Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/scapy/asn1/mib.py: 45%
Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Philippe Biondi <phil@secdev.org>
5# Acknowledgment: Maxence Tury <maxence.tury@ssi.gouv.fr>
7"""
8Management Information Base (MIB) parsing
9"""
11import re
12from glob import glob
13from scapy.dadict import DADict, fixname
14from scapy.config import conf
15from scapy.utils import do_graph
16from scapy.compat import plain_str
18from typing import (
19 Any,
20 Dict,
21 List,
22 Optional,
23 Tuple,
24)
26#################
27# MIB parsing #
28#################
30_mib_re_integer = re.compile(r"^[0-9]+$")
31_mib_re_both = re.compile(r"^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$")
32_mib_re_oiddecl = re.compile(
33 r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT[^:\{\}]+::=\s*\{([^\}]+)\}", re.M)
34_mib_re_strings = re.compile(r'"[^"]*"')
35_mib_re_comments = re.compile(r'--.*(\r|\n)')
38class MIBDict(DADict[str, str]):
39 def _findroot(self, x):
40 # type: (str) -> Tuple[str, str, str]
41 """Internal MIBDict function used to find a partial OID"""
42 if x.startswith("."):
43 x = x[1:]
44 if not x.endswith("."):
45 x += "."
46 max = 0
47 root = "."
48 root_key = ""
49 for k in self:
50 if x.startswith(k + "."):
51 if max < len(k):
52 max = len(k)
53 root = self[k]
54 root_key = k
55 return root, root_key, x[max:-1]
57 def _oidname(self, x):
58 # type: (str) -> str
59 """Deduce the OID name from its OID ID"""
60 root, _, remainder = self._findroot(x)
61 return root + remainder
63 def _oid(self, x):
64 # type: (str) -> str
65 """Parse the OID id/OID generator, and return real OID"""
66 xl = x.strip(".").split(".")
67 p = len(xl) - 1
68 while p >= 0 and _mib_re_integer.match(xl[p]):
69 p -= 1
70 if p != 0 or xl[p] not in self.d.values():
71 return x
72 xl[p] = next(k for k, v in self.d.items() if v == xl[p])
73 return ".".join(xl[p:])
75 def _make_graph(self, other_keys=None, **kargs):
76 # type: (Optional[Any], **Any) -> None
77 if other_keys is None:
78 other_keys = []
79 nodes = [(self[key], key) for key in self.iterkeys()]
80 oids = set(self.iterkeys())
81 for k in other_keys:
82 if k not in oids:
83 nodes.append((self._oidname(k), k))
84 s = 'digraph "mib" {\n\trankdir=LR;\n\n'
85 for k, o in nodes:
86 s += '\t"%s" [ label="%s" ];\n' % (o, k)
87 s += "\n"
88 for k, o in nodes:
89 parent, parent_key, remainder = self._findroot(o[:-1])
90 remainder = remainder[1:] + o[-1]
91 if parent != ".":
92 parent = parent_key
93 s += '\t"%s" -> "%s" [label="%s"];\n' % (parent, o, remainder)
94 s += "}\n"
95 do_graph(s, **kargs)
98def _mib_register(ident, # type: str
99 value, # type: List[str]
100 the_mib, # type: Dict[str, List[str]]
101 unresolved, # type: Dict[str, List[str]]
102 alias, # type: Dict[str, str]
103 ):
104 # type: (...) -> bool
105 """
106 Internal function used to register an OID and its name in a MIBDict
107 """
108 if ident in the_mib:
109 # We have already resolved this one. Store the alias
