class CertStatus(univ.Choice): componentType = namedtype.NamedTypes(namedtype.NamedType('good', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('revoked', RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('unknown', UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))))
class Null(OctetString): defaultValue = ''.encode() # This is tightly constrained tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x05)) subtypeSpec = OctetString.subtypeSpec + constraint.SingleValueConstraint( ''.encode())
class Real(base.AbstractSimpleAsn1Item): try: _plusInf = float('inf') _minusInf = float('-inf') _inf = (_plusInf, _minusInf) except ValueError: # Infinity support is platform and Python dependent _plusInf = _minusInf = None _inf = () tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x09)) def __normalizeBase10(self, value): m, b, e = value while m and m % 10 == 0: m = m / 10 e = e + 1 return m, b, e def prettyIn(self, value): if isinstance(value, tuple) and len(value) == 3: for d in value: if not isinstance(d, intTypes): raise error.PyAsn1Error('Lame Real value syntax: %s' % (value, )) if value[1] not in (2, 10): raise error.PyAsn1Error('Prohibited base for Real value: %s' % (value[1], )) if value[1] == 10: value = self.__normalizeBase10(value) return value elif isinstance(value, intTypes): return self.__normalizeBase10((value, 10, 0)) elif isinstance(value, float): if self._inf and value in self._inf: return value else: e = 0 while int(value) != value: value = value * 10 e = e - 1 return self.__normalizeBase10((int(value), 10, e)) elif isinstance(value, Real): return tuple(value) elif isinstance(value, str): # handle infinite literal try: return float(value) except ValueError: pass raise error.PyAsn1Error('Bad real value syntax: %s' % (value, )) def prettyOut(self, value): if value in self._inf: return '\'%s\'' % value else: return str(value) def isPlusInfinity(self): return self._value == self._plusInf def isMinusInfinity(self): return self._value == self._minusInf def isInfinity(self): return self._value in self._inf def __str__(self): return str(float(self)) def __add__(self, value): return self.clone(float(self) + value) def __radd__(self, value): return self + value def __mul__(self, value): return self.clone(float(self) * value) def __rmul__(self, value): return self * value def __sub__(self, value): return self.clone(float(self) - value) def __rsub__(self, value): return self.clone(value - float(self)) def __mod__(self, value): return self.clone(float(self) % value) def __rmod__(self, value): return self.clone(value % float(self)) def __pow__(self, value, modulo=None): return self.clone(pow(float(self), value, modulo)) def __rpow__(self, value): return self.clone(pow(value, float(self))) if sys.version_info[0] <= 2: def __div__(self, value): return self.clone(float(self) / value) def __rdiv__(self, value): return self.clone(value / float(self)) else: def __truediv__(self, value): return self.clone(float(self) / value) def __rtruediv__(self, value): return self.clone(value / float(self)) def __divmod__(self, value): return self.clone(float(self) // value) def __rdivmod__(self, value): return self.clone(value // float(self)) def __int__(self): return int(float(self)) if sys.version_info[0] <= 2: def __long__(self): return int(float(self)) def __float__(self): if self._value in self._inf: return self._value else: return float(self._value[0] * pow(self._value[1], self._value[2])) def __abs__(self): return abs(float(self)) def __lt__(self, value): return float(self) < value def __le__(self, value): return float(self) <= value def __eq__(self, value): return float(self) == value def __ne__(self, value): return float(self) != value def __gt__(self, value): return float(self) > value def __ge__(self, value): return float(self) >= value if sys.version_info[0] <= 2: def __nonzero__(self): return bool(float(self)) else: def __bool__(self): return bool(float(self)) __hash__ = base.AbstractSimpleAsn1Item.__hash__ def __getitem__(self, idx): if self._value in self._inf: raise error.PyAsn1Error('Invalid infinite value operation') else: return self._value[idx]
