def buildAuthenticatedAttributes(self, value, implicitTag=None):
"""Utility function to build a pyasn1 AuthenticatedAttributes
object. Useful because when building a SignerInfo, the
authenticatedAttributes needs to be tagged implicitly, but when
signing an AuthenticatedAttributes, it needs the explicit SET
tag."""
if implicitTag:
authenticatedAttributes = rfc2315.Attributes().subtype(
implicitTag=implicitTag)
else:
authenticatedAttributes = rfc2315.Attributes()
contentTypeAttribute = rfc2315.Attribute()
# PKCS#9 contentType
contentTypeAttribute['type'] = univ.ObjectIdentifier(
'1.2.840.113549.1.9.3')
contentTypeAttribute['values'] = univ.SetOf(rfc2459.AttributeValue())
# PKCS#7 data
contentTypeAttribute['values'][0] = univ.ObjectIdentifier(
'1.2.840.113549.1.7.1')
authenticatedAttributes[0] = contentTypeAttribute
hashAttribute = rfc2315.Attribute()
# PKCS#9 messageDigest
hashAttribute['type'] = univ.ObjectIdentifier('1.2.840.113549.1.9.4')
hashAttribute['values'] = univ.SetOf(rfc2459.AttributeValue())
hashAttribute['values'][0] = univ.OctetString(hexValue=value)
authenticatedAttributes[1] = hashAttribute
return authenticatedAttributes
class EnvelopedData(univ.Sequence):
componentType = namedtype.NamedTypes(
NamedType('CMSVersion', univ.Integer()),
namedtype.OptionalNamedType('originatorInfo', _c(0, OriginatorInfo())),
NamedType('recipientInfos',
univ.SetOf(componentType=rfc2315.RecipientInfo())),
NamedType('encryptedContentInfo', EncryptedContentInfo()),
namedtype.OptionalNamedType(
'unprotectedAttrs', _c(1, univ.SetOf(componentType=Attribute()))))
class SignedData(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', CMSVersion()),
namedtype.NamedType('digestAlgorithms',
univ.SetOf(componentType=AlgorithmIdentifier())),
# DigestAlgorithmIdentifier
namedtype.NamedType('encapContentInfo',
signedAuthPack()), # EncapsulatedContentInfo
_sequence_optional_component('certificates', 0,
univ.Any()), # CertificateSet NEED CHANGE
_sequence_optional_component(
'crls ', 1, univ.Integer()), # RevocationInfoChoices NEED CHANGE
namedtype.NamedType('signerInfos',
univ.SetOf(componentType=SignerInfo())) #
)
class TRSEntry(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('uuid', ldap.LDAPString()),
namedtype.NamedType('dn', ldap.LDAPDN()),
namedtype.NamedType('entry', univ.SetOf(componentType=TRSAttribute())))
def prettyPrint(self, scope=0):
scope = scope + 1
r = self.__class__.__name__ + ':\n'
scopestr = ' ' * scope
r = r + '%sdn: %s\n%suuid: %s\n' % (scopestr, self._componentValues[1],
scopestr, self._componentValues[0])
for ii in range(0, len(self._componentValues[2])):
trsattr = self._componentValues[2][ii]
name = trsattr[0]
vals = trsattr[1]
for jj in range(0, len(vals)):
val = vals[jj][0]
r = r + '%s%s: %s\n' % (scopestr, name, val)
if len(vals[jj][1]):
r = r + '\n%sextra-%s: %s' % (scopestr, name,
str(vals[jj][1]))
return r
def check(self):
for ii in range(0, len(self._componentValues[2])):
trsattr = self._componentValues[2][ii]
vals = trsattr[1]
for jj in range(0, len(vals)):
# want to know if the extra field ever has any data in it
assert (len(vals[jj][1]) == 0)
class PresentationAddress(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3), subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
)
class Attribute(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('type', AttributeType()),
namedtype.NamedType('values',
univ.SetOf(componentType=AttributeValue()),
openType=opentype.OpenType(
'type', certificateAttributesMap)))
def _build_extension_request(extensions):
SUPPORTED_EXTENSIONS = {
'subjectAlternativeName':
(rfc2314.id_ce_subjectAltName, _build_subject_alt_name),
'x509basicConstraints':
(rfc2314.id_ce_basicConstraints, _build_basic_constraints),
'x509v3KeyUsage': (rfc2314.id_ce_keyUsage, _build_key_usage),
'x509v3ExtendedKeyUsage':
(rfc2314.id_ce_extKeyUsage, _build_extended_key_usage),
}
count = 0
exts = rfc2314.Extensions()
for key, critical, value in extensions:
if key in SUPPORTED_EXTENSIONS:
extoid, builder = SUPPORTED_EXTENSIONS[key]
extval = builder(value)
ext = rfc2314.Extension()
encapsulated = univ.OctetString(encoder.encode(extval))
ext.setComponentByName('extnID', extoid)
ext.setComponentByName('critical', univ.Boolean(critical))
ext.setComponentByName('extnValue', encapsulated)
exts.setComponentByPosition(count, ext)
count += 1
if count > 0:
retval = univ.SetOf(componentType=rfc2314.AttributeTypeAndValue())
retval.setComponentByPosition(0, exts)
return retval
class IssuerAndSerialNumber1(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
'issuer',
univ.SequenceOf(componentType=univ.SetOf(
componentType=AttributeTypeAndValue()))),
namedtype.NamedType('serialNumber', univ.Integer()))
class AttributeList(univ.SequenceOf):
componentType = univ.Sequence(
componentType=namedtype.NamedTypes(
namedtype.NamedType('type', AttributeDescription()),
namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
)
)
