def keyUsageExtConstraintImpl(Policy_Value,keylist): constraint_definition = etree.SubElement(Policy_Value, 'constraint', id='Key Usage Extension Constraint') def1 = 'This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true,' def2 = 'Non-Repudiation=true, Key Encipherment=true, Data Encipherment=false,' def3 = 'Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false' constraint_description = etree.SubElement(constraint_definition, 'description').text = def1 + def2 + def3 constraint_classid = etree.SubElement(constraint_definition, 'classId').text = 'keyUsageExtConstraintImpl' key_default_list = ( 'keyUsageCritical','keyUsageDigitalSignature', 'keyUsageNonRepudiation', 'keyUsageKeyEncipherment', 'keyUsageDataEncipherment', 'keyUsageKeyAgreement', 'keyUsageKeyCertSign', 'keyUsageCrlSign','keyUsageEncipherOnly', 'keyUsageDecipherOnly') keyUsageExtConstraintImpl_attributes = [ (key_default_list[0], 'choice', 'true,false,-', 'Criticality', '-', common.check_ext_key_usage(keylist,key_default_list[0])), (key_default_list[1], 'choice', 'true,false,-', 'Digital Signature', '-', common.check_ext_key_usage(keylist,key_default_list[1])), (key_default_list[2], 'choice', 'true,false,-', 'Non-Repudiation', '-', common.check_ext_key_usage(keylist,key_default_list[2])), (key_default_list[3], 'choice', 'true,false,-', 'Key Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[3])), (key_default_list[4], 'choice', 'true,false,-', 'Data Encipherment', '-', common.check_ext_key_usage(keylist,key_default_list[4])), (key_default_list[5], 'choice', 'true,false,-', 'Key Agreement', '-', common.check_ext_key_usage(keylist,key_default_list[5])), (key_default_list[6], 'choice', 'true,false,-', 'Key CertSign', '-', common.check_ext_key_usage(keylist,key_default_list[6])), (key_default_list[7], 'choice', 'true,false,-', 'CRL Sign', '-', common.check_ext_key_usage(keylist,key_default_list[7])), (key_default_list[8], 'choice', 'true,false,-', 'Encipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[8])), (key_default_list[9], 'choice', 'true,false,-', 'Decipher Only', '-', common.check_ext_key_usage(keylist,key_default_list[9]))] common.constraint_attributes(constraint_definition, keyUsageExtConstraintImpl_attributes)
def Netscape_Certificate_Type_Extension_Default(root, PolicySet, extlist): javaclass = "nsCertTypeExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Netscape_Certificate_Type_Extension_Default_description = ( "This default populates a Netscape Certificate Type Extension" ) # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Netscape Certificate Type Extension Default", classId="nsCertTypeExtDefaultImpl" ) Policy_description = etree.SubElement( Policy_definition, "description" ).text = Netscape_Certificate_Type_Extension_Default_description # Policy Attributes Netscape_Certificate_Type_Extension_Default_attributes = [ ("nsCertCritical", "boolean", "NULL", "Criticality", "false"), ("nsCertSSLClient", "boolean", "NULL", "SSL Client", "false"), ("nsCertSSLServer", "boolean", "NULL", "SSL Server", "false"), ("nsCertEmail", "boolean", "NULL", "Email", "false"), ("nsCertObjectSigning", "boolean", "NULL", "Object Signing", "false"), ("nsCertSSLCA", "boolean", "NULL", "SSL CA", "false"), ("nsCertEmailCA", "boolean", "NULL", "Email CA", "false"), ("nsCertObjectSigningCA", "boolean", "NULL", "Object Signing CA", "false"), ] # Policy Parameters Netscape_Certificate_Type_Extension_Default_params = [ ("nsCertCritical", common.check_ext_key_usage(extlist, "nsCertCritical")), ("nsCertSSLClient", common.check_ext_key_usage(extlist, "nsCertSSLClient")), ("nsCertSSLServer", common.check_ext_key_usage(extlist, "nsCertSSLServer")), ("nsCertEmail", common.check_ext_key_usage(extlist, "nsCertEmail")), ("nsCertObjectSigning", common.check_ext_key_usage(extlist, "nsCertObjectSigning")), ("nsCertSSLCA", common.check_ext_key_usage(extlist, "nsCertSSLCA")), ("nsCertEmailCA", common.check_ext_key_usage(extlist, "nsCertEmailCA")), ("nsCertObjectSigningCA", common.check_ext_key_usage(extlist, "nsCertObjectSigningCA")), ] common.policy_parameters(Policy_definition, Netscape_Certificate_Type_Extension_Default_params) # Constraints constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) for v in extlist: result = Policy_Value.find('./def/params[@name="%s"]' % v) result[0].text = "true"
