Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1#
2# This file is part of pyasn1-modules software.
3#
4# Updated by Russ Housley to resolve the TODO regarding the Certificate
5# Policies Certificate Extension.
6#
7# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
8# License: http://snmplabs.com/pyasn1/license.html
9#
10# X.509 message syntax
11#
12# ASN.1 source from:
13# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn
14# http://www.ietf.org/rfc/rfc2459.txt
15#
16# Sample captures from:
17# http://wiki.wireshark.org/SampleCaptures/
18#
19from pyasn1.type import char
20from pyasn1.type import constraint
21from pyasn1.type import namedtype
22from pyasn1.type import namedval
23from pyasn1.type import opentype
24from pyasn1.type import tag
25from pyasn1.type import univ
26from pyasn1.type import useful
28MAX = float('inf')
30#
31# PKIX1Explicit88
32#
34# Upper Bounds
35ub_name = univ.Integer(32768)
36ub_common_name = univ.Integer(64)
37ub_locality_name = univ.Integer(128)
38ub_state_name = univ.Integer(128)
39ub_organization_name = univ.Integer(64)
40ub_organizational_unit_name = univ.Integer(64)
41ub_title = univ.Integer(64)
42ub_match = univ.Integer(128)
43ub_emailaddress_length = univ.Integer(128)
44ub_common_name_length = univ.Integer(64)
45ub_country_name_alpha_length = univ.Integer(2)
46ub_country_name_numeric_length = univ.Integer(3)
47ub_domain_defined_attributes = univ.Integer(4)
48ub_domain_defined_attribute_type_length = univ.Integer(8)
49ub_domain_defined_attribute_value_length = univ.Integer(128)
50ub_domain_name_length = univ.Integer(16)
51ub_extension_attributes = univ.Integer(256)
52ub_e163_4_number_length = univ.Integer(15)
53ub_e163_4_sub_address_length = univ.Integer(40)
54ub_generation_qualifier_length = univ.Integer(3)
55ub_given_name_length = univ.Integer(16)
56ub_initials_length = univ.Integer(5)
57ub_integer_options = univ.Integer(256)
58ub_numeric_user_id_length = univ.Integer(32)
59ub_organization_name_length = univ.Integer(64)
60ub_organizational_unit_name_length = univ.Integer(32)
61ub_organizational_units = univ.Integer(4)
62ub_pds_name_length = univ.Integer(16)
63ub_pds_parameter_length = univ.Integer(30)
64ub_pds_physical_address_lines = univ.Integer(6)
65ub_postal_code_length = univ.Integer(16)
66ub_surname_length = univ.Integer(40)
67ub_terminal_id_length = univ.Integer(24)
68ub_unformatted_address_length = univ.Integer(180)
69ub_x121_address_length = univ.Integer(16)
72class UniversalString(char.UniversalString):
73 pass
76class BMPString(char.BMPString):
77 pass
80class UTF8String(char.UTF8String):
81 pass
84id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
85id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1')
86id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2')
87id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
88id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48')
90id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1')
91id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2')
93id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1')
94id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2')
99id_at = univ.ObjectIdentifier('2.5.4')
100id_at_name = univ.ObjectIdentifier('2.5.4.41')
101# preserve misspelled variable for compatibility
102id_at_sutname = id_at_surname = univ.ObjectIdentifier('2.5.4.4')
103id_at_givenName = univ.ObjectIdentifier('2.5.4.42')
104id_at_initials = univ.ObjectIdentifier('2.5.4.43')
105id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44')
108class X520name(univ.Choice):
109 componentType = namedtype.NamedTypes(
110 namedtype.NamedType('teletexString',
111 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
112 namedtype.NamedType('printableString',
113 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
114 namedtype.NamedType('universalString',
115 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
116 namedtype.NamedType('utf8String',
117 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
118 namedtype.NamedType('bmpString',
119 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name)))
120 )
123id_at_commonName = univ.ObjectIdentifier('2.5.4.3')
126class X520CommonName(univ.Choice):
127 componentType = namedtype.NamedTypes(
128 namedtype.NamedType('teletexString', char.TeletexString().subtype(
129 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
130 namedtype.NamedType('printableString', char.PrintableString().subtype(
131 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
132 namedtype.NamedType('universalString', char.UniversalString().subtype(
133 subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
134 namedtype.NamedType('utf8String',
135 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
136 namedtype.NamedType('bmpString',
137 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name)))
138 )
141id_at_localityName = univ.ObjectIdentifier('2.5.4.7')
144class X520LocalityName(univ.Choice):
145 componentType = namedtype.NamedTypes(
146 namedtype.NamedType('teletexString', char.TeletexString().subtype(
147 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
148 namedtype.NamedType('printableString', char.PrintableString().subtype(
149 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
150 namedtype.NamedType('universalString', char.UniversalString().subtype(
151 subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