110 alias[".".join(value)] = ident
111 return True
112 if ident in unresolved:
113 # We know we can't resolve this one
114 return False
115 resval = []
116 not_resolved = 0
117 # Resolve the OID
118 # (e.g. 2.basicConstraints.3 -> 2.2.5.29.19.3)
119 for v in value:
120 if _mib_re_integer.match(v):
121 resval.append(v)
122 else:
123 v = fixname(plain_str(v))
124 if v not in the_mib:
125 not_resolved = 1
126 if v in the_mib:
127 resval += the_mib[v]
128 elif v in unresolved:
129 resval += unresolved[v]
130 else:
131 resval.append(v)
132 if not_resolved:
133 # Unresolved
134 unresolved[ident] = resval
135 return False
136 else:
137 # Fully resolved
138 the_mib[ident] = resval
139 keys = list(unresolved)
140 i = 0
141 # Go through the unresolved to update the ones that
142 # depended on the one we just did
143 while i < len(keys):
144 k = keys[i]
145 if _mib_register(k, unresolved[k], the_mib, {}, alias):
146 # Now resolved: we can remove it from unresolved
147 del unresolved[k]
148 del keys[i]
149 i = 0
150 else:
151 i += 1
153 return True
156def load_mib(filenames):
157 # type: (str) -> None
158 """
159 Load the conf.mib dict from a list of filenames
160 """
161 the_mib = {'iso': ['1']}
162 unresolved = {} # type: Dict[str, List[str]]
163 alias = {} # type: Dict[str, str]
164 # Export the current MIB to a working dictionary
165 for k in conf.mib:
166 _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias)
168 # Read the files
169 if isinstance(filenames, (str, bytes)):
170 files_list = [filenames]
171 else:
172 files_list = filenames
173 for fnames in files_list:
174 for fname in glob(fnames):
175 with open(fname) as f:
176 text = f.read()
177 cleantext = " ".join(
178 _mib_re_strings.split(" ".join(_mib_re_comments.split(text)))
179 )
180 for m in _mib_re_oiddecl.finditer(cleantext):
181 gr = m.groups()
182 ident, oid_s = gr[0], gr[-1]
183 ident = fixname(ident)
184 oid_l = oid_s.split()
185 for i, elt in enumerate(oid_l):
186 m2 = _mib_re_both.match(elt)
187 if m2:
188 oid_l[i] = m2.groups()[1]
189 _mib_register(ident, oid_l, the_mib, unresolved, alias)
191 # Create the new MIB
192 newmib = MIBDict(_name="MIB")
193 # Add resolved values
194 for oid, key in the_mib.items():
195 newmib[".".join(key)] = oid
196 # Add unresolved values
197 for oid, key in unresolved.items():
198 newmib[".".join(key)] = oid
199 # Add aliases
200 for key_s, oid in alias.items():
201 newmib[key_s] = oid
203 conf.mib = newmib
206####################
207# OID references #
208####################
210# pkcs1 #
212pkcs1_oids = {
213 "1.2.840.113549.1.1": "pkcs1",
214 "1.2.840.113549.1.1.1": "rsaEncryption",
215 "1.2.840.113549.1.1.2": "md2WithRSAEncryption",
216 "1.2.840.113549.1.1.3": "md4WithRSAEncryption",
217 "1.2.840.113549.1.1.4": "md5WithRSAEncryption",
218 "1.2.840.113549.1.1.5": "sha1-with-rsa-signature",
219 "1.2.840.113549.1.1.6": "rsaOAEPEncryptionSET",
220 "1.2.840.113549.1.1.7": "id-RSAES-OAEP",
221 "1.2.840.113549.1.1.8": "id-mgf1",
222 "1.2.840.113549.1.1.9": "id-pSpecified",