class Integer(base.AbstractSimpleAsn1Item): tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x02)) namedValues = namedval.NamedValues() def __init__(self, value=None, tagSet=None, subtypeSpec=None, namedValues=None): if namedValues is None: self.__namedValues = self.namedValues else: self.__namedValues = namedValues base.AbstractSimpleAsn1Item.__init__(self, value, tagSet, subtypeSpec) def __and__(self, value): return self.clone(self._value & value) def __rand__(self, value): return self.clone(value & self._value) def __or__(self, value): return self.clone(self._value | value) def __ror__(self, value): return self.clone(value | self._value) def __xor__(self, value): return self.clone(self._value ^ value) def __rxor__(self, value): return self.clone(value ^ self._value) def __lshift__(self, value): return self.clone(self._value << value) def __rshift__(self, value): return self.clone(self._value >> value) def __add__(self, value): return self.clone(self._value + value) def __radd__(self, value): return self.clone(value + self._value) def __sub__(self, value): return self.clone(self._value - value) def __rsub__(self, value): return self.clone(value - self._value) def __mul__(self, value): return self.clone(self._value * value) def __rmul__(self, value): return self.clone(value * self._value) def __mod__(self, value): return self.clone(self._value % value) def __rmod__(self, value): return self.clone(value % self._value) def __pow__(self, value, modulo=None): return self.clone(pow(self._value, value, modulo)) def __rpow__(self, value): return self.clone(pow(value, self._value)) if sys.version_info[0] <= 2: def __div__(self, value): return self.clone(self._value // value) def __rdiv__(self, value): return self.clone(value // self._value) else: def __truediv__(self, value): return self.clone(self._value / value) def __rtruediv__(self, value): return self.clone(value / self._value) def __divmod__(self, value): return self.clone(self._value // value) def __rdivmod__(self, value): return self.clone(value // self._value) __hash__ = base.AbstractSimpleAsn1Item.__hash__ def __int__(self): return int(self._value) if sys.version_info[0] <= 2: def __long__(self): return int(self._value) def __float__(self): return float(self._value) def __abs__(self): return abs(self._value) def __index__(self): return int(self._value) def __lt__(self, value): return self._value < value def __le__(self, value): return self._value <= value def __eq__(self, value): return self._value == value def __ne__(self, value): return self._value != value def __gt__(self, value): return self._value > value def __ge__(self, value): return self._value >= value def prettyIn(self, value): if not isinstance(value, str): return int(value) r = self.__namedValues.getValue(value) if r is not None: return r try: return int(value) except ValueError: raise error.PyAsn1Error('Can\'t coerce %s into integer: %s' % (value, sys.exc_info()[1])) def prettyOut(self, value): r = self.__namedValues.getName(value) return r is None and str(value) or repr(r) def getNamedValues(self): return self.__namedValues def clone(self, value=None, tagSet=None, subtypeSpec=None, namedValues=None): if value is None and tagSet is None and subtypeSpec is None \ and namedValues is None: return self if value is None: value = self._value if tagSet is None: tagSet = self._tagSet if subtypeSpec is None: subtypeSpec = self._subtypeSpec if namedValues is None: namedValues = self.__namedValues return self.__class__(value, tagSet, subtypeSpec, namedValues) def subtype(self, value=None, implicitTag=None, explicitTag=None, subtypeSpec=None, namedValues=None): if value is None: value = self._value if implicitTag is not None: tagSet = self._tagSet.tagImplicitly(implicitTag) elif explicitTag is not None: tagSet = self._tagSet.tagExplicitly(explicitTag) else: tagSet = self._tagSet if subtypeSpec is None: subtypeSpec = self._subtypeSpec else: subtypeSpec = subtypeSpec + self._subtypeSpec if namedValues is None: namedValues = self.__namedValues else: namedValues = namedValues + self.__namedValues return self.__class__(value, tagSet, subtypeSpec, namedValues)
class BitString(base.AbstractSimpleAsn1Item): tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x03)) namedValues = namedval.NamedValues() def __init__(self, value=None, tagSet=None, subtypeSpec=None, namedValues=None): if namedValues is None: self.__namedValues = self.namedValues else: self.__namedValues = namedValues base.AbstractSimpleAsn1Item.__init__(self, value, tagSet, subtypeSpec) def clone(self, value=None, tagSet=None, subtypeSpec=None, namedValues=None): if value is None and tagSet is None and subtypeSpec is None \ and namedValues is None: return self if value is None: value = self._value if tagSet is None: tagSet = self._tagSet if subtypeSpec is None: subtypeSpec = self._subtypeSpec if namedValues is None: namedValues = self.__namedValues return self.