152 namedtype.NamedType('utf8String',
153 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
154 namedtype.NamedType('bmpString',
155 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name)))
156 )
159id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8')
162class X520StateOrProvinceName(univ.Choice):
163 componentType = namedtype.NamedTypes(
164 namedtype.NamedType('teletexString',
165 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
166 namedtype.NamedType('printableString', char.PrintableString().subtype(
167 subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
168 namedtype.NamedType('universalString', char.UniversalString().subtype(
169 subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
170 namedtype.NamedType('utf8String',
171 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
172 namedtype.NamedType('bmpString',
173 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name)))
174 )
177id_at_organizationName = univ.ObjectIdentifier('2.5.4.10')
180class X520OrganizationName(univ.Choice):
181 componentType = namedtype.NamedTypes(
182 namedtype.NamedType('teletexString', char.TeletexString().subtype(
183 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
184 namedtype.NamedType('printableString', char.PrintableString().subtype(
185 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
186 namedtype.NamedType('universalString', char.UniversalString().subtype(
187 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
188 namedtype.NamedType('utf8String', char.UTF8String().subtype(
189 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
190 namedtype.NamedType('bmpString', char.BMPString().subtype(
191 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name)))
192 )
195id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11')
198class X520OrganizationalUnitName(univ.Choice):
199 componentType = namedtype.NamedTypes(
200 namedtype.NamedType('teletexString', char.TeletexString().subtype(
201 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
202 namedtype.NamedType('printableString', char.PrintableString().subtype(
203 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
204 namedtype.NamedType('universalString', char.UniversalString().subtype(
205 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
206 namedtype.NamedType('utf8String', char.UTF8String().subtype(
207 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
208 namedtype.NamedType('bmpString', char.BMPString().subtype(
209 subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name)))
210 )
213id_at_title = univ.ObjectIdentifier('2.5.4.12')
216class X520Title(univ.Choice):
217 componentType = namedtype.NamedTypes(
218 namedtype.NamedType('teletexString',
219 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
220 namedtype.NamedType('printableString',
221 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
222 namedtype.NamedType('universalString',
223 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
224 namedtype.NamedType('utf8String',
225 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
226 namedtype.NamedType('bmpString',
227 char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title)))
228 )
231id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46')
234class X520dnQualifier(char.PrintableString):
235 pass
238id_at_countryName = univ.ObjectIdentifier('2.5.4.6')
241class X520countryName(char.PrintableString):
242 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2)
245pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9')
247emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1')
250class Pkcs9email(char.IA5String):
251 subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length)
254# ----
256class DSAPrivateKey(univ.Sequence):
257 """PKIX compliant DSA private key structure"""
258 componentType = namedtype.NamedTypes(
259 namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))),
260 namedtype.NamedType('p', univ.Integer()),
261 namedtype.NamedType('q', univ.Integer()),
262 namedtype.NamedType('g', univ.Integer()),
263 namedtype.NamedType('public', univ.Integer()),
264 namedtype.NamedType('private', univ.Integer())
265 )
268# ----
271class DirectoryString(univ.Choice):
272 componentType = namedtype.NamedTypes(
273 namedtype.NamedType('teletexString',
274 char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
275 namedtype.NamedType('printableString',
276 char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
277 namedtype.NamedType('universalString',
278 char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
279 namedtype.NamedType('utf8String',
280 char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
281 namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
282 namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
283 # hm, this should not be here!? XXX
284 )
287# certificate and CRL specific structures begin here
289class AlgorithmIdentifier(univ.Sequence):
290 componentType = namedtype.NamedTypes(
291 namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
292 namedtype.OptionalNamedType('parameters', univ.Any())
293 )
297# Algorithm OIDs and parameter structures
299pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
300rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
301md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
302md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
303sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
304id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3')
307class Dss_Sig_Value(univ.Sequence):
308 componentType = namedtype.NamedTypes(
309 namedtype.NamedType('r', univ.Integer()),
310 namedtype.NamedType('s', univ.Integer())
311 )
314dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1')
317class ValidationParms(univ.Sequence):
318 componentType = namedtype.NamedTypes(
319 namedtype.NamedType('seed', univ.BitString()),
320 namedtype.NamedType('pgenCounter', univ.Integer())
321 )
324class DomainParameters(univ.Sequence):
325 componentType = namedtype.NamedTypes(
326 namedtype.NamedType('p', univ.Integer()),
327 namedtype.NamedType('g', univ.Integer()),
328 namedtype.NamedType('q', univ.Integer()),
329 namedtype.NamedType('j', univ.Integer()),
330 namedtype.OptionalNamedType('validationParms', ValidationParms())
331 )
334id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1')
337class Dss_Parms(univ.Sequence):
338 componentType = namedtype.NamedTypes(
339 namedtype.NamedType('p', univ.Integer()),
340 namedtype.NamedType('q', univ.Integer()),
341 namedtype.NamedType('g', univ.Integer())
342 )
345# x400 address syntax starts here
347teletex_domain_defined_attributes = univ.Integer(6)
350class TeletexDomainDefinedAttribute(univ.Sequence):
351 componentType = namedtype.NamedTypes(
352 namedtype.NamedType('type', char.TeletexString().subtype(
353 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
354 namedtype.NamedType('value', char.TeletexString())
355 )
358class TeletexDomainDefinedAttributes(univ.SequenceOf):
359 componentType = TeletexDomainDefinedAttribute()
360 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
363terminal_type = univ.Integer(23)
366class TerminalType(univ.Integer):
367 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options)
368 namedValues = namedval.NamedValues(
369 ('telex', 3),
370 ('teletelex', 4),
371 ('g3-facsimile', 5),
372 ('g4-facsimile', 6),
373 ('ia5-terminal', 7),
374 ('videotex', 8)
375 )
378class PresentationAddress(univ.Sequence):
379 componentType = namedtype.NamedTypes(
380 namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(
381 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
382 namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(
383 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
384 namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(
385 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
386 namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(
387 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3),
388 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
389 )
392extended_network_address = univ.Integer(22)
395class E163_4_address(univ.Sequence):
396 componentType = namedtype.NamedTypes(
397 namedtype.NamedType('number', char.NumericString().subtype(
398 subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length),
399 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
400 namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(
401 subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length),
402 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
403 )
406class ExtendedNetworkAddress(univ.Choice):
407 componentType = namedtype.NamedTypes(
408 namedtype.NamedType('e163-4-address', E163_4_address()),
409 namedtype.NamedType('psap-address', PresentationAddress().subtype(
410 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
411 )
414class PDSParameter(univ.Set):
415 componentType = namedtype.NamedTypes(
416 namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(
417 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))),
418 namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
419 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))
420 )
423local_postal_attributes = univ.Integer(21)
426class LocalPostalAttributes(PDSParameter):
427 pass
430class UniquePostalName(PDSParameter):
431 pass
434unique_postal_name = univ.Integer(20)
436poste_restante_address = univ.Integer(19)
439class PosteRestanteAddress(PDSParameter):
440 pass
443post_office_box_address = univ.Integer(18)
446class PostOfficeBoxAddress(PDSParameter):
447 pass
450street_address = univ.Integer(17)
453class StreetAddress(PDSParameter):
454 pass
457class UnformattedPostalAddress(univ.Set):
458 componentType = namedtype.NamedTypes(
459 namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(
460 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype(
461 subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))),
462 namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
463 subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length)))
464 )
467physical_delivery_office_name = univ.Integer(10)
470class PhysicalDeliveryOfficeName(PDSParameter):
471 pass
474physical_delivery_office_number = univ.Integer(11)
477class PhysicalDeliveryOfficeNumber(PDSParameter):
478 pass
481extension_OR_address_components = univ.Integer(12)
484class ExtensionORAddressComponents(PDSParameter):
485 pass
488physical_delivery_personal_name = univ.Integer(13)
491class PhysicalDeliveryPersonalName(PDSParameter):
492 pass
495physical_delivery_organization_name = univ.Integer(14)
498class PhysicalDeliveryOrganizationName(PDSParameter):
499 pass
502extension_physical_delivery_address_components = univ.Integer(15)
