Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/scapy/asn1/mib.py: 46%
Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Philippe Biondi <phil@secdev.org>
5# Acknowledgment: Maxence Tury <maxence.tury@ssi.gouv.fr>
7"""
8Management Information Base (MIB) parsing
9"""
11import re
12from glob import glob
13from scapy.dadict import DADict, fixname
14from scapy.config import conf
15from scapy.utils import do_graph
16from scapy.compat import plain_str
18from typing import (
19 Any,
20 Dict,
21 List,
22 Optional,
23 Tuple,
24)
26#################
27# MIB parsing #
28#################
30_mib_re_integer = re.compile(r"^[0-9]+$")
31_mib_re_both = re.compile(r"^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$")
32_mib_re_oiddecl = re.compile(
33 r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT[^:\{\}]+::=\s*\{([^\}]+)\}", re.M)
34_mib_re_strings = re.compile(r'"[^"]*"')
35_mib_re_comments = re.compile(r'--.*(\r|\n)')
38class MIBDict(DADict[str, str]):
39 def _findroot(self, x):
40 # type: (str) -> Tuple[str, str, str]
41 """Internal MIBDict function used to find a partial OID"""
42 if x.startswith("."):
43 x = x[1:]
44 if not x.endswith("."):
45 x += "."
46 max = 0
47 root = "."
48 root_key = ""
49 for k in self:
50 if x.startswith(k + "."):
51 if max < len(k):
52 max = len(k)
53 root = self[k]
54 root_key = k
55 return root, root_key, x[max:-1]
57 def _oidname(self, x):
58 # type: (str) -> str
59 """Deduce the OID name from its OID ID"""
60 root, _, remainder = self._findroot(x)
61 return root + remainder
63 def _oid(self, x):
64 # type: (str) -> str
65 """Parse the OID id/OID generator, and return real OID"""
66 xl = x.strip(".").split(".")
67 p = len(xl) - 1
68 while p >= 0 and _mib_re_integer.match(xl[p]):
69 p -= 1
70 if p != 0 or xl[p] not in self.d.values():
71 return x
72 xl[p] = next(k for k, v in self.d.items() if v == xl[p])
73 return ".".join(xl[p:])
75 def _make_graph(self, other_keys=None, **kargs):
76 # type: (Optional[Any], **Any) -> None
77 if other_keys is None:
78 other_keys = []
79 nodes = [(self[key], key) for key in self.iterkeys()]
80 oids = set(self.iterkeys())
81 for k in other_keys:
82 if k not in oids:
83 nodes.append((self._oidname(k), k))
84 s = 'digraph "mib" {\n\trankdir=LR;\n\n'
85 for k, o in nodes:
86 s += '\t"%s" [ label="%s" ];\n' % (o, k)
87 s += "\n"
88 for k, o in nodes:
89 parent, parent_key, remainder = self._findroot(o[:-1])
90 remainder = remainder[1:] + o[-1]
91 if parent != ".":
92 parent = parent_key
93 s += '\t"%s" -> "%s" [label="%s"];\n' % (parent, o, remainder)
94 s += "}\n"
95 do_graph(s, **kargs)
98def _mib_register(ident, # type: str
99 value, # type: List[str]
100 the_mib, # type: Dict[str, List[str]]
101 unresolved, # type: Dict[str, List[str]]
102 alias, # type: Dict[str, str]
103 ):
104 # type: (...) -> bool
105 """
106 Internal function used to register an OID and its name in a MIBDict
107 """
108 if ident in the_mib:
109 # We have already resolved this one. Store the alias
110 alias[".".join(value)] = ident
111 return True
112 if ident in unresolved:
113 # We know we can't resolve this one
114 return False
115 resval = []
116 not_resolved = 0
