Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/scapy/asn1/mib.py: 44%
Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Philippe Biondi <phil@secdev.org>
5# Acknowledgment: Maxence Tury <maxence.tury@ssi.gouv.fr>
7"""
8Management Information Base (MIB) parsing
9"""
11import re
12from glob import glob
13from scapy.dadict import DADict, fixname
14from scapy.config import conf
15from scapy.utils import do_graph
16from scapy.compat import plain_str
18from typing import (
19 Any,
20 Dict,
21 List,
22 Optional,
23 Tuple,
24)
26#################
27# MIB parsing #
28#################
30_mib_re_integer = re.compile(r"^[0-9]+$")
31_mib_re_both = re.compile(r"^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$")
32_mib_re_oiddecl = re.compile(
33 r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT[^:\{\}]+::=\s*\{([^\}]+)\}", re.M)
34_mib_re_strings = re.compile(r'"[^"]*"')
35_mib_re_comments = re.compile(r'--.*(\r|\n)')
38class MIBDict(DADict[str, str]):
39 def _findroot(self, x):
40 # type: (str) -> Tuple[str, str, str]
41 """Internal MIBDict function used to find a partial OID"""
42 if x.startswith("."):
43 x = x[1:]
44 if not x.endswith("."):
45 x += "."
46 max = 0
47 root = "."
48 root_key = ""
49 for k in self:
50 if x.startswith(k + "."):
51 if max < len(k):
52 max = len(k)
53 root = self[k]
54 root_key = k
55 return root, root_key, x[max:-1]
57 def _oidname(self, x):
58 # type: (str) -> str
59 """Deduce the OID name from its OID ID"""
60 root, _, remainder = self._findroot(x)
61 return root + remainder
63 def _oid(self, x):
64 # type: (str) -> str
65 """Parse the OID id/OID generator, and return real OID"""
66 xl = x.strip(".").split(".")
67 p = len(xl) - 1
68 while p >= 0 and _mib_re_integer.match(xl[p]):
69 p -= 1
70 if p != 0 or xl[p] not in self.d.values():
71 return x
72 xl[p] = next(k for k, v in self.d.items() if v == xl[p])
73 return ".".join(xl[p:])
75 def _make_graph(self, other_keys=None, **kargs):
76 # type: (Optional[Any], **Any) -> None
77 if other_keys is None:
78 other_keys = []
79 nodes = [(self[key], key) for key in self.iterkeys()]
80 oids = set(self.iterkeys())
81 for k in other_keys:
82 if k not in oids:
83 nodes.append((self._oidname(k), k))
84 s = 'digraph "mib" {\n\trankdir=LR;\n\n'
85 for k, o in nodes:
86 s += '\t"%s" [ label="%s" ];\n' % (o, k)
87 s += "\n"
88 for k, o in nodes:
89 parent, parent_key, remainder = self._findroot(o[:-1])
90 remainder = remainder[1:] + o[-1]
91 if parent != ".":
92 parent = parent_key
93 s += '\t"%s" -> "%s" [label="%s"];\n' % (parent, o, remainder)
94 s += "}\n"
95 do_graph(s, **kargs)
98def _mib_register(ident, # type: str
99 value, # type: List[str]
100 the_mib, # type: Dict[str, List[str]]
101 unresolved, # type: Dict[str, List[str]]
102 alias, # type: Dict[str, str]
103 ):