223 "1.2.840.113549.1.1.10": "rsassa-pss",
224 "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
225 "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
226 "1.2.840.113549.1.1.13": "sha512WithRSAEncryption",
227 "1.2.840.113549.1.1.14": "sha224WithRSAEncryption"
228}
230# secsig oiw #
232secsig_oids = {
233 "1.3.14.3.2": "OIWSEC",
234 "1.3.14.3.2.2": "md4RSA",
235 "1.3.14.3.2.3": "md5RSA",
236 "1.3.14.3.2.4": "md4RSA2",
237 "1.3.14.3.2.6": "desECB",
238 "1.3.14.3.2.7": "desCBC",
239 "1.3.14.3.2.8": "desOFB",
240 "1.3.14.3.2.9": "desCFB",
241 "1.3.14.3.2.10": "desMAC",
242 "1.3.14.3.2.11": "rsaSign",
243 "1.3.14.3.2.12": "dsa",
244 "1.3.14.3.2.13": "shaDSA",
245 "1.3.14.3.2.14": "mdc2RSA",
246 "1.3.14.3.2.15": "shaRSA",
247 "1.3.14.3.2.16": "dhCommMod",
248 "1.3.14.3.2.17": "desEDE",
249 "1.3.14.3.2.18": "sha",
250 "1.3.14.3.2.19": "mdc2",
251 "1.3.14.3.2.20": "dsaComm",
252 "1.3.14.3.2.21": "dsaCommSHA",
253 "1.3.14.3.2.22": "rsaXchg",
254 "1.3.14.3.2.23": "keyHashSeal",
255 "1.3.14.3.2.24": "md2RSASign",
256 "1.3.14.3.2.25": "md5RSASign",
257 "1.3.14.3.2.26": "sha1",
258 "1.3.14.3.2.27": "dsaSHA1",
259 "1.3.14.3.2.28": "dsaCommSHA1",
260 "1.3.14.3.2.29": "sha1RSASign",
261}
263# thawte #
265thawte_oids = {
266 "1.3.101.112": "Ed25519",
267 "1.3.101.113": "Ed448",
268}
270# pkcs9 #
272pkcs9_oids = {
273 "1.2.840.113549.1.9": "pkcs9",
274 "1.2.840.113549.1.9.0": "modules",
275 "1.2.840.113549.1.9.1": "emailAddress",
276 "1.2.840.113549.1.9.2": "unstructuredName",
277 "1.2.840.113549.1.9.3": "contentType",
278 "1.2.840.113549.1.9.4": "messageDigest",
279 "1.2.840.113549.1.9.5": "signing-time",
280 "1.2.840.113549.1.9.6": "countersignature",
281 "1.2.840.113549.1.9.7": "challengePassword",
282 "1.2.840.113549.1.9.8": "unstructuredAddress",
283 "1.2.840.113549.1.9.9": "extendedCertificateAttributes",
284 "1.2.840.113549.1.9.13": "signingDescription",
285 "1.2.840.113549.1.9.14": "extensionRequest",
286 "1.2.840.113549.1.9.15": "smimeCapabilities",
287 "1.2.840.113549.1.9.16": "smime",
288 "1.2.840.113549.1.9.17": "pgpKeyID",
289 "1.2.840.113549.1.9.20": "friendlyName",
290 "1.2.840.113549.1.9.21": "localKeyID",
291 "1.2.840.113549.1.9.22": "certTypes",
292 "1.2.840.113549.1.9.23": "crlTypes",
293 "1.2.840.113549.1.9.24": "pkcs-9-oc",
294 "1.2.840.113549.1.9.25": "pkcs-9-at",
295 "1.2.840.113549.1.9.26": "pkcs-9-sx",
296 "1.2.840.113549.1.9.27": "pkcs-9-mr",
297 "1.2.840.113549.1.9.52": "id-aa-CMSAlgorithmProtection"
298}
300# x509 #
302attributeType_oids = {
303 "2.5.4.0": "objectClass",
304 "2.5.4.1": "aliasedEntryName",
305 "2.5.4.2": "knowledgeInformation",
306 "2.5.4.3": "commonName",
307 "2.5.4.4": "surname",
308 "2.5.4.5": "serialNumber",
309 "2.5.4.6": "countryName",
310 "2.5.4.7": "localityName",
311 "2.5.4.8": "stateOrProvinceName",
312 "2.5.4.9": "streetAddress",
313 "2.5.4.10": "organizationName",
314 "2.5.4.11": "organizationUnitName",
315 "2.5.4.12": "title",
316 "2.5.4.13": "description",
317 "2.5.4.14": "searchGuide",
