Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/scapy/layers/x509.py: 84%
Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Philippe Biondi <phil@secdev.org>
5# Acknowledgment: Maxence Tury <maxence.tury@ssi.gouv.fr>
7# Cool history about this file: http://natisbad.org/scapy/index.html
9"""
10X.509 certificates.
11"""
13from scapy.asn1.mib import conf # loads conf.mib
14from scapy.asn1.asn1 import ASN1_Codecs, ASN1_OID, \
15 ASN1_IA5_STRING, ASN1_NULL, ASN1_PRINTABLE_STRING, \
16 ASN1_UTC_TIME, ASN1_UTF8_STRING
17from scapy.asn1packet import ASN1_Packet
18from scapy.asn1fields import (
19 ASN1F_BIT_STRING_ENCAPS,
20 ASN1F_BIT_STRING,
21 ASN1F_BMP_STRING,
22 ASN1F_BOOLEAN,
23 ASN1F_CHOICE,
24 ASN1F_enum_INTEGER,
25 ASN1F_ENUMERATED,
26 ASN1F_field,
27 ASN1F_FLAGS,
28 ASN1F_GENERALIZED_TIME,
29 ASN1F_IA5_STRING,
30 ASN1F_INTEGER,
31 ASN1F_ISO646_STRING,
32 ASN1F_NULL,
33 ASN1F_OID,
34 ASN1F_optional,
35 ASN1F_PACKET,
36 ASN1F_PRINTABLE_STRING,
37 ASN1F_SEQUENCE_OF,
38 ASN1F_SEQUENCE,
39 ASN1F_SET_OF,
40 ASN1F_STRING_PacketField,
41 ASN1F_STRING,
42 ASN1F_T61_STRING,
43 ASN1F_UNIVERSAL_STRING,
44 ASN1F_UTC_TIME,
45 ASN1F_UTF8_STRING,
46)
47from scapy.packet import Packet
48from scapy.fields import PacketField, MultipleTypeField
49from scapy.volatile import ZuluTime, GeneralizedTime
50from scapy.compat import plain_str
53class ASN1P_OID(ASN1_Packet):
54 ASN1_codec = ASN1_Codecs.BER
55 ASN1_root = ASN1F_OID("oid", "0")
58class ASN1P_INTEGER(ASN1_Packet):
59 ASN1_codec = ASN1_Codecs.BER
60 ASN1_root = ASN1F_INTEGER("number", 0)
63class ASN1P_PRIVSEQ(ASN1_Packet):
64 # This class gets used in x509.uts
65 # It showcases the private high-tag decoding capacities of scapy.
66 ASN1_codec = ASN1_Codecs.BER
67 ASN1_root = ASN1F_SEQUENCE(
68 ASN1F_IA5_STRING("str", ""),
69 ASN1F_STRING("int", 0),
70 explicit_tag=0,
71 flexible_tag=True)
74#######################
75# RSA packets #
76#######################
77# based on RFC 3447
79# It could be interesting to use os.urandom and try to generate
80# a new modulus each time RSAPublicKey is called with default values.
81# (We might have to dig into scapy field initialization mechanisms...)
82# NEVER rely on the key below, which is provided only for debugging purposes.
83class RSAPublicKey(ASN1_Packet):
84 ASN1_codec = ASN1_Codecs.BER
85 ASN1_root = ASN1F_SEQUENCE(
86 ASN1F_INTEGER("modulus", 10),
87 ASN1F_INTEGER("publicExponent", 3))
90class RSAOtherPrimeInfo(ASN1_Packet):
91 ASN1_codec = ASN1_Codecs.BER
92 ASN1_root = ASN1F_SEQUENCE(
93 ASN1F_INTEGER("prime", 0),
94 ASN1F_INTEGER("exponent", 0),
95 ASN1F_INTEGER("coefficient", 0))
98class RSAPrivateKey(ASN1_Packet):
99 ASN1_codec = ASN1_Codecs.BER
100 ASN1_root = ASN1F_SEQUENCE(
101 ASN1F_enum_INTEGER("version", 0, ["two-prime", "multi"]),
102 ASN1F_INTEGER("modulus", 10),
103 ASN1F_INTEGER("publicExponent", 3),
104 ASN1F_INTEGER("privateExponent", 3),
105 ASN1F_INTEGER("prime1", 2),
106 ASN1F_INTEGER("prime2", 5),
107 ASN1F_INTEGER("exponent1", 0),
108 ASN1F_INTEGER("exponent2", 3),
109 ASN1F_INTEGER("coefficient", 1),
110 ASN1F_optional(
111 ASN1F_SEQUENCE_OF("otherPrimeInfos", None,
112 RSAOtherPrimeInfo)))
114####################################
115# ECDSA packets #
116####################################
117# based on RFC 3279 & 5480 & 5915
120class ECFieldID(ASN1_Packet):
121 # No characteristic-two-field support for now.