505class ExtensionPhysicalDeliveryAddressComponents(PDSParameter):
506 pass
509unformatted_postal_address = univ.Integer(16)
511postal_code = univ.Integer(9)
514class PostalCode(univ.Choice):
515 componentType = namedtype.NamedTypes(
516 namedtype.NamedType('numeric-code', char.NumericString().subtype(
517 subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))),
518 namedtype.NamedType('printable-code', char.PrintableString().subtype(
519 subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length)))
520 )
523class PhysicalDeliveryCountryName(univ.Choice):
524 componentType = namedtype.NamedTypes(
525 namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
526 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length,
527 ub_country_name_numeric_length))),
528 namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
529 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
530 )
533class PDSName(char.PrintableString):
534 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length)
537physical_delivery_country_name = univ.Integer(8)
540class TeletexOrganizationalUnitName(char.TeletexString):
541 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
544pds_name = univ.Integer(7)
546teletex_organizational_unit_names = univ.Integer(5)
549class TeletexOrganizationalUnitNames(univ.SequenceOf):
550 componentType = TeletexOrganizationalUnitName()
551 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
554teletex_personal_name = univ.Integer(4)
557class TeletexPersonalName(univ.Set):
558 componentType = namedtype.NamedTypes(
559 namedtype.NamedType('surname', char.TeletexString().subtype(
560 subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length),
561 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
562 namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(
563 subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length),
564 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
565 namedtype.OptionalNamedType('initials', char.TeletexString().subtype(
566 subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length),
567 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
568 namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(
569 subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length),
570 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
571 )
574teletex_organization_name = univ.Integer(3)
577class TeletexOrganizationName(char.TeletexString):
578 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
581teletex_common_name = univ.Integer(2)
584class TeletexCommonName(char.TeletexString):
585 subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
588class CommonName(char.PrintableString):
589 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
592common_name = univ.Integer(1)
595class ExtensionAttribute(univ.Sequence):
596 componentType = namedtype.NamedTypes(
597 namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(
598 subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes),
599 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
600 namedtype.NamedType('extension-attribute-value',
601 univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
602 )
605class ExtensionAttributes(univ.SetOf):
606 componentType = ExtensionAttribute()
607 sizeSpec = univ.SetOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes)
610class BuiltInDomainDefinedAttribute(univ.Sequence):
611 componentType = namedtype.NamedTypes(
612 namedtype.NamedType('type', char.PrintableString().subtype(
613 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
614 namedtype.NamedType('value', char.PrintableString().subtype(
615 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
616 )
619class BuiltInDomainDefinedAttributes(univ.SequenceOf):
620 componentType = BuiltInDomainDefinedAttribute()
621 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
624class OrganizationalUnitName(char.PrintableString):
625 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
628class OrganizationalUnitNames(univ.SequenceOf):
629 componentType = OrganizationalUnitName()
630 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
633class PersonalName(univ.Set):
634 componentType = namedtype.NamedTypes(
635 namedtype.NamedType('surname', char.PrintableString().subtype(
636 subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length),
637 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
638 namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(
639 subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length),
640 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
641 namedtype.OptionalNamedType('initials', char.PrintableString().subtype(
642 subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length),
643 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
644 namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(
645 subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length),
646 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
647 )
650class NumericUserIdentifier(char.NumericString):
651 subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length)
654class OrganizationName(char.PrintableString):
655 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
658class PrivateDomainName(univ.Choice):
659 componentType = namedtype.NamedTypes(
660 namedtype.NamedType('numeric', char.NumericString().subtype(
661 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))),