117 # Resolve the OID
118 # (e.g. 2.basicConstraints.3 -> 2.2.5.29.19.3)
119 for v in value:
120 if _mib_re_integer.match(v):
121 resval.append(v)
122 else:
123 v = fixname(plain_str(v))
124 if v not in the_mib:
125 not_resolved = 1
126 if v in the_mib:
127 resval += the_mib[v]
128 elif v in unresolved:
129 resval += unresolved[v]
130 else:
131 resval.append(v)
132 if not_resolved:
133 # Unresolved
134 unresolved[ident] = resval
135 return False
136 else:
137 # Fully resolved
138 the_mib[ident] = resval
139 keys = list(unresolved)
140 i = 0
141 # Go through the unresolved to update the ones that
142 # depended on the one we just did
143 while i < len(keys):
144 k = keys[i]
145 if _mib_register(k, unresolved[k], the_mib, {}, alias):
146 # Now resolved: we can remove it from unresolved
147 del unresolved[k]
148 del keys[i]
149 i = 0
150 else:
151 i += 1
153 return True
156def load_mib(filenames):
157 # type: (str) -> None
158 """
159 Load the conf.mib dict from a list of filenames
160 """
161 the_mib = {'iso': ['1']}
162 unresolved = {} # type: Dict[str, List[str]]
163 alias = {} # type: Dict[str, str]
164 # Export the current MIB to a working dictionary
165 for k in conf.mib:
166 _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias)
168 # Read the files
169 if isinstance(filenames, (str, bytes)):
170 files_list = [filenames]
171 else:
172 files_list = filenames
173 for fnames in files_list:
174 for fname in glob(fnames):
175 with open(fname) as f:
176 text = f.read()
177 cleantext = " ".join(
178 _mib_re_strings.split(" ".join(_mib_re_comments.split(text)))
179 )
180 for m in _mib_re_oiddecl.finditer(cleantext):
181 gr = m.groups()
182 ident, oid_s = gr[0], gr[-1]
183 ident = fixname(ident)
184 oid_l = oid_s.split()
185 for i, elt in enumerate(oid_l):
186 m2 = _mib_re_both.match(elt)
187 if m2:
188 oid_l[i] = m2.groups()[1]
189 _mib_register(ident, oid_l, the_mib, unresolved, alias)
191 # Create the new MIB
192 newmib = MIBDict(_name="MIB")
193 # Add resolved values
194 for oid, key in the_mib.items():
195 newmib[".".join(key)] = oid
196 # Add unresolved values
197 for oid, key in unresolved.items():
198 newmib[".".join(key)] = oid
199 # Add aliases
200 for key_s, oid in alias.items():
201 newmib[key_s] = oid
203 conf.mib = newmib
206####################
207# OID references #
208####################
210# pkcs1 #
212pkcs1_oids = {
213 "1.2.840.113549.1.1": "pkcs1",
214 "1.2.840.113549.1.1.1": "rsaEncryption",
215 "1.2.840.113549.1.1.2": "md2WithRSAEncryption",
216 "1.2.840.113549.1.1.3": "md4WithRSAEncryption",
217 "1.2.840.113549.1.1.4": "md5WithRSAEncryption",
218 "1.2.840.113549.1.1.5": "sha1-with-rsa-signature",
219 "1.2.840.113549.1.1.6": "rsaOAEPEncryptionSET",
220 "1.2.840.113549.1.1.7": "id-RSAES-OAEP",
221 "1.2.840.113549.1.1.8": "id-mgf1",
222 "1.2.840.113549.1.1.9": "id-pSpecified",
223 "1.2.840.113549.1.1.10": "rsassa-pss",
224 "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
225 "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
226 "1.2.840.113549.1.1.13": "sha512WithRSAEncryption",
227 "1.2.840.113549.1.1.14": "sha224WithRSAEncryption"
228}
230# secsig oiw #
232secsig_oids = {