122 ASN1_codec = ASN1_Codecs.BER
123 ASN1_root = ASN1F_SEQUENCE(
124 ASN1F_OID("fieldType", "prime-field"),
125 ASN1F_INTEGER("prime", 0))
128class ECCurve(ASN1_Packet):
129 ASN1_codec = ASN1_Codecs.BER
130 ASN1_root = ASN1F_SEQUENCE(
131 ASN1F_STRING("a", ""),
132 ASN1F_STRING("b", ""),
133 ASN1F_optional(
134 ASN1F_BIT_STRING("seed", None)))
137class ECSpecifiedDomain(ASN1_Packet):
138 ASN1_codec = ASN1_Codecs.BER
139 ASN1_root = ASN1F_SEQUENCE(
140 ASN1F_enum_INTEGER("version", 1, {1: "ecpVer1"}),
141 ASN1F_PACKET("fieldID", ECFieldID(), ECFieldID),
142 ASN1F_PACKET("curve", ECCurve(), ECCurve),
143 ASN1F_STRING("base", ""),
144 ASN1F_INTEGER("order", 0),
145 ASN1F_optional(
146 ASN1F_INTEGER("cofactor", None)))
149class ECParameters(ASN1_Packet):
150 ASN1_codec = ASN1_Codecs.BER
151 ASN1_root = ASN1F_CHOICE("curve", ASN1_OID("ansip384r1"),
152 ASN1F_OID, # for named curves
153 ASN1F_NULL, # for implicit curves
154 ECSpecifiedDomain)
157class ECDSAPublicKey(ASN1_Packet):
158 ASN1_codec = ASN1_Codecs.BER
159 ASN1_root = ASN1F_BIT_STRING("ecPoint", "")
162class ECDSAPrivateKey(ASN1_Packet):
163 ASN1_codec = ASN1_Codecs.BER
164 ASN1_root = ASN1F_SEQUENCE(
165 ASN1F_enum_INTEGER("version", 1, {1: "ecPrivkeyVer1"}),
166 ASN1F_STRING("privateKey", ""),
167 ASN1F_optional(
168 ASN1F_PACKET("parameters", None, ECParameters,
169 explicit_tag=0xa0)),
170 ASN1F_optional(
171 ASN1F_PACKET("publicKey", None,
172 ECDSAPublicKey,
173 explicit_tag=0xa1)))
176class ECDSASignature(ASN1_Packet):
177 ASN1_codec = ASN1_Codecs.BER
178 ASN1_root = ASN1F_SEQUENCE(
179 ASN1F_INTEGER("r", 0),
180 ASN1F_INTEGER("s", 0))
183####################################
184# x25519/x448 packets #
185####################################
186# based on RFC 8410
188class EdDSAPublicKey(ASN1_Packet):
189 ASN1_codec = ASN1_Codecs.BER
190 ASN1_root = ASN1F_BIT_STRING("ecPoint", "")
193class AlgorithmIdentifier(ASN1_Packet):
194 ASN1_codec = ASN1_Codecs.BER
195 ASN1_root = ASN1F_SEQUENCE(
196 ASN1F_OID("algorithm", None),
197 )
200class EdDSAPrivateKey(ASN1_Packet):
201 ASN1_codec = ASN1_Codecs.BER
202 ASN1_root = ASN1F_SEQUENCE(
203 ASN1F_enum_INTEGER("version", 1, {1: "ecPrivkeyVer1"}),
204 ASN1F_PACKET("privateKeyAlgorithm", AlgorithmIdentifier(), AlgorithmIdentifier),
205 ASN1F_STRING("privateKey", ""),
206 ASN1F_optional(
207 ASN1F_PACKET("publicKey", None,
208 ECDSAPublicKey,
209 explicit_tag=0xa1)))
212######################
213# X509 packets #
214######################
215# based on RFC 5280
218# Names #
220class ASN1F_X509_DirectoryString(ASN1F_CHOICE):
221 # we include ASN1 bit strings and bmp strings for rare instances of x500 addresses
222 def __init__(self, name, default, **kwargs):
223 ASN1F_CHOICE.__init__(self, name, default,
224 ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING,
225 ASN1F_IA5_STRING, ASN1F_T61_STRING,
226 ASN1F_UNIVERSAL_STRING, ASN1F_BIT_STRING,
227 ASN1F_BMP_STRING,
228 **kwargs)
231class X509_AttributeValue(ASN1_Packet):
232 ASN1_codec = ASN1_Codecs.BER
233 ASN1_root = ASN1F_CHOICE("value", ASN1_PRINTABLE_STRING("FR"),
234 ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING,
235 ASN1F_IA5_STRING, ASN1F_T61_STRING,
236 ASN1F_UNIVERSAL_STRING)
239class X509_Attribute(ASN1_Packet):
240 ASN1_codec = ASN1_Codecs.BER
241 ASN1_root = ASN1F_SEQUENCE(
242 ASN1F_OID("type", "2.5.4.6"),
243 ASN1F_SET_OF("values",
244 [X509_AttributeValue()],
245 X509_AttributeValue))
248class X509_AttributeTypeAndValue(ASN1_Packet):
249 ASN1_codec = ASN1_Codecs.BER
250 ASN1_root = ASN1F_SEQUENCE(
251 ASN1F_OID("type", "2.5.4.6"),
252 ASN1F_X509_DirectoryString("value",
253 ASN1_PRINTABLE_STRING("FR")))
256class X509_RDN(ASN1_Packet):
257 ASN1_codec = ASN1_Codecs.BER
258 ASN1_root = ASN1F_SET_OF("rdn", [X509_AttributeTypeAndValue()],
259 X509_AttributeTypeAndValue)
262class X509_OtherName(ASN1_Packet):
263 ASN1_codec = ASN1_Codecs.BER
264 ASN1_root = ASN1F_SEQUENCE(
265 ASN1F_OID("type_id", "0"),
266 ASN1F_CHOICE("value", None,
267 ASN1F_IA5_STRING, ASN1F_ISO646_STRING,
268 ASN1F_BMP_STRING, ASN1F_UTF8_STRING,
269 ASN1F_STRING,
270 explicit_tag=0xa0))
273class ASN1F_X509_otherName(ASN1F_SEQUENCE):
274 # field version of X509_OtherName, for usage in [MS-WCCE]
275 def __init__(self, **kargs):
276 seq = [ASN1F_SEQUENCE(*X509_OtherName.ASN1_root.seq,
277 implicit_tag=0xA0)]
278 ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
281class X509_RFC822Name(ASN1_Packet):
282 ASN1_codec = ASN1_Codecs.BER
283 ASN1_root = ASN1F_IA5_STRING("rfc822Name", "")
286class X509_DNSName(ASN1_Packet):
287 ASN1_codec = ASN1_Codecs.BER
288 ASN1_root = ASN1F_IA5_STRING("dNSName", "")
290# XXX write me
293class X509_X400Address(ASN1_Packet):
294 ASN1_codec = ASN1_Codecs.BER
295 ASN1_root = ASN1F_field("x400Address", "")
298_default_directoryName = [
299 X509_RDN(),
300 X509_RDN(
301 rdn=[X509_AttributeTypeAndValue(
302 type=ASN1_OID("2.5.4.10"),
303 value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]),
304 X509_RDN(
305 rdn=[X509_AttributeTypeAndValue(
306 type=ASN1_OID("2.5.4.3"),