__class__(value, tagSet, subtypeSpec, namedValues) def subtype(self, value=None, implicitTag=None, explicitTag=None, subtypeSpec=None, namedValues=None): if value is None: value = self._value if implicitTag is not None: tagSet = self._tagSet.tagImplicitly(implicitTag) elif explicitTag is not None: tagSet = self._tagSet.tagExplicitly(explicitTag) else: tagSet = self._tagSet if subtypeSpec is None: subtypeSpec = self._subtypeSpec else: subtypeSpec = subtypeSpec + self._subtypeSpec if namedValues is None: namedValues = self.__namedValues else: namedValues = namedValues + self.__namedValues return self.__class__(value, tagSet, subtypeSpec, namedValues) def __str__(self): return str(tuple(self)) # Immutable sequence object protocol def __len__(self): if self._len is None: self._len = len(self._value) return self._len def __getitem__(self, i): if isinstance(i, slice): return self.clone(operator.getitem(self._value, i)) else: return self._value[i] def __add__(self, value): return self.clone(self._value + value) def __radd__(self, value): return self.clone(value + self._value) def __mul__(self, value): return self.clone(self._value * value) def __rmul__(self, value): return self * value def prettyIn(self, value): r = [] if not value: return () elif isinstance(value, str): if value[0] == '\'': if value[-2:] == '\'B': for v in value[1:-2]: if v == '0': r.append(0) elif v == '1': r.append(1) else: raise error.PyAsn1Error( 'Non-binary BIT STRING initializer %s' % (v, )) return tuple(r) elif value[-2:] == '\'H': for v in value[1:-2]: i = 4 v = int(v, 16) while i: i = i - 1 r.append((v >> i) & 0x01) return tuple(r) else: raise error.PyAsn1Error( 'Bad BIT STRING value notation %s' % (value, )) else: for i in value.split(','): j = self.__namedValues.getValue(i) if j is None: raise error.PyAsn1Error( 'Unknown bit identifier \'%s\'' % (i, )) if j >= len(r): r.extend([0] * (j - len(r) + 1)) r[j] = 1 return tuple(r) elif isinstance(value, (tuple, list)): r = tuple(value) for b in r: if b and b != 1: raise error.PyAsn1Error( 'Non-binary BitString initializer \'%s\'' % (r, )) return r elif isinstance(value, BitString): return tuple(value) else: raise error.PyAsn1Error('Bad BitString initializer type \'%s\'' % (value, )) def prettyOut(self, value): return '\"\'%s\'B\"' % ''.join([str(x) for x in value])
class Counter64(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x06)) subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 0, 18446744073709551615)
ASIdentifierChoice.componentType = namedtype.NamedTypes( namedtype.NamedType('inherit', univ.Null()), namedtype.NamedType('asIdsOrRanges', univ.SequenceOf(componentType=ASIdOrRange()))) class ASIdentifiers(univ.Sequence): pass ASIdentifiers.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'asnum', ASIdentifierChoice().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType( 'rdi', ASIdentifierChoice().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 1)))) # Update the Certificate Extensions Map _certificateExtensionsMapUpdate = { id_pe_ipAddrBlocks: IPAddrBlocks(), id_pe_autonomousSysIds: ASIdentifiers(), } certificateExtensionsMap.update(_certificateExtensionsMapUpdate)
class Signature(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()), namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))
class TBSRequest(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('requestorName', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('requestList', univ.SequenceOf(Request())), namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))))
class OCSPResponse(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.NamedType('responseStatus', OCSPResponseStatus()), namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))
class Request(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.NamedType('reqCert', CertID()), namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))
class ResponseData(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('responderID', ResponderID()), namedtype.NamedType('producedAt', useful.GeneralizedTime()), namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())), namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))))
class ResponderID(univ.Choice): componentType = namedtype.NamedTypes(namedtype.NamedType('byName', rfc2459.Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('byKey', KeyHash().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))))