104 # type: (...) -> bool
105 """
106 Internal function used to register an OID and its name in a MIBDict
107 """
108 if ident in the_mib:
109 # We have already resolved this one. Store the alias
110 alias[".".join(value)] = ident
111 return True
112 if ident in unresolved:
113 # We know we can't resolve this one
114 return False
115 resval = []
116 not_resolved = 0
117 # Resolve the OID
118 # (e.g. 2.basicConstraints.3 -> 2.2.5.29.19.3)
119 for v in value:
120 if _mib_re_integer.match(v):
121 resval.append(v)
122 else:
123 v = fixname(plain_str(v))
124 if v not in the_mib:
125 not_resolved = 1
126 if v in the_mib:
127 resval += the_mib[v]
128 elif v in unresolved:
129 resval += unresolved[v]
130 else:
131 resval.append(v)
132 if not_resolved:
133 # Unresolved
134 unresolved[ident] = resval
135 return False
136 else:
137 # Fully resolved
138 the_mib[ident] = resval
139 keys = list(unresolved)
140 i = 0
141 # Go through the unresolved to update the ones that
142 # depended on the one we just did
143 while i < len(keys):
144 k = keys[i]
145 if _mib_register(k, unresolved[k], the_mib, {}, alias):
146 # Now resolved: we can remove it from unresolved
147 del unresolved[k]
148 del keys[i]
149 i = 0
150 else:
151 i += 1
153 return True
156def load_mib(filenames):
157 # type: (str) -> None
158 """
159 Load the conf.mib dict from a list of filenames
160 """
161 the_mib = {'iso': ['1']}
162 unresolved = {} # type: Dict[str, List[str]]
163 alias = {} # type: Dict[str, str]
164 # Export the current MIB to a working dictionary
165 for k in conf.mib:
166 _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias)
168 # Read the files
169 if isinstance(filenames, (str, bytes)):
170 files_list = [filenames]
171 else:
172 files_list = filenames
173 for fnames in files_list:
174 for fname in glob(fnames):
175 with open(fname) as f:
176 text = f.read()
177 cleantext = " ".join(
178 _mib_re_strings.split(" ".join(_mib_re_comments.split(text)))
179 )
180 for m in _mib_re_oiddecl.finditer(cleantext):
181 gr = m.groups()
182 ident, oid_s = gr[0], gr[-1]
183 ident = fixname(ident)
184 oid_l = oid_s.split()
185 for i, elt in enumerate(oid_l):
186 m2 = _mib_re_both.match(elt)
187 if m2:
188 oid_l[i] = m2.groups()[1]
189 _mib_register(ident, oid_l, the_mib, unresolved, alias)
191 # Create the new MIB
192 newmib = MIBDict(_name="MIB")
193 # Add resolved values
194 for oid, key in the_mib.items():
195 newmib[".".join(key)] = oid
196 # Add unresolved values
197 for oid, key in unresolved.items():
198 newmib[".".join(key)] = oid
199 # Add aliases
200 for key_s, oid in alias.items():
201 newmib[key_s] = oid
203 conf.mib = newmib
206####################
207# OID references #
208####################
210# pkcs1 #
212pkcs1_oids = {
213 "1.2.840.113549.1.1.1": "rsaEncryption",
214 "1.2.840.113549.1.1.2": "md2WithRSAEncryption",