307 value=ASN1_PRINTABLE_STRING("Scapy Default Name"))])
308]
311class X509_DirectoryName(ASN1_Packet):
312 ASN1_codec = ASN1_Codecs.BER
313 ASN1_root = ASN1F_SEQUENCE_OF("directoryName", _default_directoryName,
314 X509_RDN)
317class X509_EDIPartyName(ASN1_Packet):
318 ASN1_codec = ASN1_Codecs.BER
319 ASN1_root = ASN1F_SEQUENCE(
320 ASN1F_optional(
321 ASN1F_X509_DirectoryString("nameAssigner", None,
322 explicit_tag=0xa0)),
323 ASN1F_X509_DirectoryString("partyName", None,
324 explicit_tag=0xa1))
327class X509_URI(ASN1_Packet):
328 ASN1_codec = ASN1_Codecs.BER
329 ASN1_root = ASN1F_IA5_STRING("uniformResourceIdentifier", "")
332class X509_IPAddress(ASN1_Packet):
333 ASN1_codec = ASN1_Codecs.BER
334 ASN1_root = ASN1F_STRING("iPAddress", "")
337class X509_RegisteredID(ASN1_Packet):
338 ASN1_codec = ASN1_Codecs.BER
339 ASN1_root = ASN1F_OID("registeredID", "")
342class X509_GeneralName(ASN1_Packet):
343 ASN1_codec = ASN1_Codecs.BER
344 ASN1_root = ASN1F_CHOICE("generalName", X509_DirectoryName(),
345 ASN1F_PACKET("otherName", None, X509_OtherName,
346 implicit_tag=0xa0),
347 ASN1F_PACKET("rfc822Name", None, X509_RFC822Name,
348 implicit_tag=0x81),
349 ASN1F_PACKET("dNSName", None, X509_DNSName,
350 implicit_tag=0x82),
351 ASN1F_PACKET("x400Address", None, X509_X400Address, # noqa: E501
352 explicit_tag=0xa3),
353 ASN1F_PACKET("directoryName", None, X509_DirectoryName, # noqa: E501
354 explicit_tag=0xa4),
355 ASN1F_PACKET("ediPartyName", None, X509_EDIPartyName, # noqa: E501
356 explicit_tag=0xa5),
357 ASN1F_PACKET("uniformResourceIdentifier", None, X509_URI, # noqa: E501
358 implicit_tag=0x86),
359 ASN1F_PACKET("ipAddress", None, X509_IPAddress,
360 implicit_tag=0x87),
361 ASN1F_PACKET("registeredID", None, X509_RegisteredID, # noqa: E501
362 implicit_tag=0x88))
365# Extensions #
367class X509_ExtAuthorityKeyIdentifier(ASN1_Packet):
368 ASN1_codec = ASN1_Codecs.BER
369 ASN1_root = ASN1F_SEQUENCE(
370 ASN1F_optional(
371 ASN1F_STRING("keyIdentifier", b"\xff" * 20,
372 implicit_tag=0x80)),
373 ASN1F_optional(
374 ASN1F_SEQUENCE_OF("authorityCertIssuer", None,
375 X509_GeneralName,
376 implicit_tag=0xa1)),
377 ASN1F_optional(
378 ASN1F_INTEGER("authorityCertSerialNumber", None,
379 implicit_tag=0x82)))
382class X509_ExtSubjectDirectoryAttributes(ASN1_Packet):
383 ASN1_codec = ASN1_Codecs.BER
384 ASN1_root = ASN1F_SEQUENCE_OF("subjectDirectoryAttributes",
385 [X509_Attribute()],
386 X509_Attribute)
389class X509_ExtSubjectKeyIdentifier(ASN1_Packet):
390 ASN1_codec = ASN1_Codecs.BER
391 ASN1_root = ASN1F_STRING("keyIdentifier", "xff" * 20)
394class X509_ExtFullName(ASN1_Packet):
395 ASN1_codec = ASN1_Codecs.BER
396 ASN1_root = ASN1F_SEQUENCE_OF("fullName", [X509_GeneralName()],
397 X509_GeneralName, implicit_tag=0xa0)
400class X509_ExtNameRelativeToCRLIssuer(ASN1_Packet):
401 ASN1_codec = ASN1_Codecs.BER
402 ASN1_root = ASN1F_PACKET("nameRelativeToCRLIssuer", X509_RDN(), X509_RDN,
403 implicit_tag=0xa1)
406class X509_ExtDistributionPointName(ASN1_Packet):
407 ASN1_codec = ASN1_Codecs.BER
408 ASN1_root = ASN1F_CHOICE("distributionPointName", None,
409 X509_ExtFullName, X509_ExtNameRelativeToCRLIssuer)
412_reasons_mapping = ["unused",
413 "keyCompromise",
414 "cACompromise",
415 "affiliationChanged",
416 "superseded",
417 "cessationOfOperation",
418 "certificateHold",
419 "privilegeWithdrawn",
420 "aACompromise"]
423class X509_ExtDistributionPoint(ASN1_Packet):
424 ASN1_codec = ASN1_Codecs.BER
425 ASN1_root = ASN1F_SEQUENCE(
426 ASN1F_optional(
427 ASN1F_PACKET("distributionPoint",
428 X509_ExtDistributionPointName(),
429 X509_ExtDistributionPointName,
430 explicit_tag=0xa0)),
431 ASN1F_optional(
432 ASN1F_FLAGS("reasons", None, _reasons_mapping,
433 implicit_tag=0x81)),
434 ASN1F_optional(
435 ASN1F_SEQUENCE_OF("cRLIssuer", None,
436 X509_GeneralName,
437 implicit_tag=0xa2)))
440_ku_mapping = ["digitalSignature",
441 "nonRepudiation",
442 "keyEncipherment",
443 "dataEncipherment",
444 "keyAgreement",
445 "keyCertSign",
446 "cRLSign",
447 "encipherOnly",
448 "decipherOnly"]
451class X509_ExtKeyUsage(ASN1_Packet):
452 ASN1_codec = ASN1_Codecs.BER
453 ASN1_root = ASN1F_FLAGS("keyUsage", "101", _ku_mapping)
455 def get_keyUsage(self):
456 return self.ASN1_root.get_flags(self)
459class X509_ExtPrivateKeyUsagePeriod(ASN1_Packet):
460 ASN1_codec = ASN1_Codecs.BER
461 ASN1_root = ASN1F_SEQUENCE(
462 ASN1F_optional(
463 ASN1F_GENERALIZED_TIME("notBefore",
464 str(GeneralizedTime(-600)),
465 implicit_tag=0x80)),
466 ASN1F_optional(
467 ASN1F_GENERALIZED_TIME("notAfter",
468 str(GeneralizedTime(+86400)),
469 implicit_tag=0x81)))
472class X509_PolicyMapping(ASN1_Packet):
473 ASN1_codec = ASN1_Codecs.BER
474 ASN1_root = ASN1F_SEQUENCE(
475 ASN1F_OID("issuerDomainPolicy", None),
476 ASN1F_OID("subjectDomainPolicy", None))
479class X509_ExtPolicyMappings(ASN1_Packet):
480 ASN1_codec = ASN1_Codecs.BER
481 ASN1_root = ASN1F_SEQUENCE_OF("policyMappings", [], X509_PolicyMapping)
484class X509_ExtBasicConstraints(ASN1_Packet):
485 # The cA field should not be optional, but some certs omit it for False.
