Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

rfc6960.py 7.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Created by Russ Housley.
  5. #
  6. # Copyright (c) 2019, Vigil Security, LLC
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # Online Certificate Status Protocol (OCSP)
  10. #
  11. # ASN.1 source from:
  12. # https://www.rfc-editor.org/rfc/rfc6960.txt
  13. #
  14. from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
  15. from pyasn1_modules import rfc2560
  16. from pyasn1_modules import rfc5280
  17. MAX = float('inf')
  18. # Imports from RFC 5280
  19. AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
  20. AuthorityInfoAccessSyntax = rfc5280.AuthorityInfoAccessSyntax
  21. Certificate = rfc5280.Certificate
  22. CertificateSerialNumber = rfc5280.CertificateSerialNumber
  23. CRLReason = rfc5280.CRLReason
  24. Extensions = rfc5280.Extensions
  25. GeneralName = rfc5280.GeneralName
  26. Name = rfc5280.Name
  27. id_kp = rfc5280.id_kp
  28. id_ad_ocsp = rfc5280.id_ad_ocsp
  29. # Imports from the original OCSP module in RFC 2560
  30. AcceptableResponses = rfc2560.AcceptableResponses
  31. ArchiveCutoff = rfc2560.ArchiveCutoff
  32. CertStatus = rfc2560.CertStatus
  33. KeyHash = rfc2560.KeyHash
  34. OCSPResponse = rfc2560.OCSPResponse
  35. OCSPResponseStatus = rfc2560.OCSPResponseStatus
  36. ResponseBytes = rfc2560.ResponseBytes
  37. RevokedInfo = rfc2560.RevokedInfo
  38. UnknownInfo = rfc2560.UnknownInfo
  39. Version = rfc2560.Version
  40. id_kp_OCSPSigning = rfc2560.id_kp_OCSPSigning
  41. id_pkix_ocsp = rfc2560.id_pkix_ocsp
  42. id_pkix_ocsp_archive_cutoff = rfc2560.id_pkix_ocsp_archive_cutoff
  43. id_pkix_ocsp_basic = rfc2560.id_pkix_ocsp_basic
  44. id_pkix_ocsp_crl = rfc2560.id_pkix_ocsp_crl
  45. id_pkix_ocsp_nocheck = rfc2560.id_pkix_ocsp_nocheck
  46. id_pkix_ocsp_nonce = rfc2560.id_pkix_ocsp_nonce
  47. id_pkix_ocsp_response = rfc2560.id_pkix_ocsp_response
  48. id_pkix_ocsp_service_locator = rfc2560.id_pkix_ocsp_service_locator
  49. # Additional object identifiers
  50. id_pkix_ocsp_pref_sig_algs = id_pkix_ocsp + (8, )
  51. id_pkix_ocsp_extended_revoke = id_pkix_ocsp + (9, )
  52. # Updated structures (mostly to improve openTypes support)
  53. class CertID(univ.Sequence):
  54. componentType = namedtype.NamedTypes(
  55. namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
  56. namedtype.NamedType('issuerNameHash', univ.OctetString()),
  57. namedtype.NamedType('issuerKeyHash', univ.OctetString()),
  58. namedtype.NamedType('serialNumber', CertificateSerialNumber())
  59. )
  60. class SingleResponse(univ.Sequence):
  61. componentType = namedtype.NamedTypes(
  62. namedtype.NamedType('certID', CertID()),
  63. namedtype.NamedType('certStatus', CertStatus()),
  64. namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
  65. namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(
  66. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  67. namedtype.OptionalNamedType('singleExtensions', Extensions().subtype(
  68. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
  69. )
  70. class ResponderID(univ.Choice):
  71. componentType = namedtype.NamedTypes(
  72. namedtype.NamedType('byName', Name().subtype(
  73. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  74. namedtype.NamedType('byKey', KeyHash().subtype(
  75. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
  76. )
  77. class ResponseData(univ.Sequence):
  78. componentType = namedtype.NamedTypes(
  79. namedtype.DefaultedNamedType('version', Version('v1').subtype(
  80. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  81. namedtype.NamedType('responderID', ResponderID()),
  82. namedtype.NamedType('producedAt', useful.GeneralizedTime()),
  83. namedtype.NamedType('responses', univ.SequenceOf(
  84. componentType=SingleResponse())),
  85. namedtype.OptionalNamedType('responseExtensions', Extensions().subtype(
  86. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
