rfc2315.py 9.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294
  1. #
  2. # This file is part of pyasn1-modules software.
  3. #
  4. # Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
  5. # License: http://snmplabs.com/pyasn1/license.html
  6. #
  7. # PKCS#7 message syntax
  8. #
  9. # ASN.1 source from:
  10. # https://opensource.apple.com/source/Security/Security-55179.1/libsecurity_asn1/asn1/pkcs7.asn.auto.html
  11. #
  12. # Sample captures from:
  13. # openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b
  14. #
  15. from pyasn1_modules.rfc2459 import *
  16. class Attribute(univ.Sequence):
  17. componentType = namedtype.NamedTypes(
  18. namedtype.NamedType('type', AttributeType()),
  19. namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
  20. )
  21. class AttributeValueAssertion(univ.Sequence):
  22. componentType = namedtype.NamedTypes(
  23. namedtype.NamedType('attributeType', AttributeType()),
  24. namedtype.NamedType('attributeValue', AttributeValue(),
  25. openType=opentype.OpenType('type', certificateAttributesMap))
  26. )
  27. pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7')
  28. data = univ.ObjectIdentifier('1.2.840.113549.1.7.1')
  29. signedData = univ.ObjectIdentifier('1.2.840.113549.1.7.2')
  30. envelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.3')
  31. signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4')
  32. digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5')
  33. encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6')
  34. class ContentType(univ.ObjectIdentifier):
  35. pass
  36. class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
  37. pass
  38. class EncryptedContent(univ.OctetString):
  39. pass
  40. contentTypeMap = {}
  41. class EncryptedContentInfo(univ.Sequence):
  42. componentType = namedtype.NamedTypes(
  43. namedtype.NamedType('contentType', ContentType()),
  44. namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
  45. namedtype.OptionalNamedType(
  46. 'encryptedContent', EncryptedContent().subtype(
  47. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
  48. ),
  49. openType=opentype.OpenType('contentType', contentTypeMap)
  50. )
  51. )
  52. class Version(univ.Integer): # overrides x509.Version
  53. pass
  54. class EncryptedData(univ.Sequence):
  55. componentType = namedtype.NamedTypes(
  56. namedtype.NamedType('version', Version()),
  57. namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
  58. )
  59. class DigestAlgorithmIdentifier(AlgorithmIdentifier):
  60. pass
  61. class DigestAlgorithmIdentifiers(univ.SetOf):
  62. componentType = DigestAlgorithmIdentifier()
  63. class Digest(univ.OctetString):
  64. pass
  65. class ContentInfo(univ.Sequence):
  66. componentType = namedtype.NamedTypes(
  67. namedtype.NamedType('contentType', ContentType()),
  68. namedtype.OptionalNamedType(
  69. 'content',
  70. univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)),
  71. openType=opentype.OpenType('contentType', contentTypeMap)
  72. )
  73. )
  74. class DigestedData(univ.Sequence):
  75. componentType = namedtype.NamedTypes(
  76. namedtype.NamedType('version', Version()),
  77. namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
  78. namedtype.NamedType('contentInfo', ContentInfo()),
  79. namedtype.NamedType('digest', Digest())
  80. )
  81. class IssuerAndSerialNumber(univ.Sequence):
  82. componentType = namedtype.NamedTypes(
  83. namedtype.NamedType('issuer', Name()),
  84. namedtype.NamedType('serialNumber', CertificateSerialNumber())
  85. )
  86. class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
  87. pass
  88. class EncryptedKey(univ.OctetString):
  89. pass
  90. class RecipientInfo(univ.Sequence):
  91. componentType = namedtype.NamedTypes(
  92. namedtype.NamedType('version', Version()),
  93. namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
  94. namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
  95. namedtype.NamedType('encryptedKey', EncryptedKey())
  96. )
  97. class RecipientInfos(univ.SetOf):
  98. componentType = RecipientInfo()
  99. class Attributes(univ.SetOf):
  100. componentType = Attribute()
  101. class ExtendedCertificateInfo(univ.Sequence):
  102. componentType = namedtype.NamedTypes(
  103. namedtype.NamedType('version', Version()),
  104. namedtype.NamedType('certificate', Certificate()),
  105. namedtype.NamedType('attributes', Attributes())
  106. )
  107. class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
  108. pass
  109. class Signature(univ.BitString):
  110. pass
  111. class ExtendedCertificate(univ.Sequence):
  112. componentType = namedtype.NamedTypes(