486 ASN1_codec = ASN1_Codecs.BER
487 ASN1_root = ASN1F_SEQUENCE(
488 ASN1F_optional(
489 ASN1F_BOOLEAN("cA", False)),
490 ASN1F_optional(
491 ASN1F_INTEGER("pathLenConstraint", None)))
494class X509_ExtCRLNumber(ASN1_Packet):
495 ASN1_codec = ASN1_Codecs.BER
496 ASN1_root = ASN1F_INTEGER("cRLNumber", 0)
499_cRL_reasons = ["unspecified",
500 "keyCompromise",
501 "cACompromise",
502 "affiliationChanged",
503 "superseded",
504 "cessationOfOperation",
505 "certificateHold",
506 "unused_reasonCode",
507 "removeFromCRL",
508 "privilegeWithdrawn",
509 "aACompromise"]
512class X509_ExtReasonCode(ASN1_Packet):
513 ASN1_codec = ASN1_Codecs.BER
514 ASN1_root = ASN1F_ENUMERATED("cRLReason", 0, _cRL_reasons)
517class X509_ExtDeltaCRLIndicator(ASN1_Packet):
518 ASN1_codec = ASN1_Codecs.BER
519 ASN1_root = ASN1F_INTEGER("deltaCRLIndicator", 0)
522class X509_ExtIssuingDistributionPoint(ASN1_Packet):
523 ASN1_codec = ASN1_Codecs.BER
524 ASN1_root = ASN1F_SEQUENCE(
525 ASN1F_optional(
526 ASN1F_PACKET("distributionPoint",
527 X509_ExtDistributionPointName(),
528 X509_ExtDistributionPointName,
529 explicit_tag=0xa0)),
530 ASN1F_BOOLEAN("onlyContainsUserCerts", False,
531 implicit_tag=0x81),
532 ASN1F_BOOLEAN("onlyContainsCACerts", False,
533 implicit_tag=0x82),
534 ASN1F_optional(
535 ASN1F_FLAGS("onlySomeReasons", None,
536 _reasons_mapping,
537 implicit_tag=0x83)),
538 ASN1F_BOOLEAN("indirectCRL", False,
539 implicit_tag=0x84),
540 ASN1F_BOOLEAN("onlyContainsAttributeCerts", False,
541 implicit_tag=0x85))
544class X509_ExtCertificateIssuer(ASN1_Packet):
545 ASN1_codec = ASN1_Codecs.BER
546 ASN1_root = ASN1F_SEQUENCE_OF("certificateIssuer", [], X509_GeneralName)
549class X509_ExtInvalidityDate(ASN1_Packet):
550 ASN1_codec = ASN1_Codecs.BER
551 ASN1_root = ASN1F_GENERALIZED_TIME("invalidityDate", str(ZuluTime(+86400)))
554class X509_ExtSubjectAltName(ASN1_Packet):
555 ASN1_codec = ASN1_Codecs.BER
556 ASN1_root = ASN1F_SEQUENCE_OF("subjectAltName", [], X509_GeneralName)
559class X509_ExtIssuerAltName(ASN1_Packet):
560 ASN1_codec = ASN1_Codecs.BER
561 ASN1_root = ASN1F_SEQUENCE_OF("issuerAltName", [], X509_GeneralName)
564class X509_ExtGeneralSubtree(ASN1_Packet):
565 # 'minimum' is not optional in RFC 5280, yet it is in some implementations.
566 ASN1_codec = ASN1_Codecs.BER
567 ASN1_root = ASN1F_SEQUENCE(
568 ASN1F_PACKET("base", X509_GeneralName(), X509_GeneralName),
569 ASN1F_optional(
570 ASN1F_INTEGER("minimum", None, implicit_tag=0x80)),
571 ASN1F_optional(
572 ASN1F_INTEGER("maximum", None, implicit_tag=0x81)))
575class X509_ExtNameConstraints(ASN1_Packet):
576 ASN1_codec = ASN1_Codecs.BER
577 ASN1_root = ASN1F_SEQUENCE(
578 ASN1F_optional(
579 ASN1F_SEQUENCE_OF("permittedSubtrees", None,
580 X509_ExtGeneralSubtree,
581 implicit_tag=0xa0)),
582 ASN1F_optional(
583 ASN1F_SEQUENCE_OF("excludedSubtrees", None,
584 X509_ExtGeneralSubtree,
585 implicit_tag=0xa1)))
588class X509_ExtPolicyConstraints(ASN1_Packet):
589 ASN1_codec = ASN1_Codecs.BER
590 ASN1_root = ASN1F_SEQUENCE(
591 ASN1F_optional(
592 ASN1F_INTEGER("requireExplicitPolicy", None,
593 implicit_tag=0x80)),
594 ASN1F_optional(
595 ASN1F_INTEGER("inhibitPolicyMapping", None,
596 implicit_tag=0x81)))
599class X509_ExtExtendedKeyUsage(ASN1_Packet):
600 ASN1_codec = ASN1_Codecs.BER
601 ASN1_root = ASN1F_SEQUENCE_OF("extendedKeyUsage", [], ASN1P_OID)
603 def get_extendedKeyUsage(self):
604 eku_array = self.extendedKeyUsage
605 return [eku.oid.oidname for eku in eku_array]
608class X509_ExtNoticeReference(ASN1_Packet):
609 ASN1_codec = ASN1_Codecs.BER
610 ASN1_root = ASN1F_SEQUENCE(
611 ASN1F_CHOICE("organization",
612 ASN1_UTF8_STRING("Dummy Organization"),
613 ASN1F_IA5_STRING, ASN1F_ISO646_STRING,
614 ASN1F_BMP_STRING, ASN1F_UTF8_STRING),
615 ASN1F_SEQUENCE_OF("noticeNumbers", [], ASN1P_INTEGER))
618class X509_ExtUserNotice(ASN1_Packet):
619 ASN1_codec = ASN1_Codecs.BER
620 ASN1_root = ASN1F_SEQUENCE(
621 ASN1F_optional(
622 ASN1F_PACKET("noticeRef", None,
623 X509_ExtNoticeReference)),
624 ASN1F_optional(
625 ASN1F_CHOICE("explicitText",
626 ASN1_UTF8_STRING("Dummy ExplicitText"),
627 ASN1F_IA5_STRING, ASN1F_ISO646_STRING,
628 ASN1F_BMP_STRING, ASN1F_UTF8_STRING)))
631class X509_ExtPolicyQualifierInfo(ASN1_Packet):
632 ASN1_codec = ASN1_Codecs.BER
633 ASN1_root = ASN1F_SEQUENCE(
634 ASN1F_OID("policyQualifierId", "1.3.6.1.5.5.7.2.1"),
635 ASN1F_CHOICE("qualifier", ASN1_IA5_STRING("cps_str"),
636 ASN1F_IA5_STRING, X509_ExtUserNotice))
639class X509_ExtPolicyInformation(ASN1_Packet):
640 ASN1_codec = ASN1_Codecs.BER
641 ASN1_root = ASN1F_SEQUENCE(
642 ASN1F_OID("policyIdentifier", "2.5.29.32.0"),
643 ASN1F_optional(
644 ASN1F_SEQUENCE_OF("policyQualifiers", None,
645 X509_ExtPolicyQualifierInfo)))
648class X509_ExtCertificatePolicies(ASN1_Packet):
649 ASN1_codec = ASN1_Codecs.BER
650 ASN1_root = ASN1F_SEQUENCE_OF("certificatePolicies",
651 [X509_ExtPolicyInformation()],
652 X509_ExtPolicyInformation)
655class X509_ExtCRLDistributionPoints(ASN1_Packet):
656 ASN1_codec = ASN1_Codecs.BER
