Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/scapy/asn1/mib.py: 48%
Shortcuts on this page
r m x toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SPDX-License-Identifier: GPL-2.0-only
2# This file is part of Scapy
3# See https://scapy.net/ for more information
4# Copyright (C) Philippe Biondi <phil@secdev.org>
5# Acknowledgment: Maxence Tury <maxence.tury@ssi.gouv.fr>
7"""
8Management Information Base (MIB) parsing
9"""
11import re
12from glob import glob
13from scapy.dadict import DADict, fixname
14from scapy.config import conf
15from scapy.utils import do_graph
16from scapy.compat import plain_str
18from typing import (
19 Any,
20 Dict,
21 List,
22 Optional,
23 Tuple,
24)
26#################
27# MIB parsing #
28#################
30_mib_re_integer = re.compile(r"^[0-9]+$")
31_mib_re_both = re.compile(r"^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$")
32_mib_re_oiddecl = re.compile(
33 r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT[^:\{\}]+::=\s*\{([^\}]+)\}", re.M)
34_mib_re_strings = re.compile(r'"[^"]*"')
35_mib_re_comments = re.compile(r'--.*(\r|\n)')
38class MIBDict(DADict[str, str]):
39 def _findroot(self, x):
40 # type: (str) -> Tuple[str, str, str]
41 """Internal MIBDict function used to find a partial OID"""
42 if x.startswith("."):
43 x = x[1:]
44 if not x.endswith("."):
45 x += "."
46 max = 0
47 root = "."
48 root_key = ""
49 for k in self:
50 if x.startswith(k + "."):
51 if max < len(k):
52 max = len(k)
53 root = self[k]
54 root_key = k
55 return root, root_key, x[max:-1]
57 def _oidname(self, x):
58 # type: (str) -> str
59 """Deduce the OID name from its OID ID"""
60 root, _, remainder = self._findroot(x)
61 return root + remainder
63 def _oid(self, x):
64 # type: (str) -> str
65 """Parse the OID id/OID generator, and return real OID"""
66 xl = x.strip(".").split(".")
67 p = len(xl) - 1
68 while p >= 0 and _mib_re_integer.match(xl[p]):
69 p -= 1
70 if p != 0 or xl[p] not in self.d.values():
71 return x
72 xl[p] = next(k for k, v in self.d.items() if v == xl[p])
73 return ".".join(xl[p:])
75 def _make_graph(self, other_keys=None, **kargs):
76 # type: (Optional[Any], **Any) -> None
77 if other_keys is None:
78 other_keys = []
79 nodes = [(self[key], key) for key in self.iterkeys()]
80 oids = set(self.iterkeys())
81 for k in other_keys:
82 if k not in oids:
83 nodes.append((self._oidname(k), k))
84 s = 'digraph "mib" {\n\trankdir=LR;\n\n'
85 for k, o in nodes:
86 s += '\t"%s" [ label="%s" ];\n' % (o, k)
87 s += "\n"
88 for k, o in nodes:
89 parent, parent_key, remainder = self._findroot(o[:-1])
90 remainder = remainder[1:] + o[-1]
91 if parent != ".":
92 parent = parent_key
93 s += '\t"%s" -> "%s" [label="%s"];\n' % (parent, o, remainder)
94 s += "}\n"
95 do_graph(s, **kargs)
98def _mib_register(ident, # type: str
99 value, # type: List[str]
100 the_mib, # type: Dict[str, List[str]]
101 unresolved, # type: Dict[str, List[str]]
102 alias, # type: Dict[str, str]
103 ):
104 # type: (...) -> bool
105 """
106 Internal function used to register an OID and its name in a MIBDict
107 """
108 if ident in the_mib:
109 # We have already resolved this one. Store the alias
110 alias[".".join(value)] = ident
111 return True
112 if ident in unresolved:
113 # We know we can't resolve this one
114 return False
115 resval = []
116 not_resolved = 0
117 # Resolve the OID