662 namedtype.NamedType('printable', char.PrintableString().subtype(
663 subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length)))
664 )
667class TerminalIdentifier(char.PrintableString):
668 subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length)
671class X121Address(char.NumericString):
672 subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length)
675class NetworkAddress(X121Address):
676 pass
679class AdministrationDomainName(univ.Choice):
680 tagSet = univ.Choice.tagSet.tagExplicitly(
681 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)
682 )
683 componentType = namedtype.NamedTypes(
684 namedtype.NamedType('numeric', char.NumericString().subtype(
685 subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))),
686 namedtype.NamedType('printable', char.PrintableString().subtype(
687 subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
688 )
691class CountryName(univ.Choice):
692 tagSet = univ.Choice.tagSet.tagExplicitly(
693 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
694 )
695 componentType = namedtype.NamedTypes(
696 namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
697 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length,
698 ub_country_name_numeric_length))),
699 namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
700 subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
701 )
704class BuiltInStandardAttributes(univ.Sequence):
705 componentType = namedtype.NamedTypes(
706 namedtype.OptionalNamedType('country-name', CountryName()),
707 namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()),
708 namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(
709 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
710 namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(
711 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
712 namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(
713 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
714 namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(
715 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
716 namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(
717 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
718 namedtype.OptionalNamedType('personal-name', PersonalName().subtype(
719 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
720 namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(
721 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6)))
722 )
725class ORAddress(univ.Sequence):
726 componentType = namedtype.NamedTypes(
727 namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()),
728 namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()),
729 namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes())
730 )
733#
734# PKIX1Implicit88
735#
737id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24')
740class InvalidityDate(useful.GeneralizedTime):
741 pass
744id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1')
745id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2')
746id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3')
748holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2')
750id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23')
753class HoldInstructionCode(univ.ObjectIdentifier):
754 pass
757id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21')
760class CRLReason(univ.Enumerated):
761 namedValues = namedval.NamedValues(
762 ('unspecified', 0),
763 ('keyCompromise', 1),
764 ('cACompromise', 2),
765 ('affiliationChanged', 3),
766 ('superseded', 4),
767 ('cessationOfOperation', 5),
768 ('certificateHold', 6),
769 ('removeFromCRL', 8)
770 )
773id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20')
776class CRLNumber(univ.Integer):
777 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
780class BaseCRLNumber(CRLNumber):
781 pass
784id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1')
785id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2')
786id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3')
787id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4')
788id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5')
789id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6')
790id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7')
791id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8')
792id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1')
793id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37')
796class KeyPurposeId(univ.ObjectIdentifier):
797 pass
800class ExtKeyUsageSyntax(univ.SequenceOf):
801 componentType = KeyPurposeId()
802 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
805class ReasonFlags(univ.BitString):
806 namedValues = namedval.NamedValues(
807 ('unused', 0),
808 ('keyCompromise', 1),
809 ('cACompromise', 2),
810 ('affiliationChanged', 3),
811 ('superseded', 4),
812 ('cessationOfOperation', 5),
813 ('certificateHold', 6)
814 )
817class SkipCerts(univ.Integer):
818 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
821id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36')
824class PolicyConstraints(univ.Sequence):
825 componentType = namedtype.NamedTypes(
826 namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype(
827 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
828 namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype(