657 ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints",
658 [X509_ExtDistributionPoint()],
659 X509_ExtDistributionPoint)
662class X509_ExtInhibitAnyPolicy(ASN1_Packet):
663 ASN1_codec = ASN1_Codecs.BER
664 ASN1_root = ASN1F_INTEGER("skipCerts", 0)
667class X509_ExtFreshestCRL(ASN1_Packet):
668 ASN1_codec = ASN1_Codecs.BER
669 ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints",
670 [X509_ExtDistributionPoint()],
671 X509_ExtDistributionPoint)
674class X509_AccessDescription(ASN1_Packet):
675 ASN1_codec = ASN1_Codecs.BER
676 ASN1_root = ASN1F_SEQUENCE(
677 ASN1F_OID("accessMethod", "0"),
678 ASN1F_PACKET("accessLocation", X509_GeneralName(),
679 X509_GeneralName))
682class X509_ExtAuthInfoAccess(ASN1_Packet):
683 ASN1_codec = ASN1_Codecs.BER
684 ASN1_root = ASN1F_SEQUENCE_OF("authorityInfoAccess",
685 [X509_AccessDescription()],
686 X509_AccessDescription)
689class X509_ExtQcStatement(ASN1_Packet):
690 ASN1_codec = ASN1_Codecs.BER
691 ASN1_root = ASN1F_SEQUENCE(
692 ASN1F_OID("statementId", "0.4.0.1862.1.1"),
693 ASN1F_optional(
694 ASN1F_field("statementInfo", None)))
697class X509_ExtQcStatements(ASN1_Packet):
698 ASN1_codec = ASN1_Codecs.BER
699 ASN1_root = ASN1F_SEQUENCE_OF("qcStatements",
700 [X509_ExtQcStatement()],
701 X509_ExtQcStatement)
704class X509_ExtSubjInfoAccess(ASN1_Packet):
705 ASN1_codec = ASN1_Codecs.BER
706 ASN1_root = ASN1F_SEQUENCE_OF("subjectInfoAccess",
707 [X509_AccessDescription()],
708 X509_AccessDescription)
711class X509_ExtNetscapeCertType(ASN1_Packet):
712 ASN1_codec = ASN1_Codecs.BER
713 ASN1_root = ASN1F_BIT_STRING("netscapeCertType", "")
716class X509_ExtComment(ASN1_Packet):
717 ASN1_codec = ASN1_Codecs.BER
718 ASN1_root = ASN1F_CHOICE("comment",
719 ASN1_UTF8_STRING("Dummy comment."),
720 ASN1F_IA5_STRING, ASN1F_ISO646_STRING,
721 ASN1F_BMP_STRING, ASN1F_UTF8_STRING)
724class X509_ExtCertificateTemplateName(ASN1_Packet):
725 ASN1_codec = ASN1_Codecs.BER
726 ASN1_root = ASN1F_BMP_STRING("Name", b"")
729class X509_ExtOidNTDSCaSecurity(ASN1_Packet):
730 ASN1_codec = ASN1_Codecs.BER
731 ASN1_root = ASN1F_X509_otherName()
732 type_id = ASN1_OID("1.3.6.1.4.1.311.25.2.1")
733 value = ASN1_UTF8_STRING("")
736# oid-info.com shows that some extensions share multiple OIDs.
737# Here we only reproduce those written in RFC5280.
738_ext_mapping = {
739 "2.5.29.9": X509_ExtSubjectDirectoryAttributes,
740 "2.5.29.14": X509_ExtSubjectKeyIdentifier,
741 "2.5.29.15": X509_ExtKeyUsage,
742 "2.5.29.16": X509_ExtPrivateKeyUsagePeriod,
743 "2.5.29.17": X509_ExtSubjectAltName,
744 "2.5.29.18": X509_ExtIssuerAltName,
745 "2.5.29.19": X509_ExtBasicConstraints,
746 "2.5.29.20": X509_ExtCRLNumber,
747 "2.5.29.21": X509_ExtReasonCode,
748 "2.5.29.24": X509_ExtInvalidityDate,
749 "2.5.29.27": X509_ExtDeltaCRLIndicator,
750 "2.5.29.28": X509_ExtIssuingDistributionPoint,
751 "2.5.29.29": X509_ExtCertificateIssuer,
752 "2.5.29.30": X509_ExtNameConstraints,
753 "2.5.29.31": X509_ExtCRLDistributionPoints,
754 "2.5.29.32": X509_ExtCertificatePolicies,
755 "2.5.29.33": X509_ExtPolicyMappings,
756 "2.5.29.35": X509_ExtAuthorityKeyIdentifier,
757 "2.5.29.36": X509_ExtPolicyConstraints,
758 "2.5.29.37": X509_ExtExtendedKeyUsage,
759 "2.5.29.46": X509_ExtFreshestCRL,
760 "2.5.29.54": X509_ExtInhibitAnyPolicy,
761 "2.16.840.1.113730.1.1": X509_ExtNetscapeCertType,
762 "2.16.840.1.113730.1.13": X509_ExtComment,
763 "1.3.6.1.4.1.311.20.2": X509_ExtCertificateTemplateName,
764 "1.3.6.1.4.1.311.25.2": X509_ExtOidNTDSCaSecurity,
765 "1.3.6.1.5.5.7.1.1": X509_ExtAuthInfoAccess,
766 "1.3.6.1.5.5.7.1.3": X509_ExtQcStatements,
767 "1.3.6.1.5.5.7.1.11": X509_ExtSubjInfoAccess
768}
771class _X509_ExtField(ASN1F_STRING_PacketField):
772 def m2i(self, pkt, s):
773 val = super(_X509_ExtField, self).m2i(pkt, s)
774 if not val[0].val:
775 return val
776 if pkt.extnID.val in _ext_mapping:
777 return (
778 _ext_mapping[pkt.extnID.val](val[0].val, _underlayer=pkt),
779 val[1],
780 )
781 return val
784class ASN1F_EXT_SEQUENCE(ASN1F_SEQUENCE):
785 def __init__(self, **kargs):
786 seq = [ASN1F_OID("extnID", "2.5.29.19"),
787 ASN1F_optional(
788 ASN1F_BOOLEAN("critical", False)),
789 _X509_ExtField("extnValue", X509_ExtBasicConstraints())]
790 ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
793class X509_Extension(ASN1_Packet):
794 ASN1_codec = ASN1_Codecs.BER
795 ASN1_root = ASN1F_EXT_SEQUENCE()
798class X509_Extensions(ASN1_Packet):
799 # we use this in OCSP status requests, in tls/handshake.py
800 ASN1_codec = ASN1_Codecs.BER
801 ASN1_root = ASN1F_optional(
802 ASN1F_SEQUENCE_OF("extensions",
803 None, X509_Extension))
806# Public key wrapper #
808class X509_AlgorithmIdentifier(ASN1_Packet):
809 ASN1_codec = ASN1_Codecs.BER
810 ASN1_root = ASN1F_SEQUENCE(
811 ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"),
812 ASN1F_optional(
813 ASN1F_CHOICE("parameters", ASN1_NULL(0),
814 ASN1F_NULL, ECParameters)))
817class ASN1F_X509_SubjectPublicKeyInfo(ASN1F_SEQUENCE):
818 def __init__(self, **kargs):
819 seq = [ASN1F_PACKET("signatureAlgorithm",
820 X509_AlgorithmIdentifier(),