233 "1.3.14.3.2": "OIWSEC",
234 "1.3.14.3.2.2": "md4RSA",
235 "1.3.14.3.2.3": "md5RSA",
236 "1.3.14.3.2.4": "md4RSA2",
237 "1.3.14.3.2.6": "desECB",
238 "1.3.14.3.2.7": "desCBC",
239 "1.3.14.3.2.8": "desOFB",
240 "1.3.14.3.2.9": "desCFB",
241 "1.3.14.3.2.10": "desMAC",
242 "1.3.14.3.2.11": "rsaSign",
243 "1.3.14.3.2.12": "dsa",
244 "1.3.14.3.2.13": "shaDSA",
245 "1.3.14.3.2.14": "mdc2RSA",
246 "1.3.14.3.2.15": "shaRSA",
247 "1.3.14.3.2.16": "dhCommMod",
248 "1.3.14.3.2.17": "desEDE",
249 "1.3.14.3.2.18": "sha",
250 "1.3.14.3.2.19": "mdc2",
251 "1.3.14.3.2.20": "dsaComm",
252 "1.3.14.3.2.21": "dsaCommSHA",
253 "1.3.14.3.2.22": "rsaXchg",
254 "1.3.14.3.2.23": "keyHashSeal",
255 "1.3.14.3.2.24": "md2RSASign",
256 "1.3.14.3.2.25": "md5RSASign",
257 "1.3.14.3.2.26": "sha1",
258 "1.3.14.3.2.27": "dsaSHA1",
259 "1.3.14.3.2.28": "dsaCommSHA1",
260 "1.3.14.3.2.29": "sha1RSASign",
261}
263# nist #
265nist_oids = {
266 "2.16.840.1.101.3.4.2.1": "sha256",
267 "2.16.840.1.101.3.4.2.2": "sha384",
268 "2.16.840.1.101.3.4.2.3": "sha512",
269 "2.16.840.1.101.3.4.2.4": "sha224",
270 "2.16.840.1.101.3.4.2.5": "sha512-224",
271 "2.16.840.1.101.3.4.2.6": "sba512-256",
272 "2.16.840.1.101.3.4.2.7": "sha3-224",
273 "2.16.840.1.101.3.4.2.8": "sha3-256",
274 "2.16.840.1.101.3.4.2.9": "sha3-384",
275 "2.16.840.1.101.3.4.2.10": "sha3-512",
276 "2.16.840.1.101.3.4.2.11": "shake128",
277 "2.16.840.1.101.3.4.2.12": "shake256",
278}
280# thawte #
282thawte_oids = {
283 "1.3.101.112": "Ed25519",
284 "1.3.101.113": "Ed448",
285}
287# pkcs7 #
289pkcs7_oids = {
290 "1.2.840.113549.1.7.2": "id-signedData",
291}
293# pkcs9 #
295pkcs9_oids = {
296 "1.2.840.113549.1.9": "pkcs9",
297 "1.2.840.113549.1.9.0": "modules",
298 "1.2.840.113549.1.9.1": "emailAddress",
299 "1.2.840.113549.1.9.2": "unstructuredName",
300 "1.2.840.113549.1.9.3": "contentType",
301 "1.2.840.113549.1.9.4": "messageDigest",
302 "1.2.840.113549.1.9.5": "signing-time",
303 "1.2.840.113549.1.9.6": "countersignature",
304 "1.2.840.113549.1.9.7": "challengePassword",
305 "1.2.840.113549.1.9.8": "unstructuredAddress",
306 "1.2.840.113549.1.9.9": "extendedCertificateAttributes",
307 "1.2.840.113549.1.9.13": "signingDescription",
308 "1.2.840.113549.1.9.14": "extensionRequest",
309 "1.2.840.113549.1.9.15": "smimeCapabilities",
310 "1.2.840.113549.1.9.16": "smime",
311 "1.2.840.113549.1.9.17": "pgpKeyID",
312 "1.2.840.113549.1.9.20": "friendlyName",
313 "1.2.840.113549.1.9.21": "localKeyID",
314 "1.2.840.113549.1.9.22": "certTypes",
315 "1.2.840.113549.1.9.23": "crlTypes",
316 "1.2.840.113549.1.9.24": "pkcs-9-oc",
317 "1.2.840.113549.1.9.25": "pkcs-9-at",
318 "1.2.840.113549.1.9.26": "pkcs-9-sx",
319 "1.2.840.113549.1.9.27": "pkcs-9-mr",
320 "1.2.840.113549.1.9.52": "id-aa-CMSAlgorithmProtection"
321}
323# x509 #
325attributeType_oids = {
326 "2.5.4.0": "objectClass",
327 "2.5.4.1": "aliasedEntryName",
328 "2.5.4.2": "knowledgeInformation",
329 "2.5.4.3": "commonName",
330 "2.5.4.4": "surname",
331 "2.5.4.5": "serialNumber",
332 "2.5.4.6": "countryName",
333 "2.5.4.7": "localityName",
334 "2.5.4.8": "stateOrProvinceName",
335 "2.5.4.9": "streetAddress",
336 "2.5.4.10": "organizationName",
