rfc3281.py 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331
  1. # coding: utf-8
  2. #
  3. # This file is part of pyasn1-modules software.
  4. #
  5. # Created by Stanisław Pitucha with asn1ate tool.
  6. # Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
  7. # License: http://snmplabs.com/pyasn1/license.html
  8. #
  9. # An Internet Attribute Certificate Profile for Authorization
  10. #
  11. # ASN.1 source from:
  12. # http://www.ietf.org/rfc/rfc3281.txt
  13. #
  14. from pyasn1.type import char
  15. from pyasn1.type import constraint
  16. from pyasn1.type import namedtype
  17. from pyasn1.type import namedval
  18. from pyasn1.type import tag
  19. from pyasn1.type import univ
  20. from pyasn1.type import useful
  21. from pyasn1_modules import rfc3280
  22. MAX = float('inf')
  23. def _buildOid(*components):
  24. output = []
  25. for x in tuple(components):
  26. if isinstance(x, univ.ObjectIdentifier):
  27. output.extend(list(x))
  28. else:
  29. output.append(int(x))
  30. return univ.ObjectIdentifier(output)
  31. class ObjectDigestInfo(univ.Sequence):
  32. pass
  33. ObjectDigestInfo.componentType = namedtype.NamedTypes(
  34. namedtype.NamedType('digestedObjectType', univ.Enumerated(
  35. namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))),
  36. namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()),
  37. namedtype.NamedType('digestAlgorithm', rfc3280.AlgorithmIdentifier()),
  38. namedtype.NamedType('objectDigest', univ.BitString())
  39. )
  40. class IssuerSerial(univ.Sequence):
  41. pass
  42. IssuerSerial.componentType = namedtype.NamedTypes(
  43. namedtype.NamedType('issuer', rfc3280.GeneralNames()),
  44. namedtype.NamedType('serial', rfc3280.CertificateSerialNumber()),
  45. namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier())
  46. )
  47. class TargetCert(univ.Sequence):
  48. pass
  49. TargetCert.componentType = namedtype.NamedTypes(
  50. namedtype.NamedType('targetCertificate', IssuerSerial()),
  51. namedtype.OptionalNamedType('targetName', rfc3280.GeneralName()),
  52. namedtype.OptionalNamedType('certDigestInfo', ObjectDigestInfo())
  53. )
  54. class Target(univ.Choice):
  55. pass
  56. Target.componentType = namedtype.NamedTypes(
  57. namedtype.NamedType('targetName', rfc3280.GeneralName().subtype(
  58. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  59. namedtype.NamedType('targetGroup', rfc3280.GeneralName().subtype(
  60. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  61. namedtype.NamedType('targetCert',
  62. TargetCert().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
  63. )
  64. class Targets(univ.SequenceOf):
  65. pass
  66. Targets.componentType = Target()
  67. class ProxyInfo(univ.SequenceOf):
  68. pass
  69. ProxyInfo.componentType = Targets()
  70. id_at_role = _buildOid(rfc3280.id_at, 72)
  71. id_pe_aaControls = _buildOid(rfc3280.id_pe, 6)
  72. id_ce_targetInformation = _buildOid(rfc3280.id_ce, 55)
  73. id_pe_ac_auditIdentity = _buildOid(rfc3280.id_pe, 4)
  74. class ClassList(univ.BitString):
  75. pass
  76. ClassList.namedValues = namedval.NamedValues(
  77. ('unmarked', 0),
  78. ('unclassified', 1),
  79. ('restricted', 2),
  80. ('confidential', 3),
  81. ('secret', 4),
  82. ('topSecret', 5)
  83. )
  84. class SecurityCategory(univ.Sequence):
  85. pass
  86. SecurityCategory.componentType = namedtype.NamedTypes(
  87. namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
  88. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  89. namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
  90. )
  91. class Clearance(univ.Sequence):
  92. pass
  93. Clearance.componentType = namedtype.NamedTypes(
  94. namedtype.NamedType('policyId', univ.ObjectIdentifier().subtype(
  95. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  96. namedtype.DefaultedNamedType('classList',
  97. ClassList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
  98. tag.tagFormatSimple, 1)).subtype(
  99. value="unclassified")),
  100. namedtype.OptionalNamedType('securityCategories', univ.SetOf(componentType=SecurityCategory()).subtype(
  101. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
  102. )
  103. class AttCertVersion(univ.Integer):
  104. pass
  105. AttCertVersion.namedValues = namedval.NamedValues(
  106. ('v2', 1)
  107. )
  108. id_aca = _buildOid(rfc3280.id_pkix, 10)
  109. id_at_clearance = _buildOid(2, 5, 1, 5, 55)
  110. class AttrSpec(univ.SequenceOf):
  111. pass
  112. AttrSpec.componentType = univ.ObjectIdentifier()
  113. class AAControls(univ.Sequence):
  114. pass
  115. AAControls.componentType = namedtype.NamedTypes(
  116. namedtype.OptionalNamedType('pathLenConstraint',
  117. univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
  118. namedtype.OptionalNamedType('permittedAttrs',
