1# This file is being contributed to pyasn1-modules software.
2#
3# Created by Russ Housley with assistance from asn1ate v.0.6.0.
4#
5# Copyright (c) 2019, Vigil Security, LLC
6# License: http://snmplabs.com/pyasn1/license.html
7#
8# Trust Anchor Format
9#
10# ASN.1 source from:
11# https://www.rfc-editor.org/rfc/rfc5914.txt
12
13from pyasn1.type import char
14from pyasn1.type import constraint
15from pyasn1.type import namedtype
16from pyasn1.type import namedval
17from pyasn1.type import tag
18from pyasn1.type import univ
19
20from pyasn1_modules import rfc5280
21
22
23MAX = float('inf')
24
25Certificate = rfc5280.Certificate
26
27Name = rfc5280.Name
28
29Extensions = rfc5280.Extensions
30
31SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
32
33TBSCertificate = rfc5280.TBSCertificate
34
35CertificatePolicies = rfc5280.CertificatePolicies
36
37KeyIdentifier = rfc5280.KeyIdentifier
38
39NameConstraints = rfc5280.NameConstraints
40
41
42class CertPolicyFlags(univ.BitString):
43    pass
44
45CertPolicyFlags.namedValues = namedval.NamedValues(
46    ('inhibitPolicyMapping', 0),
47    ('requireExplicitPolicy', 1),
48    ('inhibitAnyPolicy', 2)
49)
50
51
52class CertPathControls(univ.Sequence):
53    pass
54
55CertPathControls.componentType = namedtype.NamedTypes(
56    namedtype.NamedType('taName', Name()),
57    namedtype.OptionalNamedType('certificate', Certificate().subtype(
58        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
59    namedtype.OptionalNamedType('policySet', CertificatePolicies().subtype(
60        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
61    namedtype.OptionalNamedType('policyFlags', CertPolicyFlags().subtype(
62        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
63    namedtype.OptionalNamedType('nameConstr', NameConstraints().subtype(
64        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
65    namedtype.OptionalNamedType('pathLenConstraint', univ.Integer().subtype(
66        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
67        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
68)
69
70
71class TrustAnchorTitle(char.UTF8String):
72    pass
73
74TrustAnchorTitle.subtypeSpec = constraint.ValueSizeConstraint(1, 64)
75
76
77class TrustAnchorInfoVersion(univ.Integer):
78    pass
79
80TrustAnchorInfoVersion.namedValues = namedval.NamedValues(
81    ('v1', 1)
82)
83
84
85class TrustAnchorInfo(univ.Sequence):
86    pass
87
88TrustAnchorInfo.componentType = namedtype.NamedTypes(
89    namedtype.DefaultedNamedType('version', TrustAnchorInfoVersion().subtype(value='v1')),
90    namedtype.NamedType('pubKey', SubjectPublicKeyInfo()),
91    namedtype.NamedType('keyId', KeyIdentifier()),
92    namedtype.OptionalNamedType('taTitle', TrustAnchorTitle()),
93    namedtype.OptionalNamedType('certPath', CertPathControls()),
94    namedtype.OptionalNamedType('exts', Extensions().subtype(explicitTag=tag.Tag(
95        tag.tagClassContext, tag.tagFormatSimple, 1))),
96    namedtype.OptionalNamedType('taTitleLangTag', char.UTF8String().subtype(
97        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
98)
99
100
101class TrustAnchorChoice(univ.Choice):
102    pass
103
104TrustAnchorChoice.componentType = namedtype.NamedTypes(
105    namedtype.NamedType('certificate', Certificate()),
106    namedtype.NamedType('tbsCert', TBSCertificate().subtype(
107        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
108    namedtype.NamedType('taInfo', TrustAnchorInfo().subtype(
109        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
110)
111
112
113id_ct_trustAnchorList = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.34')
114
115class TrustAnchorList(univ.SequenceOf):
116    pass
117
118TrustAnchorList.componentType = TrustAnchorChoice()
119TrustAnchorList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
120