337 "2.5.4.11": "organizationUnitName",
338 "2.5.4.12": "title",
339 "2.5.4.13": "description",
340 "2.5.4.14": "searchGuide",
341 "2.5.4.15": "businessCategory",
342 "2.5.4.16": "postalAddress",
343 "2.5.4.17": "postalCode",
344 "2.5.4.18": "postOfficeBox",
345 "2.5.4.19": "physicalDeliveryOfficeName",
346 "2.5.4.20": "telephoneNumber",
347 "2.5.4.21": "telexNumber",
348 "2.5.4.22": "teletexTerminalIdentifier",
349 "2.5.4.23": "facsimileTelephoneNumber",
350 "2.5.4.24": "x121Address",
351 "2.5.4.25": "internationalISDNNumber",
352 "2.5.4.26": "registeredAddress",
353 "2.5.4.27": "destinationIndicator",
354 "2.5.4.28": "preferredDeliveryMethod",
355 "2.5.4.29": "presentationAddress",
356 "2.5.4.30": "supportedApplicationContext",
357 "2.5.4.31": "member",
358 "2.5.4.32": "owner",
359 "2.5.4.33": "roleOccupant",
360 "2.5.4.34": "seeAlso",
361 "2.5.4.35": "userPassword",
362 "2.5.4.36": "userCertificate",
363 "2.5.4.37": "cACertificate",
364 "2.5.4.38": "authorityRevocationList",
365 "2.5.4.39": "certificateRevocationList",
366 "2.5.4.40": "crossCertificatePair",
367 "2.5.4.41": "name",
368 "2.5.4.42": "givenName",
369 "2.5.4.43": "initials",
370 "2.5.4.44": "generationQualifier",
371 "2.5.4.45": "uniqueIdentifier",
372 "2.5.4.46": "dnQualifier",
373 "2.5.4.47": "enhancedSearchGuide",
374 "2.5.4.48": "protocolInformation",
375 "2.5.4.49": "distinguishedName",
376 "2.5.4.50": "uniqueMember",
377 "2.5.4.51": "houseIdentifier",
378 "2.5.4.52": "supportedAlgorithms",
379 "2.5.4.53": "deltaRevocationList",
380 "2.5.4.54": "dmdName",
381 "2.5.4.55": "clearance",
382 "2.5.4.56": "defaultDirQop",
383 "2.5.4.57": "attributeIntegrityInfo",
384 "2.5.4.58": "attributeCertificate",
385 "2.5.4.59": "attributeCertificateRevocationList",
386 "2.5.4.60": "confKeyInfo",
387 "2.5.4.61": "aACertificate",
388 "2.5.4.62": "attributeDescriptorCertificate",
389 "2.5.4.63": "attributeAuthorityRevocationList",
390 "2.5.4.64": "family-information",
391 "2.5.4.65": "pseudonym",
392 "2.5.4.66": "communicationsService",
393 "2.5.4.67": "communicationsNetwork",
394 "2.5.4.68": "certificationPracticeStmt",
395 "2.5.4.69": "certificatePolicy",
396 "2.5.4.70": "pkiPath",
397 "2.5.4.71": "privPolicy",
398 "2.5.4.72": "role",
399 "2.5.4.73": "delegationPath",
400 "2.5.4.74": "protPrivPolicy",
401 "2.5.4.75": "xMLPrivilegeInfo",
402 "2.5.4.76": "xmlPrivPolicy",
403 "2.5.4.77": "uuidpair",
404 "2.5.4.78": "tagOid",
405 "2.5.4.79": "uiiFormat",
406 "2.5.4.80": "uiiInUrh",
407 "2.5.4.81": "contentUrl",
408 "2.5.4.82": "permission",
409 "2.5.4.83": "uri",
410 "2.5.4.84": "pwdAttribute",
411 "2.5.4.85": "userPwd",
412 "2.5.4.86": "urn",
413 "2.5.4.87": "url",
414 "2.5.4.88": "utmCoordinates",
415 "2.5.4.89": "urnC",
416 "2.5.4.90": "uii",
417 "2.5.4.91": "epc",
418 "2.5.4.92": "tagAfi",
419 "2.5.4.93": "epcFormat",
420 "2.5.4.94": "epcInUrn",
421 "2.5.4.95": "ldapUrl",
422 "2.5.4.96": "ldapUrl",
423 "2.5.4.97": "organizationIdentifier",
424 # RFC 4519
425 "0.9.2342.19200300.100.1.25": "dc",
426}
428certificateExtension_oids = {
429 "2.5.29.1": "authorityKeyIdentifier(obsolete)",
430 "2.5.29.2": "keyAttributes",
431 "2.5.29.3": "certificatePolicies(obsolete)",
