def keyUsageExtConstraintImpl(Policy_Value,keylist):
constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Key Usage Extension Constraint')
def1 = 'This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true,'
def2 = 'Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false,'
def3 = 'Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false'
constraint_description = etree.SubElement(constraint_definition, 'description').text = def1 + def2 + def3
constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'keyUsageExtConstraintImpl'
key_default_list = (
'keyUsageCritical','keyUsageDigitalSignature', 'keyUsageNonRepudiation',
'keyUsageKeyEncipherment', 'keyUsageDataEncipherment', 'keyUsageKeyAgreement',
'keyUsageKeyCertSign', 'keyUsageCrlSign','keyUsageEncipherOnly',
'keyUsageDecipherOnly')
keyUsageExtConstraintImpl_attributes = [
(key_default_list[0], 'choice', 'true,false,-', 'Criticality', '-', common.check_ext_key_usage(keylist,key_default_list[0])),
(key_default_list[1], 'choice', 'true,false,-', 'Digital Signature', '-', common.check_ext_key_usage(keylist,key_default_list[1])),
(key_default_list[2], 'choice', 'true,false,-', 'Non-Repudiation', '-', common.check_ext_key_usage(keylist,key_default_list[2])),
(key_default_list[3], 'choice', 'true,false,-', 'Key Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[3])),
(key_default_list[4], 'choice', 'true,false,-', 'Data Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[4])),
(key_default_list[5], 'choice', 'true,false,-', 'Key Agreement', '-', common.check_ext_key_usage(keylist,key_default_list[5])),
(key_default_list[6], 'choice', 'true,false,-', 'Key CertSign', '-', common.check_ext_key_usage(keylist,key_default_list[6])),
(key_default_list[7], 'choice', 'true,false,-', 'CRL Sign', '-', common.check_ext_key_usage(keylist,key_default_list[7])),
(key_default_list[8], 'choice', 'true,false,-', 'Encipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[8])),
(key_default_list[9], 'choice', 'true,false,-', 'Decipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[9]))]
common.constraint_attributes(constraint_definition, keyUsageExtConstraintImpl_attributes)
def keyUsageExtConstraintImpl(Policy_Value,keylist):
constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Key Usage Extension Constraint')
def1 = 'This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true,'
def2 = 'Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false,'
def3 = 'Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false'
constraint_description = etree.SubElement(constraint_definition, 'description').text = def1 + def2 + def3
constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'keyUsageExtConstraintImpl'
key_default_list = (
'keyUsageCritical','keyUsageDigitalSignature', 'keyUsageNonRepudiation',
'keyUsageKeyEncipherment', 'keyUsageDataEncipherment', 'keyUsageKeyAgreement',
'keyUsageKeyCertSign', 'keyUsageCrlSign','keyUsageEncipherOnly',
'keyUsageDecipherOnly')
keyUsageExtConstraintImpl_attributes = [
(key_default_list[0], 'choice', 'true,false,-', 'Criticality', '-', common.check_ext_key_usage(keylist,key_default_list[0])),
(key_default_list[1], 'choice', 'true,false,-', 'Digital Signature', '-', common.check_ext_key_usage(keylist,key_default_list[1])),
(key_default_list[2], 'choice', 'true,false,-', 'Non-Repudiation', '-', common.check_ext_key_usage(keylist,key_default_list[2])),
(key_default_list[3], 'choice', 'true,false,-', 'Key Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[3])),
(key_default_list[4], 'choice', 'true,false,-', 'Data Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[4])),
(key_default_list[5], 'choice', 'true,false,-', 'Key Agreement', '-', common.check_ext_key_usage(keylist,key_default_list[5])),
(key_default_list[6], 'choice', 'true,false,-', 'Key CertSign', '-', common.check_ext_key_usage(keylist,key_default_list[6])),