  119. AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  120. namedtype.OptionalNamedType('excludedAttrs',
  121. AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  122. namedtype.DefaultedNamedType('permitUnSpecified', univ.Boolean().subtype(value=1))
  123. )
  124. class AttCertValidityPeriod(univ.Sequence):
  125. pass
  126. AttCertValidityPeriod.componentType = namedtype.NamedTypes(
  127. namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()),
  128. namedtype.NamedType('notAfterTime', useful.GeneralizedTime())
  129. )
  130. id_aca_authenticationInfo = _buildOid(id_aca, 1)
  131. class V2Form(univ.Sequence):
  132. pass
  133. V2Form.componentType = namedtype.NamedTypes(
  134. namedtype.OptionalNamedType('issuerName', rfc3280.GeneralNames()),
  135. namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
  136. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  137. namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
  138. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
  139. )
  140. class AttCertIssuer(univ.Choice):
  141. pass
  142. AttCertIssuer.componentType = namedtype.NamedTypes(
  143. namedtype.NamedType('v1Form', rfc3280.GeneralNames()),
  144. namedtype.NamedType('v2Form',
  145. V2Form().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
  146. )
  147. class Holder(univ.Sequence):
  148. pass
  149. Holder.componentType = namedtype.NamedTypes(
  150. namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
  151. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
  152. namedtype.OptionalNamedType('entityName', rfc3280.GeneralNames().subtype(
  153. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
  154. namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
  155. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
  156. )
  157. class AttributeCertificateInfo(univ.Sequence):
  158. pass
  159. AttributeCertificateInfo.componentType = namedtype.NamedTypes(
  160. namedtype.NamedType('version', AttCertVersion()),
  161. namedtype.NamedType('holder', Holder()),
  162. namedtype.NamedType('issuer', AttCertIssuer()),
  163. namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()),
  164. namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()),
  165. namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()),
  166. namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())),
  167. namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()),
  168. namedtype.OptionalNamedType('extensions', rfc3280.Extensions())
  169. )
  170. class AttributeCertificate(univ.Sequence):
  171. pass
  172. AttributeCertificate.componentType = namedtype.NamedTypes(
  173. namedtype.NamedType('acinfo', AttributeCertificateInfo()),
  174. namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()),
  175. namedtype.NamedType('signatureValue', univ.BitString())
  176. )
  177. id_mod = _buildOid(rfc3280.id_pkix, 0)
  178. id_mod_attribute_cert = _buildOid(id_mod, 12)
  179. id_aca_accessIdentity = _buildOid(id_aca, 2)
  180. class RoleSyntax(univ.Sequence):
  181. pass
  182. RoleSyntax.componentType = namedtype.NamedTypes(
  183. namedtype.OptionalNamedType('roleAuthority', rfc3280.GeneralNames().subtype(
  184. implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
  185. namedtype.NamedType('roleName',
  186. rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
  187. )
  188. id_aca_chargingIdentity = _buildOid(id_aca, 3)
  189. class ACClearAttrs(univ.Sequence):
  190. pass
  191. ACClearAttrs.componentType = namedtype.NamedTypes(
  192. namedtype.NamedType('acIssuer', rfc3280.GeneralName()),
  193. namedtype.NamedType('acSerial', univ.Integer()),
  194. namedtype.NamedType('attrs', univ.SequenceOf(componentType=rfc3280.Attribute()))
  195. )
  196. id_aca_group = _buildOid(id_aca, 4)
  197. id_pe_ac_proxying = _buildOid(rfc3280.id_pe, 10)
  198. class SvceAuthInfo(univ.Sequence):
  199. pass
  200. SvceAuthInfo.componentType = namedtype.NamedTypes(
  201. namedtype.NamedType('service', rfc3280.GeneralName()),
  202. namedtype.NamedType('ident', rfc3280.GeneralName()),
  203. namedtype.OptionalNamedType('authInfo', univ.OctetString())
  204. )
  205. class IetfAttrSyntax(univ.Sequence):
  206. pass
  207. IetfAttrSyntax.componentType = namedtype.NamedTypes(
  208. namedtype.OptionalNamedType(
  209. 'policyAuthority', rfc3280.GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
  210. ),
  211. namedtype.NamedType(
  212. 'values', univ.SequenceOf(
  213. componentType=univ.Choice(
  214. componentType=namedtype.NamedTypes(
  215. namedtype.NamedType('octets', univ.OctetString()),
  216. namedtype.NamedType('oid', univ.ObjectIdentifier()),
  217. namedtype.NamedType('string', char.UTF8String())
  218. )
  219. )
  220. )
  221. )
  222. )
  223. id_aca_encAttrs = _buildOid(id_aca, 6)