318 "2.5.4.15": "businessCategory",
319 "2.5.4.16": "postalAddress",
320 "2.5.4.17": "postalCode",
321 "2.5.4.18": "postOfficeBox",
322 "2.5.4.19": "physicalDeliveryOfficeName",
323 "2.5.4.20": "telephoneNumber",
324 "2.5.4.21": "telexNumber",
325 "2.5.4.22": "teletexTerminalIdentifier",
326 "2.5.4.23": "facsimileTelephoneNumber",
327 "2.5.4.24": "x121Address",
328 "2.5.4.25": "internationalISDNNumber",
329 "2.5.4.26": "registeredAddress",
330 "2.5.4.27": "destinationIndicator",
331 "2.5.4.28": "preferredDeliveryMethod",
332 "2.5.4.29": "presentationAddress",
333 "2.5.4.30": "supportedApplicationContext",
334 "2.5.4.31": "member",
335 "2.5.4.32": "owner",
336 "2.5.4.33": "roleOccupant",
337 "2.5.4.34": "seeAlso",
338 "2.5.4.35": "userPassword",
339 "2.5.4.36": "userCertificate",
340 "2.5.4.37": "cACertificate",
341 "2.5.4.38": "authorityRevocationList",
342 "2.5.4.39": "certificateRevocationList",
343 "2.5.4.40": "crossCertificatePair",
344 "2.5.4.41": "name",
345 "2.5.4.42": "givenName",
346 "2.5.4.43": "initials",
347 "2.5.4.44": "generationQualifier",
348 "2.5.4.45": "uniqueIdentifier",
349 "2.5.4.46": "dnQualifier",
350 "2.5.4.47": "enhancedSearchGuide",
351 "2.5.4.48": "protocolInformation",
352 "2.5.4.49": "distinguishedName",
353 "2.5.4.50": "uniqueMember",
354 "2.5.4.51": "houseIdentifier",
355 "2.5.4.52": "supportedAlgorithms",
356 "2.5.4.53": "deltaRevocationList",
357 "2.5.4.54": "dmdName",
358 "2.5.4.55": "clearance",
359 "2.5.4.56": "defaultDirQop",
360 "2.5.4.57": "attributeIntegrityInfo",
361 "2.5.4.58": "attributeCertificate",
362 "2.5.4.59": "attributeCertificateRevocationList",
363 "2.5.4.60": "confKeyInfo",
364 "2.5.4.61": "aACertificate",
365 "2.5.4.62": "attributeDescriptorCertificate",
366 "2.5.4.63": "attributeAuthorityRevocationList",
367 "2.5.4.64": "family-information",
368 "2.5.4.65": "pseudonym",
369 "2.5.4.66": "communicationsService",
370 "2.5.4.67": "communicationsNetwork",
371 "2.5.4.68": "certificationPracticeStmt",
372 "2.5.4.69": "certificatePolicy",
373 "2.5.4.70": "pkiPath",
374 "2.5.4.71": "privPolicy",
375 "2.5.4.72": "role",
376 "2.5.4.73": "delegationPath",
377 "2.5.4.74": "protPrivPolicy",
378 "2.5.4.75": "xMLPrivilegeInfo",
379 "2.5.4.76": "xmlPrivPolicy",
380 "2.5.4.77": "uuidpair",
381 "2.5.4.78": "tagOid",
382 "2.5.4.79": "uiiFormat",
383 "2.5.4.80": "uiiInUrh",
384 "2.5.4.81": "contentUrl",
385 "2.5.4.82": "permission",
386 "2.5.4.83": "uri",
387 "2.5.4.84": "pwdAttribute",
388 "2.5.4.85": "userPwd",
389 "2.5.4.86": "urn",
390 "2.5.4.87": "url",
391 "2.5.4.88": "utmCoordinates",
392 "2.5.4.89": "urnC",
393 "2.5.4.90": "uii",
394 "2.5.4.91": "epc",
395 "2.5.4.92": "tagAfi",
396 "2.5.4.93": "epcFormat",
397 "2.5.4.94": "epcInUrn",
398 "2.5.4.95": "ldapUrl",
399 "2.5.4.96": "ldapUrl",
400 "2.5.4.97": "organizationIdentifier",
401 # RFC 4519
402 "0.9.2342.19200300.100.1.25": "dc",
403}
405certificateExtension_oids = {
406 "2.5.29.1": "authorityKeyIdentifier(obsolete)",
407 "2.5.29.2": "keyAttributes",