def Netscape_Certificate_Type_Extension_Default(root, PolicySet, extlist): javaclass = 'nsCertTypeExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) # Description Netscape_Certificate_Type_Extension_Default_description = 'This default populates a Netscape Certificate Type Extension' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='Netscape Certificate Type Extension Default', classId='nsCertTypeExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description' ).text = Netscape_Certificate_Type_Extension_Default_description # Policy Attributes Netscape_Certificate_Type_Extension_Default_attributes = [ ('nsCertCritical', 'boolean', 'NULL', 'Criticality', 'false'), ('nsCertSSLClient', 'boolean', 'NULL', 'SSL Client', 'false'), ('nsCertSSLServer', 'boolean', 'NULL', 'SSL Server', 'false'), ('nsCertEmail', 'boolean', 'NULL', 'Email', 'false'), ('nsCertObjectSigning', 'boolean', 'NULL', 'Object Signing', 'false'), ('nsCertSSLCA', 'boolean', 'NULL', 'SSL CA', 'false'), ('nsCertEmailCA', 'boolean', 'NULL', 'Email CA', 'false'), ('nsCertObjectSigningCA', 'boolean', 'NULL', 'Object Signing CA', 'false') ] # Policy Parameters Netscape_Certificate_Type_Extension_Default_params = [ ('nsCertCritical', common.check_ext_key_usage(extlist, 'nsCertCritical')), ('nsCertSSLClient', common.check_ext_key_usage(extlist, 'nsCertSSLClient')), ('nsCertSSLServer', common.check_ext_key_usage(extlist, 'nsCertSSLServer')), ('nsCertEmail', common.check_ext_key_usage(extlist, 'nsCertEmail')), ('nsCertObjectSigning', common.check_ext_key_usage(extlist, 'nsCertObjectSigning')), ('nsCertSSLCA', common.check_ext_key_usage(extlist, 'nsCertSSLCA')), ('nsCertEmailCA', common.check_ext_key_usage(extlist, 'nsCertEmailCA')), ('nsCertObjectSigningCA', common.check_ext_key_usage(extlist, 'nsCertObjectSigningCA')) ] common.policy_parameters( Policy_definition, Netscape_Certificate_Type_Extension_Default_params) # Constraints constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) for v in extlist: result = Policy_Value.find("./def/params[@name=\"%s\"]" % v) result[0].text = 'true'
def Key_Usage_Default(root, PolicySet, keylist): ''' This function defines Key Usage Default Policy ''' javaclass = 'keyUsageExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) s1 = 'This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true' s2 = 'Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false' s3 = 'Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false' Key_Usage_Default_description = s1 + s2 + s3 # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement(Policy_Value, 'def', id='Key Usage Default', classId='keyUsageExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = Key_Usage_Default_description # Policy Attributes #name,syntax,constraint,description,defaultvalue Key_Usage_Default_attributes = [ ('keyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'), ('keyUsageDigitalSignature', 'boolean', 'NULL', 'Digital Signature', 'false'), ('keyUsageNonRepudiation', 'boolean', 'NULL', 'Non-Repudiation', 'false'), ('keyUsageKeyEncipherment', 'boolean', 'NULL', 'Key Encipherment', 'false'), ('keyUsageDataEncipherment', 'boolean', 'NULL', 'Data Encipherment', 'false'), ('keyUsageKeyAgreement', 'boolean', 'NULL', 'Key Agreement', 'false'), ('keyUsageKeyCertSign', 'boolean', 'NULL', 'Key CertSign', 'false'), ('keyUsageCrlSign', 'boolean', 'NULL', 'CRL Sign', 'false'), ('keyUsageEncipherOnly', 'boolean', 'NULL', 'Encipher Only', 'false'), ('keyUsageDecipherOnly', 'boolean', 'NULL', 'Decipher Only', 'false'), ] common.policy_attributes(Policy_definition, Key_Usage_Default_attributes) # Policy Parameters Key_Usage_Default_parms = [ ('keyUsageCritical', common.check_ext_key_usage(keylist, 'keyUsageCritical')), ('keyUsageDigitalSignature', common.check_ext_key_usage(keylist, 'keyUsageDigitalSignature')), ('keyUsageNonRepudiation', common.check_ext_key_usage(keylist, 'keyUsageNonRepudiation')), ('keyUsageKeyEncipherment', common.check_ext_key_usage(keylist, 