1# coding: utf-8 2# 3# This file is part of pyasn1-modules software. 4# 5# Created by Stanisław Pitucha with asn1ate tool. 6# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 7# License: http://pyasn1.sf.net/license.html 8# 9# An Internet Attribute Certificate Profile for Authorization 10# 11# ASN.1 source from: 12# http://www.ietf.org/rfc/rfc3281.txt 13# 14from pyasn1.type import char 15from pyasn1.type import constraint 16from pyasn1.type import namedtype 17from pyasn1.type import namedval 18from pyasn1.type import tag 19from pyasn1.type import univ 20from pyasn1.type import useful 21 22from pyasn1_modules import rfc3280 23 24MAX = float('inf') 25 26 27def _buildOid(*components): 28 output = [] 29 for x in tuple(components): 30 if isinstance(x, univ.ObjectIdentifier): 31 output.extend(list(x)) 32 else: 33 output.append(int(x)) 34 35 return univ.ObjectIdentifier(output) 36 37 38class ObjectDigestInfo(univ.Sequence): 39 pass 40 41 42ObjectDigestInfo.componentType = namedtype.NamedTypes( 43 namedtype.NamedType('digestedObjectType', univ.Enumerated( 44 namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))), 45 namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()), 46 namedtype.NamedType('digestAlgorithm', rfc3280.AlgorithmIdentifier()), 47 namedtype.NamedType('objectDigest', univ.BitString()) 48) 49 50 51class IssuerSerial(univ.Sequence): 52 pass 53 54 55IssuerSerial.componentType = namedtype.NamedTypes( 56 namedtype.NamedType('issuer', rfc3280.GeneralNames()), 57 namedtype.NamedType('serial', rfc3280.CertificateSerialNumber()), 58 namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier()) 59) 60 61 62class TargetCert(univ.Sequence): 63 pass 64 65 66TargetCert.componentType = namedtype.NamedTypes( 67 namedtype.NamedType('targetCertificate', IssuerSerial()), 68 namedtype.OptionalNamedType('targetName', rfc3280.GeneralName()), 69 namedtype.OptionalNamedType('certDigestInfo', ObjectDigestInfo()) 70) 71 72 73class Target(univ.Choice): 74 pass 75 76 77Target.componentType = namedtype.NamedTypes( 78 namedtype.NamedType('targetName', rfc3280.GeneralName().subtype( 79 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 80 namedtype.NamedType('targetGroup', rfc3280.GeneralName().subtype( 81 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 82 namedtype.NamedType('targetCert', 83 TargetCert().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 84) 85 86 87class Targets(univ.SequenceOf): 88 pass 89 90 91Targets.componentType = Target() 92 93 94class ProxyInfo(univ.SequenceOf): 95 pass 96 97 98ProxyInfo.componentType = Targets() 99 100id_at_role = _buildOid(rfc3280.id_at, 72) 101 102id_pe_aaControls = _buildOid(rfc3280.id_pe, 6) 103 104id_ce_targetInformation = _buildOid(rfc3280.id_ce, 55) 105 106id_pe_ac_auditIdentity = _buildOid(rfc3280.id_pe, 4) 107 108 109class ClassList(univ.BitString): 110 pass 111 112 113ClassList.namedValues = namedval.NamedValues( 114 ('unmarked', 0), 115 ('unclassified', 1), 116 ('restricted', 2), 117 ('confidential', 3), 118 ('secret', 4), 119 ('topSecret', 5) 120) 121 122 123class SecurityCategory(univ.Sequence): 124 pass 125 126 127SecurityCategory.componentType = namedtype.NamedTypes( 128 namedtype.NamedType('type', univ.ObjectIdentifier().subtype( 129 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 130 namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 131) 132 133 134class Clearance(univ.Sequence): 135 pass 136 137 138Clearance.componentType = namedtype.NamedTypes( 139 namedtype.NamedType('policyId', univ.ObjectIdentifier().subtype( 140 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 141 namedtype.DefaultedNamedType('classList', 142 ClassList().subtype(implicitTag=tag.Tag(tag.tagClassContext, 143 tag.tagFormatSimple, 1)).subtype( 144 value="unclassified")), 145 namedtype.OptionalNamedType('securityCategories', univ.SetOf(componentType=SecurityCategory()).subtype( 146 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 147) 148 149 150class AttCertVersion(univ.Integer): 151 pass 152 153 154AttCertVersion.namedValues = namedval.NamedValues( 155 ('v2', 1) 156) 157 158id_aca = _buildOid(rfc3280.id_pkix, 10) 159 160id_at_clearance = _buildOid(2, 5, 1, 5, 55) 161 162 163class AttrSpec(univ.SequenceOf): 164 pass 165 166 167AttrSpec.componentType = univ.ObjectIdentifier() 168 169 170class AAControls(univ.Sequence): 171 pass 172 173 174AAControls.componentType = namedtype.NamedTypes( 175 namedtype.OptionalNamedType('pathLenConstraint', 176 univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), 177 namedtype.OptionalNamedType('permittedAttrs', 178 AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 