432 "2.5.29.4": "keyUsageRestriction",
433 "2.5.29.5": "policyMapping",
434 "2.5.29.6": "subtreesConstraint",
435 "2.5.29.7": "subjectAltName(obsolete)",
436 "2.5.29.8": "issuerAltName(obsolete)",
437 "2.5.29.9": "subjectDirectoryAttributes",
438 "2.5.29.10": "basicConstraints(obsolete)",
439 "2.5.29.14": "subjectKeyIdentifier",
440 "2.5.29.15": "keyUsage",
441 "2.5.29.16": "privateKeyUsagePeriod",
442 "2.5.29.17": "subjectAltName",
443 "2.5.29.18": "issuerAltName",
444 "2.5.29.19": "basicConstraints",
445 "2.5.29.20": "cRLNumber",
446 "2.5.29.21": "reasonCode",
447 "2.5.29.22": "expirationDate",
448 "2.5.29.23": "instructionCode",
449 "2.5.29.24": "invalidityDate",
450 "2.5.29.25": "cRLDistributionPoints(obsolete)",
451 "2.5.29.26": "issuingDistributionPoint(obsolete)",
452 "2.5.29.27": "deltaCRLIndicator",
453 "2.5.29.28": "issuingDistributionPoint",
454 "2.5.29.29": "certificateIssuer",
455 "2.5.29.30": "nameConstraints",
456 "2.5.29.31": "cRLDistributionPoints",
457 "2.5.29.32": "certificatePolicies",
458 "2.5.29.33": "policyMappings",
459 "2.5.29.34": "policyConstraints(obsolete)",
460 "2.5.29.35": "authorityKeyIdentifier",
461 "2.5.29.36": "policyConstraints",
462 "2.5.29.37": "extKeyUsage",
463 "2.5.29.38": "authorityAttributeIdentifier",
464 "2.5.29.39": "roleSpecCertIdentifier",
465 "2.5.29.40": "cRLStreamIdentifier",
466 "2.5.29.41": "basicAttConstraints",
467 "2.5.29.42": "delegatedNameConstraints",
468 "2.5.29.43": "timeSpecification",
469 "2.5.29.44": "cRLScope",
470 "2.5.29.45": "statusReferrals",
471 "2.5.29.46": "freshestCRL",
472 "2.5.29.47": "orderedList",
473 "2.5.29.48": "attributeDescriptor",
474 "2.5.29.49": "userNotice",
475 "2.5.29.50": "sOAIdentifier",
476 "2.5.29.51": "baseUpdateTime",
477 "2.5.29.52": "acceptableCertPolicies",
478 "2.5.29.53": "deltaInfo",
479 "2.5.29.54": "inhibitAnyPolicy",
480 "2.5.29.55": "targetInformation",
481 "2.5.29.56": "noRevAvail",
482 "2.5.29.57": "acceptablePrivilegePolicies",
483 "2.5.29.58": "id-ce-toBeRevoked",
484 "2.5.29.59": "id-ce-RevokedGroups",
485 "2.5.29.60": "id-ce-expiredCertsOnCRL",
486 "2.5.29.61": "indirectIssuer",
487 "2.5.29.62": "id-ce-noAssertion",
488 "2.5.29.63": "id-ce-aAissuingDistributionPoint",
489 "2.5.29.64": "id-ce-issuedOnBehaIFOF",
490 "2.5.29.65": "id-ce-singleUse",
491 "2.5.29.66": "id-ce-groupAC",
492 "2.5.29.67": "id-ce-allowedAttAss",
493 "2.5.29.68": "id-ce-attributeMappings",
494 "2.5.29.69": "id-ce-holderNameConstraints",
495 # [MS-WCCE]
496 "1.3.6.1.4.1.311.2.1.14": "CERT_EXTENSIONS",
497 "1.3.6.1.4.1.311.10.3.4": "szOID_EFS_CRYPTO",
498 "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE",
499 "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION",
500 "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT",
501 "1.3.6.1.4.1.311.25.2.1": "NTDS_OBJECTSID",
502}
504certExt_oids = {
505 "2.16.840.1.113730.1.1": "cert-type",
506 "2.16.840.1.113730.1.2": "base-url",
507 "2.16.840.1.113730.1.3": "revocation-url",
508 "2.16.840.1.113730.1.4": "ca-revocation-url",
509 "2.16.840.1.113730.1.5": "ca-crl-url",
510 "2.16.840.1.113730.1.6": "ca-cert-url",
511 "2.16.840.1.113730.1.7": "renewal-url",
512 "2.16.840.1.113730.1.8": "ca-policy-url",
