1# coding: utf-8 2# 3# This file is part of pyasn1-modules software. 4# 5# Created by Stanisław Pitucha with asn1ate tool. 6# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 7# License: http://pyasn1.sf.net/license.html 8# 9# Internet X.509 Public Key Infrastructure Certificate Request 10# Message Format (CRMF) 11# 12# ASN.1 source from: 13# http://www.ietf.org/rfc/rfc4211.txt 14# 15from pyasn1.type import char 16from pyasn1.type import constraint 17from pyasn1.type import namedtype 18from pyasn1.type import namedval 19from pyasn1.type import tag 20from pyasn1.type import univ 21 22from pyasn1_modules import rfc3280 23from pyasn1_modules import rfc3852 24 25MAX = float('inf') 26 27 28def _buildOid(*components): 29 output = [] 30 for x in tuple(components): 31 if isinstance(x, univ.ObjectIdentifier): 32 output.extend(list(x)) 33 else: 34 output.append(int(x)) 35 36 return univ.ObjectIdentifier(output) 37 38 39id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7) 40 41id_pkip = _buildOid(id_pkix, 5) 42 43id_regCtrl = _buildOid(id_pkip, 1) 44 45 46class SinglePubInfo(univ.Sequence): 47 pass 48 49 50SinglePubInfo.componentType = namedtype.NamedTypes( 51 namedtype.NamedType('pubMethod', univ.Integer( 52 namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))), 53 namedtype.OptionalNamedType('pubLocation', rfc3280.GeneralName()) 54) 55 56 57class UTF8Pairs(char.UTF8String): 58 pass 59 60 61class PKMACValue(univ.Sequence): 62 pass 63 64 65PKMACValue.componentType = namedtype.NamedTypes( 66 namedtype.NamedType('algId', rfc3280.AlgorithmIdentifier()), 67 namedtype.NamedType('value', univ.BitString()) 68) 69 70 71class POPOSigningKeyInput(univ.Sequence): 72 pass 73 74 75POPOSigningKeyInput.componentType = namedtype.NamedTypes( 76 namedtype.NamedType( 77 'authInfo', univ.Choice( 78 componentType=namedtype.NamedTypes( 79 namedtype.NamedType( 80 'sender', rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) 81 ), 82 namedtype.NamedType( 83 'publicKeyMAC', PKMACValue() 84 ) 85 ) 86 ) 87 ), 88 namedtype.NamedType('publicKey', rfc3280.SubjectPublicKeyInfo()) 89) 90 91 92class POPOSigningKey(univ.Sequence): 93 pass 94 95 96POPOSigningKey.componentType = namedtype.NamedTypes( 97 namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype( 98 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 99 namedtype.NamedType('algorithmIdentifier', rfc3280.AlgorithmIdentifier()), 100 namedtype.NamedType('signature', univ.BitString()) 101) 102 103 104class Attributes(univ.SetOf): 105 pass 106 107 108Attributes.componentType = rfc3280.Attribute() 109 110 111class PrivateKeyInfo(univ.Sequence): 112 pass 113 114 115PrivateKeyInfo.componentType = namedtype.NamedTypes( 116 namedtype.NamedType('version', univ.Integer()), 117 namedtype.NamedType('privateKeyAlgorithm', rfc3280.AlgorithmIdentifier()), 118 namedtype.NamedType('privateKey', univ.OctetString()), 119 namedtype.OptionalNamedType('attributes', 120 Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 121) 122 123 124class EncryptedValue(univ.Sequence): 125 pass 126 127 128EncryptedValue.componentType = namedtype.NamedTypes( 129 namedtype.OptionalNamedType('intendedAlg', rfc3280.AlgorithmIdentifier().subtype( 130 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 131 namedtype.OptionalNamedType('symmAlg', rfc3280.AlgorithmIdentifier().subtype( 132 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 133 namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype( 134 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 135 namedtype.OptionalNamedType('keyAlg', rfc3280.AlgorithmIdentifier().subtype( 136 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 137 namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype( 138 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 