829 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
830 )
833id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19')
836class BasicConstraints(univ.Sequence):
837 componentType = namedtype.NamedTypes(
838 namedtype.DefaultedNamedType('cA', univ.Boolean(False)),
839 namedtype.OptionalNamedType('pathLenConstraint',
840 univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
841 )
844id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9')
847class EDIPartyName(univ.Sequence):
848 componentType = namedtype.NamedTypes(
849 namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(
850 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
851 namedtype.NamedType('partyName',
852 DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
853 )
857id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27')
861class BaseDistance(univ.Integer):
862 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX)
865id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31')
868id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28')
873id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30')
876class DisplayText(univ.Choice):
877 componentType = namedtype.NamedTypes(
878 namedtype.NamedType('visibleString',
879 char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
880 namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
881 namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
882 )
885class NoticeReference(univ.Sequence):
886 componentType = namedtype.NamedTypes(
887 namedtype.NamedType('organization', DisplayText()),
888 namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer()))
889 )
892class UserNotice(univ.Sequence):
893 componentType = namedtype.NamedTypes(
894 namedtype.OptionalNamedType('noticeRef', NoticeReference()),
895 namedtype.OptionalNamedType('explicitText', DisplayText())
896 )
899class CPSuri(char.IA5String):
900 pass
903class PolicyQualifierId(univ.ObjectIdentifier):
904 subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice)
907class CertPolicyId(univ.ObjectIdentifier):
908 pass
911class PolicyQualifierInfo(univ.Sequence):
912 componentType = namedtype.NamedTypes(
913 namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
914 namedtype.NamedType('qualifier', univ.Any())
915 )
918id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32')
921class PolicyInformation(univ.Sequence):
922 componentType = namedtype.NamedTypes(
923 namedtype.NamedType('policyIdentifier', CertPolicyId()),
924 namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype(
925 subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
926 )
929class CertificatePolicies(univ.SequenceOf):
930 componentType = PolicyInformation()
931 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
934id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33')
937class PolicyMapping(univ.Sequence):
938 componentType = namedtype.NamedTypes(
939 namedtype.NamedType('issuerDomainPolicy', CertPolicyId()),
940 namedtype.NamedType('subjectDomainPolicy', CertPolicyId())
941 )
944class PolicyMappings(univ.SequenceOf):
945 componentType = PolicyMapping()
946 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
949id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16')
952class PrivateKeyUsagePeriod(univ.Sequence):
953 componentType = namedtype.NamedTypes(
954 namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(
955 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
956 namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(
957 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
958 )
961id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15')
964class KeyUsage(univ.BitString):
965 namedValues = namedval.NamedValues(
966 ('digitalSignature', 0),
967 ('nonRepudiation', 1),
968 ('keyEncipherment', 2),
969 ('dataEncipherment', 3),
970 ('keyAgreement', 4),
971 ('keyCertSign', 5),
972 ('cRLSign', 6),
973 ('encipherOnly', 7),
974 ('decipherOnly', 8)
975 )
978id_ce = univ.ObjectIdentifier('2.5.29')
980id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35')
983class KeyIdentifier(univ.OctetString):
984 pass
987id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14')
990class SubjectKeyIdentifier(KeyIdentifier):
991 pass
994id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29')
997id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17')
1000id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18')
1003class AttributeValue(univ.Any):
1004 pass
1007class AttributeType(univ.ObjectIdentifier):
1008 pass
1010certificateAttributesMap = {}
1013class AttributeTypeAndValue(univ.Sequence):
1014 componentType = namedtype.NamedTypes(
1015 namedtype.NamedType('type', AttributeType()),
1016 namedtype.NamedType('value', AttributeValue(),
1017 openType=opentype.OpenType('type', certificateAttributesMap))
1018 )
1021class Attribute(univ.Sequence):
1022 componentType = namedtype.NamedTypes(
1023 namedtype.NamedType('type', AttributeType()),
1024 namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
1025 )
1028class SubjectDirectoryAttributes(univ.SequenceOf):
1029 componentType = Attribute()
1030 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
1033class RelativeDistinguishedName(univ.SetOf):
1034 componentType = AttributeTypeAndValue()
1037class RDNSequence(univ.SequenceOf):
1038 componentType = RelativeDistinguishedName()
1041class Name(univ.Choice):
1042 componentType = namedtype.NamedTypes(