513 "2.16.840.1.113730.1.9": "homepage-url",
514 "2.16.840.1.113730.1.10": "entity-logo",
515 "2.16.840.1.113730.1.11": "user-picture",
516 "2.16.840.1.113730.1.12": "ssl-server-name",
517 "2.16.840.1.113730.1.13": "comment",
518 "2.16.840.1.113730.1.14": "lost-password-url",
519 "2.16.840.1.113730.1.15": "cert-renewal-time",
520 "2.16.840.1.113730.1.16": "aia",
521 "2.16.840.1.113730.1.17": "cert-scope-of-use",
522}
524certPkixPe_oids = {
525 "1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
526 "1.3.6.1.5.5.7.1.2": "biometricInfo",
527 "1.3.6.1.5.5.7.1.3": "qcStatements",
528 "1.3.6.1.5.5.7.1.4": "auditIdentity",
529 "1.3.6.1.5.5.7.1.6": "aaControls",
530 "1.3.6.1.5.5.7.1.10": "proxying",
531 "1.3.6.1.5.5.7.1.11": "subjectInfoAccess"
532}
534certPkixQt_oids = {
535 "1.3.6.1.5.5.7.2.1": "cps",
536 "1.3.6.1.5.5.7.2.2": "unotice"
537}
539certPkixKp_oids = {
540 "1.3.6.1.5.5.7.3.1": "serverAuth",
541 "1.3.6.1.5.5.7.3.2": "clientAuth",
542 "1.3.6.1.5.5.7.3.3": "codeSigning",
543 "1.3.6.1.5.5.7.3.4": "emailProtection",
544 "1.3.6.1.5.5.7.3.5": "ipsecEndSystem",
545 "1.3.6.1.5.5.7.3.6": "ipsecTunnel",
546 "1.3.6.1.5.5.7.3.7": "ipsecUser",
547 "1.3.6.1.5.5.7.3.8": "timeStamping",
548 "1.3.6.1.5.5.7.3.9": "ocspSigning",
549 "1.3.6.1.5.5.7.3.10": "dvcs",
550 "1.3.6.1.5.5.7.3.21": "secureShellClient",
551 "1.3.6.1.5.5.7.3.22": "secureShellServer"
552}
554certPkixAd_oids = {
555 "1.3.6.1.5.5.7.48.1": "ocsp",
556 "1.3.6.1.5.5.7.48.2": "caIssuers",
557 "1.3.6.1.5.5.7.48.3": "timestamping",
558 "1.3.6.1.5.5.7.48.4": "id-ad-dvcs",
559 "1.3.6.1.5.5.7.48.5": "id-ad-caRepository",
560 "1.3.6.1.5.5.7.48.6": "id-pkix-ocsp-archive-cutoff",
561 "1.3.6.1.5.5.7.48.7": "id-pkix-ocsp-service-locator",
562 "1.3.6.1.5.5.7.48.12": "id-ad-cmc",
563 "1.3.6.1.5.5.7.48.1.1": "basic-response"
564}
566certTransp_oids = {
567 '1.3.6.1.4.1.11129.2.4.2': "SignedCertificateTimestampList",
568}
570# ansi-x962 #
572x962KeyType_oids = {
573 "1.2.840.10045.1.1": "prime-field",
574 "1.2.840.10045.1.2": "characteristic-two-field",
575 "1.2.840.10045.2.1": "ecPublicKey",
576}
578x962Signature_oids = {
579 "1.2.840.10045.4.1": "ecdsa-with-SHA1",
580 "1.2.840.10045.4.2": "ecdsa-with-Recommended",
581 "1.2.840.10045.4.3.1": "ecdsa-with-SHA224",
582 "1.2.840.10045.4.3.2": "ecdsa-with-SHA256",
583 "1.2.840.10045.4.3.3": "ecdsa-with-SHA384",
584 "1.2.840.10045.4.3.4": "ecdsa-with-SHA512"
585}
587# ansi-x942 #
589x942KeyType_oids = {
590 "1.2.840.10046.2.1": "dhpublicnumber", # RFC3770 sect 4.1.1
591}
593# elliptic curves #
595ansiX962Curve_oids = {
596 "1.2.840.10045.3.1.1": "prime192v1",
597 "1.2.840.10045.3.1.2": "prime192v2",
598 "1.2.840.10045.3.1.3": "prime192v3",
599 "1.2.840.10045.3.1.4": "prime239v1",
600 "1.2.840.10045.3.1.5": "prime239v2",
601 "1.2.840.10045.3.1.6": "prime239v3",
602 "1.2.840.10045.3.1.7": "prime256v1"
603}
605certicomCurve_oids = {
606 "1.3.132.0.1": "ansit163k1",
607 "1.3.132.0.2": "ansit163r1",
608 "1.3.132.0.3": "ansit239k1",
609 "1.3.132.0.4": "sect113r1",
610 "1.3.132.0.5": "sect113r2",
611 "1.3.132.0.6": "secp112r1",
612 "1.3.132.0.7": "secp112r2",
613 "1.3.132.0.8": "ansip160r1",
614 "1.3.132.0.9": "ansip160k1",