215 "1.2.840.113549.1.1.3": "md4WithRSAEncryption",
216 "1.2.840.113549.1.1.4": "md5WithRSAEncryption",
217 "1.2.840.113549.1.1.5": "sha1-with-rsa-signature",
218 "1.2.840.113549.1.1.6": "rsaOAEPEncryptionSET",
219 "1.2.840.113549.1.1.7": "id-RSAES-OAEP",
220 "1.2.840.113549.1.1.8": "id-mgf1",
221 "1.2.840.113549.1.1.9": "id-pSpecified",
222 "1.2.840.113549.1.1.10": "rsassa-pss",
223 "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
224 "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
225 "1.2.840.113549.1.1.13": "sha512WithRSAEncryption",
226 "1.2.840.113549.1.1.14": "sha224WithRSAEncryption"
227}
229# secsig oiw #
231secsig_oids = {
232 "1.3.14.3.2.26": "sha1"
233}
235# pkcs9 #
237pkcs9_oids = {
238 "1.2.840.113549.1.9.0": "modules",
239 "1.2.840.113549.1.9.1": "emailAddress",
240 "1.2.840.113549.1.9.2": "unstructuredName",
241 "1.2.840.113549.1.9.3": "contentType",
242 "1.2.840.113549.1.9.4": "messageDigest",
243 "1.2.840.113549.1.9.5": "signing-time",
244 "1.2.840.113549.1.9.6": "countersignature",
245 "1.2.840.113549.1.9.7": "challengePassword",
246 "1.2.840.113549.1.9.8": "unstructuredAddress",
247 "1.2.840.113549.1.9.9": "extendedCertificateAttributes",
248 "1.2.840.113549.1.9.13": "signingDescription",
249 "1.2.840.113549.1.9.14": "extensionRequest",
250 "1.2.840.113549.1.9.15": "smimeCapabilities",
251 "1.2.840.113549.1.9.16": "smime",
252 "1.2.840.113549.1.9.17": "pgpKeyID",
253 "1.2.840.113549.1.9.20": "friendlyName",
254 "1.2.840.113549.1.9.21": "localKeyID",
255 "1.2.840.113549.1.9.22": "certTypes",
256 "1.2.840.113549.1.9.23": "crlTypes",
257 "1.2.840.113549.1.9.24": "pkcs-9-oc",
258 "1.2.840.113549.1.9.25": "pkcs-9-at",
259 "1.2.840.113549.1.9.26": "pkcs-9-sx",
260 "1.2.840.113549.1.9.27": "pkcs-9-mr",
261 "1.2.840.113549.1.9.52": "id-aa-CMSAlgorithmProtection"
262}
264# x509 #
266attributeType_oids = {
267 "2.5.4.0": "objectClass",
268 "2.5.4.1": "aliasedEntryName",
269 "2.5.4.2": "knowledgeInformation",
270 "2.5.4.3": "commonName",
271 "2.5.4.4": "surname",
272 "2.5.4.5": "serialNumber",
273 "2.5.4.6": "countryName",
274 "2.5.4.7": "localityName",
275 "2.5.4.8": "stateOrProvinceName",
276 "2.5.4.9": "streetAddress",
277 "2.5.4.10": "organizationName",
278 "2.5.4.11": "organizationUnitName",
279 "2.5.4.12": "title",
280 "2.5.4.13": "description",
281 "2.5.4.14": "searchGuide",
282 "2.5.4.15": "businessCategory",
283 "2.5.4.16": "postalAddress",
284 "2.5.4.17": "postalCode",
285 "2.5.4.18": "postOfficeBox",
286 "2.5.4.19": "physicalDeliveryOfficeName",
287 "2.5.4.20": "telephoneNumber",
288 "2.5.4.21": "telexNumber",
289 "2.5.4.22": "teletexTerminalIdentifier",
290 "2.5.4.23": "facsimileTelephoneNumber",
291 "2.5.4.24": "x121Address",
292 "2.5.4.25": "internationalISDNNumber",
293 "2.5.4.26": "registeredAddress",