118 # (e.g. 2.basicConstraints.3 -> 2.2.5.29.19.3)
119 for v in value:
120 if _mib_re_integer.match(v):
121 resval.append(v)
122 else:
123 v = fixname(plain_str(v))
124 if v not in the_mib:
125 not_resolved = 1
126 if v in the_mib:
127 resval += the_mib[v]
128 elif v in unresolved:
129 resval += unresolved[v]
130 else:
131 resval.append(v)
132 if not_resolved:
133 # Unresolved
134 unresolved[ident] = resval
135 return False
136 else:
137 # Fully resolved
138 the_mib[ident] = resval
139 keys = list(unresolved)
140 i = 0
141 # Go through the unresolved to update the ones that
142 # depended on the one we just did
143 while i < len(keys):
144 k = keys[i]
145 if _mib_register(k, unresolved[k], the_mib, {}, alias):
146 # Now resolved: we can remove it from unresolved
147 del unresolved[k]
148 del keys[i]
149 i = 0
150 else:
151 i += 1
153 return True
156def load_mib(filenames):
157 # type: (str) -> None
158 """
159 Load the conf.mib dict from a list of filenames
160 """
161 the_mib = {'iso': ['1']}
162 unresolved = {} # type: Dict[str, List[str]]
163 alias = {} # type: Dict[str, str]
164 # Export the current MIB to a working dictionary
165 for k in conf.mib:
166 _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias)
168 # Read the files
169 if isinstance(filenames, (str, bytes)):
170 files_list = [filenames]
171 else:
172 files_list = filenames
173 for fnames in files_list:
174 for fname in glob(fnames):
175 with open(fname) as f:
176 text = f.read()
177 cleantext = " ".join(
178 _mib_re_strings.split(" ".join(_mib_re_comments.split(text)))
179 )
180 for m in _mib_re_oiddecl.finditer(cleantext):
181 gr = m.groups()
182 ident, oid_s = gr[0], gr[-1]
183 ident = fixname(ident)
184 oid_l = oid_s.split()
185 for i, elt in enumerate(oid_l):
186 m2 = _mib_re_both.match(elt)
187 if m2:
188 oid_l[i] = m2.groups()[1]
189 _mib_register(ident, oid_l, the_mib, unresolved, alias)
191 # Create the new MIB
192 newmib = MIBDict(_name="MIB")
193 # Add resolved values
194 for oid, key in the_mib.items():
195 newmib[".".join(key)] = oid
196 # Add unresolved values
197 for oid, key in unresolved.items():
198 newmib[".".join(key)] = oid
199 # Add aliases
200 for key_s, oid in alias.items():
201 newmib[key_s] = oid
203 conf.mib = newmib
206####################
207# OID references #
208####################
210# pkcs1 #
212pkcs1_oids = {
213 "1.2.840.113549.1.1": "pkcs1",
214 "1.2.840.113549.1.1.1": "rsaEncryption",
215 "1.2.840.113549.1.1.2": "md2WithRSAEncryption",
216 "1.2.840.113549.1.1.3": "md4WithRSAEncryption",
217 "1.2.840.113549.1.1.4": "md5WithRSAEncryption",
218 "1.2.840.113549.1.1.5": "sha1-with-rsa-signature",
219 "1.2.840.113549.1.1.6": "rsaOAEPEncryptionSET",
220 "1.2.840.113549.1.1.7": "id-RSAES-OAEP",
221 "1.2.840.113549.1.1.8": "id-mgf1",
222 "1.2.840.113549.1.1.9": "id-pSpecified",
223 "1.2.840.113549.1.1.10": "rsassa-pss",
224 "1.2.840.113549.1.1.11": "sha256WithRSAEncryption",
225 "1.2.840.113549.1.1.12": "sha384WithRSAEncryption",
226 "1.2.840.113549.1.1.13": "sha512WithRSAEncryption",
227 "1.2.840.113549.1.1.14": "sha224WithRSAEncryption"
228}
230# secsig oiw #
232secsig_oids = {
233 "1.3.14.3.2": "OIWSEC",
234 "1.3.14.3.2.2": "md4RSA",
235 "1.3.14.3.2.3": "md5RSA",
236 "1.3.14.3.2.4": "md4RSA2",
237 "1.3.14.3.2.6": "desECB",
238 "1.3.14.3.2.7": "desCBC",
239 "1.3.14.3.2.8": "desOFB",
240 "1.3.14.3.2.9": "desCFB",