821 X509_AlgorithmIdentifier),
822 MultipleTypeField(
823 [
824 (ASN1F_BIT_STRING_ENCAPS("subjectPublicKey",
825 RSAPublicKey(),
826 RSAPublicKey),
827 lambda pkt: "rsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501
828 (ASN1F_PACKET("subjectPublicKey",
829 ECDSAPublicKey(),
830 ECDSAPublicKey),
831 lambda pkt: "ecPublicKey" == pkt.signatureAlgorithm.algorithm.oidname), # noqa: E501
832 (ASN1F_PACKET("subjectPublicKey",
833 EdDSAPublicKey(),
834 EdDSAPublicKey),
835 lambda pkt: pkt.signatureAlgorithm.algorithm.oidname in ["Ed25519", "Ed448"]), # noqa: E501
836 ],
837 ASN1F_BIT_STRING("subjectPublicKey", ""))]
838 ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
841class X509_SubjectPublicKeyInfo(ASN1_Packet):
842 ASN1_codec = ASN1_Codecs.BER
843 ASN1_root = ASN1F_X509_SubjectPublicKeyInfo()
846# OpenSSL compatibility wrappers #
848# XXX As ECDSAPrivateKey already uses the structure from RFC 5958,
849# and as we would prefer encapsulated RSA private keys to be parsed,
850# this lazy implementation actually supports RSA encoding only.
851# We'd rather call it RSAPrivateKey_OpenSSL than X509_PrivateKeyInfo.
852class RSAPrivateKey_OpenSSL(ASN1_Packet):
853 ASN1_codec = ASN1_Codecs.BER
854 ASN1_root = ASN1F_SEQUENCE(
855 ASN1F_enum_INTEGER("version", 0, ["v1", "v2"]),
856 ASN1F_PACKET("privateKeyAlgorithm",
857 X509_AlgorithmIdentifier(),
858 X509_AlgorithmIdentifier),
859 ASN1F_PACKET("privateKey",
860 RSAPrivateKey(),
861 RSAPrivateKey,
862 explicit_tag=0x04),
863 ASN1F_optional(
864 ASN1F_PACKET("parameters", None, ECParameters,
865 explicit_tag=0xa0)),
866 ASN1F_optional(
867 ASN1F_PACKET("publicKey", None,
868 ECDSAPublicKey,
869 explicit_tag=0xa1)))
871# We need this hack because ECParameters parsing below must return
872# a Padding payload, and making the ASN1_Packet class have Padding
873# instead of Raw payload would break things...
876class _PacketFieldRaw(PacketField):
877 def getfield(self, pkt, s):
878 i = self.m2i(pkt, s)
879 remain = ""
880 if conf.raw_layer in i:
881 r = i[conf.raw_layer]
882 del r.underlayer.payload
883 remain = r.load
884 return remain, i
887class ECDSAPrivateKey_OpenSSL(Packet):
888 name = "ECDSA Params + Private Key"
889 fields_desc = [_PacketFieldRaw("ecparam",
890 ECParameters(),
891 ECParameters),
892 PacketField("privateKey",
893 ECDSAPrivateKey(),
894 ECDSAPrivateKey)]
897# TBSCertificate & Certificate #
899_default_issuer = [
900 X509_RDN(),
901 X509_RDN(
902 rdn=[X509_AttributeTypeAndValue(
903 type=ASN1_OID("2.5.4.10"),
904 value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]),
905 X509_RDN(
906 rdn=[X509_AttributeTypeAndValue(
907 type=ASN1_OID("2.5.4.3"),
908 value=ASN1_PRINTABLE_STRING("Scapy Default Issuer"))])
909]
911_default_subject = [
912 X509_RDN(),
913 X509_RDN(
914 rdn=[X509_AttributeTypeAndValue(
915 type=ASN1_OID("2.5.4.10"),
916 value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]),
917 X509_RDN(
918 rdn=[X509_AttributeTypeAndValue(
919 type=ASN1_OID("2.5.4.3"),
920 value=ASN1_PRINTABLE_STRING("Scapy Default Subject"))])
921]
924class X509_Validity(ASN1_Packet):
925 ASN1_codec = ASN1_Codecs.BER
926 ASN1_root = ASN1F_SEQUENCE(
927 ASN1F_CHOICE("not_before",
928 ASN1_UTC_TIME(str(ZuluTime(-600))),
929 ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME),
930 ASN1F_CHOICE("not_after",
931 ASN1_UTC_TIME(str(ZuluTime(+86400))),
932 ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME))
935_attrName_mapping = [
936 ("countryName", "C"),
937 ("stateOrProvinceName", "ST"),
938 ("localityName", "L"),
939 ("organizationName", "O"),
940 ("organizationUnitName", "OU"),
941 ("commonName", "CN")
942]
943_attrName_specials = [name for name, symbol in _attrName_mapping]
946class X509_TBSCertificate(ASN1_Packet):
947 ASN1_codec = ASN1_Codecs.BER
948 ASN1_root = ASN1F_SEQUENCE(
949 ASN1F_optional(
950 ASN1F_enum_INTEGER("version", 0x2, ["v1", "v2", "v3"],
951 explicit_tag=0xa0)),
952 ASN1F_INTEGER("serialNumber", 1),
953 ASN1F_PACKET("signature",
954 X509_AlgorithmIdentifier(),
955 X509_AlgorithmIdentifier),
956 ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN),
957 ASN1F_PACKET("validity",
958 X509_Validity(),
959 X509_Validity),
960 ASN1F_SEQUENCE_OF("subject", _default_subject, X509_RDN),
961 ASN1F_PACKET("subjectPublicKeyInfo",
962 X509_SubjectPublicKeyInfo(),
963 X509_SubjectPublicKeyInfo),
964 ASN1F_optional(
965 ASN1F_BIT_STRING("issuerUniqueID", None,
966 implicit_tag=0x81)),
967 ASN1F_optional(
968 ASN1F_BIT_STRING("subjectUniqueID", None,
969 implicit_tag=0x82)),
970 ASN1F_optional(
971 ASN1F_SEQUENCE_OF("extensions",
972 [X509_Extension()],
973 X509_Extension,
974 explicit_tag=0xa3)))
976 def get_issuer(self):
977 attrs = self.issuer
978 attrsDict = {}
979 for attr in attrs:
980 # we assume there is only one name in each rdn ASN1_SET
981 attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501
982 return attrsDict
984 def get_issuer_str(self):
985 """
986 Returns a one-line string containing every type/value
987 in a rather specific order. sorted() built-in ensures unicity.