294 "2.5.4.27": "destinationIndicator",
295 "2.5.4.28": "preferredDeliveryMethod",
296 "2.5.4.29": "presentationAddress",
297 "2.5.4.30": "supportedApplicationContext",
298 "2.5.4.31": "member",
299 "2.5.4.32": "owner",
300 "2.5.4.33": "roleOccupant",
301 "2.5.4.34": "seeAlso",
302 "2.5.4.35": "userPassword",
303 "2.5.4.36": "userCertificate",
304 "2.5.4.37": "cACertificate",
305 "2.5.4.38": "authorityRevocationList",
306 "2.5.4.39": "certificateRevocationList",
307 "2.5.4.40": "crossCertificatePair",
308 "2.5.4.41": "name",
309 "2.5.4.42": "givenName",
310 "2.5.4.43": "initials",
311 "2.5.4.44": "generationQualifier",
312 "2.5.4.45": "uniqueIdentifier",
313 "2.5.4.46": "dnQualifier",
314 "2.5.4.47": "enhancedSearchGuide",
315 "2.5.4.48": "protocolInformation",
316 "2.5.4.49": "distinguishedName",
317 "2.5.4.50": "uniqueMember",
318 "2.5.4.51": "houseIdentifier",
319 "2.5.4.52": "supportedAlgorithms",
320 "2.5.4.53": "deltaRevocationList",
321 "2.5.4.54": "dmdName",
322 "2.5.4.55": "clearance",
323 "2.5.4.56": "defaultDirQop",
324 "2.5.4.57": "attributeIntegrityInfo",
325 "2.5.4.58": "attributeCertificate",
326 "2.5.4.59": "attributeCertificateRevocationList",
327 "2.5.4.60": "confKeyInfo",
328 "2.5.4.61": "aACertificate",
329 "2.5.4.62": "attributeDescriptorCertificate",
330 "2.5.4.63": "attributeAuthorityRevocationList",
331 "2.5.4.64": "family-information",
332 "2.5.4.65": "pseudonym",
333 "2.5.4.66": "communicationsService",
334 "2.5.4.67": "communicationsNetwork",
335 "2.5.4.68": "certificationPracticeStmt",
336 "2.5.4.69": "certificatePolicy",
337 "2.5.4.70": "pkiPath",
338 "2.5.4.71": "privPolicy",
339 "2.5.4.72": "role",
340 "2.5.4.73": "delegationPath",
341 "2.5.4.74": "protPrivPolicy",
342 "2.5.4.75": "xMLPrivilegeInfo",
343 "2.5.4.76": "xmlPrivPolicy",
344 "2.5.4.77": "uuidpair",
345 "2.5.4.78": "tagOid",
346 "2.5.4.79": "uiiFormat",
347 "2.5.4.80": "uiiInUrh",
348 "2.5.4.81": "contentUrl",
349 "2.5.4.82": "permission",
350 "2.5.4.83": "uri",
351 "2.5.4.84": "pwdAttribute",
352 "2.5.4.85": "userPwd",
353 "2.5.4.86": "urn",
354 "2.5.4.87": "url",
355 "2.5.4.88": "utmCoordinates",
356 "2.5.4.89": "urnC",
357 "2.5.4.90": "uii",
358 "2.5.4.91": "epc",
359 "2.5.4.92": "tagAfi",
360 "2.5.4.93": "epcFormat",
361 "2.5.4.94": "epcInUrn",
362 "2.5.4.95": "ldapUrl",
363 "2.5.4.96": "ldapUrl",
364 "2.5.4.97": "organizationIdentifier"
365}
367certificateExtension_oids = {
368 "2.5.29.1": "authorityKeyIdentifier(obsolete)",
369 "2.5.29.2": "keyAttributes",
370 "2.5.29.3": "certificatePolicies(obsolete)",
371 "2.5.29.4": "keyUsageRestriction",
372 "2.5.29.5": "policyMapping",
373 "2.5.29.6": "subtreesConstraint",
374 "2.5.29.7": "subjectAltName(obsolete)",
375 "2.5.29.8": "issuerAltName(obsolete)",
376 "2.5.29.9": "subjectDirectoryAttributes",
377 "2.5.29.10": "basicConstraints(obsolete)",