241 "1.3.14.3.2.10": "desMAC",
242 "1.3.14.3.2.11": "rsaSign",
243 "1.3.14.3.2.12": "dsa",
244 "1.3.14.3.2.13": "shaDSA",
245 "1.3.14.3.2.14": "mdc2RSA",
246 "1.3.14.3.2.15": "shaRSA",
247 "1.3.14.3.2.16": "dhCommMod",
248 "1.3.14.3.2.17": "desEDE",
249 "1.3.14.3.2.18": "sha",
250 "1.3.14.3.2.19": "mdc2",
251 "1.3.14.3.2.20": "dsaComm",
252 "1.3.14.3.2.21": "dsaCommSHA",
253 "1.3.14.3.2.22": "rsaXchg",
254 "1.3.14.3.2.23": "keyHashSeal",
255 "1.3.14.3.2.24": "md2RSASign",
256 "1.3.14.3.2.25": "md5RSASign",
257 "1.3.14.3.2.26": "sha1",
258 "1.3.14.3.2.27": "dsaSHA1",
259 "1.3.14.3.2.28": "dsaCommSHA1",
260 "1.3.14.3.2.29": "sha1RSASign",
261}
263# nist #
265nist_oids = {
266 "2.16.840.1.101.3.4.2.1": "sha256",
267 "2.16.840.1.101.3.4.2.2": "sha384",
268 "2.16.840.1.101.3.4.2.3": "sha512",
269 "2.16.840.1.101.3.4.2.4": "sha224",
270 "2.16.840.1.101.3.4.2.5": "sha512-224",
271 "2.16.840.1.101.3.4.2.6": "sba512-256",
272 "2.16.840.1.101.3.4.2.7": "sha3-224",
273 "2.16.840.1.101.3.4.2.8": "sha3-256",
274 "2.16.840.1.101.3.4.2.9": "sha3-384",
275 "2.16.840.1.101.3.4.2.10": "sha3-512",
276 "2.16.840.1.101.3.4.2.11": "shake128",
277 "2.16.840.1.101.3.4.2.12": "shake256",
278}
280# thawte #
282thawte_oids = {
283 "1.3.101.112": "Ed25519",
284 "1.3.101.113": "Ed448",
285}
287# pkcs3 #
289pkcs3_oids = {
290 "1.2.840.113549.1.3": "pkcs-3",
291 "1.2.840.113549.1.3.1": "dhKeyAgreement",
292}
294# pkcs7 #
296pkcs7_oids = {
297 "1.2.840.113549.1.7": "pkcs-7",
298 "1.2.840.113549.1.7.2": "id-signedData",
299 "1.2.840.113549.1.7.3": "id-envelopedData",
300}
302# pkcs9 #
304pkcs9_oids = {
305 "1.2.840.113549.1.9": "pkcs-9",
306 "1.2.840.113549.1.9.0": "modules",
307 "1.2.840.113549.1.9.1": "emailAddress",
308 "1.2.840.113549.1.9.2": "unstructuredName",
309 "1.2.840.113549.1.9.3": "contentType",
310 "1.2.840.113549.1.9.4": "messageDigest",
311 "1.2.840.113549.1.9.5": "signing-time",
312 "1.2.840.113549.1.9.6": "countersignature",
313 "1.2.840.113549.1.9.7": "challengePassword",
314 "1.2.840.113549.1.9.8": "unstructuredAddress",
315 "1.2.840.113549.1.9.9": "extendedCertificateAttributes",
316 "1.2.840.113549.1.9.13": "signingDescription",
317 "1.2.840.113549.1.9.14": "extensionRequest",
318 "1.2.840.113549.1.9.15": "smimeCapabilities",
319 "1.2.840.113549.1.9.16": "smime",
320 "1.2.840.113549.1.9.17": "pgpKeyID",
321 "1.2.840.113549.1.9.20": "friendlyName",
322 "1.2.840.113549.1.9.21": "localKeyID",
323 "1.2.840.113549.1.9.22": "certTypes",
324 "1.2.840.113549.1.9.23": "crlTypes",
325 "1.2.840.113549.1.9.24": "pkcs-9-oc",
326 "1.2.840.113549.1.9.25": "pkcs-9-at",
327 "1.2.840.113549.1.9.26": "pkcs-9-sx",
328 "1.2.840.113549.1.9.27": "pkcs-9-mr",
329 "1.2.840.113549.1.9.52": "id-aa-CMSAlgorithmProtection"
330}
332# enc algs #
334encAlgs_oids = {
335 "1.2.840.113549.3.4": "rc4",
336 "1.2.840.113549.3.7": "des-ede3-cbc",
337}
339# x509 #
341attributeType_oids = {
342 "2.5.4.0": "objectClass",
343 "2.5.4.1": "aliasedEntryName",
344 "2.5.4.2": "knowledgeInformation",
345 "2.5.4.3": "commonName",
346 "2.5.4.4": "surname",
347 "2.5.4.5": "serialNumber",
348 "2.5.4.6": "countryName",
349 "2.5.4.7": "localityName",
350 "2.5.4.8": "stateOrProvinceName",
351 "2.5.4.9": "streetAddress",
352 "2.5.4.10": "organizationName",
353 "2.5.4.11": "organizationUnitName",
354 "2.5.4.12": "title",
355 "2.5.4.13": "description",
