag.tagFormatConstructed, 4)))
  222. )
  223. class SignerRules(univ.Sequence):
  224. componentType = namedtype.NamedTypes(
  225. namedtype.OptionalNamedType('externalSignedData', univ.Boolean()),
  226. namedtype.NamedType('mandatedSignedAttr', CMSAttrs()),
  227. namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()),
  228. namedtype.DefaultedNamedType('mandatedCertificateRef',
  229. CertRefReq().subtype(explicitTag=tag.Tag(
  230. tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
  231. value='signerOnly')),
  232. namedtype.DefaultedNamedType('mandatedCertificateInfo',
  233. CertInfoReq().subtype(explicitTag=tag.Tag(
  234. tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
  235. value='none')),
  236. namedtype.OptionalNamedType('signPolExtensions',
  237. SignPolExtensions().subtype(explicitTag=tag.Tag(
  238. tag.tagClassContext, tag.tagFormatSimple, 2)))
  239. )
  240. class MandatedUnsignedAttr(CMSAttrs):
  241. pass
  242. class VerifierRules(univ.Sequence):
  243. componentType = namedtype.NamedTypes(
  244. namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()),
  245. namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
  246. )
  247. class SignerAndVerifierRules(univ.Sequence):
  248. componentType = namedtype.NamedTypes(
  249. namedtype.NamedType('signerRules', SignerRules()),
  250. namedtype.NamedType('verifierRules', VerifierRules())
  251. )
  252. class SigningCertTrustCondition(univ.Sequence):
  253. componentType = namedtype.NamedTypes(
  254. namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()),
  255. namedtype.NamedType('signerRevReq', CertRevReq())
  256. )
  257. class CommitmentTypeIdentifier(univ.ObjectIdentifier):
  258. pass
  259. class FieldOfApplication(DirectoryString):
  260. pass
  261. class CommitmentType(univ.Sequence):
  262. componentType = namedtype.NamedTypes(
  263. namedtype.NamedType('identifier', CommitmentTypeIdentifier()),
  264. namedtype.OptionalNamedType('fieldOfApplication',
  265. FieldOfApplication().subtype(explicitTag=tag.Tag(
  266. tag.tagClassContext, tag.tagFormatSimple, 0))),
  267. namedtype.OptionalNamedType('semantics',
  268. DirectoryString().subtype(explicitTag=tag.Tag(
  269. tag.tagClassContext, tag.tagFormatSimple, 1)))
  270. )
  271. class SelectedCommitmentTypes(univ.SequenceOf):
  272. componentType = univ.Choice(componentType=namedtype.NamedTypes(
  273. namedtype.NamedType('empty', univ.Null()),
  274. namedtype.NamedType('recognizedCommitmentType', CommitmentType())
  275. ))
  276. class CommitmentRule(univ.Sequence):
  277. componentType = namedtype.NamedTypes(
  278. namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()),
  279. namedtype.OptionalNamedType('signerAndVeriferRules',
  280. SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
  281. tag.tagClassContext, tag.tagFormatConstructed, 0))),
  282. namedtype.OptionalNamedType('signingCertTrustCondition',
  283. SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
  284. tag.tagClassContext, tag.tagFormatConstructed, 1))),
  285. namedtype.OptionalNamedType('timeStampTrustCondition',
  286. TimestampTrustCondition().subtype(explicitTag=tag.Tag(
  287. tag.tagClassContext, tag.tagFormatConstructed, 2))),
  288. namedtype.OptionalNamedType('attributeTrustCondition',
  289. AttributeTrustCondition().subtype(explicitTag=tag.Tag(
  290. tag.tagClassContext, tag.tagFormatConstructed, 3))),
  291. namedtype.OptionalNamedType('algorithmConstraintSet',
  292. AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
  293. tag.tagClassContext, tag.tagFormatConstructed, 4))),
  294. namedtype.OptionalNamedType('signPolExtensions',
  295. SignPolExtensions().subtype(explicitTag=tag.Tag(
  296. tag.tagClassContext, tag.tagFormatSimple, 5)))
  297. )
  298. class CommitmentRules(univ.SequenceOf):
  299. componentType = CommitmentRule()
  300. class CommonRules(univ.Sequence):
  301. componentType = namedtype.NamedTypes(
  302. namedtype.OptionalNamedType('signerAndVeriferRules',
  303. SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
  304. tag.tagClassContext, tag.tagFormatConstructed, 0))),
  305. namedtype.OptionalNamedType('signingCertTrustCondition',
  306. SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
  307. tag.tagClassContext, tag.tagFormatConstructed, 1))),
  308. namedtype.OptionalNamedType('timeStampTrustCondition',
  309. TimestampTrustCondition().subtype(explicitTag=tag.Tag(
  310. tag.tagClassContext, tag.tagFormatConstructed, 2))),
  311. namedtype.OptionalNamedType('attributeTrustCondition',
  312. AttributeTrustCondition().subtype(explicitTag=tag.Tag(
  313. tag.tagClassContext, tag.tagFormatConstructed, 3))),
  314. namedtype.OptionalNamedType('algorithmConstraintSet',
  315. AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
  316. tag.tagClassContext, tag.tagFormatConstructed, 4))),
  317. namedtype.OptionalNamedType('signPolExtensions',
  318. SignPolExtensions().subtype(explicitTag=tag.Tag(
  319. tag.tagClassContext, tag.tagFormatSimple, 5)))
  320. )
  321. class PolicyIssuerName(GeneralNames):
  322. pass
  323. class SignPolicyHash(univ.OctetString):
  324. pass
  325. class SignPolicyId(univ.ObjectIdentifier):
  326. pass
  327. class SigningPeriod(univ.Sequence):
  328. componentType = namedtype.NamedTypes(
  329. namedtype.NamedType('notBefore', useful.GeneralizedTime()),
  330. namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime())
  331. )
  332. class SignatureValidationPolicy(univ.Sequence):
  333. componentType = namedtype.NamedTypes(
  334. namedtype.NamedType('signingPeriod', SigningPeriod()),
  335. namedtype.NamedType('commonRules', CommonRules()),
  336. namedtype.NamedType('commitmentRules', CommitmentRules()),
  337. namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
  338. )
  339. class SignPolicyInfo(univ.Sequence):
  340. componentType = namedtype.NamedTypes(
  341. namedtype.NamedType('signPolicyIdentifier', SignPolicyId()),
  342. namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()),
  343. namedtype.NamedType('policyIssuerName', PolicyIssuerName()),
  344. namedtype.NamedType('fieldOfApplication', FieldOfApplication()),
  345. namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()),
  346. namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
  347. )
  348. class SignaturePolicy(univ.Sequence):
  349. componentType = namedtype.NamedTypes(
  350. namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()),
  351. namedtype.NamedType('signPolicyInfo', SignPolicyInfo()),
  352. namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash())
  353. )