class Attribute(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('type', AttributeDescription()),
namedtype.NamedType(
'vals',
univ.SetOf(componentType=AttributeValue()).subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, maxInt))))
class Clearance(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('policyId',
univ.ObjectIdentifier()),
namedtype.DefaultedNamedType('classList',
ClassList().subtype(value='unclassified')),
namedtype.OptionalNamedType('securityCategories',
univ.SetOf(componentType=SecurityCategory()))
)
def setUp(self):
openType = opentype.OpenType('id', {
1: univ.Integer(),
2: univ.OctetString()
})
self.s = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('id', univ.Integer()),
namedtype.NamedType('blob',
univ.SetOf(componentType=univ.Any()),
openType=openType)))
class TRSEntryReq(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('unknownInt0', TRSEnum()),
namedtype.NamedType('trsentryset',
univ.SetOf(componentType=TRSEntrySeq())))
def check(self):
assert (self.getComponentByName('unknownInt0')._value == 0)
assert (len(self[1]) == 1)
self[1][0].check()
class Filter(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
'and',
univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType(
'or',
univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType(
'not',
Filter2().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType(
'equalityMatch',
AttributeValueAssertion().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.NamedType(
'substrings',
SubstringFilter().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.NamedType(
'greaterOrEqual',
AttributeValueAssertion().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 5))),
namedtype.NamedType(
'lessOrEqual',
AttributeValueAssertion().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 6))),
namedtype.NamedType(
'present',
AttributeDescription().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.NamedType(
'approxMatch',
AttributeValueAssertion().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 8))),
namedtype.NamedType(
'extensibleMatch',
MatchingRuleAssertion().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 9))))
class DistributionPointName(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
'fullName',
GeneralNames().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType(
'nameRelativeToCRLIssuer',
univ.SetOf().subtype(implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 1))),
)
def setUp(self):
openType = opentype.OpenType('id', {
1: univ.Integer(),
2: univ.OctetString()
})
self.s = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('id', univ.Integer()),
namedtype.NamedType('blob',
univ.SetOf(componentType=univ.Any().subtype(
explicitTag=tag.Tag(
tag.tagClassContext,
tag.tagFormatSimple, 3))),
openType=openType)))
class Clearance_rfc3281(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('policyId',
univ.ObjectIdentifier().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.DefaultedNamedType('classList',
ClassList().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
value='unclassified')),
namedtype.OptionalNamedType('securityCategories',
univ.SetOf(componentType=SecurityCategory()).subtype(
implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2)))
)
def generateMetaDataAsn(remoteComputer, issuer):
data = MetaData()
a = univ.SequenceOf(univ.SetOf(CertIssuer()))
a[0][0]['1'] = '2.5.4.3'
a[0][0]['Info'] = issuer.encode("utf-16-be")
data['1'][0]['certIssuer'] = encode(a)
data['Info']['pku2u'] = "WELLKNOWN:PKU2U"
data['Info']['clientInfo']['clientType'] = -128
data['Info']['clientInfo']['clientName'][0] = remoteComputer
data1 = CertInfos()
data1['certInfos']['certInfo'] = encode(a)
return encode(data).encode('hex')
def check_signature(tsa_cert: str, signature, data, hash_str):
# TODO invoke different hash function based on hash_str
try:
data_ = encoder.encode(data, asn1Spec=univ.SetOf()) # encode with asn1Spec univ.SetOf()
with open(tsa_cert, 'r') as pem_file:
cert_pem = pem.readPemFromFile(pem_file)
pub_key = RSA.import_key(cert_pem)
hash_obj = SHA1.new()
hash_obj.update(data_)
crypto_signature.new(pub_key).verify(hash_obj, signature.asOctets())
except Exception as e:
logging.error('Check signature: Failure', exc_info=True)
raise e
logging.info('Check signature: Success')
return True
class SignerInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', CMSVersion()),
namedtype.NamedType('sid', SignerIdentifier()),
namedtype.NamedType('digestAlgorithm', AlgorithmIdentifier()),
# DigestAlgorithmIdentifier
_sequence_optional_component('signedAttrs', 0, univ.Any()),
# SignedAttributes @ shouldnt be set, but set in documentation
namedtype.NamedType(
'signatureAlgorithm',
AlgorithmIdentifier()), # SignatureAlgorithmIdentifier
namedtype.NamedType('signature', SignatureValue()),
_sequence_optional_component(
'unsignedAttrs', 1,
univ.SetOf(componentType=Attribute())) # UnsignedAttributes
)
def calc_signerinfo_digest(signer_info, digest_algo):
"""Calcuate the digest of authenticatedAttributes.