356 "2.5.4.14": "searchGuide",
357 "2.5.4.15": "businessCategory",
358 "2.5.4.16": "postalAddress",
359 "2.5.4.17": "postalCode",
360 "2.5.4.18": "postOfficeBox",
361 "2.5.4.19": "physicalDeliveryOfficeName",
362 "2.5.4.20": "telephoneNumber",
363 "2.5.4.21": "telexNumber",
364 "2.5.4.22": "teletexTerminalIdentifier",
365 "2.5.4.23": "facsimileTelephoneNumber",
366 "2.5.4.24": "x121Address",
367 "2.5.4.25": "internationalISDNNumber",
368 "2.5.4.26": "registeredAddress",
369 "2.5.4.27": "destinationIndicator",
370 "2.5.4.28": "preferredDeliveryMethod",
371 "2.5.4.29": "presentationAddress",
372 "2.5.4.30": "supportedApplicationContext",
373 "2.5.4.31": "member",
374 "2.5.4.32": "owner",
375 "2.5.4.33": "roleOccupant",
376 "2.5.4.34": "seeAlso",
377 "2.5.4.35": "userPassword",
378 "2.5.4.36": "userCertificate",
379 "2.5.4.37": "cACertificate",
380 "2.5.4.38": "authorityRevocationList",
381 "2.5.4.39": "certificateRevocationList",
382 "2.5.4.40": "crossCertificatePair",
383 "2.5.4.41": "name",
384 "2.5.4.42": "givenName",
385 "2.5.4.43": "initials",
386 "2.5.4.44": "generationQualifier",
387 "2.5.4.45": "uniqueIdentifier",
388 "2.5.4.46": "dnQualifier",
389 "2.5.4.47": "enhancedSearchGuide",
390 "2.5.4.48": "protocolInformation",
391 "2.5.4.49": "distinguishedName",
392 "2.5.4.50": "uniqueMember",
393 "2.5.4.51": "houseIdentifier",
394 "2.5.4.52": "supportedAlgorithms",
395 "2.5.4.53": "deltaRevocationList",
396 "2.5.4.54": "dmdName",
397 "2.5.4.55": "clearance",
398 "2.5.4.56": "defaultDirQop",
399 "2.5.4.57": "attributeIntegrityInfo",
400 "2.5.4.58": "attributeCertificate",
401 "2.5.4.59": "attributeCertificateRevocationList",
402 "2.5.4.60": "confKeyInfo",
403 "2.5.4.61": "aACertificate",
404 "2.5.4.62": "attributeDescriptorCertificate",
405 "2.5.4.63": "attributeAuthorityRevocationList",
406 "2.5.4.64": "family-information",
407 "2.5.4.65": "pseudonym",
408 "2.5.4.66": "communicationsService",
409 "2.5.4.67": "communicationsNetwork",
410 "2.5.4.68": "certificationPracticeStmt",
411 "2.5.4.69": "certificatePolicy",
412 "2.5.4.70": "pkiPath",
413 "2.5.4.71": "privPolicy",
414 "2.5.4.72": "role",
415 "2.5.4.73": "delegationPath",
416 "2.5.4.74": "protPrivPolicy",
417 "2.5.4.75": "xMLPrivilegeInfo",
418 "2.5.4.76": "xmlPrivPolicy",
419 "2.5.4.77": "uuidpair",
420 "2.5.4.78": "tagOid",
421 "2.5.4.79": "uiiFormat",
422 "2.5.4.80": "uiiInUrh",
423 "2.5.4.81": "contentUrl",
424 "2.5.4.82": "permission",
425 "2.5.4.83": "uri",
426 "2.5.4.84": "pwdAttribute",
427 "2.5.4.85": "userPwd",
428 "2.5.4.86": "urn",
429 "2.5.4.87": "url",
430 "2.5.4.88": "utmCoordinates",
431 "2.5.4.89": "urnC",
432 "2.5.4.90": "uii",
433 "2.5.4.91": "epc",
434 "2.5.4.92": "tagAfi",
435 "2.5.4.93": "epcFormat",
436 "2.5.4.94": "epcInUrn",
437 "2.5.4.95": "ldapUrl",
438 "2.5.4.96": "ldapUrl",
439 "2.5.4.97": "organizationIdentifier",
440 # RFC 4519
441 "0.9.2342.19200300.100.1.25": "dc",
442}
444certificateExtension_oids = {
445 "2.5.29.1": "authorityKeyIdentifier(obsolete)",
446 "2.5.29.2": "keyAttributes",
447 "2.5.29.3": "certificatePolicies(obsolete)",
448 "2.5.29.4": "keyUsageRestriction",
449 "2.5.29.5": "policyMapping",
450 "2.5.29.6": "subtreesConstraint",
451 "2.5.29.7": "subjectAltName(obsolete)",
452 "2.5.29.8": "issuerAltName(obsolete)",
453 "2.5.29.9": "subjectDirectoryAttributes",
454 "2.5.29.10": "basicConstraints(obsolete)",