  113. namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
  114. namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
  115. namedtype.NamedType('signature', Signature())
  116. )
  117. class ExtendedCertificateOrCertificate(univ.Choice):
  118. componentType = namedtype.NamedTypes(
  119. namedtype.NamedType('certificate', Certificate()),
  120. namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
  121. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
  122. )
  123. class ExtendedCertificatesAndCertificates(univ.SetOf):
  124. componentType = ExtendedCertificateOrCertificate()
  125. class SerialNumber(univ.Integer):
  126. pass
  127. class CRLEntry(univ.Sequence):
  128. componentType = namedtype.NamedTypes(
  129. namedtype.NamedType('userCertificate', SerialNumber()),
  130. namedtype.NamedType('revocationDate', useful.UTCTime())
  131. )
  132. class TBSCertificateRevocationList(univ.Sequence):
  133. componentType = namedtype.NamedTypes(
  134. namedtype.NamedType('signature', AlgorithmIdentifier()),
  135. namedtype.NamedType('issuer', Name()),
  136. namedtype.NamedType('lastUpdate', useful.UTCTime()),
  137. namedtype.NamedType('nextUpdate', useful.UTCTime()),
  138. namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry()))
  139. )
  140. class CertificateRevocationList(univ.Sequence):
  141. componentType = namedtype.NamedTypes(
  142. namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()),
  143. namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
  144. namedtype.NamedType('signature', univ.BitString())
  145. )
  146. class CertificateRevocationLists(univ.SetOf):
  147. componentType = CertificateRevocationList()
  148. class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
  149. pass
  150. class EncryptedDigest(univ.OctetString):
  151. pass
  152. class SignerInfo(univ.Sequence):
  153. componentType = namedtype.NamedTypes(
  154. namedtype.NamedType('version', Version()),
  155. namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
  156. namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
  157. namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(
  158. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  159. namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()),
  160. namedtype.NamedType('encryptedDigest', EncryptedDigest()),
  161. namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(
  162. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
  163. )
  164. class SignerInfos(univ.SetOf):
  165. componentType = SignerInfo()
  166. class SignedAndEnvelopedData(univ.Sequence):
  167. componentType = namedtype.NamedTypes(
  168. namedtype.NamedType('version', Version()),
  169. namedtype.NamedType('recipientInfos', RecipientInfos()),
  170. namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
  171. namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
  172. namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
  173. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  174. namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
  175. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
  176. namedtype.NamedType('signerInfos', SignerInfos())
  177. )
  178. class EnvelopedData(univ.Sequence):
  179. componentType = namedtype.NamedTypes(
  180. namedtype.NamedType('version', Version()),
  181. namedtype.NamedType('recipientInfos', RecipientInfos()),
  182. namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
  183. )
  184. class DigestInfo(univ.Sequence):
  185. componentType = namedtype.NamedTypes(
  186. namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
  187. namedtype.NamedType('digest', Digest())
  188. )
  189. class SignedData(univ.Sequence):
  190. componentType = namedtype.NamedTypes(
  191. namedtype.NamedType('version', Version()),
  192. namedtype.OptionalNamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
  193. namedtype.NamedType('contentInfo', ContentInfo()),
  194. namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
  195. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  196. namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
  197. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
  198. namedtype.OptionalNamedType('signerInfos', SignerInfos())
  199. )
  200. class Data(univ.OctetString):
  201. pass
  202. _contentTypeMapUpdate = {
  203. data: Data(),
  204. signedData: SignedData(),
  205. envelopedData: EnvelopedData(),
  206. signedAndEnvelopedData: SignedAndEnvelopedData(),
  207. digestedData: DigestedData(),
  208. encryptedData: EncryptedData()
  209. }
  210. contentTypeMap.update(_contentTypeMapUpdate)