class SPNEGO_negTokenResp(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_ENUMERATED("negResult",
0, {
0: "accept-completed",
1: "accept-incomplete",
2: "reject",
3: "request-mic"
},
explicit_tag=0xa0), ),
ASN1F_optional(
ASN1F_PACKET("supportedMech",
SPNEGO_MechType(),
SPNEGO_MechType,
explicit_tag=0xa1), ),
ASN1F_optional(
ASN1F_PACKET("responseToken",
None,
SPNEGO_Token,
explicit_tag=0xa2)),
ASN1F_optional(
ASN1F_PACKET("mechListMIC",
None,
SPNEGO_MechListMIC,
implicit_tag=0xa3))))
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_PACKET("subjectPublicKey", ECDSAPublicKey(), ECDSAPublicKey)
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class OCSP_ResponderID(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_CHOICE("responderID", None,
ASN1F_PACKET("byName", OCSP_ByName(), OCSP_ByName,
explicit_tag=0xa1),
ASN1F_PACKET("byKey", OCSP_ByKey(), OCSP_ByKey,
explicit_tag=0xa2))
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signatureValue", "defaultsignature" * 2)
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class SAPPSE_Obj_PKRoot(ASN1_Packet):
"""SAP PSEv2 PKRoot Object definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("ca", X509_DirectoryName(), X509_DirectoryName),
ASN1F_PACKET("new_key", SAPPSE_Root_Key(), SAPPSE_Root_Key),
ASN1F_PACKET("old_key", SAPPSE_Root_Key(), SAPPSE_Root_Key, explicit_tag=0xa0),
)
class ECSpecifiedDomain(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 1, {1: "ecpVer1"}),
ASN1F_PACKET("fieldID", ECFieldID(), ECFieldID),
ASN1F_PACKET("curve", ECCurve(), ECCurve), ASN1F_STRING("base", ""),
ASN1F_INTEGER("order", 0),
ASN1F_optional(ASN1F_INTEGER("cofactor", None)))
class OCSP_CertStatus(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_CHOICE("certStatus", None,
ASN1F_PACKET("good", OCSP_GoodInfo(),
OCSP_GoodInfo, implicit_tag=0x80),
ASN1F_PACKET("revoked", OCSP_RevokedInfo(),
OCSP_RevokedInfo, implicit_tag=0xa1),
ASN1F_PACKET("unknown", OCSP_UnknownInfo(),
OCSP_UnknownInfo, implicit_tag=0x82))
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsCertList", X509_TBSCertList(), X509_TBSCertList),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING_ENCAPS("signatureValue", ECDSASignature(),
ECDSASignature)
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class ECDSAPrivateKey(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 1, {1: "ecPrivkeyVer1"}),
ASN1F_STRING("privateKey", ""),
ASN1F_optional(
ASN1F_PACKET("parameters", None, ECParameters, explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_PACKET("publicKey", None, ECDSAPublicKey,
explicit_tag=0xa1)))
class LDAP_Filter(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_CHOICE(
"filter",
LDAP_FilterPresent(),
ASN1F_PACKET("and", None, LDAP_FilterAnd, implicit_tag=0x80),
ASN1F_PACKET("or", None, LDAP_FilterOr, implicit_tag=0x81),
ASN1F_PACKET("not", None, _LDAP_Filter, implicit_tag=0x82),
ASN1F_PACKET("equalityMatch",
AttributeValueAssertion(),
AttributeValueAssertion,
implicit_tag=0x83),
ASN1F_PACKET("substrings",
LDAP_SubstringFilter(),
LDAP_SubstringFilter,
implicit_tag=0x84),
ASN1F_PACKET("greaterOrEqual",
AttributeValueAssertion(),
AttributeValueAssertion,
implicit_tag=0x85),
ASN1F_PACKET("lessOrEqual",
AttributeValueAssertion(),
AttributeValueAssertion,
implicit_tag=0x86),
ASN1F_PACKET("present",
LDAP_FilterPresent(),
LDAP_FilterPresent,
implicit_tag=0x87),
ASN1F_PACKET("approxMatch",
None,
AttributeValueAssertion,
implicit_tag=0x88),
)
class X509_GeneralName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_CHOICE(
"generalName",
X509_DirectoryName(),
ASN1F_PACKET("otherName", None, X509_OtherName, implicit_tag=0xa0),
ASN1F_PACKET("rfc822Name", None, X509_RFC822Name, implicit_tag=0x81),
ASN1F_PACKET("dNSName", None, X509_DNSName, implicit_tag=0x82),
ASN1F_PACKET(
"x400Address",
None,
X509_X400Address, # noqa: E501
explicit_tag=0xa3),
ASN1F_PACKET(
"directoryName",
None,
X509_DirectoryName, # noqa: E501
explicit_tag=0xa4),
ASN1F_PACKET(
"ediPartyName",
None,
X509_EDIPartyName, # noqa: E501
explicit_tag=0xa5),
ASN1F_PACKET(
"uniformResourceIdentifier",
None,
X509_URI, # noqa: E501
implicit_tag=0x86),
ASN1F_PACKET("ipAddress", None, X509_IPAddress, implicit_tag=0x87),
ASN1F_PACKET(
"registeredID",
None,
X509_RegisteredID, # noqa: E501
implicit_tag=0x88))
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsResponseData", OCSP_ResponseData(),