378 "2.5.29.14": "subjectKeyIdentifier",
379 "2.5.29.15": "keyUsage",
380 "2.5.29.16": "privateKeyUsagePeriod",
381 "2.5.29.17": "subjectAltName",
382 "2.5.29.18": "issuerAltName",
383 "2.5.29.19": "basicConstraints",
384 "2.5.29.20": "cRLNumber",
385 "2.5.29.21": "reasonCode",
386 "2.5.29.22": "expirationDate",
387 "2.5.29.23": "instructionCode",
388 "2.5.29.24": "invalidityDate",
389 "2.5.29.25": "cRLDistributionPoints(obsolete)",
390 "2.5.29.26": "issuingDistributionPoint(obsolete)",
391 "2.5.29.27": "deltaCRLIndicator",
392 "2.5.29.28": "issuingDistributionPoint",
393 "2.5.29.29": "certificateIssuer",
394 "2.5.29.30": "nameConstraints",
395 "2.5.29.31": "cRLDistributionPoints",
396 "2.5.29.32": "certificatePolicies",
397 "2.5.29.33": "policyMappings",
398 "2.5.29.34": "policyConstraints(obsolete)",
399 "2.5.29.35": "authorityKeyIdentifier",
400 "2.5.29.36": "policyConstraints",
401 "2.5.29.37": "extKeyUsage",
402 "2.5.29.38": "authorityAttributeIdentifier",
403 "2.5.29.39": "roleSpecCertIdentifier",
404 "2.5.29.40": "cRLStreamIdentifier",
405 "2.5.29.41": "basicAttConstraints",
406 "2.5.29.42": "delegatedNameConstraints",
407 "2.5.29.43": "timeSpecification",
408 "2.5.29.44": "cRLScope",
409 "2.5.29.45": "statusReferrals",
410 "2.5.29.46": "freshestCRL",
411 "2.5.29.47": "orderedList",
412 "2.5.29.48": "attributeDescriptor",
413 "2.5.29.49": "userNotice",
414 "2.5.29.50": "sOAIdentifier",
415 "2.5.29.51": "baseUpdateTime",
416 "2.5.29.52": "acceptableCertPolicies",
417 "2.5.29.53": "deltaInfo",
418 "2.5.29.54": "inhibitAnyPolicy",
419 "2.5.29.55": "targetInformation",
420 "2.5.29.56": "noRevAvail",
421 "2.5.29.57": "acceptablePrivilegePolicies",
422 "2.5.29.58": "id-ce-toBeRevoked",
423 "2.5.29.59": "id-ce-RevokedGroups",
424 "2.5.29.60": "id-ce-expiredCertsOnCRL",
425 "2.5.29.61": "indirectIssuer",
426 "2.5.29.62": "id-ce-noAssertion",
427 "2.5.29.63": "id-ce-aAissuingDistributionPoint",
428 "2.5.29.64": "id-ce-issuedOnBehaIFOF",
429 "2.5.29.65": "id-ce-singleUse",
430 "2.5.29.66": "id-ce-groupAC",
431 "2.5.29.67": "id-ce-allowedAttAss",
432 "2.5.29.68": "id-ce-attributeMappings",
433 "2.5.29.69": "id-ce-holderNameConstraints"
434}
436certExt_oids = {
437 "2.16.840.1.113730.1.1": "cert-type",
438 "2.16.840.1.113730.1.2": "base-url",
439 "2.16.840.1.113730.1.3": "revocation-url",
440 "2.16.840.1.113730.1.4": "ca-revocation-url",
441 "2.16.840.1.113730.1.5": "ca-crl-url",
442 "2.16.840.1.113730.1.6": "ca-cert-url",
443 "2.16.840.1.113730.1.7": "renewal-url",
444 "2.16.840.1.113730.1.8": "ca-policy-url",
445 "2.16.840.1.113730.1.9": "homepage-url",
446 "2.16.840.1.113730.1.10": "entity-logo",
447 "2.16.840.1.113730.1.11": "user-picture",
448 "2.16.840.1.113730.1.12": "ssl-server-name",
449 "2.16.840.1.113730.1.13": "comment",
