Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# coding: utf-8
2#
3# This file is part of pyasn1-modules software.
4#
5# Created by Stanisław Pitucha with asn1ate tool.
6# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
7# License: http://snmplabs.com/pyasn1/license.html
8#
9# An Internet Attribute Certificate Profile for Authorization
10#
11# ASN.1 source from:
12# http://www.ietf.org/rfc/rfc3281.txt
13#
14from pyasn1.type import char
15from pyasn1.type import constraint
16from pyasn1.type import namedtype
17from pyasn1.type import namedval
18from pyasn1.type import tag
19from pyasn1.type import univ
20from pyasn1.type import useful
22from pyasn1_modules import rfc3280
24MAX = float('inf')
27def _buildOid(*components):
28 output = []
29 for x in tuple(components):
30 if isinstance(x, univ.ObjectIdentifier):
31 output.extend(list(x))
32 else:
33 output.append(int(x))
35 return univ.ObjectIdentifier(output)
38class ObjectDigestInfo(univ.Sequence):
39 pass
42ObjectDigestInfo.componentType = namedtype.NamedTypes(
43 namedtype.NamedType('digestedObjectType', univ.Enumerated(
44 namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))),
45 namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()),
46 namedtype.NamedType('digestAlgorithm', rfc3280.AlgorithmIdentifier()),
47 namedtype.NamedType('objectDigest', univ.BitString())
48)
51class IssuerSerial(univ.Sequence):
52 pass
55IssuerSerial.componentType = namedtype.NamedTypes(
56 namedtype.NamedType('issuer', rfc3280.GeneralNames()),
57 namedtype.NamedType('serial', rfc3280.CertificateSerialNumber()),
58 namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier())
59)
62class TargetCert(univ.Sequence):
63 pass
66TargetCert.componentType = namedtype.NamedTypes(
67 namedtype.NamedType('targetCertificate', IssuerSerial()),
68 namedtype.OptionalNamedType('targetName', rfc3280.GeneralName()),
69 namedtype.OptionalNamedType('certDigestInfo', ObjectDigestInfo())
70)
73class Target(univ.Choice):
74 pass
77Target.componentType = namedtype.NamedTypes(
78 namedtype.NamedType('targetName', rfc3280.GeneralName().subtype(
79 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
80 namedtype.NamedType('targetGroup', rfc3280.GeneralName().subtype(
81 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
82 namedtype.NamedType('targetCert',
83 TargetCert().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
84)
87class Targets(univ.SequenceOf):
88 pass
91Targets.componentType = Target()
94class ProxyInfo(univ.SequenceOf):
95 pass
98ProxyInfo.componentType = Targets()
100id_at_role = _buildOid(rfc3280.id_at, 72)
102id_pe_aaControls = _buildOid(rfc3280.id_pe, 6)
104id_ce_targetInformation = _buildOid(rfc3280.id_ce, 55)
106id_pe_ac_auditIdentity = _buildOid(rfc3280.id_pe, 4)
109class ClassList(univ.BitString):
110 pass
113ClassList.namedValues = namedval.NamedValues(
114 ('unmarked', 0),
115 ('unclassified', 1),
116 ('restricted', 2),
117 ('confidential', 3),
118 ('secret', 4),
119 ('topSecret', 5)
120)
123class SecurityCategory(univ.Sequence):
124 pass
127SecurityCategory.componentType = namedtype.NamedTypes(
128 namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
129 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
130 namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
131)
134class Clearance(univ.Sequence):
135 pass
138Clearance.componentType = namedtype.NamedTypes(
139 namedtype.NamedType('policyId', univ.ObjectIdentifier().subtype(
140 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
141 namedtype.DefaultedNamedType('classList',
142 ClassList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
143 tag.tagFormatSimple, 1)).subtype(
144 value="unclassified")),
145 namedtype.OptionalNamedType('securityCategories', univ.SetOf(componentType=SecurityCategory()).subtype(
146 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
147)
150class AttCertVersion(univ.Integer):
151 pass
154AttCertVersion.namedValues = namedval.NamedValues(
155 ('v2', 1)
156)
158id_aca = _buildOid(rfc3280.id_pkix, 10)
160id_at_clearance = _buildOid(2, 5, 1, 5, 55)
163class AttrSpec(univ.SequenceOf):
164 pass
167AttrSpec.componentType = univ.ObjectIdentifier()
170class AAControls(univ.Sequence):
171 pass
174AAControls.componentType = namedtype.NamedTypes(
175 namedtype.OptionalNamedType('pathLenConstraint',
176 univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
177 namedtype.OptionalNamedType('permittedAttrs',