408 "2.5.29.3": "certificatePolicies(obsolete)",
409 "2.5.29.4": "keyUsageRestriction",
410 "2.5.29.5": "policyMapping",
411 "2.5.29.6": "subtreesConstraint",
412 "2.5.29.7": "subjectAltName(obsolete)",
413 "2.5.29.8": "issuerAltName(obsolete)",
414 "2.5.29.9": "subjectDirectoryAttributes",
415 "2.5.29.10": "basicConstraints(obsolete)",
416 "2.5.29.14": "subjectKeyIdentifier",
417 "2.5.29.15": "keyUsage",
418 "2.5.29.16": "privateKeyUsagePeriod",
419 "2.5.29.17": "subjectAltName",
420 "2.5.29.18": "issuerAltName",
421 "2.5.29.19": "basicConstraints",
422 "2.5.29.20": "cRLNumber",
423 "2.5.29.21": "reasonCode",
424 "2.5.29.22": "expirationDate",
425 "2.5.29.23": "instructionCode",
426 "2.5.29.24": "invalidityDate",
427 "2.5.29.25": "cRLDistributionPoints(obsolete)",
428 "2.5.29.26": "issuingDistributionPoint(obsolete)",
429 "2.5.29.27": "deltaCRLIndicator",
430 "2.5.29.28": "issuingDistributionPoint",
431 "2.5.29.29": "certificateIssuer",
432 "2.5.29.30": "nameConstraints",
433 "2.5.29.31": "cRLDistributionPoints",
434 "2.5.29.32": "certificatePolicies",
435 "2.5.29.33": "policyMappings",
436 "2.5.29.34": "policyConstraints(obsolete)",
437 "2.5.29.35": "authorityKeyIdentifier",
438 "2.5.29.36": "policyConstraints",
439 "2.5.29.37": "extKeyUsage",
440 "2.5.29.38": "authorityAttributeIdentifier",
441 "2.5.29.39": "roleSpecCertIdentifier",
442 "2.5.29.40": "cRLStreamIdentifier",
443 "2.5.29.41": "basicAttConstraints",
444 "2.5.29.42": "delegatedNameConstraints",
445 "2.5.29.43": "timeSpecification",
446 "2.5.29.44": "cRLScope",
447 "2.5.29.45": "statusReferrals",
448 "2.5.29.46": "freshestCRL",
449 "2.5.29.47": "orderedList",
450 "2.5.29.48": "attributeDescriptor",
451 "2.5.29.49": "userNotice",
452 "2.5.29.50": "sOAIdentifier",
453 "2.5.29.51": "baseUpdateTime",
454 "2.5.29.52": "acceptableCertPolicies",
455 "2.5.29.53": "deltaInfo",
456 "2.5.29.54": "inhibitAnyPolicy",
457 "2.5.29.55": "targetInformation",
458 "2.5.29.56": "noRevAvail",
459 "2.5.29.57": "acceptablePrivilegePolicies",
460 "2.5.29.58": "id-ce-toBeRevoked",
461 "2.5.29.59": "id-ce-RevokedGroups",
462 "2.5.29.60": "id-ce-expiredCertsOnCRL",
463 "2.5.29.61": "indirectIssuer",
464 "2.5.29.62": "id-ce-noAssertion",
465 "2.5.29.63": "id-ce-aAissuingDistributionPoint",
466 "2.5.29.64": "id-ce-issuedOnBehaIFOF",
467 "2.5.29.65": "id-ce-singleUse",
468 "2.5.29.66": "id-ce-groupAC",
469 "2.5.29.67": "id-ce-allowedAttAss",
470 "2.5.29.68": "id-ce-attributeMappings",
471 "2.5.29.69": "id-ce-holderNameConstraints",
472 # [MS-WCCE]
473 "1.3.6.1.4.1.311.2.1.14": "CERT_EXTENSIONS",
474 "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE",
475 "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION",
476 "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT",
477 "1.3.6.1.4.1.311.25.2.1": "NTDS_OBJECTSID",
478}
480certExt_oids = {
481 "2.16.840.1.113730.1.1": "cert-type",
482 "2.16.840.1.113730.1.2": "base-url",
483 "2.16.840.1.113730.1.3": "revocation-url",
484 "2.16.840.1.113730.1.4": "ca-revocation-url",