450 "2.16.840.1.113730.1.14": "lost-password-url",
451 "2.16.840.1.113730.1.15": "cert-renewal-time",
452 "2.16.840.1.113730.1.16": "aia",
453 "2.16.840.1.113730.1.17": "cert-scope-of-use",
454}
456certPkixPe_oids = {
457 "1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
458 "1.3.6.1.5.5.7.1.2": "biometricInfo",
459 "1.3.6.1.5.5.7.1.3": "qcStatements",
460 "1.3.6.1.5.5.7.1.4": "auditIdentity",
461 "1.3.6.1.5.5.7.1.6": "aaControls",
462 "1.3.6.1.5.5.7.1.10": "proxying",
463 "1.3.6.1.5.5.7.1.11": "subjectInfoAccess"
464}
466certPkixQt_oids = {
467 "1.3.6.1.5.5.7.2.1": "cps",
468 "1.3.6.1.5.5.7.2.2": "unotice"
469}
471certPkixKp_oids = {
472 "1.3.6.1.5.5.7.3.1": "serverAuth",
473 "1.3.6.1.5.5.7.3.2": "clientAuth",
474 "1.3.6.1.5.5.7.3.3": "codeSigning",
475 "1.3.6.1.5.5.7.3.4": "emailProtection",
476 "1.3.6.1.5.5.7.3.5": "ipsecEndSystem",
477 "1.3.6.1.5.5.7.3.6": "ipsecTunnel",
478 "1.3.6.1.5.5.7.3.7": "ipsecUser",
479 "1.3.6.1.5.5.7.3.8": "timeStamping",
480 "1.3.6.1.5.5.7.3.9": "ocspSigning",
481 "1.3.6.1.5.5.7.3.10": "dvcs",
482 "1.3.6.1.5.5.7.3.21": "secureShellClient",
483 "1.3.6.1.5.5.7.3.22": "secureShellServer"
484}
486certPkixAd_oids = {
487 "1.3.6.1.5.5.7.48.1": "ocsp",
488 "1.3.6.1.5.5.7.48.2": "caIssuers",
489 "1.3.6.1.5.5.7.48.3": "timestamping",
490 "1.3.6.1.5.5.7.48.4": "id-ad-dvcs",
491 "1.3.6.1.5.5.7.48.5": "id-ad-caRepository",
492 "1.3.6.1.5.5.7.48.6": "id-pkix-ocsp-archive-cutoff",
493 "1.3.6.1.5.5.7.48.7": "id-pkix-ocsp-service-locator",
494 "1.3.6.1.5.5.7.48.12": "id-ad-cmc",
495 "1.3.6.1.5.5.7.48.1.1": "basic-response"
496}
498# ansi-x962 #
500x962KeyType_oids = {
501 "1.2.840.10045.1.1": "prime-field",
502 "1.2.840.10045.1.2": "characteristic-two-field",
503 "1.2.840.10045.2.1": "ecPublicKey",
504}
506x962Signature_oids = {
507 "1.2.840.10045.4.1": "ecdsa-with-SHA1",
508 "1.2.840.10045.4.2": "ecdsa-with-Recommended",
509 "1.2.840.10045.4.3.1": "ecdsa-with-SHA224",
510 "1.2.840.10045.4.3.2": "ecdsa-with-SHA256",
511 "1.2.840.10045.4.3.3": "ecdsa-with-SHA384",
512 "1.2.840.10045.4.3.4": "ecdsa-with-SHA512"
513}
515# elliptic curves #
517ansiX962Curve_oids = {
518 "1.2.840.10045.3.1.1": "prime192v1",
519 "1.2.840.10045.3.1.2": "prime192v2",
520 "1.2.840.10045.3.1.3": "prime192v3",
521 "1.2.840.10045.3.1.4": "prime239v1",
522 "1.2.840.10045.3.1.5": "prime239v2",
523 "1.2.840.10045.3.1.6": "prime239v3",
524 "1.2.840.10045.3.1.7": "prime256v1"
525}
527certicomCurve_oids = {
528 "1.3.132.0.1": "ansit163k1",
529 "1.3.132.0.2": "ansit163r1",
530 "1.3.132.0.3": "ansit239k1",
531 "1.3.132.0.4": "sect113r1",
532 "1.3.132.0.5": "sect113r2",
533 "1.3.132.0.6": "secp112r1",
534 "1.3.132.0.7": "secp112r2",
535 "1.3.132.0.8": "ansip160r1",
536 "1.3.132.0.9": "ansip160k1",
537 "1.3.132.0.10": "ansip256k1",
538 "1.3.132.0.15": "ansit163r2",
539 "1.3.132.0.16": "ansit283k1",