455 "2.5.29.14": "subjectKeyIdentifier",
456 "2.5.29.15": "keyUsage",
457 "2.5.29.16": "privateKeyUsagePeriod",
458 "2.5.29.17": "subjectAltName",
459 "2.5.29.18": "issuerAltName",
460 "2.5.29.19": "basicConstraints",
461 "2.5.29.20": "cRLNumber",
462 "2.5.29.21": "reasonCode",
463 "2.5.29.22": "expirationDate",
464 "2.5.29.23": "instructionCode",
465 "2.5.29.24": "invalidityDate",
466 "2.5.29.25": "cRLDistributionPoints(obsolete)",
467 "2.5.29.26": "issuingDistributionPoint(obsolete)",
468 "2.5.29.27": "deltaCRLIndicator",
469 "2.5.29.28": "issuingDistributionPoint",
470 "2.5.29.29": "certificateIssuer",
471 "2.5.29.30": "nameConstraints",
472 "2.5.29.31": "cRLDistributionPoints",
473 "2.5.29.32": "certificatePolicies",
474 "2.5.29.33": "policyMappings",
475 "2.5.29.34": "policyConstraints(obsolete)",
476 "2.5.29.35": "authorityKeyIdentifier",
477 "2.5.29.36": "policyConstraints",
478 "2.5.29.37": "extKeyUsage",
479 "2.5.29.38": "authorityAttributeIdentifier",
480 "2.5.29.39": "roleSpecCertIdentifier",
481 "2.5.29.40": "cRLStreamIdentifier",
482 "2.5.29.41": "basicAttConstraints",
483 "2.5.29.42": "delegatedNameConstraints",
484 "2.5.29.43": "timeSpecification",
485 "2.5.29.44": "cRLScope",
486 "2.5.29.45": "statusReferrals",
487 "2.5.29.46": "freshestCRL",
488 "2.5.29.47": "orderedList",
489 "2.5.29.48": "attributeDescriptor",
490 "2.5.29.49": "userNotice",
491 "2.5.29.50": "sOAIdentifier",
492 "2.5.29.51": "baseUpdateTime",
493 "2.5.29.52": "acceptableCertPolicies",
494 "2.5.29.53": "deltaInfo",
495 "2.5.29.54": "inhibitAnyPolicy",
496 "2.5.29.55": "targetInformation",
497 "2.5.29.56": "noRevAvail",
498 "2.5.29.57": "acceptablePrivilegePolicies",
499 "2.5.29.58": "id-ce-toBeRevoked",
500 "2.5.29.59": "id-ce-RevokedGroups",
501 "2.5.29.60": "id-ce-expiredCertsOnCRL",
502 "2.5.29.61": "indirectIssuer",
503 "2.5.29.62": "id-ce-noAssertion",
504 "2.5.29.63": "id-ce-aAissuingDistributionPoint",
505 "2.5.29.64": "id-ce-issuedOnBehaIFOF",
506 "2.5.29.65": "id-ce-singleUse",
507 "2.5.29.66": "id-ce-groupAC",
508 "2.5.29.67": "id-ce-allowedAttAss",
509 "2.5.29.68": "id-ce-attributeMappings",
510 "2.5.29.69": "id-ce-holderNameConstraints",
511 # [MS-WCCE] + wincrypt.h
512 "1.3.6.1.4.1.311.2.1.14": "OID_CERT_EXTENSIONS",
513 "1.3.6.1.4.1.311.10.3.4": "OID_EFS_CRYPTO",
514 "1.3.6.1.4.1.311.13.2.1": "OID_ENROLLMENT_NAME_VALUE_PAIR",
515 "1.3.6.1.4.1.311.13.2.2": "OID_ENROLLMENT_CSP_PROVIDER",
516 "1.3.6.1.4.1.311.13.2.3": "OID_OS_VERSION",
517 "1.3.6.1.4.1.311.10.10.1": "OID_CMC_ADD_ATTRIBUTES",
518 "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE",
519 "1.3.6.1.4.1.311.21.10": "OID_APPLICATION_CERT_POLICIES",
520 "1.3.6.1.4.1.311.21.20": "OID_REQUEST_CLIENT_INFO",
521 "1.3.6.1.4.1.311.21.23": "OID_ENROLL_EK_INFO",
522 "1.3.6.1.4.1.311.21.24": "OID_ENROLL_ATTESTATION_STATEMENT",
523 "1.3.6.1.4.1.311.21.25": "OID_ENROLL_KSP_NAME",
524 "1.3.6.1.4.1.311.21.39": "OID_ENROLL_AIK_INFO",
525 "1.3.6.1.4.1.311.21.7": "OID_CERTIFICATE_TEMPLATE",
526 "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION",
527 "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT",
528 "1.3.6.1.4.1.311.25.2.1": "NTDS_OBJECTSID",
529}
531certExt_oids = {
532 "2.16.840.1.113730.1.1": "cert-type",
533 "2.16.840.1.113730.1.2": "base-url",
534 "2.16.840.1.113730.1.3": "revocation-url",
535 "2.16.840.1.113730.1.4": "ca-revocation-url",