615 "1.3.132.0.10": "ansip256k1",
616 "1.3.132.0.15": "ansit163r2",
617 "1.3.132.0.16": "ansit283k1",
618 "1.3.132.0.17": "ansit283r1",
619 "1.3.132.0.22": "sect131r1",
620 "1.3.132.0.24": "ansit193r1",
621 "1.3.132.0.25": "ansit193r2",
622 "1.3.132.0.26": "ansit233k1",
623 "1.3.132.0.27": "ansit233r1",
624 "1.3.132.0.28": "secp128r1",
625 "1.3.132.0.29": "secp128r2",
626 "1.3.132.0.30": "ansip160r2",
627 "1.3.132.0.31": "ansip192k1",
628 "1.3.132.0.32": "ansip224k1",
629 "1.3.132.0.33": "ansip224r1",
630 "1.3.132.0.34": "ansip384r1",
631 "1.3.132.0.35": "ansip521r1",
632 "1.3.132.0.36": "ansit409k1",
633 "1.3.132.0.37": "ansit409r1",
634 "1.3.132.0.38": "ansit571k1",
635 "1.3.132.0.39": "ansit571r1"
636}
638# policies #
640certPolicy_oids = {
641 "2.5.29.32.0": "anyPolicy"
642}
644# from Chromium source code (ev_root_ca_metadata.cc)
645evPolicy_oids = {
646 '1.2.392.200091.100.721.1': 'EV Security Communication RootCA1',
647 '1.2.616.1.113527.2.5.1.1': 'EV Certum Trusted Network CA',
648 '1.3.159.1.17.1': 'EV Actualis Authentication Root CA',
649 '1.3.6.1.4.1.13177.10.1.3.10': 'EV Autoridad de Certificacion Firmaprofesional CIF A62634068',
650 '1.3.6.1.4.1.14370.1.6': 'EV GeoTrust Primary Certification Authority',
651 '1.3.6.1.4.1.14777.6.1.1': 'EV Izenpe.com roots Business',
652 '1.3.6.1.4.1.14777.6.1.2': 'EV Izenpe.com roots Government',
653 '1.3.6.1.4.1.17326.10.14.2.1.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
654 '1.3.6.1.4.1.17326.10.14.2.2.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
655 '1.3.6.1.4.1.17326.10.8.12.1.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
656 '1.3.6.1.4.1.17326.10.8.12.2.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
657 '1.3.6.1.4.1.22234.2.5.2.3.1': 'EV CertPlus Class 2 Primary CA (KEYNECTIS)',
658 '1.3.6.1.4.1.23223.1.1.1': 'EV StartCom Certification Authority',
659 '1.3.6.1.4.1.29836.1.10': 'EV China Internet Network Information Center EV Certificates Root',
660 '1.3.6.1.4.1.311.60.2.1.1': 'jurisdictionOfIncorporationLocalityName',
661 '1.3.6.1.4.1.311.60.2.1.2': 'jurisdictionOfIncorporationStateOrProvinceName',
662 '1.3.6.1.4.1.311.60.2.1.3': 'jurisdictionOfIncorporationCountryName',
663 '1.3.6.1.4.1.34697.2.1': 'EV AffirmTrust Commercial',
664 '1.3.6.1.4.1.34697.2.2': 'EV AffirmTrust Networking',
665 '1.3.6.1.4.1.34697.2.3': 'EV AffirmTrust Premium',
666 '1.3.6.1.4.1.34697.2.4': 'EV AffirmTrust Premium ECC',
667 '1.3.6.1.4.1.36305.2': 'EV Certificate Authority of WoSign',
668 '1.3.6.1.4.1.40869.1.1.22.3': 'EV TWCA Roots',
669 '1.3.6.1.4.1.4146.1.1': 'EV GlobalSign Root CAs',
670 '1.3.6.1.4.1.4788.2.202.1': 'EV D-TRUST Root Class 3 CA 2 EV 2009',
671 '1.3.6.1.4.1.6334.1.100.1': 'EV Cybertrust Global Root',
672 '1.3.6.1.4.1.6449.1.2.1.5.1': 'EV USERTrust Certification Authorities',
673 '1.3.6.1.4.1.781.1.2.1.8.1': 'EV Network Solutions Certificate Authority',
674 '1.3.6.1.4.1.782.1.2.1.8.1': 'EV AddTrust External CA Root',
675 '1.3.6.1.4.1.7879.13.24.1': 'EV T-Telessec GlobalRoot Class 3',
676 '1.3.6.1.4.1.8024.0.2.100.1.2': 'EV QuoVadis Roots',
677 '2.16.528.1.1003.1.2.7': 'EV Staat der Nederlanden EV Root CA',
678 '2.16.578.1.26.1.3.3': 'EV Buypass Class 3',