'keyUsageKeyEncipherment')), ('keyUsageDataEncipherment', common.check_ext_key_usage(keylist, 'keyUsageDataEncipherment')), ('keyUsageKeyAgreement', common.check_ext_key_usage(keylist, 'keyUsageKeyAgreement')), ('keyUsageKeyCertSign', common.check_ext_key_usage(keylist, 'keyUsageKeyCertSign')), ('keyUsageCrlSign', common.check_ext_key_usage(keylist, 'keyUsageCrlSign')), ('keyUsageEncipherOnly', common.check_ext_key_usage(keylist, 'keyUsageEncipherOnly')), ('keyUsageDecipherOnly', common.check_ext_key_usage(keylist, 'keyUsageDecipherOnly')) ] common.policy_parameters(Policy_definition, Key_Usage_Default_parms) # Policy Constraint constraints.keyUsageExtConstraintImpl(Policy_Value, keylist) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) # Change Policy Parameters mylist = re.split(',', keylist) for v in mylist: result_param = Policy_Value.find( "./def/params[@name=\"%s\"]/value" % v) result_param.text = 'true' # Change Policy Constraints for v in mylist: result_constraint = Policy_Value.find( "./constraint/constraint[@id=\"%s\"]/value" % v) result_constraint.text = 'true'
def Key_Usage_Default(root, PolicySet, keylist): """ This function defines Key Usage Default Policy """ javaclass = "keyUsageExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) s1 = "This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true" s2 = "Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false" s3 = "Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false" Key_Usage_Default_description = s1 + s2 + s3 # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Key Usage Default", classId="keyUsageExtDefaultImpl" ) Policy_description = etree.SubElement(Policy_definition, "description").text = Key_Usage_Default_description # Policy Attributes #name,syntax,constraint,description,defaultvalue Key_Usage_Default_attributes = [ ("keyUsageCritical", "boolean", "NULL", "Criticality", "false"), ("keyUsageDigitalSignature", "boolean", "NULL", "Digital Signature", "false"), ("keyUsageNonRepudiation", "boolean", "NULL", "Non-Repudiation", "false"), ("keyUsageKeyEncipherment", "boolean", "NULL", "Key Encipherment", "false"), ("keyUsageDataEncipherment", "boolean", "NULL", "Data Encipherment", "false"), ("keyUsageKeyAgreement", "boolean", "NULL", "Key Agreement", "false"), ("keyUsageKeyCertSign", "boolean", "NULL", "Key CertSign", "false"), ("keyUsageCrlSign", "boolean", "NULL", "CRL Sign", "false"), ("keyUsageEncipherOnly", "boolean", "NULL", "Encipher Only", "false"), ("keyUsageDecipherOnly", "boolean", "NULL", "Decipher Only", "false"), ] common.policy_attributes(Policy_definition, Key_Usage_Default_attributes) # Policy Parameters Key_Usage_Default_parms = [ ("keyUsageCritical", common.check_ext_key_usage(keylist, "keyUsageCritical")), ("keyUsageDigitalSignature", common.check_ext_key_usage(keylist, "keyUsageDigitalSignature")), ("keyUsageNonRepudiation", common.check_ext_key_usage(keylist, "keyUsageNonRepudiation")), ("keyUsageKeyEncipherment", common.check_ext_key_usage(keylist, "keyUsageKeyEncipherment")), ("keyUsageDataEncipherment", common.check_ext_key_usage(keylist, "keyUsageDataEncipherment")), ("keyUsageKeyAgreement", common.check_ext_key_usage(keylist, "keyUsageKeyAgreement")), ("keyUsageKeyCertSign", common.check_ext_key_usage(keylist, "keyUsageKeyCertSign")), ("keyUsageCrlSign", common.check_ext_key_usage(keylist, "keyUsageCrlSign")), ("keyUsageEncipherOnly", common.check_ext_key_usage(keylist, "keyUsageEncipherOnly")), ("keyUsageDecipherOnly", common.check_ext_key_usage(keylist, "keyUsageDecipherOnly")), ] common.policy_parameters(Policy_definition, Key_Usage_Default_parms) # Policy Constraint constraints.keyUsageExtConstraintImpl(Policy_Value, keylist) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) # Change Policy Parameters mylist = re.split(",", keylist) for v in mylist: result_param = Policy_Value.find('./def/params[@name="%s"]/value' % v) result_param.text = "true" # Change Policy Constraints for v in mylist: result_constraint = Policy_Value.find('./constraint/constraint[@id="%s"]/value' % v) result_constraint.text = "true"