139 namedtype.NamedType('encValue', univ.BitString()) 140) 141 142 143class EncryptedKey(univ.Choice): 144 pass 145 146 147EncryptedKey.componentType = namedtype.NamedTypes( 148 namedtype.NamedType('encryptedValue', EncryptedValue()), 149 namedtype.NamedType('envelopedData', rfc3852.EnvelopedData().subtype( 150 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) 151) 152 153 154class KeyGenParameters(univ.OctetString): 155 pass 156 157 158class PKIArchiveOptions(univ.Choice): 159 pass 160 161 162PKIArchiveOptions.componentType = namedtype.NamedTypes( 163 namedtype.NamedType('encryptedPrivKey', 164 EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 165 namedtype.NamedType('keyGenParameters', 166 KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 167 namedtype.NamedType('archiveRemGenPrivKey', 168 univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 169) 170 171id_regCtrl_authenticator = _buildOid(id_regCtrl, 2) 172 173id_regInfo = _buildOid(id_pkip, 2) 174 175id_regInfo_certReq = _buildOid(id_regInfo, 2) 176 177 178class ProtocolEncrKey(rfc3280.SubjectPublicKeyInfo): 179 pass 180 181 182class Authenticator(char.UTF8String): 183 pass 184 185 186class SubsequentMessage(univ.Integer): 187 pass 188 189 190SubsequentMessage.namedValues = namedval.NamedValues( 191 ('encrCert', 0), 192 ('challengeResp', 1) 193) 194 195 196class AttributeTypeAndValue(univ.Sequence): 197 pass 198 199 200AttributeTypeAndValue.componentType = namedtype.NamedTypes( 201 namedtype.NamedType('type', univ.ObjectIdentifier()), 202 namedtype.NamedType('value', univ.Any()) 203) 204 205 206class POPOPrivKey(univ.Choice): 207 pass 208 209 210POPOPrivKey.componentType = namedtype.NamedTypes( 211 namedtype.NamedType('thisMessage', 212 univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 213 namedtype.NamedType('subsequentMessage', 214 SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 215 namedtype.NamedType('dhMAC', 216 univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 217 namedtype.NamedType('agreeMAC', 218 PKMACValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), 219 namedtype.NamedType('encryptedKey', rfc3852.EnvelopedData().subtype( 220 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) 221) 222 223 224class ProofOfPossession(univ.Choice): 225 pass 226 227 228ProofOfPossession.componentType = namedtype.NamedTypes( 229 namedtype.NamedType('raVerified', 230 univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 231 namedtype.NamedType('signature', POPOSigningKey().subtype( 232 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 233 namedtype.NamedType('keyEncipherment', 234 POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), 235 namedtype.NamedType('keyAgreement', 236 POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) 237) 238 239 240class OptionalValidity(univ.Sequence): 241 pass 242 243 244OptionalValidity.componentType = namedtype.NamedTypes( 245 namedtype.OptionalNamedType('notBefore', rfc3280.Time().subtype( 246 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 247 namedtype.OptionalNamedType('notAfter', rfc3280.Time().subtype( 248 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 249) 250 251 252class CertTemplate(univ.Sequence): 253 pass 254 255 256CertTemplate.componentType = namedtype.NamedTypes( 257 namedtype.OptionalNamedType('version', rfc3280.Version().subtype( 258 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 259 namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype( 260 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 261 namedtype.OptionalNamedType('signingAlg', rfc3280.AlgorithmIdentifier().subtype( 262 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 263 namedtype.OptionalNamedType('issuer', rfc3280.Name().subtype( 264 