class SingleResponse(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.NamedType('certID', CertID()), namedtype.NamedType('certStatus', CertStatus()), namedtype.NamedType('thisUpdate', useful.GeneralizedTime()), namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))))
class TimeTicks(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x03)) subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 0, 4294967295)
class OCSPRequest(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.NamedType('tbsRequest', TBSRequest()), namedtype.OptionalNamedType('optionalSignature', Signature().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))
class Opaque(univ.OctetString): tagSet = univ.OctetString.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x04))
'certificationRequestInfo', univ.Sequence( componentType=namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer()), namedtype.NamedType('subject', rfc5280.Name()), namedtype.NamedType( 'subjectPublicKeyInfo', univ.Sequence( componentType=namedtype.NamedTypes( namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('subjectPublicKey', univ.BitString()) ) ) ), namedtype.NamedType( 'attributes', univ.SetOf( componentType=rfc5652.Attribute()).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) ) ) ) ), namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()) ) class TaggedCertificationRequest(univ.Sequence): pass TaggedCertificationRequest.componentType = namedtype.NamedTypes( namedtype.NamedType('bodyPartID', BodyPartID()),
def convert_signatures_to_asn(pydict_signatures): """ Given a Python dictionary compliant with tuf.formats.SIGNATURES_SCHEMA, containing signatures, convert it to an ASN.1 (pyasn1) representation that conforms to the uptane.encoding.asn1_definitions.Signatures() class. The data contained (the signature values, keyids, and method) are not changed. This is the exact reverse of convert_signatures_to_json(); providing the output of this function as input to that function should reproduce the initial input to this function. Also vice versa. """ # Create a pyASN.1 object of custom class Signatures, containing some # unknown pyasn1 sorcery to specify types. # Because this Signatures() object is going to be a member of the Metadata() # object below, subtype() must be called on it to make its tags match the tags # expected by the parent object that must contain it. # The following documents tagging in pyasn1: # http://www.red-bean.com/doc/python-pyasn1/pyasn1-tutorial.html#1.2 asn_signatures_list = asn1_spec.Signatures().subtype( implicitTag=p_type_tag.Tag(p_type_tag.tagClassContext, p_type_tag.tagFormatSimple, 2)) # Now convert each Python dictionary-style signature into an ASN.1 signature # and stick those into the ASN.1 list just created. # Note that a Signatures() object has no append() method, so we clumsily # iterate through with index 'i'. i = 0 # Index for iterating through asn for pydict_sig in pydict_signatures: # Construct an ASN.1 representation of the signature and populate it. asn_sig = asn1_spec.Signature() # This hideous stuff constructs a Keyid() object and assigns it the # value from pydict_sig['keyid'] through pyasn1. I'm sure that some # methods added to the class could ameliorate this. Since the class is code # generated by pyasn1 from an asn1 definition, the way to do this might be # to use a class that inherits from that auto-generated class... but that's # quite confusing to a reader, too. # asn_sig['keyid'] = pydict_sig['keyid'] # <- used to just be this asn_sig['keyid'] = asn1_spec.Keyid().subtype( explicitTag=p_type_tag.Tag(p_type_tag.tagClassContext, p_type_tag.tagFormatConstructed, 0)) asn_sig['keyid']['octetString'] = p_type_univ.OctetString( hexValue=pydict_sig['keyid']).subtype(implicitTag=p_type_tag.Tag( p_type_tag.tagClassContext, p_type_tag.tagFormatSimple, 1)) # Because 'method' is an enum, extracting the string value is a bit messy. asn_sig['method'] = int(asn1_spec.SignatureMethod( pydict_sig['method'])) # This hideous stuff constructs a BinaryData() object to hold the actual # signature itself, and assigns it the value from pydict_sig['sig'] through # pyasn1. I'm sure that some methods added to the class could ameliorate # this. Since the class is code generated by pyasn1 from an asn1 definition, # the way to do this might be to use a class that inherits from that # auto-generated class... but that's quite confusing to a reader, too. #asn_sig['value'] = pydict_sig['sig'] # <- used to just be this asn_sig['value'] = asn1_spec.BinaryData().subtype( explicitTag=p_type_tag.Tag(p_type_tag.tagClassContext, p_type_tag.tagFormatConstructed, 2)) asn_sig['value']['octetString'] = p_type_univ.OctetString( hexValue=pydict_sig['sig']).subtype(implicitTag=p_type_tag.Tag( p_type_tag.tagClassContext, p_type_tag.tagFormatSimple, 1)) # Add to the Signatures() list. asn_signatures_list[i] = asn_sig # has no append method i += 1 return asn_signatures_list