1043 namedtype.NamedType('', RDNSequence())
1044 )
1046class CertificateSerialNumber(univ.Integer):
1047 pass
1050class AnotherName(univ.Sequence):
1051 componentType = namedtype.NamedTypes(
1052 namedtype.NamedType('type-id', univ.ObjectIdentifier()),
1053 namedtype.NamedType('value',
1054 univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
1055 )
1058class GeneralName(univ.Choice):
1059 componentType = namedtype.NamedTypes(
1060 namedtype.NamedType('otherName',
1061 AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
1062 namedtype.NamedType('rfc822Name',
1063 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
1064 namedtype.NamedType('dNSName',
1065 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
1066 namedtype.NamedType('x400Address',
1067 ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
1068 namedtype.NamedType('directoryName',
1069 Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
1070 namedtype.NamedType('ediPartyName',
1071 EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
1072 namedtype.NamedType('uniformResourceIdentifier',
1073 char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
1074 namedtype.NamedType('iPAddress', univ.OctetString().subtype(
1075 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
1076 namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(
1077 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
1078 )
1081class GeneralNames(univ.SequenceOf):
1082 componentType = GeneralName()
1083 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
1086class AccessDescription(univ.Sequence):
1087 componentType = namedtype.NamedTypes(
1088 namedtype.NamedType('accessMethod', univ.ObjectIdentifier()),
1089 namedtype.NamedType('accessLocation', GeneralName())
1090 )
1093class AuthorityInfoAccessSyntax(univ.SequenceOf):
1094 componentType = AccessDescription()
1095 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
1098class AuthorityKeyIdentifier(univ.Sequence):
1099 componentType = namedtype.NamedTypes(
1100 namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(
1101 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
1102 namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(
1103 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
1104 namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(
1105 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
1106 )
1109class DistributionPointName(univ.Choice):
1110 componentType = namedtype.NamedTypes(
1111 namedtype.NamedType('fullName', GeneralNames().subtype(
1112 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
1113 namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(
1114 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
1115 )
1118class DistributionPoint(univ.Sequence):
1119 componentType = namedtype.NamedTypes(
1120 namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
1121 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
1122 namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(
1123 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
1124 namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(
1125 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
1126 )
1129class CRLDistPointsSyntax(univ.SequenceOf):
1130 componentType = DistributionPoint()
1131 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
1134class IssuingDistributionPoint(univ.Sequence):
1135 componentType = namedtype.NamedTypes(
1136 namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
1137 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
1138 namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype(
1139 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
1140 namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype(
1141 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
1142 namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(
1143 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
1144 namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype(
1145 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
1146 )
1149class GeneralSubtree(univ.Sequence):
1150 componentType = namedtype.NamedTypes(
1151 namedtype.NamedType('base', GeneralName()),
1152 namedtype.DefaultedNamedType('minimum', BaseDistance(0).subtype(
1153 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
1154 namedtype.OptionalNamedType('maximum', BaseDistance().subtype(
1155 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
1156 )
1159class GeneralSubtrees(univ.SequenceOf):
1160 componentType = GeneralSubtree()
1161 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
1164class NameConstraints(univ.Sequence):
1165 componentType = namedtype.NamedTypes(
1166 namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(
1167 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
1168 namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(
1169 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
1170 )
1173class CertificateIssuer(GeneralNames):
1174 pass
1177class SubjectAltName(GeneralNames):
1178 pass
1181class IssuerAltName(GeneralNames):
1182 pass
1185certificateExtensionsMap = {}
1188class Extension(univ.Sequence):
1189 componentType = namedtype.NamedTypes(
1190 namedtype.NamedType('extnID', univ.ObjectIdentifier()),
1191 namedtype.DefaultedNamedType('critical', univ.Boolean('False')),
1192 namedtype.NamedType('extnValue', univ.OctetString(),