Args:
signer_info (SignerInfo object): object with authenticatedAttributes
over which we will calculate the digest.
digest_algo (str): digest algorithm to use. e.g. 'sha256'
Returns:
digest as a byte string
"""
auth_attrs = univ.SetOf(componentType=Attribute())
for i, v in enumerate(signer_info["authenticatedAttributes"]):
auth_attrs[i] = v
auth_attrs_encoded = der_encode(auth_attrs)
return hashlib.new(digest_algo, auth_attrs_encoded).digest()
def setUp(self):
self.s1 = univ.SetOf(componentType=univ.OctetString(''))
idx = idx - 1
compSubs.append(
encodeFun(client[idx], defMode, maxChunkSize)
)
compSubs.sort() # perhaps padding's not needed
substrate = null
for compSub in compSubs:
substrate += compSub
return substrate, 1
tagMap = encoder.tagMap.copy()
tagMap.update({
univ.Boolean.tagSet: BooleanEncoder(),
univ.BitString.tagSet: BitStringEncoder(),
univ.OctetString.tagSet: OctetStringEncoder(),
univ.SetOf().tagSet: SetOfEncoder() # conflcts with Set
})
typeMap = encoder.typeMap.copy()
typeMap.update({
univ.Set.typeId: SetOfEncoder(),
univ.SetOf.typeId: SetOfEncoder()
})
class Encoder(encoder.Encoder):
def __call__(self, client, defMode=0, maxChunkSize=0):
return encoder.Encoder.__call__(self, client, defMode, maxChunkSize)
encode = Encoder(tagMap, typeMap)
# EncoderFactory queries class instance and builds a map of tags -> encoders
def setUp(self):
BaseTestCase.setUp(self)
self.s = univ.SetOf(componentType=univ.OctetString())
def testDefMode4(self):
s = univ.SetOf()
s.append(univ.OctetString('a'))
s.append(univ.OctetString('b'))
assert encoder.encode(s) == ints2octs(
(49, 128, 4, 1, 97, 4, 1, 98, 0, 0))
def testEmpty(self):
s = univ.SetOf()
assert encoder.encode(s) == ints2octs((49, 128, 0, 0))
subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
)
class PresentationAddress(univ.Sequence):
pass
PresentationAddress.componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
class ExtendedNetworkAddress(univ.Choice):
pass
ExtendedNetworkAddress.componentType = namedtype.NamedTypes(
namedtype.NamedType(
'e163-4-address', univ.Sequence(
componentType=namedtype.NamedTypes(
namedtype.NamedType('number', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
)
pass
Clearance.componentType = namedtype.NamedTypes(
namedtype.NamedType(
'policyId',
univ.ObjectIdentifier().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.DefaultedNamedType(
'classList',
ClassList().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
value="unclassified")),
namedtype.OptionalNamedType(
'securityCategories',
univ.SetOf(componentType=SecurityCategory()).subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))))
class AttCertVersion(univ.Integer):
pass
AttCertVersion.namedValues = namedval.NamedValues(('v2', 1))
id_aca = _buildOid(rfc3280.id_pkix, 10)
id_at_clearance = _buildOid(2, 5, 1, 5, 55)
class AttrSpec(univ.SequenceOf):
pass
return univ.ObjectIdentifier(output)
class AttributeValue(univ.Any):
pass
class Attribute(univ.Sequence):
pass
Attribute.componentType = namedtype.NamedTypes(
namedtype.NamedType('attrType', univ.ObjectIdentifier()),
namedtype.NamedType('attrValues',
univ.SetOf(componentType=AttributeValue())))
class SignedAttributes(univ.SetOf):
pass
SignedAttributes.componentType = Attribute()
SignedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
class OtherRevocationInfoFormat(univ.Sequence):
pass
OtherRevocationInfoFormat.componentType = namedtype.NamedTypes(
namedtype.NamedType(
'certificationRequestInfo',
univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('version', univ.Integer()),
namedtype.NamedType('subject', rfc5280.Name()),
namedtype.NamedType(
'subjectPublicKeyInfo',
univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('algorithm',
rfc5280.AlgorithmIdentifier()),
namedtype.NamedType('subjectPublicKey',
univ.BitString())))),
namedtype.NamedType(
'attributes',
univ.SetOf(componentType=rfc5652.Attribute()).subtype(
implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0)))))),
namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
namedtype.NamedType('signature', univ.BitString()))
class TaggedCertificationRequest(univ.Sequence):
pass
TaggedCertificationRequest.componentType = namedtype.NamedTypes(
namedtype.NamedType('bodyPartID', BodyPartID()),
namedtype.NamedType('certificationRequest', CertificationRequest()))
class TaggedRequest(univ.Choice):