485 "2.16.840.1.113730.1.5": "ca-crl-url",
486 "2.16.840.1.113730.1.6": "ca-cert-url",
487 "2.16.840.1.113730.1.7": "renewal-url",
488 "2.16.840.1.113730.1.8": "ca-policy-url",
489 "2.16.840.1.113730.1.9": "homepage-url",
490 "2.16.840.1.113730.1.10": "entity-logo",
491 "2.16.840.1.113730.1.11": "user-picture",
492 "2.16.840.1.113730.1.12": "ssl-server-name",
493 "2.16.840.1.113730.1.13": "comment",
494 "2.16.840.1.113730.1.14": "lost-password-url",
495 "2.16.840.1.113730.1.15": "cert-renewal-time",
496 "2.16.840.1.113730.1.16": "aia",
497 "2.16.840.1.113730.1.17": "cert-scope-of-use",
498}
500certPkixPe_oids = {
501 "1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
502 "1.3.6.1.5.5.7.1.2": "biometricInfo",
503 "1.3.6.1.5.5.7.1.3": "qcStatements",
504 "1.3.6.1.5.5.7.1.4": "auditIdentity",
505 "1.3.6.1.5.5.7.1.6": "aaControls",
506 "1.3.6.1.5.5.7.1.10": "proxying",
507 "1.3.6.1.5.5.7.1.11": "subjectInfoAccess"
508}
510certPkixQt_oids = {
511 "1.3.6.1.5.5.7.2.1": "cps",
512 "1.3.6.1.5.5.7.2.2": "unotice"
513}
515certPkixKp_oids = {
516 "1.3.6.1.5.5.7.3.1": "serverAuth",
517 "1.3.6.1.5.5.7.3.2": "clientAuth",
518 "1.3.6.1.5.5.7.3.3": "codeSigning",
519 "1.3.6.1.5.5.7.3.4": "emailProtection",
520 "1.3.6.1.5.5.7.3.5": "ipsecEndSystem",
521 "1.3.6.1.5.5.7.3.6": "ipsecTunnel",
522 "1.3.6.1.5.5.7.3.7": "ipsecUser",
523 "1.3.6.1.5.5.7.3.8": "timeStamping",
524 "1.3.6.1.5.5.7.3.9": "ocspSigning",
525 "1.3.6.1.5.5.7.3.10": "dvcs",
526 "1.3.6.1.5.5.7.3.21": "secureShellClient",
527 "1.3.6.1.5.5.7.3.22": "secureShellServer"
528}
530certPkixAd_oids = {
531 "1.3.6.1.5.5.7.48.1": "ocsp",
532 "1.3.6.1.5.5.7.48.2": "caIssuers",
533 "1.3.6.1.5.5.7.48.3": "timestamping",
534 "1.3.6.1.5.5.7.48.4": "id-ad-dvcs",
535 "1.3.6.1.5.5.7.48.5": "id-ad-caRepository",
536 "1.3.6.1.5.5.7.48.6": "id-pkix-ocsp-archive-cutoff",
537 "1.3.6.1.5.5.7.48.7": "id-pkix-ocsp-service-locator",
538 "1.3.6.1.5.5.7.48.12": "id-ad-cmc",
539 "1.3.6.1.5.5.7.48.1.1": "basic-response"
540}
542certTransp_oids = {
543 '1.3.6.1.4.1.11129.2.4.2': "SignedCertificateTimestampList",
544}
546# ansi-x962 #
548x962KeyType_oids = {
549 "1.2.840.10045.1.1": "prime-field",
550 "1.2.840.10045.1.2": "characteristic-two-field",
551 "1.2.840.10045.2.1": "ecPublicKey",
552}
554x962Signature_oids = {
555 "1.2.840.10045.4.1": "ecdsa-with-SHA1",
556 "1.2.840.10045.4.2": "ecdsa-with-Recommended",
557 "1.2.840.10045.4.3.1": "ecdsa-with-SHA224",
558 "1.2.840.10045.4.3.2": "ecdsa-with-SHA256",
559 "1.2.840.10045.4.3.3": "ecdsa-with-SHA384",
560 "1.2.840.10045.4.3.4": "ecdsa-with-SHA512"
561}
563# elliptic curves #
565ansiX962Curve_oids = {
566 "1.2.840.10045.3.1.1": "prime192v1",
567 "1.2.840.10045.3.1.2": "prime192v2",
568 "1.2.840.10045.3.1.3": "prime192v3",
569 "1.2.840.10045.3.1.4": "prime239v1",
570 "1.2.840.10045.3.1.5": "prime239v2",
571 "1.2.840.10045.3.1.6": "prime239v3",
572 "1.2.840.10045.3.1.7": "prime256v1"
573}
575certicomCurve_oids = {
576 "1.3.132.0.1": "ansit163k1",