540 "1.3.132.0.17": "ansit283r1",
541 "1.3.132.0.22": "sect131r1",
542 "1.3.132.0.24": "ansit193r1",
543 "1.3.132.0.25": "ansit193r2",
544 "1.3.132.0.26": "ansit233k1",
545 "1.3.132.0.27": "ansit233r1",
546 "1.3.132.0.28": "secp128r1",
547 "1.3.132.0.29": "secp128r2",
548 "1.3.132.0.30": "ansip160r2",
549 "1.3.132.0.31": "ansip192k1",
550 "1.3.132.0.32": "ansip224k1",
551 "1.3.132.0.33": "ansip224r1",
552 "1.3.132.0.34": "ansip384r1",
553 "1.3.132.0.35": "ansip521r1",
554 "1.3.132.0.36": "ansit409k1",
555 "1.3.132.0.37": "ansit409r1",
556 "1.3.132.0.38": "ansit571k1",
557 "1.3.132.0.39": "ansit571r1"
558}
560# policies #
562certPolicy_oids = {
563 "2.5.29.32.0": "anyPolicy"
564}
566# from Chromium source code (ev_root_ca_metadata.cc)
567evPolicy_oids = {
568 '1.2.392.200091.100.721.1': 'EV Security Communication RootCA1',
569 '1.2.616.1.113527.2.5.1.1': 'EV Certum Trusted Network CA',
570 '1.3.159.1.17.1': 'EV Actualis Authentication Root CA',
571 '1.3.6.1.4.1.13177.10.1.3.10': 'EV Autoridad de Certificacion Firmaprofesional CIF A62634068',
572 '1.3.6.1.4.1.14370.1.6': 'EV GeoTrust Primary Certification Authority',
573 '1.3.6.1.4.1.14777.6.1.1': 'EV Izenpe.com roots Business',
574 '1.3.6.1.4.1.14777.6.1.2': 'EV Izenpe.com roots Government',
575 '1.3.6.1.4.1.17326.10.14.2.1.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
576 '1.3.6.1.4.1.17326.10.14.2.2.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
577 '1.3.6.1.4.1.17326.10.8.12.1.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
578 '1.3.6.1.4.1.17326.10.8.12.2.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
579 '1.3.6.1.4.1.22234.2.5.2.3.1': 'EV CertPlus Class 2 Primary CA (KEYNECTIS)',
580 '1.3.6.1.4.1.23223.1.1.1': 'EV StartCom Certification Authority',
581 '1.3.6.1.4.1.29836.1.10': 'EV China Internet Network Information Center EV Certificates Root',
582 '1.3.6.1.4.1.311.60.2.1.1': 'jurisdictionOfIncorporationLocalityName',
583 '1.3.6.1.4.1.311.60.2.1.2': 'jurisdictionOfIncorporationStateOrProvinceName',
584 '1.3.6.1.4.1.311.60.2.1.3': 'jurisdictionOfIncorporationCountryName',
585 '1.3.6.1.4.1.34697.2.1': 'EV AffirmTrust Commercial',
586 '1.3.6.1.4.1.34697.2.2': 'EV AffirmTrust Networking',
587 '1.3.6.1.4.1.34697.2.3': 'EV AffirmTrust Premium',
588 '1.3.6.1.4.1.34697.2.4': 'EV AffirmTrust Premium ECC',
589 '1.3.6.1.4.1.36305.2': 'EV Certificate Authority of WoSign',
590 '1.3.6.1.4.1.40869.1.1.22.3': 'EV TWCA Roots',
591 '1.3.6.1.4.1.4146.1.1': 'EV GlobalSign Root CAs',
592 '1.3.6.1.4.1.4788.2.202.1': 'EV D-TRUST Root Class 3 CA 2 EV 2009',
593 '1.3.6.1.4.1.6334.1.100.1': 'EV Cybertrust Global Root',
594 '1.3.6.1.4.1.6449.1.2.1.5.1': 'EV USERTrust Certification Authorities',
595 '1.3.6.1.4.1.781.1.2.1.8.1': 'EV Network Solutions Certificate Authority',