178 AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
179 namedtype.OptionalNamedType('excludedAttrs',
180 AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
181 namedtype.DefaultedNamedType('permitUnSpecified', univ.Boolean().subtype(value=1))
182)
185class AttCertValidityPeriod(univ.Sequence):
186 pass
189AttCertValidityPeriod.componentType = namedtype.NamedTypes(
190 namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()),
191 namedtype.NamedType('notAfterTime', useful.GeneralizedTime())
192)
195id_aca_authenticationInfo = _buildOid(id_aca, 1)
198class V2Form(univ.Sequence):
199 pass
202V2Form.componentType = namedtype.NamedTypes(
203 namedtype.OptionalNamedType('issuerName', rfc3280.GeneralNames()),
204 namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
205 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
206 namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
207 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
208)
211class AttCertIssuer(univ.Choice):
212 pass
215AttCertIssuer.componentType = namedtype.NamedTypes(
216 namedtype.NamedType('v1Form', rfc3280.GeneralNames()),
217 namedtype.NamedType('v2Form',
218 V2Form().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
219)
222class Holder(univ.Sequence):
223 pass
226Holder.componentType = namedtype.NamedTypes(
227 namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
228 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
229 namedtype.OptionalNamedType('entityName', rfc3280.GeneralNames().subtype(
230 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
231 namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
232 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
233)
236class AttributeCertificateInfo(univ.Sequence):
237 pass
240AttributeCertificateInfo.componentType = namedtype.NamedTypes(
241 namedtype.NamedType('version', AttCertVersion()),
242 namedtype.NamedType('holder', Holder()),
243 namedtype.NamedType('issuer', AttCertIssuer()),
244 namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()),
245 namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()),
246 namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()),
247 namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())),
248 namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()),
249 namedtype.OptionalNamedType('extensions', rfc3280.Extensions())
250)
253class AttributeCertificate(univ.Sequence):
254 pass
257AttributeCertificate.componentType = namedtype.NamedTypes(
258 namedtype.NamedType('acinfo', AttributeCertificateInfo()),
259 namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()),
260 namedtype.NamedType('signatureValue', univ.BitString())
261)
263id_mod = _buildOid(rfc3280.id_pkix, 0)
265id_mod_attribute_cert = _buildOid(id_mod, 12)
267id_aca_accessIdentity = _buildOid(id_aca, 2)
270class RoleSyntax(univ.Sequence):
271 pass
274RoleSyntax.componentType = namedtype.NamedTypes(
275 namedtype.OptionalNamedType('roleAuthority', rfc3280.GeneralNames().subtype(
276 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
277 namedtype.NamedType('roleName',
278 rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
279)
281id_aca_chargingIdentity = _buildOid(id_aca, 3)
284class ACClearAttrs(univ.Sequence):
285 pass
288ACClearAttrs.componentType = namedtype.NamedTypes(
289 namedtype.NamedType('acIssuer', rfc3280.GeneralName()),
290 namedtype.NamedType('acSerial', univ.Integer()),
291 namedtype.NamedType('attrs', univ.SequenceOf(componentType=rfc3280.Attribute()))
292)
294id_aca_group = _buildOid(id_aca, 4)
296id_pe_ac_proxying = _buildOid(rfc3280.id_pe, 10)
299class SvceAuthInfo(univ.Sequence):
300 pass
303SvceAuthInfo.componentType = namedtype.NamedTypes(
304 namedtype.NamedType('service', rfc3280.GeneralName()),
305 namedtype.NamedType('ident', rfc3280.GeneralName()),
306 namedtype.OptionalNamedType('authInfo', univ.OctetString())
307)
310class IetfAttrSyntax(univ.Sequence):
311 pass
314IetfAttrSyntax.componentType = namedtype.NamedTypes(
315 namedtype.OptionalNamedType(
316 'policyAuthority', rfc3280.GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
317 ),
318 namedtype.NamedType(
319 'values', univ.SequenceOf(
320 componentType=univ.Choice(
321 componentType=namedtype.NamedTypes(
322 namedtype.NamedType('octets', univ.OctetString()),
323 namedtype.NamedType('oid', univ.ObjectIdentifier()),
324 namedtype.NamedType('string', char.UTF8String())
325 )
326 )
327 )
328 )
329)
331id_aca_encAttrs = _buildOid(id_aca, 6)