577 "1.3.132.0.2": "ansit163r1",
578 "1.3.132.0.3": "ansit239k1",
579 "1.3.132.0.4": "sect113r1",
580 "1.3.132.0.5": "sect113r2",
581 "1.3.132.0.6": "secp112r1",
582 "1.3.132.0.7": "secp112r2",
583 "1.3.132.0.8": "ansip160r1",
584 "1.3.132.0.9": "ansip160k1",
585 "1.3.132.0.10": "ansip256k1",
586 "1.3.132.0.15": "ansit163r2",
587 "1.3.132.0.16": "ansit283k1",
588 "1.3.132.0.17": "ansit283r1",
589 "1.3.132.0.22": "sect131r1",
590 "1.3.132.0.24": "ansit193r1",
591 "1.3.132.0.25": "ansit193r2",
592 "1.3.132.0.26": "ansit233k1",
593 "1.3.132.0.27": "ansit233r1",
594 "1.3.132.0.28": "secp128r1",
595 "1.3.132.0.29": "secp128r2",
596 "1.3.132.0.30": "ansip160r2",
597 "1.3.132.0.31": "ansip192k1",
598 "1.3.132.0.32": "ansip224k1",
599 "1.3.132.0.33": "ansip224r1",
600 "1.3.132.0.34": "ansip384r1",
601 "1.3.132.0.35": "ansip521r1",
602 "1.3.132.0.36": "ansit409k1",
603 "1.3.132.0.37": "ansit409r1",
604 "1.3.132.0.38": "ansit571k1",
605 "1.3.132.0.39": "ansit571r1"
606}
608# policies #
610certPolicy_oids = {
611 "2.5.29.32.0": "anyPolicy"
612}
614# from Chromium source code (ev_root_ca_metadata.cc)
615evPolicy_oids = {
616 '1.2.392.200091.100.721.1': 'EV Security Communication RootCA1',
617 '1.2.616.1.113527.2.5.1.1': 'EV Certum Trusted Network CA',
618 '1.3.159.1.17.1': 'EV Actualis Authentication Root CA',
619 '1.3.6.1.4.1.13177.10.1.3.10': 'EV Autoridad de Certificacion Firmaprofesional CIF A62634068',
620 '1.3.6.1.4.1.14370.1.6': 'EV GeoTrust Primary Certification Authority',
621 '1.3.6.1.4.1.14777.6.1.1': 'EV Izenpe.com roots Business',
622 '1.3.6.1.4.1.14777.6.1.2': 'EV Izenpe.com roots Government',
623 '1.3.6.1.4.1.17326.10.14.2.1.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
624 '1.3.6.1.4.1.17326.10.14.2.2.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
625 '1.3.6.1.4.1.17326.10.8.12.1.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
626 '1.3.6.1.4.1.17326.10.8.12.2.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
627 '1.3.6.1.4.1.22234.2.5.2.3.1': 'EV CertPlus Class 2 Primary CA (KEYNECTIS)',
628 '1.3.6.1.4.1.23223.1.1.1': 'EV StartCom Certification Authority',
629 '1.3.6.1.4.1.29836.1.10': 'EV China Internet Network Information Center EV Certificates Root',
630 '1.3.6.1.4.1.311.60.2.1.1': 'jurisdictionOfIncorporationLocalityName',
631 '1.3.6.1.4.1.311.60.2.1.2': 'jurisdictionOfIncorporationStateOrProvinceName',
632 '1.3.6.1.4.1.311.60.2.1.3': 'jurisdictionOfIncorporationCountryName',
633 '1.3.6.1.4.1.34697.2.1': 'EV AffirmTrust Commercial',
634 '1.3.6.1.4.1.34697.2.2': 'EV AffirmTrust Networking',
635 '1.3.6.1.4.1.34697.2.3': 'EV AffirmTrust Premium',
636 '1.3.6.1.4.1.34697.2.4': 'EV AffirmTrust Premium ECC',
637 '1.3.6.1.4.1.36305.2': 'EV Certificate Authority of WoSign',
638 '1.3.6.1.4.1.40869.1.1.22.3': 'EV TWCA Roots',
639 '1.3.6.1.4.1.4146.1.1': 'EV GlobalSign Root CAs',
640 '1.3.6.1.4.1.4788.2.202.1': 'EV D-TRUST Root Class 3 CA 2 EV 2009',
641 '1.3.6.1.4.1.6334.1.100.1': 'EV Cybertrust Global Root',