OtherRevocationInfoFormat.componentType = namedtype.NamedTypes( namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()), namedtype.NamedType('otherRevInfo', univ.Any())) class RevocationInfoChoice(univ.Choice): pass RevocationInfoChoice.componentType = namedtype.NamedTypes( namedtype.NamedType('crl', rfc3280.CertificateList()), namedtype.NamedType( 'other', OtherRevocationInfoFormat().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 1)))) class RevocationInfoChoices(univ.SetOf): pass RevocationInfoChoices.componentType = RevocationInfoChoice() class OtherKeyAttribute(univ.Sequence): pass OtherKeyAttribute.componentType = namedtype.NamedTypes( namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()),
pass JWTClaimPermittedValuesList.componentType = JWTClaimPermittedValues() JWTClaimPermittedValuesList.sizeSpec = constraint.ValueSizeConstraint(1, MAX) class JWTClaimConstraints(univ.Sequence): pass JWTClaimConstraints.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType( 'mustInclude', JWTClaimNames().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'permittedValues', JWTClaimPermittedValuesList().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) JWTClaimConstraints.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint( 1, 2) id_pe_JWTClaimConstraints = _OID(1, 3, 6, 1, 5, 5, 7, 1, 27) class ServiceProviderCode(char.IA5String): pass
def timestamp_response(self): verified, failureInfo = self.verify() if not verified: return self.error_response(failureInfo) # TST Info tst_info = classes.TSTInfo() tst_info['version'] = 1 tst_info['policy'] = constants.id_baseline_policy tst_info['messageImprint'] = self.timestamp_request.messageImprint tst_info['serialNumber'] = self.serial_number() try: time = self.gen_time() except: return self.error_response( classes.PKIFailureInfo("timeNotAvailable")) tst_info['genTime'] = time if self.timestamp_request.nonce != None: tst_info['nonce'] = self.timestamp_request.nonce # ContentInfo encodedContent = der_encoder.encode(tst_info) contentInfo = rfc3852.EncapsulatedContentInfo() contentInfo['eContentType'] = constants.id_ct_TSTInfo contentInfo['eContent'] = univ.OctetString().subtype( value=encodedContent, explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) # DigestAlgorithm algorithm_identifier = rfc3280.AlgorithmIdentifier() algorithm_identifier.setComponentByPosition(0, constants.id_sha256) algorithm_identifier.setComponentByPosition(1, univ.Null('')) digestAlgorithms = rfc3852.DigestAlgorithmIdentifiers() digestAlgorithms.setComponentByPosition(0, algorithm_identifier) # SignerInfo signerInfo = rfc3852.SignerInfo() signerInfo['version'] = 1 # rfc 3852 issuer = rfc3852.IssuerAndSerialNumber() issuer['issuer'] = self.cert_issuer_name() issuer['serialNumber'] = rfc3280.CertificateSerialNumber( self.certificate.serial_number) sid = rfc3852.SignerIdentifier() sid['issuerAndSerialNumber'] = issuer signerInfo['sid'] = sid signerDigestAlgorithm = rfc3280.AlgorithmIdentifier() signerDigestAlgorithm.setComponentByPosition(0, constants.id_sha256) signerDigestAlgorithm.setComponentByPosition(1, univ.Null('')) signerInfo['digestAlgorithm'] = signerDigestAlgorithm signerEncryptionAlgorithm = rfc3280.AlgorithmIdentifier() signerEncryptionAlgorithm.setComponentByPosition(0, constants.id_rsa) signerEncryptionAlgorithm.setComponentByPosition(1, univ.Null('')) signerInfo['signatureAlgorithm'] = signerEncryptionAlgorithm # SignedAttributes attributes = rfc3852.SignedAttributes().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) # Content Type attr_content_type = self.attr_content_type() attributes.setComponentByPosition(0, attr_content_type) # Message digest attr_message_digest = self.attr_message_digest(encodedContent) attributes.setComponentByPosition(1, attr_message_digest) # Signing Certificate attr_signing_certificate = self.attr_signing_certificate() attributes.setComponentByPosition(2, attr_signing_certificate) signerInfo['signedAttrs'] = attributes # Signature s = univ.SetOf() for i, x in enumerate(attributes): s.setComponentByPosition(i, x) signed_data = der_encoder.encode(s) signature = self.private_key.sign(signed_data, padding.PKCS1v15(), hashes.SHA256()) signerInfo['signature'] = signature signerInfos = rfc3852.SignerInfos() signerInfos.setComponentByPosition(0, signerInfo) signedContent = rfc3852.SignedData().