988 """
989 name_str = ""
990 attrsDict = self.get_issuer()
991 for attrType, attrSymbol in _attrName_mapping:
992 if attrType in attrsDict:
993 name_str += "/" + attrSymbol + "="
994 name_str += attrsDict[attrType]
995 for attrType in sorted(attrsDict):
996 if attrType not in _attrName_specials:
997 name_str += "/" + attrType + "="
998 name_str += attrsDict[attrType]
999 return name_str
1001 def get_subject(self):
1002 attrs = self.subject
1003 attrsDict = {}
1004 for attr in attrs:
1005 # we assume there is only one name in each rdn ASN1_SET
1006 attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501
1007 return attrsDict
1009 def get_subject_str(self):
1010 name_str = ""
1011 attrsDict = self.get_subject()
1012 for attrType, attrSymbol in _attrName_mapping:
1013 if attrType in attrsDict:
1014 name_str += "/" + attrSymbol + "="
1015 name_str += attrsDict[attrType]
1016 for attrType in sorted(attrsDict):
1017 if attrType not in _attrName_specials:
1018 name_str += "/" + attrType + "="
1019 name_str += attrsDict[attrType]
1020 return name_str
1023class ASN1F_X509_Cert(ASN1F_SEQUENCE):
1024 def __init__(self, **kargs):
1025 seq = [ASN1F_PACKET("tbsCertificate",
1026 X509_TBSCertificate(),
1027 X509_TBSCertificate),
1028 ASN1F_PACKET("signatureAlgorithm",
1029 X509_AlgorithmIdentifier(),
1030 X509_AlgorithmIdentifier),
1031 MultipleTypeField(
1032 [
1033 (ASN1F_BIT_STRING_ENCAPS("signatureValue",
1034 ECDSASignature(),
1035 ECDSASignature),
1036 lambda pkt: "ecdsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501
1037 ],
1038 ASN1F_BIT_STRING("signatureValue",
1039 "defaultsignature" * 2))]
1040 ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
1043class X509_Cert(ASN1_Packet):
1044 ASN1_codec = ASN1_Codecs.BER
1045 ASN1_root = ASN1F_X509_Cert()
1048# TBSCertList & CRL #
1050class X509_RevokedCertificate(ASN1_Packet):
1051 ASN1_codec = ASN1_Codecs.BER
1052 ASN1_root = ASN1F_SEQUENCE(ASN1F_INTEGER("serialNumber", 1),
1053 ASN1F_UTC_TIME("revocationDate",
1054 str(ZuluTime(+86400))),
1055 ASN1F_optional(
1056 ASN1F_SEQUENCE_OF("crlEntryExtensions",
1057 None, X509_Extension)))
1060class X509_TBSCertList(ASN1_Packet):
1061 ASN1_codec = ASN1_Codecs.BER
1062 ASN1_root = ASN1F_SEQUENCE(
1063 ASN1F_optional(
1064 ASN1F_enum_INTEGER("version", 1, ["v1", "v2"])),
1065 ASN1F_PACKET("signature",
1066 X509_AlgorithmIdentifier(),
1067 X509_AlgorithmIdentifier),
1068 ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN),
1069 ASN1F_UTC_TIME("this_update", str(ZuluTime(-1))),
1070 ASN1F_optional(
1071 ASN1F_UTC_TIME("next_update", None)),
1072 ASN1F_optional(
1073 ASN1F_SEQUENCE_OF("revokedCertificates", None,
1074 X509_RevokedCertificate)),
1075 ASN1F_optional(
1076 ASN1F_SEQUENCE_OF("crlExtensions", None,
1077 X509_Extension,
1078 explicit_tag=0xa0)))
1080 def get_issuer(self):
1081 attrs = self.issuer
1082 attrsDict = {}
1083 for attr in attrs:
1084 # we assume there is only one name in each rdn ASN1_SET
1085 attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501
1086 return attrsDict
1088 def get_issuer_str(self):
1089 """
1090 Returns a one-line string containing every type/value
1091 in a rather specific order. sorted() built-in ensures unicity.