(key_default_list[7], 'choice', 'true,false,-', 'CRL Sign', '-', common.check_ext_key_usage(keylist,key_default_list[7])),
(key_default_list[8], 'choice', 'true,false,-', 'Encipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[8])),
(key_default_list[9], 'choice', 'true,false,-', 'Decipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[9]))]
common.constraint_attributes(constraint_definition, keyUsageExtConstraintImpl_attributes)
def Netscape_Certificate_Type_Extension_Default(root, PolicySet, extlist):
javaclass = "nsCertTypeExtDefaultImpl"
result = common.check_policy(PolicySet, javaclass)
if result is False:
# Get Policy ID
pvalue = get_policyId(PolicySet)
# Description
Netscape_Certificate_Type_Extension_Default_description = (
"This default populates a Netscape Certificate Type Extension"
)
# Policy Value
Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)
# Policy Definition
Policy_definition = etree.SubElement(
Policy_Value, "def", id="Netscape Certificate Type Extension Default", classId="nsCertTypeExtDefaultImpl"
)
Policy_description = etree.SubElement(
Policy_definition, "description"
).text = Netscape_Certificate_Type_Extension_Default_description
# Policy Attributes
Netscape_Certificate_Type_Extension_Default_attributes = [
("nsCertCritical", "boolean", "NULL", "Criticality", "false"),
("nsCertSSLClient", "boolean", "NULL", "SSL Client", "false"),
("nsCertSSLServer", "boolean", "NULL", "SSL Server", "false"),
("nsCertEmail", "boolean", "NULL", "Email", "false"),
("nsCertObjectSigning", "boolean", "NULL", "Object Signing", "false"),
("nsCertSSLCA", "boolean", "NULL", "SSL CA", "false"),
("nsCertEmailCA", "boolean", "NULL", "Email CA", "false"),
("nsCertObjectSigningCA", "boolean", "NULL", "Object Signing CA", "false"),
]
# Policy Parameters
Netscape_Certificate_Type_Extension_Default_params = [
("nsCertCritical", common.check_ext_key_usage(extlist, "nsCertCritical")),
("nsCertSSLClient", common.check_ext_key_usage(extlist, "nsCertSSLClient")),
("nsCertSSLServer", common.check_ext_key_usage(extlist, "nsCertSSLServer")),
("nsCertEmail", common.check_ext_key_usage(extlist, "nsCertEmail")),
("nsCertObjectSigning", common.check_ext_key_usage(extlist, "nsCertObjectSigning")),
("nsCertSSLCA", common.check_ext_key_usage(extlist, "nsCertSSLCA")),
("nsCertEmailCA", common.check_ext_key_usage(extlist, "nsCertEmailCA")),
("nsCertObjectSigningCA", common.check_ext_key_usage(extlist, "nsCertObjectSigningCA")),
]
common.policy_parameters(Policy_definition, Netscape_Certificate_Type_Extension_Default_params)
# Constraints
constraints.noConstraintImpl(Policy_Value)
else:
Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
for v in extlist:
result = Policy_Value.find('./def/params[@name="%s"]' % v)
result[0].text = "true"
def Netscape_Certificate_Type_Extension_Default(root, PolicySet, extlist):
javaclass = 'nsCertTypeExtDefaultImpl'
result = common.check_policy(PolicySet, javaclass)
if result is False:
#Get Policy ID
pvalue = get_policyId(PolicySet)
# Description
Netscape_Certificate_Type_Extension_Default_description = 'This default populates a Netscape Certificate Type Extension'
# Policy Value
Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
# Policy Definition
Policy_definition = etree.SubElement(
Policy_Value,
'def',
id='Netscape Certificate Type Extension Default',
classId='nsCertTypeExtDefaultImpl')
Policy_description = etree.SubElement(
Policy_definition, 'description'
).text = Netscape_Certificate_Type_Extension_Default_description
# Policy Attributes
Netscape_Certificate_Type_Extension_Default_attributes = [
('nsCertCritical', 'boolean', 'NULL', 'Criticality', 'false'),
('nsCertSSLClient', 'boolean', 'NULL', 'SSL Client', 'false'),
('nsCertSSLServer', 'boolean', 'NULL', 'SSL Server', 'false'),