1193 openType=opentype.OpenType('extnID', certificateExtensionsMap))
1194 )
1197class Extensions(univ.SequenceOf):
1198 componentType = Extension()
1199 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
1202class SubjectPublicKeyInfo(univ.Sequence):
1203 componentType = namedtype.NamedTypes(
1204 namedtype.NamedType('algorithm', AlgorithmIdentifier()),
1205 namedtype.NamedType('subjectPublicKey', univ.BitString())
1206 )
1209class UniqueIdentifier(univ.BitString):
1210 pass
1213class Time(univ.Choice):
1214 componentType = namedtype.NamedTypes(
1215 namedtype.NamedType('utcTime', useful.UTCTime()),
1216 namedtype.NamedType('generalTime', useful.GeneralizedTime())
1217 )
1220class Validity(univ.Sequence):
1221 componentType = namedtype.NamedTypes(
1222 namedtype.NamedType('notBefore', Time()),
1223 namedtype.NamedType('notAfter', Time())
1224 )
1227class Version(univ.Integer):
1228 namedValues = namedval.NamedValues(
1229 ('v1', 0), ('v2', 1), ('v3', 2)
1230 )
1233class TBSCertificate(univ.Sequence):
1234 componentType = namedtype.NamedTypes(
1235 namedtype.DefaultedNamedType('version', Version('v1').subtype(
1236 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
1237 namedtype.NamedType('serialNumber', CertificateSerialNumber()),
1238 namedtype.NamedType('signature', AlgorithmIdentifier()),
1239 namedtype.NamedType('issuer', Name()),
1240 namedtype.NamedType('validity', Validity()),
1241 namedtype.NamedType('subject', Name()),
1242 namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
1243 namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(
1244 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
1245 namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(
1246 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
1247 namedtype.OptionalNamedType('extensions', Extensions().subtype(
1248 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
1249 )
1252class Certificate(univ.Sequence):
1253 componentType = namedtype.NamedTypes(
1254 namedtype.NamedType('tbsCertificate', TBSCertificate()),
1255 namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
1256 namedtype.NamedType('signatureValue', univ.BitString())
1257 )
1259# CRL structures
1261class RevokedCertificate(univ.Sequence):
1262 componentType = namedtype.NamedTypes(
1263 namedtype.NamedType('userCertificate', CertificateSerialNumber()),
1264 namedtype.NamedType('revocationDate', Time()),
1265 namedtype.OptionalNamedType('crlEntryExtensions', Extensions())
1266 )
1269class TBSCertList(univ.Sequence):
1270 componentType = namedtype.NamedTypes(
1271 namedtype.OptionalNamedType('version', Version()),
1272 namedtype.NamedType('signature', AlgorithmIdentifier()),
1273 namedtype.NamedType('issuer', Name()),
1274 namedtype.NamedType('thisUpdate', Time()),
1275 namedtype.OptionalNamedType('nextUpdate', Time()),
1276 namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())),
1277 namedtype.OptionalNamedType('crlExtensions', Extensions().subtype(
1278 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
1279 )
1282class CertificateList(univ.Sequence):
1283 componentType = namedtype.NamedTypes(
1284 namedtype.NamedType('tbsCertList', TBSCertList()),
1285 namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
1286 namedtype.NamedType('signature', univ.BitString())
1287 )
1289# map of AttributeType -> AttributeValue
1291_certificateAttributesMapUpdate = {
1292 id_at_name: X520name(),
1293 id_at_surname: X520name(),
1294 id_at_givenName: X520name(),
1295 id_at_initials: X520name(),
1296 id_at_generationQualifier: X520name(),
1297 id_at_commonName: X520CommonName(),
1298 id_at_localityName: X520LocalityName(),
1299 id_at_stateOrProvinceName: X520StateOrProvinceName(),
1300 id_at_organizationName: X520OrganizationName(),
1301 id_at_organizationalUnitName: X520OrganizationalUnitName(),
1302 id_at_title: X520Title(),
1303 id_at_dnQualifier: X520dnQualifier(),
1304 id_at_countryName: X520countryName(),
1305 emailAddress: Pkcs9email(),
1306}
1308certificateAttributesMap.update(_certificateAttributesMapUpdate)
1311# map of Certificate Extension OIDs to Extensions
1313_certificateExtensionsMapUpdate = {
1314 id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(),
1315 id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(),
1316 id_ce_keyUsage: KeyUsage(),
1317 id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(),
1318 id_ce_certificatePolicies: CertificatePolicies(),
1319 id_ce_policyMappings: PolicyMappings(),
1320 id_ce_subjectAltName: SubjectAltName(),
1321 id_ce_issuerAltName: IssuerAltName(),
1322 id_ce_subjectDirectoryAttributes: SubjectDirectoryAttributes(),
1323 id_ce_basicConstraints: BasicConstraints(),
1324 id_ce_nameConstraints: NameConstraints(),
1325 id_ce_policyConstraints: PolicyConstraints(),
1326 id_ce_extKeyUsage: ExtKeyUsageSyntax(),
1327 id_ce_cRLDistributionPoints: CRLDistPointsSyntax(),
1328 id_pe_authorityInfoAccess: AuthorityInfoAccessSyntax(),
1329 id_ce_cRLNumber: univ.Integer(),
1330 id_ce_deltaCRLIndicator: BaseCRLNumber(),
1331 id_ce_issuingDistributionPoint: IssuingDistributionPoint(),
1332 id_ce_cRLReasons: CRLReason(),
1333 id_ce_holdInstructionCode: univ.ObjectIdentifier(),
1334 id_ce_invalidityDate: useful.GeneralizedTime(),
1335 id_ce_certificateIssuer: GeneralNames(),
1336}
1338certificateExtensionsMap.update(_certificateExtensionsMapUpdate)