536 "2.16.840.1.113730.1.5": "ca-crl-url",
537 "2.16.840.1.113730.1.6": "ca-cert-url",
538 "2.16.840.1.113730.1.7": "renewal-url",
539 "2.16.840.1.113730.1.8": "ca-policy-url",
540 "2.16.840.1.113730.1.9": "homepage-url",
541 "2.16.840.1.113730.1.10": "entity-logo",
542 "2.16.840.1.113730.1.11": "user-picture",
543 "2.16.840.1.113730.1.12": "ssl-server-name",
544 "2.16.840.1.113730.1.13": "comment",
545 "2.16.840.1.113730.1.14": "lost-password-url",
546 "2.16.840.1.113730.1.15": "cert-renewal-time",
547 "2.16.840.1.113730.1.16": "aia",
548 "2.16.840.1.113730.1.17": "cert-scope-of-use",
549}
551certPkixPe_oids = {
552 "1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
553 "1.3.6.1.5.5.7.1.2": "biometricInfo",
554 "1.3.6.1.5.5.7.1.3": "qcStatements",
555 "1.3.6.1.5.5.7.1.4": "auditIdentity",
556 "1.3.6.1.5.5.7.1.6": "aaControls",
557 "1.3.6.1.5.5.7.1.10": "proxying",
558 "1.3.6.1.5.5.7.1.11": "subjectInfoAccess"
559}
561certPkixQt_oids = {
562 "1.3.6.1.5.5.7.2.1": "cps",
563 "1.3.6.1.5.5.7.2.2": "unotice"
564}
566certPkixKp_oids = {
567 "1.3.6.1.5.5.7.3.1": "serverAuth",
568 "1.3.6.1.5.5.7.3.2": "clientAuth",
569 "1.3.6.1.5.5.7.3.3": "codeSigning",
570 "1.3.6.1.5.5.7.3.4": "emailProtection",
571 "1.3.6.1.5.5.7.3.5": "ipsecEndSystem",
572 "1.3.6.1.5.5.7.3.6": "ipsecTunnel",
573 "1.3.6.1.5.5.7.3.7": "ipsecUser",
574 "1.3.6.1.5.5.7.3.8": "timeStamping",
575 "1.3.6.1.5.5.7.3.9": "ocspSigning",
576 "1.3.6.1.5.5.7.3.10": "dvcs",
577 "1.3.6.1.5.5.7.3.21": "secureShellClient",
578 "1.3.6.1.5.5.7.3.22": "secureShellServer"
579}
581certPkixCmc_oids = {
582 "1.3.6.1.5.5.7.7.8": "id-cmc-addExtensions",
583}
585certPkixCct_oids = {
586 "1.3.6.1.5.5.7.12.2": "id-cct-PKIData",
587 "1.3.6.1.5.5.7.12.3": "id-cct-PKIResponse",
588}
590certPkixAd_oids = {
591 "1.3.6.1.5.5.7.48.1": "ocsp",
592 "1.3.6.1.5.5.7.48.2": "caIssuers",
593 "1.3.6.1.5.5.7.48.3": "timestamping",
594 "1.3.6.1.5.5.7.48.4": "id-ad-dvcs",
595 "1.3.6.1.5.5.7.48.5": "id-ad-caRepository",
596 "1.3.6.1.5.5.7.48.6": "id-pkix-ocsp-archive-cutoff",
597 "1.3.6.1.5.5.7.48.7": "id-pkix-ocsp-service-locator",
598 "1.3.6.1.5.5.7.48.12": "id-ad-cmc",
599 "1.3.6.1.5.5.7.48.1.1": "basic-response"
600}
602certIpsec_oids = {
603 "1.3.6.1.5.5.8.2.1": "iKEEnd",
604 "1.3.6.1.5.5.8.2.2": "iKEIntermediate",
605}
607certTransp_oids = {
608 '1.3.6.1.4.1.11129.2.4.2': "SignedCertificateTimestampList",
609}
611# ansi-x962 #
613x962KeyType_oids = {
614 "1.2.840.10045.1.1": "prime-field",
615 "1.2.840.10045.1.2": "characteristic-two-field",
616 "1.2.840.10045.2.1": "ecPublicKey",
617}
619x962Signature_oids = {
620 "1.2.840.10045.4.1": "ecdsa-with-SHA1",
621 "1.2.840.10045.4.2": "ecdsa-with-Recommended",
622 "1.2.840.10045.4.3.1": "ecdsa-with-SHA224",
623 "1.2.840.10045.4.3.2": "ecdsa-with-SHA256",
624 "1.2.840.10045.4.3.3": "ecdsa-with-SHA384",
625 "1.2.840.10045.4.3.4": "ecdsa-with-SHA512"
626}
628# ansi-x942 #
630x942KeyType_oids = {
631 "1.2.840.10046.2.1": "dhpublicnumber", # RFC3770 sect 4.1.1
632}
634# elliptic curves #
636ansiX962Curve_oids = {
637 "1.2.840.10045.3.1.1": "prime192v1",
638 "1.2.840.10045.3.1.2": "prime192v2",
639 "1.2.840.10045.3.1.3": "prime192v3",
640 "1.2.840.10045.3.1.4": "prime239v1",
641 "1.2.840.10045.3.1.5": "prime239v2",
642 "1.2.840.10045.3.1.6": "prime239v3",
643 "1.2.840.10045.3.1.7": "prime256v1"
644}
646certicomCurve_oids = {
647 "1.3.132.0.1": "ansit163k1",