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 0)) signedContent['version'] = 3 signedContent['digestAlgorithms'] = digestAlgorithms signedContent['encapContentInfo'] = contentInfo signedContent['signerInfos'] = signerInfos # Certificates if self.timestamp_request.certReq == True: certificate, substrate = der_decoder.decode( self.certificate.public_bytes(serialization.Encoding.DER), asn1Spec=rfc3280.Certificate()) ext_certificate = rfc3852.CertificateChoices() ext_certificate['certificate'] = certificate certificates = rfc3852.CertificateSet().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) certificates.setComponentByPosition(0, ext_certificate) signedContent['certificates'] = certificates # Token token = classes.TimeStampToken() token['content'] = signedContent token['contentType'] = rfc3852.id_signedData # Status statusInfo = classes.PKIStatusInfo() statusInfo['status'] = classes.PKIStatus('granted') # Response response = classes.TimeStampResp() response['status'] = statusInfo response['timeStampToken'] = token return self.encode_timestamp_response(response)
class Boolean(Integer): tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x01), ) subtypeSpec = Integer.subtypeSpec + constraint.SingleValueConstraint(0, 1) namedValues = Integer.namedValues.clone(('False', 0), ('True', 1))
PKIFreeText = rfc4210.PKIFreeText id_ct_TSTInfo = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.4') class Accuracy(univ.Sequence): pass Accuracy.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('seconds', univ.Integer()), namedtype.OptionalNamedType( 'millis', univ.Integer(). subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 999)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'micros', univ.Integer(). subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 999)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))) class MessageImprint(univ.Sequence): pass MessageImprint.componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('hashedMessage', univ.OctetString()))
class OctetString(base.AbstractSimpleAsn1Item): tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x04)) defaultBinValue = defaultHexValue = base.noValue encoding = 'us-ascii' def __init__(self, value=None, tagSet=None, subtypeSpec=None, encoding=None, binValue=None, hexValue=None): if encoding is None: self._encoding = self.encoding else: self._encoding = encoding if binValue is not None: value = self.fromBinaryString(binValue) if hexValue is not None: value = self.fromHexString(hexValue) if value is None or value is base.noValue: value = self.defaultHexValue if value is None or value is base.noValue: value = self.defaultBinValue self.__intValue = None base.AbstractSimpleAsn1Item.__init__(self, value, tagSet, subtypeSpec) def clone(self, value=None, tagSet=None, subtypeSpec=None, encoding=None, binValue=None, hexValue=None): if value is None and tagSet is None and subtypeSpec is None and \ encoding is None and binValue is None and hexValue is None: return self if value is None and binValue is None and hexValue is None: value = self._value if tagSet is None: tagSet = self._tagSet if subtypeSpec is None: subtypeSpec = self._subtypeSpec if encoding is None: encoding = self._encoding return self.__class__(value, tagSet, subtypeSpec, encoding, binValue, hexValue) if sys.version_info[0] <= 2: def prettyIn(self, value): if isinstance(value, str): return value elif isinstance(value, (tuple, list)): try: return ''.join([chr(x) for x in value]) except ValueError: raise error.PyAsn1Error( 'Bad OctetString initializer \'%s\'' % (value, )) else: return str(value) else: def prettyIn(self, value): if isinstance(value, bytes): return value elif isinstance(value, OctetString): return value.asOctets() elif isinstance(value, (tuple, list, map)): try: return bytes(value) except ValueError: raise error.PyAsn1Error( 'Bad OctetString initializer \'%s\'' % (value, )) else: try: return str(value).encode(self._encoding) except UnicodeEncodeError: raise error.PyAsn1Error( 'Can\'t encode string \'%s\' with \'%s\' codec' % (value, self._encoding)) def fromBinaryString(self, value): bitNo = 8 byte = 0 r = () for v in value: if bitNo: bitNo = bitNo - 1 else: bitNo = 7 r = r + (byte, ) byte = 0 if v == '0': v = 0 elif v == '1': v = 1 else: raise error.PyAsn1Error( 'Non-binary OCTET STRING initializer %s' % (v, )) byte = byte | (v << bitNo) return octets.ints2octs(r + (byte, )) def fromHexString(self, value): r = p = () for v in value: if p: r = r + (int(p + v, 16), ) p = () else: p = v if p: r = r + (int(p + '0', 16), ) return octets.ints2octs(r) def prettyOut(self, value): if sys.version_info[0] <= 2: numbers = tuple([ord(x) for x in value]) else: numbers = tuple(value) if [x for x in numbers if x < 32 or x > 126]: return '0x' + ''.join(['%.2x' % x for x in numbers]) else: return str(value) def __repr__(self): if self._value is base.noValue: return self.