('nsCertEmail', 'boolean', 'NULL', 'Email', 'false'),
('nsCertObjectSigning', 'boolean', 'NULL', 'Object Signing',
'false'), ('nsCertSSLCA', 'boolean', 'NULL', 'SSL CA', 'false'),
('nsCertEmailCA', 'boolean', 'NULL', 'Email CA', 'false'),
('nsCertObjectSigningCA', 'boolean', 'NULL', 'Object Signing CA',
'false')
]
# Policy Parameters
Netscape_Certificate_Type_Extension_Default_params = [
('nsCertCritical',
common.check_ext_key_usage(extlist, 'nsCertCritical')),
('nsCertSSLClient',
common.check_ext_key_usage(extlist, 'nsCertSSLClient')),
('nsCertSSLServer',
common.check_ext_key_usage(extlist, 'nsCertSSLServer')),
('nsCertEmail', common.check_ext_key_usage(extlist,
'nsCertEmail')),
('nsCertObjectSigning',
common.check_ext_key_usage(extlist, 'nsCertObjectSigning')),
('nsCertSSLCA', common.check_ext_key_usage(extlist,
'nsCertSSLCA')),
('nsCertEmailCA',
common.check_ext_key_usage(extlist, 'nsCertEmailCA')),
('nsCertObjectSigningCA',
common.check_ext_key_usage(extlist, 'nsCertObjectSigningCA'))
]
common.policy_parameters(
Policy_definition,
Netscape_Certificate_Type_Extension_Default_params)
# Constraints
constraints.noConstraintImpl(Policy_Value)
else:
Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
for v in extlist:
result = Policy_Value.find("./def/params[@name=\"%s\"]" % v)
result[0].text = 'true'
def Key_Usage_Default(root, PolicySet, keylist):
''' This function defines Key Usage Default Policy '''
javaclass = 'keyUsageExtDefaultImpl'
result = common.check_policy(PolicySet, javaclass)
if result is False:
#Get Policy ID
pvalue = get_policyId(PolicySet)
s1 = 'This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true'
s2 = 'Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false'
s3 = 'Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false'
Key_Usage_Default_description = s1 + s2 + s3
# Policy Value
Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)
# Policy Definition
Policy_definition = etree.SubElement(Policy_Value,
'def',
id='Key Usage Default',
classId='keyUsageExtDefaultImpl')
Policy_description = etree.SubElement(
Policy_definition,
'description').text = Key_Usage_Default_description
# Policy Attributes #name,syntax,constraint,description,defaultvalue
Key_Usage_Default_attributes = [
('keyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'),
('keyUsageDigitalSignature', 'boolean', 'NULL',
'Digital Signature', 'false'),
('keyUsageNonRepudiation', 'boolean', 'NULL', 'Non-Repudiation',
'false'),
('keyUsageKeyEncipherment', 'boolean', 'NULL', 'Key Encipherment',
'false'),
('keyUsageDataEncipherment', 'boolean', 'NULL',
'Data Encipherment', 'false'),
('keyUsageKeyAgreement', 'boolean', 'NULL', 'Key Agreement',
'false'),
('keyUsageKeyCertSign', 'boolean', 'NULL', 'Key CertSign',
'false'),
('keyUsageCrlSign', 'boolean', 'NULL', 'CRL Sign', 'false'),
('keyUsageEncipherOnly', 'boolean', 'NULL', 'Encipher Only',
'false'),
('keyUsageDecipherOnly', 'boolean', 'NULL', 'Decipher Only',
'false'),
]
common.policy_attributes(Policy_definition,
Key_Usage_Default_attributes)
# Policy Parameters
Key_Usage_Default_parms = [
('keyUsageCritical',
common.check_ext_key_usage(keylist, 'keyUsageCritical')),
('keyUsageDigitalSignature',
common.check_ext_key_usage(keylist, 'keyUsageDigitalSignature')),
('keyUsageNonRepudiation',
common.check_ext_key_usage(keylist, 'keyUsageNonRepudiation')),
('keyUsageKeyEncipherment',
common.check_ext_key_usage(keylist, 'keyUsageKeyEncipherment')),
('keyUsageDataEncipherment',
common.check_ext_key_usage(keylist, 'keyUsageDataEncipherment')),
('keyUsageKeyAgreement',
common.check_ext_key_usage(keylist, 'keyUsageKeyAgreement')),
('keyUsageKeyCertSign',
common.check_ext_key_usage(keylist, 'keyUsageKeyCertSign')),
('keyUsageCrlSign',
common.check_ext_key_usage(keylist, 'keyUsageCrlSign')),
('keyUsageEncipherOnly',
common.check_ext_key_usage(keylist, 'keyUsageEncipherOnly')),