1092 """
1093 name_str = ""
1094 attrsDict = self.get_issuer()
1095 for attrType, attrSymbol in _attrName_mapping:
1096 if attrType in attrsDict:
1097 name_str += "/" + attrSymbol + "="
1098 name_str += attrsDict[attrType]
1099 for attrType in sorted(attrsDict):
1100 if attrType not in _attrName_specials:
1101 name_str += "/" + attrType + "="
1102 name_str += attrsDict[attrType]
1103 return name_str
1106class ASN1F_X509_CRL(ASN1F_SEQUENCE):
1107 def __init__(self, **kargs):
1108 seq = [ASN1F_PACKET("tbsCertList",
1109 X509_TBSCertList(),
1110 X509_TBSCertList),
1111 ASN1F_PACKET("signatureAlgorithm",
1112 X509_AlgorithmIdentifier(),
1113 X509_AlgorithmIdentifier),
1114 MultipleTypeField(
1115 [
1116 (ASN1F_BIT_STRING_ENCAPS("signatureValue",
1117 ECDSASignature(),
1118 ECDSASignature),
1119 lambda pkt: "ecdsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501
1120 ],
1121 ASN1F_BIT_STRING("signatureValue",
1122 "defaultsignature" * 2))]
1123 ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
1126class X509_CRL(ASN1_Packet):
1127 ASN1_codec = ASN1_Codecs.BER
1128 ASN1_root = ASN1F_X509_CRL()
1131#############################
1132# OCSP Status packets #
1133#############################
1134# based on RFC 6960
1136class OCSP_CertID(ASN1_Packet):
1137 ASN1_codec = ASN1_Codecs.BER
1138 ASN1_root = ASN1F_SEQUENCE(
1139 ASN1F_PACKET("hashAlgorithm",
1140 X509_AlgorithmIdentifier(),
1141 X509_AlgorithmIdentifier),
1142 ASN1F_STRING("issuerNameHash", ""),
1143 ASN1F_STRING("issuerKeyHash", ""),
1144 ASN1F_INTEGER("serialNumber", 0))
1147class OCSP_GoodInfo(ASN1_Packet):
1148 ASN1_codec = ASN1_Codecs.BER
1149 ASN1_root = ASN1F_NULL("info", 0)
1152class OCSP_RevokedInfo(ASN1_Packet):
1153 ASN1_codec = ASN1_Codecs.BER
1154 ASN1_root = ASN1F_SEQUENCE(
1155 ASN1F_GENERALIZED_TIME("revocationTime", ""),
1156 ASN1F_optional(
1157 ASN1F_PACKET("revocationReason", None,
1158 X509_ExtReasonCode,
1159 explicit_tag=0xa0)))
1162class OCSP_UnknownInfo(ASN1_Packet):
1163 ASN1_codec = ASN1_Codecs.BER
1164 ASN1_root = ASN1F_NULL("info", 0)
1167class OCSP_CertStatus(ASN1_Packet):
1168 ASN1_codec = ASN1_Codecs.BER
1169 ASN1_root = ASN1F_CHOICE("certStatus", None,
1170 ASN1F_PACKET("good", OCSP_GoodInfo(),
1171 OCSP_GoodInfo, implicit_tag=0x80),
1172 ASN1F_PACKET("revoked", OCSP_RevokedInfo(),
1173 OCSP_RevokedInfo, implicit_tag=0xa1),
1174 ASN1F_PACKET("unknown", OCSP_UnknownInfo(),
1175 OCSP_UnknownInfo, implicit_tag=0x82))
1178class OCSP_SingleResponse(ASN1_Packet):
1179 ASN1_codec = ASN1_Codecs.BER
1180 ASN1_root = ASN1F_SEQUENCE(
1181 ASN1F_PACKET("certID", OCSP_CertID(), OCSP_CertID),
1182 ASN1F_PACKET("certStatus", OCSP_CertStatus(certStatus=OCSP_GoodInfo()),
1183 OCSP_CertStatus),
1184 ASN1F_GENERALIZED_TIME("thisUpdate", ""),
1185 ASN1F_optional(
1186 ASN1F_GENERALIZED_TIME("nextUpdate", "",
1187 explicit_tag=0xa0)),
1188 ASN1F_optional(
1189 ASN1F_SEQUENCE_OF("singleExtensions", None,
1190 X509_Extension,
1191 explicit_tag=0xa1)))
1194class OCSP_ByName(ASN1_Packet):
1195 ASN1_codec = ASN1_Codecs.BER
1196 ASN1_root = ASN1F_SEQUENCE_OF("byName", [], X509_RDN)
1199class OCSP_ByKey(ASN1_Packet):
1200 ASN1_codec = ASN1_Codecs.BER
1201 ASN1_root = ASN1F_STRING("byKey", "")
1204class OCSP_ResponderID(ASN1_Packet):
1205 ASN1_codec = ASN1_Codecs.BER
1206 ASN1_root = ASN1F_CHOICE("responderID", None,
1207 ASN1F_PACKET("byName", OCSP_ByName(), OCSP_ByName,
1208 explicit_tag=0xa1),
1209 ASN1F_PACKET("byKey", OCSP_ByKey(), OCSP_ByKey,
1210 explicit_tag=0xa2))
1213class OCSP_ResponseData(ASN1_Packet):
1214 ASN1_codec = ASN1_Codecs.BER
1215 ASN1_root = ASN1F_SEQUENCE(
1216 ASN1F_optional(
1217 ASN1F_enum_INTEGER("version", 0, {0: "v1"},
1218 explicit_tag=0x80)),
1219 ASN1F_PACKET("responderID", OCSP_ResponderID(responderID=OCSP_ByName()),
1220 OCSP_ResponderID),
1221 ASN1F_GENERALIZED_TIME("producedAt",
1222 str(GeneralizedTime())),
1223 ASN1F_SEQUENCE_OF("responses", [], OCSP_SingleResponse),
1224 ASN1F_optional(
1225 ASN1F_SEQUENCE_OF("responseExtensions", None,
1226 X509_Extension,
1227 explicit_tag=0xa1)))
1230class ASN1F_OCSP_BasicResponse(ASN1F_SEQUENCE):
1231 def __init__(self, **kargs):
1232 seq = [ASN1F_PACKET("tbsResponseData",
1233 OCSP_ResponseData(),
1234 OCSP_ResponseData),
1235 ASN1F_PACKET("signatureAlgorithm",
1236 X509_AlgorithmIdentifier(),
1237 X509_AlgorithmIdentifier),
1238 MultipleTypeField(
1239 [
1240 (ASN1F_BIT_STRING_ENCAPS("signature",
1241 ECDSASignature(),
1242 ECDSASignature),
1243 lambda pkt: "ecdsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501
1244 ],
1245 ASN1F_BIT_STRING("signature",
1246 "defaultsignature" * 2)),
1247 ASN1F_optional(
1248 ASN1F_SEQUENCE_OF("certs", None, X509_Cert,
1249 explicit_tag=0xa0))]
1250 ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
1253class OCSP_ResponseBytes(ASN1_Packet):
1254 ASN1_codec = ASN1_Codecs.BER
1255 ASN1_root = ASN1F_SEQUENCE(
1256 ASN1F_OID("responseType", "1.3.6.1.5.5.7.48.1.1"),
1257 ASN1F_OCSP_BasicResponse(explicit_tag=0x04))
1260_responseStatus_mapping = ["successful",
1261 "malformedRequest",
1262 "internalError",
1263 "tryLater",
1264 "notUsed",
1265 "sigRequired",
1266 "unauthorized"]
1269class OCSP_Response(ASN1_Packet):
1270 ASN1_codec = ASN1_Codecs.BER
1271 ASN1_root = ASN1F_SEQUENCE(
1272 ASN1F_ENUMERATED("responseStatus", 0,
1273 _responseStatus_mapping),
1274 ASN1F_optional(
1275 ASN1F_PACKET("responseBytes", None,
1276 OCSP_ResponseBytes,
1277 explicit_tag=0xa0)))