648 "1.3.132.0.2": "ansit163r1",
649 "1.3.132.0.3": "ansit239k1",
650 "1.3.132.0.4": "sect113r1",
651 "1.3.132.0.5": "sect113r2",
652 "1.3.132.0.6": "secp112r1",
653 "1.3.132.0.7": "secp112r2",
654 "1.3.132.0.8": "ansip160r1",
655 "1.3.132.0.9": "ansip160k1",
656 "1.3.132.0.10": "ansip256k1",
657 "1.3.132.0.15": "ansit163r2",
658 "1.3.132.0.16": "ansit283k1",
659 "1.3.132.0.17": "ansit283r1",
660 "1.3.132.0.22": "sect131r1",
661 "1.3.132.0.24": "ansit193r1",
662 "1.3.132.0.25": "ansit193r2",
663 "1.3.132.0.26": "ansit233k1",
664 "1.3.132.0.27": "ansit233r1",
665 "1.3.132.0.28": "secp128r1",
666 "1.3.132.0.29": "secp128r2",
667 "1.3.132.0.30": "ansip160r2",
668 "1.3.132.0.31": "ansip192k1",
669 "1.3.132.0.32": "ansip224k1",
670 "1.3.132.0.33": "ansip224r1",
671 "1.3.132.0.34": "ansip384r1",
672 "1.3.132.0.35": "ansip521r1",
673 "1.3.132.0.36": "ansit409k1",
674 "1.3.132.0.37": "ansit409r1",
675 "1.3.132.0.38": "ansit571k1",
676 "1.3.132.0.39": "ansit571r1"
677}
679# policies #
681certPolicy_oids = {
682 "2.5.29.32.0": "anyPolicy"
683}
685# from Chromium source code (ev_root_ca_metadata.cc)
686evPolicy_oids = {
687 '1.2.392.200091.100.721.1': 'EV Security Communication RootCA1',
688 '1.2.616.1.113527.2.5.1.1': 'EV Certum Trusted Network CA',
689 '1.3.159.1.17.1': 'EV Actualis Authentication Root CA',
690 '1.3.6.1.4.1.13177.10.1.3.10': 'EV Autoridad de Certificacion Firmaprofesional CIF A62634068',
691 '1.3.6.1.4.1.14370.1.6': 'EV GeoTrust Primary Certification Authority',
692 '1.3.6.1.4.1.14777.6.1.1': 'EV Izenpe.com roots Business',
693 '1.3.6.1.4.1.14777.6.1.2': 'EV Izenpe.com roots Government',
694 '1.3.6.1.4.1.17326.10.14.2.1.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
695 '1.3.6.1.4.1.17326.10.14.2.2.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008',
696 '1.3.6.1.4.1.17326.10.8.12.1.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
697 '1.3.6.1.4.1.17326.10.8.12.2.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008',
698 '1.3.6.1.4.1.22234.2.5.2.3.1': 'EV CertPlus Class 2 Primary CA (KEYNECTIS)',
699 '1.3.6.1.4.1.23223.1.1.1': 'EV StartCom Certification Authority',
700 '1.3.6.1.4.1.29836.1.10': 'EV China Internet Network Information Center EV Certificates Root',
701 '1.3.6.1.4.1.311.60.2.1.1': 'jurisdictionOfIncorporationLocalityName',
702 '1.3.6.1.4.1.311.60.2.1.2': 'jurisdictionOfIncorporationStateOrProvinceName',
703 '1.3.6.1.4.1.311.60.2.1.3': 'jurisdictionOfIncorporationCountryName',
704 '1.3.6.1.4.1.34697.2.1': 'EV AffirmTrust Commercial',
705 '1.3.6.1.4.1.34697.2.2': 'EV AffirmTrust Networking',
706 '1.3.6.1.4.1.34697.2.3': 'EV AffirmTrust Premium',
707 '1.3.6.1.4.1.34697.2.4': 'EV AffirmTrust Premium ECC',
708 '1.3.6.1.4.1.36305.2': 'EV Certificate Authority of WoSign',
709 '1.3.6.1.4.1.40869.1.1.22.3': 'EV TWCA Roots',
710 '1.3.6.1.4.1.4146.1.1': 'EV GlobalSign Root CAs',
711 '1.3.6.1.4.1.4788.2.202.1': 'EV D-TRUST Root Class 3 CA 2 EV 2009',
712 '1.3.6.1.4.1.6334.1.100.1': 'EV Cybertrust Global Root',
713 '1.3.6.1.4.1.6449.1.2.1.5.1': 'EV USERTrust Certification Authorities',
714 '1.3.6.1.4.1.781.1.2.1.8.1': 'EV Network Solutions Certificate Authority',
715 '1.3.6.1.4.1.782.1.2.1.8.1': 'EV AddTrust External CA Root',
716 '1.3.6.1.4.1.7879.13.24.1': 'EV T-Telessec GlobalRoot Class 3',
717 '1.3.6.1.4.1.8024.0.2.100.1.2': 'EV QuoVadis Roots',