679 '2.16.756.1.83.21.0': 'EV Swisscom Root EV CA 2',
680 '2.16.756.1.89.1.2.1.1': 'EV SwissSign Gold CA - G2',
681 '2.16.792.3.0.4.1.1.4': 'EV E-Tugra Certification Authority',
682 '2.16.840.1.113733.1.7.23.6': 'EV VeriSign Certification Authorities',
683 '2.16.840.1.113733.1.7.48.1': 'EV thawte CAs',
684 '2.16.840.1.114028.10.1.2': 'EV Entrust Certification Authority',
685 '2.16.840.1.114171.500.9': 'EV Wells Fargo WellsSecure Public Root Certification Authority',
686 '2.16.840.1.114404.1.1.2.4.1': 'EV XRamp Global Certification Authority',
687 '2.16.840.1.114412.2.1': 'EV DigiCert High Assurance EV Root CA',
688 '2.16.840.1.114413.1.7.23.3': 'EV ValiCert Class 2 Policy Validation Authority',
689 '2.16.840.1.114414.1.7.23.3': 'EV Starfield Certificate Authority',
690 '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority'
691}
693# gssapi #
695gssapi_oids = {
696 '1.2.840.48018.1.2.2': 'MS KRB5 - Microsoft Kerberos 5',
697 '1.2.840.113554.1.2.2': 'Kerberos 5',
698 '1.2.840.113554.1.2.2.3': 'Kerberos 5 - User to User',
699 '1.3.6.1.5.2.5': 'Kerberos 5 - IAKERB',
700 '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation',
701 '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider',
702 '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism',
703}
705# kerberos #
707kerberos_oids = {
708 "1.3.6.1.5.2.3.1": "id-pkinit-authData",
709 "1.3.6.1.5.2.3.2": "id-pkinit-DHKeyData",
710 "1.3.6.1.5.2.3.3": "id-pkinit-rkeyData",
711 "1.3.6.1.5.2.3.4": "id-pkinit-KPClientAuth",
712 "1.3.6.1.5.2.3.5": "id-pkinit-KPKdc",
713 # RFC8363
714 "1.3.6.1.5.2.3.6": "id-pkinit-kdf",
715 "1.3.6.1.5.2.3.6.1": "id-pkinit-kdf-sha1",
716 "1.3.6.1.5.2.3.6.2": "id-pkinit-kdf-sha256",
717 "1.3.6.1.5.2.3.6.3": "id-pkinit-kdf-sha512",
718 "1.3.6.1.5.2.3.6.4": "id-pkinit-kdf-sha384",
719}
722x509_oids_sets = [
723 pkcs1_oids,
724 secsig_oids,
725 nist_oids,
726 thawte_oids,
727 pkcs7_oids,
728 pkcs9_oids,
729 attributeType_oids,
730 certificateExtension_oids,
731 certExt_oids,
732 certPkixAd_oids,
733 certPkixKp_oids,
734 certPkixPe_oids,
735 certPkixQt_oids,
736 certPolicy_oids,
737 certTransp_oids,
738 evPolicy_oids,
739 x962KeyType_oids,
740 x962Signature_oids,
741 x942KeyType_oids,
742 ansiX962Curve_oids,
743 certicomCurve_oids,
744 gssapi_oids,
745 kerberos_oids,
746]
748x509_oids = {}
750for oids_set in x509_oids_sets:
751 x509_oids.update(oids_set)
753conf.mib = MIBDict(_name="MIB", **x509_oids)
756#########################
757# Hash mapping helper #
758#########################
760# This dict enables static access to string references to the hash functions
761# of some algorithms from pkcs1_oids and x962Signature_oids.
763hash_by_oid = {
764 "1.2.840.113549.1.1.2": "md2",
765 "1.2.840.113549.1.1.3": "md4",
766 "1.2.840.113549.1.1.4": "md5",
767 "1.2.840.113549.1.1.5": "sha1",
768 "1.2.840.113549.1.1.11": "sha256",
769 "1.2.840.113549.1.1.12": "sha384",
770 "1.2.840.113549.1.1.13": "sha512",
771 "1.2.840.113549.1.1.14": "sha224",
772 "1.2.840.10045.4.1": "sha1",
773 "1.2.840.10045.4.3.1": "sha224",
774 "1.2.840.10045.4.3.2": "sha256",
775 "1.2.840.10045.4.3.3": "sha384",
776 "1.2.840.10045.4.3.4": "sha512"
777}