__class__.__name__ + '()' if [x for x in self.asNumbers() if x < 32 or x > 126]: return self.__class__.__name__ + '(hexValue=\'' + ''.join( ['%.2x' % x for x in self.asNumbers()]) + '\')' else: return self.__class__.__name__ + '(\'' + self.prettyOut( self._value) + '\')' if sys.version_info[0] <= 2: def __str__(self): return str(self._value) def __unicode__(self): return self._value.decode(self._encoding, 'ignore') def asOctets(self): return self._value def asNumbers(self): if self.__intValue is None: self.__intValue = tuple([ord(x) for x in self._value]) return self.__intValue else: def __str__(self): return self._value.decode(self._encoding, 'ignore') def __bytes__(self): return self._value def asOctets(self): return self._value def asNumbers(self): if self.__intValue is None: self.__intValue = tuple(self._value) return self.__intValue # Immutable sequence object protocol def __len__(self): if self._len is None: self._len = len(self._value) return self._len def __getitem__(self, i): if isinstance(i, slice): return self.clone(operator.getitem(self._value, i)) else: return self._value[i] def __add__(self, value): return self.clone(self._value + self.prettyIn(value)) def __radd__(self, value): return self.clone(self.prettyIn(value) + self._value) def __mul__(self, value): return self.clone(self._value * value) def __rmul__(self, value): return self * value
namedtype.NamedType('value', char.TeletexString().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length))) ) id_pkix = _OID(1, 3, 6, 1, 5, 5, 7) id_qt = _OID(id_pkix, 2) class PresentationAddress(univ.Sequence): pass PresentationAddress.componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.NamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) ) class AlgorithmIdentifier(univ.Sequence): pass AlgorithmIdentifier.componentType = namedtype.NamedTypes( namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
class ObjectIdentifier(base.AbstractSimpleAsn1Item): tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x06)) def __add__(self, other): return self.clone(self._value + other) def __radd__(self, other): return self.clone(other + self._value) def asTuple(self): return self._value # Sequence object protocol def __len__(self): if self._len is None: self._len = len(self._value) return self._len def __getitem__(self, i): if isinstance(i, slice): return self.clone(operator.getitem(self._value, i)) else: return self._value[i] def __str__(self): return self.prettyPrint() def index(self, suboid): return self._value.index(suboid) def isPrefixOf(self, value): """Returns true if argument OID resides deeper in the OID tree""" l = len(self) if l <= len(value): if self._value[:l] == value[:l]: return 1 return 0 def prettyIn(self, value): """Dotted -> tuple of numerics OID converter""" if isinstance(value, tuple): pass elif isinstance(value, ObjectIdentifier): return tuple(value) elif isinstance(value, str): r = [] for element in [x for x in value.split('.') if x != '']: try: r.append(int(element, 0)) except ValueError: raise error.PyAsn1Error( 'Malformed Object ID %s at %s: %s' % (str(value), self.__class__.__name__, sys.exc_info()[1])) value = tuple(r) else: try: value = tuple(value) except TypeError: raise error.PyAsn1Error( 'Malformed Object ID %s at %s: %s' % (str(value), self.__class__.__name__, sys.exc_info()[1])) for x in value: if not isinstance(x, intTypes) or x < 0: raise error.PyAsn1Error('Invalid sub-ID in %s at %s' % (value, self.__class__.__name__)) return value def prettyOut(self, value): return '.'.join([str(x) for x in value])
class IpAddress(univ.OctetString): tagSet = univ.OctetString.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x00)) subtypeSpec = univ.OctetString.subtypeSpec + constraint.ValueSizeConstraint( 4, 4)
class Enumerated(Integer): tagSet = baseTagSet = tag.initTagSet( tag.Tag(tag.tagClassUniversal, tag.tagFormatSimple, 0x0A))
class RevokedInfo(univ.Sequence): componentType = namedtype.NamedTypes(namedtype.NamedType('revocationTime', useful.GeneralizedTime()), namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))