  87. )
  88. class BasicOCSPResponse(univ.Sequence):
  89. componentType = namedtype.NamedTypes(
  90. namedtype.NamedType('tbsResponseData', ResponseData()),
  91. namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
  92. namedtype.NamedType('signature', univ.BitString()),
  93. namedtype.OptionalNamedType('certs', univ.SequenceOf(
  94. componentType=Certificate()).subtype(explicitTag=tag.Tag(
  95. tag.tagClassContext, tag.tagFormatSimple, 0)))
  96. )
  97. class Request(univ.Sequence):
  98. componentType = namedtype.NamedTypes(
  99. namedtype.NamedType('reqCert', CertID()),
  100. namedtype.OptionalNamedType('singleRequestExtensions', Extensions().subtype(
  101. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
  102. )
  103. class Signature(univ.Sequence):
  104. componentType = namedtype.NamedTypes(
  105. namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
  106. namedtype.NamedType('signature', univ.BitString()),
  107. namedtype.OptionalNamedType('certs', univ.SequenceOf(
  108. componentType=Certificate()).subtype(explicitTag=tag.Tag(
  109. tag.tagClassContext, tag.tagFormatSimple, 0)))
  110. )
  111. class TBSRequest(univ.Sequence):
  112. componentType = namedtype.NamedTypes(
  113. namedtype.DefaultedNamedType('version', Version('v1').subtype(
  114. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  115. namedtype.OptionalNamedType('requestorName', GeneralName().subtype(
  116. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  117. namedtype.NamedType('requestList', univ.SequenceOf(
  118. componentType=Request())),
  119. namedtype.OptionalNamedType('requestExtensions', Extensions().subtype(
  120. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
  121. )
  122. class OCSPRequest(univ.Sequence):
  123. componentType = namedtype.NamedTypes(
  124. namedtype.NamedType('tbsRequest', TBSRequest()),
  125. namedtype.OptionalNamedType('optionalSignature', Signature().subtype(
  126. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
  127. )
  128. # Previously omitted structure
  129. class ServiceLocator(univ.Sequence):
  130. componentType = namedtype.NamedTypes(
  131. namedtype.NamedType('issuer', Name()),
  132. namedtype.NamedType('locator', AuthorityInfoAccessSyntax())
  133. )
  134. # Additional structures
  135. class CrlID(univ.Sequence):
  136. componentType = namedtype.NamedTypes(
  137. namedtype.OptionalNamedType('crlUrl', char.IA5String().subtype(
  138. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  139. namedtype.OptionalNamedType('crlNum', univ.Integer().subtype(
  140. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  141. namedtype.OptionalNamedType('crlTime', useful.GeneralizedTime().subtype(
  142. explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
  143. )
  144. class PreferredSignatureAlgorithm(univ.Sequence):
  145. componentType = namedtype.NamedTypes(
  146. namedtype.NamedType('sigIdentifier', AlgorithmIdentifier()),
  147. namedtype.OptionalNamedType('certIdentifier', AlgorithmIdentifier())
  148. )
  149. class PreferredSignatureAlgorithms(univ.SequenceOf):
  150. componentType = PreferredSignatureAlgorithm()
  151. # Response Type OID to Response Map
  152. ocspResponseMap = {
  153. id_pkix_ocsp_basic: BasicOCSPResponse(),
  154. }
  155. # Map of Extension OIDs to Extensions added to the ones
  156. # that are in rfc5280.py
  157. _certificateExtensionsMapUpdate = {
  158. # Certificate Extension
  159. id_pkix_ocsp_nocheck: univ.Null(""),
  160. # OCSP Request Extensions
  161. id_pkix_ocsp_nonce: univ.OctetString(),
  162. id_pkix_ocsp_response: AcceptableResponses(),
  163. id_pkix_ocsp_service_locator: ServiceLocator(),
  164. id_pkix_ocsp_pref_sig_algs: PreferredSignatureAlgorithms(),
  165. # OCSP Response Extensions
  166. id_pkix_ocsp_crl: CrlID(),
  167. id_pkix_ocsp_archive_cutoff: ArchiveCutoff(),
  168. id_pkix_ocsp_extended_revoke: univ.Null(""),
  169. }
  170. rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)