('keyUsageDecipherOnly',
common.check_ext_key_usage(keylist, 'keyUsageDecipherOnly'))
]
common.policy_parameters(Policy_definition, Key_Usage_Default_parms)
# Policy Constraint
constraints.keyUsageExtConstraintImpl(Policy_Value, keylist)
else:
Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
# Change Policy Parameters
mylist = re.split(',', keylist)
for v in mylist:
result_param = Policy_Value.find(
"./def/params[@name=\"%s\"]/value" % v)
result_param.text = 'true'
# Change Policy Constraints
for v in mylist:
result_constraint = Policy_Value.find(
"./constraint/constraint[@id=\"%s\"]/value" % v)
result_constraint.text = 'true'
def Key_Usage_Default(root, PolicySet, keylist):
""" This function defines Key Usage Default Policy """
javaclass = "keyUsageExtDefaultImpl"
result = common.check_policy(PolicySet, javaclass)
if result is False:
# Get Policy ID
pvalue = get_policyId(PolicySet)
s1 = "This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true"
s2 = "Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false"
s3 = "Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false"
Key_Usage_Default_description = s1 + s2 + s3
# Policy Value
Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)
# Policy Definition
Policy_definition = etree.SubElement(
Policy_Value, "def", id="Key Usage Default", classId="keyUsageExtDefaultImpl"
)
Policy_description = etree.SubElement(Policy_definition, "description").text = Key_Usage_Default_description
# Policy Attributes #name,syntax,constraint,description,defaultvalue
Key_Usage_Default_attributes = [
("keyUsageCritical", "boolean", "NULL", "Criticality", "false"),
("keyUsageDigitalSignature", "boolean", "NULL", "Digital Signature", "false"),
("keyUsageNonRepudiation", "boolean", "NULL", "Non-Repudiation", "false"),
("keyUsageKeyEncipherment", "boolean", "NULL", "Key Encipherment", "false"),
("keyUsageDataEncipherment", "boolean", "NULL", "Data Encipherment", "false"),
("keyUsageKeyAgreement", "boolean", "NULL", "Key Agreement", "false"),
("keyUsageKeyCertSign", "boolean", "NULL", "Key CertSign", "false"),
("keyUsageCrlSign", "boolean", "NULL", "CRL Sign", "false"),
("keyUsageEncipherOnly", "boolean", "NULL", "Encipher Only", "false"),
("keyUsageDecipherOnly", "boolean", "NULL", "Decipher Only", "false"),
]
common.policy_attributes(Policy_definition, Key_Usage_Default_attributes)
# Policy Parameters
Key_Usage_Default_parms = [
("keyUsageCritical", common.check_ext_key_usage(keylist, "keyUsageCritical")),
("keyUsageDigitalSignature", common.check_ext_key_usage(keylist, "keyUsageDigitalSignature")),
("keyUsageNonRepudiation", common.check_ext_key_usage(keylist, "keyUsageNonRepudiation")),
("keyUsageKeyEncipherment", common.check_ext_key_usage(keylist, "keyUsageKeyEncipherment")),
("keyUsageDataEncipherment", common.check_ext_key_usage(keylist, "keyUsageDataEncipherment")),
("keyUsageKeyAgreement", common.check_ext_key_usage(keylist, "keyUsageKeyAgreement")),
("keyUsageKeyCertSign", common.check_ext_key_usage(keylist, "keyUsageKeyCertSign")),
("keyUsageCrlSign", common.check_ext_key_usage(keylist, "keyUsageCrlSign")),
("keyUsageEncipherOnly", common.check_ext_key_usage(keylist, "keyUsageEncipherOnly")),
("keyUsageDecipherOnly", common.check_ext_key_usage(keylist, "keyUsageDecipherOnly")),
]
common.policy_parameters(Policy_definition, Key_Usage_Default_parms)
# Policy Constraint
constraints.keyUsageExtConstraintImpl(Policy_Value, keylist)
else:
Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
# Change Policy Parameters
mylist = re.split(",", keylist)
for v in mylist:
result_param = Policy_Value.find('./def/params[@name="%s"]/value' % v)
result_param.text = "true"
# Change Policy Constraints
for v in mylist:
result_constraint = Policy_Value.find('./constraint/constraint[@id="%s"]/value' % v)
result_constraint.text = "true"