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), 265 namedtype.OptionalNamedType('validity', OptionalValidity().subtype( 266 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), 267 namedtype.OptionalNamedType('subject', rfc3280.Name().subtype( 268 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), 269 namedtype.OptionalNamedType('publicKey', rfc3280.SubjectPublicKeyInfo().subtype( 270 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 271 namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier().subtype( 272 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), 273 namedtype.OptionalNamedType('subjectUID', rfc3280.UniqueIdentifier().subtype( 274 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), 275 namedtype.OptionalNamedType('extensions', rfc3280.Extensions().subtype( 276 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))) 277) 278 279 280class Controls(univ.SequenceOf): 281 pass 282 283 284Controls.componentType = AttributeTypeAndValue() 285Controls.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 286 287 288class CertRequest(univ.Sequence): 289 pass 290 291 292CertRequest.componentType = namedtype.NamedTypes( 293 namedtype.NamedType('certReqId', univ.Integer()), 294 namedtype.NamedType('certTemplate', CertTemplate()), 295 namedtype.OptionalNamedType('controls', Controls()) 296) 297 298 299class CertReqMsg(univ.Sequence): 300 pass 301 302 303CertReqMsg.componentType = namedtype.NamedTypes( 304 namedtype.NamedType('certReq', CertRequest()), 305 namedtype.OptionalNamedType('popo', ProofOfPossession()), 306 namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue())) 307) 308 309 310class CertReqMessages(univ.SequenceOf): 311 pass 312 313 314CertReqMessages.componentType = CertReqMsg() 315CertReqMessages.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 316 317 318class CertReq(CertRequest): 319 pass 320 321 322id_regCtrl_pkiPublicationInfo = _buildOid(id_regCtrl, 3) 323 324 325class CertId(univ.Sequence): 326 pass 327 328 329CertId.componentType = namedtype.NamedTypes( 330 namedtype.NamedType('issuer', rfc3280.GeneralName()), 331 namedtype.NamedType('serialNumber', univ.Integer()) 332) 333 334 335class OldCertId(CertId): 336 pass 337 338 339class PKIPublicationInfo(univ.Sequence): 340 pass 341 342 343PKIPublicationInfo.componentType = namedtype.NamedTypes( 344 namedtype.NamedType('action', 345 univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))), 346 namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo())) 347) 348 349 350class EncKeyWithID(univ.Sequence): 351 pass 352 353 354EncKeyWithID.componentType = namedtype.NamedTypes( 355 namedtype.NamedType('privateKey', PrivateKeyInfo()), 356 namedtype.OptionalNamedType( 357 'identifier', univ.Choice( 358 componentType=namedtype.NamedTypes( 359 namedtype.NamedType('string', char.UTF8String()), 360 namedtype.NamedType('generalName', rfc3280.GeneralName()) 361 ) 362 ) 363 ) 364) 365 366id_regCtrl_protocolEncrKey = _buildOid(id_regCtrl, 6) 367 368id_regCtrl_oldCertID = _buildOid(id_regCtrl, 5) 369 370id_smime = _buildOid(1, 2, 840, 113549, 1, 9, 16) 371 372 373class PBMParameter(univ.Sequence): 374 pass 375 376 377PBMParameter.componentType = namedtype.NamedTypes( 378 namedtype.NamedType('salt', univ.OctetString()), 379 namedtype.NamedType('owf', rfc3280.AlgorithmIdentifier()), 380 namedtype.NamedType('iterationCount', univ.Integer()), 381 namedtype.NamedType('mac', rfc3280.AlgorithmIdentifier()) 382) 383 384id_regCtrl_regToken = _buildOid(id_regCtrl, 1) 385 386id_regCtrl_pkiArchiveOptions = _buildOid(id_regCtrl, 4) 387 388id_regInfo_utf8Pairs = _buildOid(id_regInfo, 1) 389 390id_ct = _buildOid(id_smime, 1) 391 392id_ct_encKeyWithID = _buildOid(id_ct, 21) 393 394 395class RegToken(char.UTF8String): 396 pass 397