179 namedtype.OptionalNamedType('excludedAttrs', 180 AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 181 namedtype.DefaultedNamedType('permitUnSpecified', univ.Boolean().subtype(value=1)) 182) 183 184 185class AttCertValidityPeriod(univ.Sequence): 186 pass 187 188 189AttCertValidityPeriod.componentType = namedtype.NamedTypes( 190 namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()), 191 namedtype.NamedType('notAfterTime', useful.GeneralizedTime()) 192) 193 194 195id_aca_authenticationInfo = _buildOid(id_aca, 1) 196 197 198class V2Form(univ.Sequence): 199 pass 200 201 202V2Form.componentType = namedtype.NamedTypes( 203 namedtype.OptionalNamedType('issuerName', rfc3280.GeneralNames()), 204 namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype( 205 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 206 namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype( 207 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 208) 209 210 211class AttCertIssuer(univ.Choice): 212 pass 213 214 215AttCertIssuer.componentType = namedtype.NamedTypes( 216 namedtype.NamedType('v1Form', rfc3280.GeneralNames()), 217 namedtype.NamedType('v2Form', 218 V2Form().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) 219) 220 221 222class Holder(univ.Sequence): 223 pass 224 225 226Holder.componentType = namedtype.NamedTypes( 227 namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype( 228 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 229 namedtype.OptionalNamedType('entityName', rfc3280.GeneralNames().subtype( 230 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 231 namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype( 232 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 233) 234 235 236class AttributeCertificateInfo(univ.Sequence): 237 pass 238 239 240AttributeCertificateInfo.componentType = namedtype.NamedTypes( 241 namedtype.NamedType('version', AttCertVersion()), 242 namedtype.NamedType('holder', Holder()), 243 namedtype.NamedType('issuer', AttCertIssuer()), 244 namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()), 245 namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()), 246 namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()), 247 namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())), 248 namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()), 249 namedtype.OptionalNamedType('extensions', rfc3280.Extensions()) 250) 251 252 253class AttributeCertificate(univ.Sequence): 254 pass 255 256 257AttributeCertificate.componentType = namedtype.NamedTypes( 258 namedtype.NamedType('acinfo', AttributeCertificateInfo()), 259 namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()), 260 namedtype.NamedType('signatureValue', univ.BitString()) 261) 262 263id_mod = _buildOid(rfc3280.id_pkix, 0) 264 265id_mod_attribute_cert = _buildOid(id_mod, 12) 266 267id_aca_accessIdentity = _buildOid(id_aca, 2) 268 269 270class RoleSyntax(univ.Sequence): 271 pass 272 273 274RoleSyntax.componentType = namedtype.NamedTypes( 275 namedtype.OptionalNamedType('roleAuthority', rfc3280.GeneralNames().subtype( 276 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 277 namedtype.NamedType('roleName', 278 rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 279) 280 281id_aca_chargingIdentity = _buildOid(id_aca, 3) 282 283 284class ACClearAttrs(univ.Sequence): 285 pass 286 287 288ACClearAttrs.componentType = namedtype.NamedTypes( 289 namedtype.NamedType('acIssuer', rfc3280.GeneralName()), 290 namedtype.NamedType('acSerial', univ.Integer()), 291 namedtype.NamedType('attrs', univ.SequenceOf(componentType=rfc3280.Attribute())) 292) 293 294id_aca_group = _buildOid(id_aca, 4) 295 296id_pe_ac_proxying = _buildOid(rfc3280.id_pe, 10) 297 298 299class SvceAuthInfo(univ.Sequence): 300 pass 301 302 303SvceAuthInfo.componentType = namedtype.NamedTypes( 304 namedtype.NamedType('service', rfc3280.GeneralName()), 305 namedtype.NamedType('ident', rfc3280.GeneralName()), 306 namedtype.OptionalNamedType('authInfo', univ.OctetString()) 307) 308 309 310class IetfAttrSyntax(univ.Sequence): 311 pass 312 313 314IetfAttrSyntax.componentType = namedtype.NamedTypes( 315 namedtype.OptionalNamedType( 316 'policyAuthority', rfc3280.GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) 317 ), 318 namedtype.NamedType( 319 'values', univ.SequenceOf( 320 componentType=univ.Choice( 321 componentType=namedtype.NamedTypes( 322 namedtype.NamedType('octets', univ.OctetString()), 323 namedtype.NamedType('oid', univ.ObjectIdentifier()), 324 namedtype.NamedType('string', char.UTF8String()) 325 ) 326 ) 327 ) 328 ) 329) 330 331id_aca_encAttrs = _buildOid(id_aca, 6) 332