1# 2# This file is part of pyasn1-modules software. 3# 4# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 5# License: http://pyasn1.sf.net/license.html 6# 7# X.509 certificate Request Message Format (CRMF) syntax 8# 9# ASN.1 source from: 10# http://tools.ietf.org/html/rfc2511 11# 12# Sample captures could be obtained with OpenSSL 13# 14from pyasn1_modules import rfc2315 15from pyasn1_modules.rfc2459 import * 16 17MAX = float('inf') 18 19id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7') 20id_pkip = univ.ObjectIdentifier('1.3.6.1.5.5.7.5') 21id_regCtrl = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1') 22id_regCtrl_regToken = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.1') 23id_regCtrl_authenticator = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.2') 24id_regCtrl_pkiPublicationInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.3') 25id_regCtrl_pkiArchiveOptions = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.4') 26id_regCtrl_oldCertID = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.5') 27id_regCtrl_protocolEncrKey = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.6') 28id_regInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2') 29id_regInfo_utf8Pairs = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.1') 30id_regInfo_certReq = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.2') 31 32 33# This should be in PKIX Certificate Extensions module 34 35class GeneralName(univ.OctetString): 36 pass 37 38 39# end of PKIX Certificate Extensions module 40 41class UTF8Pairs(char.UTF8String): 42 pass 43 44 45class ProtocolEncrKey(SubjectPublicKeyInfo): 46 pass 47 48 49class CertId(univ.Sequence): 50 componentType = namedtype.NamedTypes( 51 namedtype.NamedType('issuer', GeneralName()), 52 namedtype.NamedType('serialNumber', univ.Integer()) 53 ) 54 55 56class OldCertId(CertId): 57 pass 58 59 60class KeyGenParameters(univ.OctetString): 61 pass 62 63 64class EncryptedValue(univ.Sequence): 65 componentType = namedtype.NamedTypes( 66 namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype( 67 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 68 namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype( 69 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 70 namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype( 71 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), 72 namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype( 73 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), 74 namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype( 75 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), 76 namedtype.NamedType('encValue', univ.BitString()) 77 ) 78 79 80class EncryptedKey(univ.Choice): 81 componentType = namedtype.NamedTypes( 82 namedtype.NamedType('encryptedValue', EncryptedValue()), 83 namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype( 84 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) 85 ) 86 87 88class PKIArchiveOptions(univ.Choice): 89 componentType = namedtype.NamedTypes( 90 namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype( 91 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 92 namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype( 93 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 94 namedtype.NamedType('archiveRemGenPrivKey', 95 univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 96 ) 97 98 99class SinglePubInfo(univ.Sequence): 100 componentType = namedtype.NamedTypes( 101 namedtype.NamedType('pubMethod', univ.Integer( 102 namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))), 103 namedtype.OptionalNamedType('pubLocation', GeneralName()) 104 ) 105 106 107class PKIPublicationInfo(univ.Sequence): 108 componentType = namedtype.NamedTypes( 109 namedtype.NamedType('action', 110 univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))), 111 namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype( 112 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 113 ) 114 115 116class Authenticator(char.UTF8String): 117 pass 118 119 120class RegToken(char.UTF8String): 121 pass 122 123 124class SubsequentMessage(univ.Integer): 125 namedValues = namedval.NamedValues( 126 ('encrCert', 0), 127 ('challengeResp', 1) 128 ) 129 130 131class POPOPrivKey(univ.Choice): 132 componentType = namedtype.NamedTypes( 133 namedtype.NamedType('thisMessage', 134 univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 135 namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype( 136 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 137 namedtype.NamedType('dhMAC', 138 univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 139 ) 140 141 142class PBMParameter(univ.Sequence): 143 componentType = namedtype.NamedTypes( 144 namedtype.NamedType('salt', univ.OctetString()), 145 namedtype.NamedType('owf', AlgorithmIdentifier()), 146 namedtype.NamedType('iterationCount', univ.Integer()), 147 namedtype.NamedType('mac', AlgorithmIdentifier()) 148 ) 149 150 151class PKMACValue(univ.Sequence): 152 componentType = namedtype.NamedTypes( 153 namedtype.NamedType('algId', AlgorithmIdentifier()), 154 namedtype.NamedType('value', univ.BitString()) 155 ) 156 157 158class POPOSigningKeyInput(univ.Sequence): 159 componentType = namedtype.NamedTypes( 160 namedtype.NamedType( 161 'authInfo', univ.Choice( 162 componentType=namedtype.NamedTypes( 163 namedtype.NamedType( 164 'sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) 165 ), 166 namedtype.NamedType('publicKeyMAC', PKMACValue()) 167 ) 168 ) 169 ), 170 namedtype.NamedType('publicKey', SubjectPublicKeyInfo()) 171 ) 172 173 174class POPOSigningKey(univ.Sequence): 175 componentType = namedtype.NamedTypes( 176 namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype( 177 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 178 namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()), 179 namedtype.NamedType('signature', univ.BitString()) 180 ) 181 182 183class ProofOfPossession(univ.Choice): 184 componentType = namedtype.NamedTypes( 185 namedtype.NamedType('raVerified', 186 univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 187 namedtype.NamedType('signature', POPOSigningKey().subtype( 188 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 189 namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype( 190 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), 191 namedtype.NamedType('keyAgreement', POPOPrivKey().subtype( 192 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) 193 ) 194 195 196class Controls(univ.SequenceOf): 197 componentType = AttributeTypeAndValue() 198 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 199 200 201class OptionalValidity(univ.Sequence): 202 componentType = namedtype.NamedTypes( 203 namedtype.OptionalNamedType('notBefore', 204 Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 205 namedtype.OptionalNamedType('notAfter', 206 Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 207 ) 208 209 210class CertTemplate(univ.Sequence): 211 componentType = namedtype.NamedTypes( 212 namedtype.OptionalNamedType('version', Version().subtype( 213 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 214 namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype( 215 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 216 namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype( 217 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), 218 namedtype.OptionalNamedType('issuer', Name().subtype( 219 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), 220 namedtype.OptionalNamedType('validity', OptionalValidity().subtype( 221 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), 222 namedtype.OptionalNamedType('subject', Name().subtype( 223 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), 224 namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype( 225 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), 226 namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype( 227 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), 228 namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype( 229 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), 230 namedtype.OptionalNamedType('extensions', Extensions().subtype( 231 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))) 232 ) 233 234 235class CertRequest(univ.Sequence): 236 componentType = namedtype.NamedTypes( 237 namedtype.NamedType('certReqId', univ.Integer()), 238 namedtype.NamedType('certTemplate', CertTemplate()), 239 namedtype.OptionalNamedType('controls', Controls()) 240 ) 241 242 243class CertReq(CertRequest): 244 pass 245 246 247class CertReqMsg(univ.Sequence): 248 componentType = namedtype.NamedTypes( 249 namedtype.NamedType('certReq', CertRequest()), 250 namedtype.OptionalNamedType('pop', ProofOfPossession()), 251 namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()).subtype( 252 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 253 ) 254 255 256class CertReqMessages(univ.SequenceOf): 257 componentType = CertReqMsg() 258 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 259