596 '1.3.6.1.4.1.782.1.2.1.8.1': 'EV AddTrust External CA Root',
597 '1.3.6.1.4.1.7879.13.24.1': 'EV T-Telessec GlobalRoot Class 3',
598 '1.3.6.1.4.1.8024.0.2.100.1.2': 'EV QuoVadis Roots',
599 '2.16.528.1.1003.1.2.7': 'EV Staat der Nederlanden EV Root CA',
600 '2.16.578.1.26.1.3.3': 'EV Buypass Class 3',
601 '2.16.756.1.83.21.0': 'EV Swisscom Root EV CA 2',
602 '2.16.756.1.89.1.2.1.1': 'EV SwissSign Gold CA - G2',
603 '2.16.792.3.0.4.1.1.4': 'EV E-Tugra Certification Authority',
604 '2.16.840.1.113733.1.7.23.6': 'EV VeriSign Certification Authorities',
605 '2.16.840.1.113733.1.7.48.1': 'EV thawte CAs',
606 '2.16.840.1.114028.10.1.2': 'EV Entrust Certification Authority',
607 '2.16.840.1.114171.500.9': 'EV Wells Fargo WellsSecure Public Root Certification Authority',
608 '2.16.840.1.114404.1.1.2.4.1': 'EV XRamp Global Certification Authority',
609 '2.16.840.1.114412.2.1': 'EV DigiCert High Assurance EV Root CA',
610 '2.16.840.1.114413.1.7.23.3': 'EV ValiCert Class 2 Policy Validation Authority',
611 '2.16.840.1.114414.1.7.23.3': 'EV Starfield Certificate Authority',
612 '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority'
613}
615# gssapi #
617gssapi_oids = {
618 '1.2.840.48018.1.2.2': 'MS KRB5 - Microsoft Kerberos 5',
619 '1.2.840.113554.1.2.2': 'Kerberos 5',
620 '1.2.840.113554.1.2.2.3': 'Kerberos 5 - User to User',
621 '1.3.6.1.5.2.5': 'Kerberos 5 - IAKERB',
622 '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation',
623 '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider',
624 '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism',
625}
628x509_oids_sets = [
629 pkcs1_oids,
630 secsig_oids,
631 pkcs9_oids,
632 attributeType_oids,
633 certificateExtension_oids,
634 certExt_oids,
635 certPkixPe_oids,
636 certPkixQt_oids,
637 certPkixKp_oids,
638 certPkixAd_oids,
639 certPolicy_oids,
640 evPolicy_oids,
641 x962KeyType_oids,
642 x962Signature_oids,
643 ansiX962Curve_oids,
644 certicomCurve_oids,
645 gssapi_oids,
646]
648x509_oids = {}
650for oids_set in x509_oids_sets:
651 x509_oids.update(oids_set)
653conf.mib = MIBDict(_name="MIB", **x509_oids)
656#########################
657# Hash mapping helper #
658#########################
660# This dict enables static access to string references to the hash functions
661# of some algorithms from pkcs1_oids and x962Signature_oids.
663hash_by_oid = {
664 "1.2.840.113549.1.1.2": "md2",
665 "1.2.840.113549.1.1.3": "md4",
666 "1.2.840.113549.1.1.4": "md5",
667 "1.2.840.113549.1.1.5": "sha1",
668 "1.2.840.113549.1.1.11": "sha256",
669 "1.2.840.113549.1.1.12": "sha384",
670 "1.2.840.113549.1.1.13": "sha512",
671 "1.2.840.113549.1.1.14": "sha224",
672 "1.2.840.10045.4.1": "sha1",
673 "1.2.840.10045.4.3.1": "sha224",
674 "1.2.840.10045.4.3.2": "sha256",
675 "1.2.840.10045.4.3.3": "sha384",
676 "1.2.840.10045.4.3.4": "sha512"
677}