1# This file is being contributed to pyasn1-modules software. 2# 3# Created by Russ Housley with assistance from asn1ate v.0.6.0. 4# 5# Copyright (c) 2019, Vigil Security, LLC 6# License: http://snmplabs.com/pyasn1/license.html 7# 8# Trust Anchor Format 9# 10# ASN.1 source from: 11# https://www.rfc-editor.org/rfc/rfc5914.txt 12 13from pyasn1.type import char 14from pyasn1.type import constraint 15from pyasn1.type import namedtype 16from pyasn1.type import namedval 17from pyasn1.type import tag 18from pyasn1.type import univ 19 20from pyasn1_modules import rfc5280 21 22 23MAX = float('inf') 24 25Certificate = rfc5280.Certificate 26 27Name = rfc5280.Name 28 29Extensions = rfc5280.Extensions 30 31SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo 32 33TBSCertificate = rfc5280.TBSCertificate 34 35CertificatePolicies = rfc5280.CertificatePolicies 36 37KeyIdentifier = rfc5280.KeyIdentifier 38 39NameConstraints = rfc5280.NameConstraints 40 41 42class CertPolicyFlags(univ.BitString): 43 pass 44 45CertPolicyFlags.namedValues = namedval.NamedValues( 46 ('inhibitPolicyMapping', 0), 47 ('requireExplicitPolicy', 1), 48 ('inhibitAnyPolicy', 2) 49) 50 51 52class CertPathControls(univ.Sequence): 53 pass 54 55CertPathControls.componentType = namedtype.NamedTypes( 56 namedtype.NamedType('taName', Name()), 57 namedtype.OptionalNamedType('certificate', Certificate().subtype( 58 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 59 namedtype.OptionalNamedType('policySet', CertificatePolicies().subtype( 60 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 61 namedtype.OptionalNamedType('policyFlags', CertPolicyFlags().subtype( 62 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 63 namedtype.OptionalNamedType('nameConstr', NameConstraints().subtype( 64 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 65 namedtype.OptionalNamedType('pathLenConstraint', univ.Integer().subtype( 66 subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype( 67 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) 68) 69 70 71class TrustAnchorTitle(char.UTF8String): 72 pass 73 74TrustAnchorTitle.subtypeSpec = constraint.ValueSizeConstraint(1, 64) 75 76 77class TrustAnchorInfoVersion(univ.Integer): 78 pass 79 80TrustAnchorInfoVersion.namedValues = namedval.NamedValues( 81 ('v1', 1) 82) 83 84 85class TrustAnchorInfo(univ.Sequence): 86 pass 87 88TrustAnchorInfo.componentType = namedtype.NamedTypes( 89 namedtype.DefaultedNamedType('version', TrustAnchorInfoVersion().subtype(value='v1')), 90 namedtype.NamedType('pubKey', SubjectPublicKeyInfo()), 91 namedtype.NamedType('keyId', KeyIdentifier()), 92 namedtype.OptionalNamedType('taTitle', TrustAnchorTitle()), 93 namedtype.OptionalNamedType('certPath', CertPathControls()), 94 namedtype.OptionalNamedType('exts', Extensions().subtype(explicitTag=tag.Tag( 95 tag.tagClassContext, tag.tagFormatSimple, 1))), 96 namedtype.OptionalNamedType('taTitleLangTag', char.UTF8String().subtype( 97 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 98) 99 100 101class TrustAnchorChoice(univ.Choice): 102 pass 103 104TrustAnchorChoice.componentType = namedtype.NamedTypes( 105 namedtype.NamedType('certificate', Certificate()), 106 namedtype.NamedType('tbsCert', TBSCertificate().subtype( 107 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 108 namedtype.NamedType('taInfo', TrustAnchorInfo().subtype( 109 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 110) 111 112 113id_ct_trustAnchorList = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.34') 114 115class TrustAnchorList(univ.SequenceOf): 116 pass 117 118TrustAnchorList.componentType = TrustAnchorChoice() 119TrustAnchorList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 120