642 '1.3.6.1.4.1.6449.1.2.1.5.1': 'EV USERTrust Certification Authorities',
643 '1.3.6.1.4.1.781.1.2.1.8.1': 'EV Network Solutions Certificate Authority',
644 '1.3.6.1.4.1.782.1.2.1.8.1': 'EV AddTrust External CA Root',
645 '1.3.6.1.4.1.7879.13.24.1': 'EV T-Telessec GlobalRoot Class 3',
646 '1.3.6.1.4.1.8024.0.2.100.1.2': 'EV QuoVadis Roots',
647 '2.16.528.1.1003.1.2.7': 'EV Staat der Nederlanden EV Root CA',
648 '2.16.578.1.26.1.3.3': 'EV Buypass Class 3',
649 '2.16.756.1.83.21.0': 'EV Swisscom Root EV CA 2',
650 '2.16.756.1.89.1.2.1.1': 'EV SwissSign Gold CA - G2',
651 '2.16.792.3.0.4.1.1.4': 'EV E-Tugra Certification Authority',
652 '2.16.840.1.113733.1.7.23.6': 'EV VeriSign Certification Authorities',
653 '2.16.840.1.113733.1.7.48.1': 'EV thawte CAs',
654 '2.16.840.1.114028.10.1.2': 'EV Entrust Certification Authority',
655 '2.16.840.1.114171.500.9': 'EV Wells Fargo WellsSecure Public Root Certification Authority',
656 '2.16.840.1.114404.1.1.2.4.1': 'EV XRamp Global Certification Authority',
657 '2.16.840.1.114412.2.1': 'EV DigiCert High Assurance EV Root CA',
658 '2.16.840.1.114413.1.7.23.3': 'EV ValiCert Class 2 Policy Validation Authority',
659 '2.16.840.1.114414.1.7.23.3': 'EV Starfield Certificate Authority',
660 '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority'
661}
663# gssapi #
665gssapi_oids = {
666 '1.2.840.48018.1.2.2': 'MS KRB5 - Microsoft Kerberos 5',
667 '1.2.840.113554.1.2.2': 'Kerberos 5',
668 '1.2.840.113554.1.2.2.3': 'Kerberos 5 - User to User',
669 '1.3.6.1.5.2.5': 'Kerberos 5 - IAKERB',
670 '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation',
671 '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider',
672 '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism',
673}
676x509_oids_sets = [
677 pkcs1_oids,
678 secsig_oids,
679 thawte_oids,
680 pkcs9_oids,
681 attributeType_oids,
682 certificateExtension_oids,
683 certExt_oids,
684 certPkixAd_oids,
685 certPkixKp_oids,
686 certPkixPe_oids,
687 certPkixQt_oids,
688 certPolicy_oids,
689 certTransp_oids,
690 evPolicy_oids,
691 x962KeyType_oids,
692 x962Signature_oids,
693 ansiX962Curve_oids,
694 certicomCurve_oids,
695 gssapi_oids,
696]
698x509_oids = {}
700for oids_set in x509_oids_sets:
701 x509_oids.update(oids_set)
703conf.mib = MIBDict(_name="MIB", **x509_oids)
706#########################
707# Hash mapping helper #
708#########################
710# This dict enables static access to string references to the hash functions
711# of some algorithms from pkcs1_oids and x962Signature_oids.
713hash_by_oid = {
714 "1.2.840.113549.1.1.2": "md2",
715 "1.2.840.113549.1.1.3": "md4",
716 "1.2.840.113549.1.1.4": "md5",
717 "1.2.840.113549.1.1.5": "sha1",
718 "1.2.840.113549.1.1.11": "sha256",
719 "1.2.840.113549.1.1.12": "sha384",
720 "1.2.840.113549.1.1.13": "sha512",
721 "1.2.840.113549.1.1.14": "sha224",
722 "1.2.840.10045.4.1": "sha1",
723 "1.2.840.10045.4.3.1": "sha224",
724 "1.2.840.10045.4.3.2": "sha256",
725 "1.2.840.10045.4.3.3": "sha384",
726 "1.2.840.10045.4.3.4": "sha512"
727}