718 '2.16.528.1.1003.1.2.7': 'EV Staat der Nederlanden EV Root CA',
719 '2.16.578.1.26.1.3.3': 'EV Buypass Class 3',
720 '2.16.756.1.83.21.0': 'EV Swisscom Root EV CA 2',
721 '2.16.756.1.89.1.2.1.1': 'EV SwissSign Gold CA - G2',
722 '2.16.792.3.0.4.1.1.4': 'EV E-Tugra Certification Authority',
723 '2.16.840.1.113733.1.7.23.6': 'EV VeriSign Certification Authorities',
724 '2.16.840.1.113733.1.7.48.1': 'EV thawte CAs',
725 '2.16.840.1.114028.10.1.2': 'EV Entrust Certification Authority',
726 '2.16.840.1.114171.500.9': 'EV Wells Fargo WellsSecure Public Root Certification Authority',
727 '2.16.840.1.114404.1.1.2.4.1': 'EV XRamp Global Certification Authority',
728 '2.16.840.1.114412.2.1': 'EV DigiCert High Assurance EV Root CA',
729 '2.16.840.1.114413.1.7.23.3': 'EV ValiCert Class 2 Policy Validation Authority',
730 '2.16.840.1.114414.1.7.23.3': 'EV Starfield Certificate Authority',
731 '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority'
732}
734# gssapi #
736gssapi_oids = {
737 '1.2.840.48018.1.2.2': 'MS KRB5 - Microsoft Kerberos 5',
738 '1.2.840.113554.1.2.2': 'Kerberos 5',
739 '1.2.840.113554.1.2.2.3': 'Kerberos 5 - User to User',
740 '1.3.6.1.5.2.5': 'Kerberos 5 - IAKERB',
741 '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation',
742 '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider',
743 '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism',
744}
746# kerberos #
748kerberos_oids = {
749 "1.3.6.1.5.2.3.1": "id-pkinit-authData",
750 "1.3.6.1.5.2.3.2": "id-pkinit-DHKeyData",
751 "1.3.6.1.5.2.3.3": "id-pkinit-rkeyData",
752 "1.3.6.1.5.2.3.4": "id-pkinit-KPClientAuth",
753 "1.3.6.1.5.2.3.5": "id-pkinit-KPKdc",
754 # RFC8363
755 "1.3.6.1.5.2.3.6": "id-pkinit-kdf",
756 "1.3.6.1.5.2.3.6.1": "id-pkinit-kdf-sha1",
757 "1.3.6.1.5.2.3.6.2": "id-pkinit-kdf-sha256",
758 "1.3.6.1.5.2.3.6.3": "id-pkinit-kdf-sha512",
759 "1.3.6.1.5.2.3.6.4": "id-pkinit-kdf-sha384",
760}
763x509_oids_sets = [
764 pkcs1_oids,
765 secsig_oids,
766 nist_oids,
767 thawte_oids,
768 pkcs3_oids,
769 pkcs7_oids,
770 pkcs9_oids,
771 encAlgs_oids,
772 attributeType_oids,
773 certificateExtension_oids,
774 certExt_oids,
775 certPkixAd_oids,
776 certPkixKp_oids,
777 certPkixCmc_oids,
778 certPkixCct_oids,
779 certPkixPe_oids,
780 certPkixQt_oids,
781 certPolicy_oids,
782 certIpsec_oids,
783 certTransp_oids,
784 evPolicy_oids,
785 x962KeyType_oids,
786 x962Signature_oids,
787 x942KeyType_oids,
788 ansiX962Curve_oids,
789 certicomCurve_oids,
790 gssapi_oids,
791 kerberos_oids,
792]
794x509_oids = {}
796for oids_set in x509_oids_sets:
797 x509_oids.update(oids_set)
799conf.mib = MIBDict(_name="MIB", **x509_oids)
802#########################
803# Hash mapping helper #
804#########################
806# This dict enables static access to string references to the hash functions
807# of some algorithms from pkcs1_oids and x962Signature_oids.
809hash_by_oid = {
810 "1.2.840.113549.1.1.2": "md2",
811 "1.2.840.113549.1.1.3": "md4",
812 "1.2.840.113549.1.1.4": "md5",
813 "1.2.840.113549.1.1.5": "sha1",
814 "1.2.840.113549.1.1.11": "sha256",
815 "1.2.840.113549.1.1.12": "sha384",
816 "1.2.840.113549.1.1.13": "sha512",
817 "1.2.840.113549.1.1.14": "sha224",
818 "1.2.840.10045.4.1": "sha1",
819 "1.2.840.10045.4.3.1": "sha224",
820 "1.2.840.10045.4.3.2": "sha256",
821 "1.2.840.10045.4.3.3": "sha384",
822 "1.2.840.10045.4.3.4": "sha512"
823}