OCSP_ResponseData),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signature", "defaultsignature" * 2),
ASN1F_optional(
ASN1F_SEQUENCE_OF("certs", None, X509_Cert, explicit_tag=0xa0))
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class SAPPSE_Root_Key(ASN1_Packet):
"""SAP PSEv2 Root Key definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 0x0, ["v0"], explicit_tag=0xa0),
ASN1F_INTEGER("serial_number", 0),
ASN1F_PACKET("public_key", X509_SubjectPublicKeyInfo(), X509_SubjectPublicKeyInfo),
ASN1F_PACKET("validity", X509_Validity(), X509_Validity, explicit_tag=0xa1),
ASN1F_PACKET("sign_alg_id", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier, explicit_tag=0xa2),
ASN1F_BIT_STRING("sign_bit_string", ""),
)
class SPNEGO_negToken(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_CHOICE(
"token", SPNEGO_negTokenInit(),
ASN1F_PACKET("negTokenInit",
SPNEGO_negTokenInit(),
SPNEGO_negTokenInit,
implicit_tag=0xa0),
ASN1F_PACKET("negTokenResp",
SPNEGO_negTokenResp(),
SPNEGO_negTokenResp,
implicit_tag=0xa1))
class SAPPSE_Obj_PKList(ASN1_Packet):
"""SAP PSEv2 PKList, EKList, PCAList Object definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 0x0, ["v0"], explicit_tag=0xa0),
ASN1F_INTEGER("serial_number", 0),
ASN1F_PACKET("signature", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier),
ASN1F_PACKET("issuer", X509_DirectoryName(), X509_DirectoryName),
ASN1F_PACKET("validity", X509_Validity(), X509_Validity),
ASN1F_PACKET("partner", X509_DirectoryName(), X509_DirectoryName),
ASN1F_PACKET("verification_key", X509_SubjectPublicKeyInfo(), X509_SubjectPublicKeyInfo),
)
class OCSP_SingleResponse(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("certID", OCSP_CertID(), OCSP_CertID),
ASN1F_PACKET("certStatus", OCSP_CertStatus(), OCSP_CertStatus),
ASN1F_GENERALIZED_TIME("thisUpdate", ""),
ASN1F_optional(
ASN1F_GENERALIZED_TIME("nextUpdate", "", explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("singleExtensions",
None,
X509_Extension,
explicit_tag=0xa1)))
class RSAPrivateKey_OpenSSL(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 0, ["v1", "v2"]),
ASN1F_PACKET("privateKeyAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_PACKET("privateKey",
RSAPrivateKey(),
RSAPrivateKey,
explicit_tag=0x04),
ASN1F_optional(
ASN1F_PACKET("parameters", None, ECParameters, explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_PACKET("publicKey", None, ECDSAPublicKey,
explicit_tag=0xa1)))
class X509_ExtGeneralSubtree(ASN1_Packet):
# 'minimum' is not optional in RFC 5280, yet it is in some implementations.
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("base", X509_GeneralName(), X509_GeneralName),
ASN1F_optional(ASN1F_INTEGER("minimum", None, implicit_tag=0x80)),
ASN1F_optional(ASN1F_INTEGER("maximum", None, implicit_tag=0x81)))
class OCSP_CertID(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("hashAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_STRING("issuerNameHash", ""), ASN1F_STRING("issuerKeyHash", ""),
ASN1F_INTEGER("serialNumber", 0))
class OCSP_RevokedInfo(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_GENERALIZED_TIME("revocationTime", ""),
ASN1F_optional(
ASN1F_PACKET("revocationReason", None,
X509_ExtReasonCode,
explicit_tag=0x80)))
def __init__(self, **kargs):
seq = [ASN1F_OID("extnID", "2.5.29.19"),
ASN1F_optional(
ASN1F_BOOLEAN("critical", False)),
ASN1F_PACKET("extnValue",
X509_ExtBasicConstraints(),
X509_ExtBasicConstraints,
explicit_tag=0x04)]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class OCSP_Response(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_ENUMERATED("responseStatus", 0, _responseStatus_mapping),
ASN1F_optional(
ASN1F_PACKET("responseBytes",
None,
OCSP_ResponseBytes,
explicit_tag=0xa0)))
class LDAP_SubstringFilterStr(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_CHOICE(
"str",
ASN1_STRING(""),
ASN1F_PACKET("initial",
LDAP_SubstringFilterInitial(),
LDAP_SubstringFilterInitial,
implicit_tag=0x0),
ASN1F_PACKET("any",
LDAP_SubstringFilterAny(),
LDAP_SubstringFilterAny,
implicit_tag=0x1),
ASN1F_PACKET("final",
LDAP_SubstringFilterFinal(),
LDAP_SubstringFilterFinal,
implicit_tag=0x2),
)
class SAPPSEv2_Enc_Cont(ASN1_Packet):
"""SAP PSEv2 Encrypted content definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_PSE_v2_ENC_CONT_SEQUENCE(
ASN1F_STRING("encrypted_pin", ""),
ASN1F_PACKET("algorithm_identifier", PKCS5_Algorithm_Identifier(),
PKCS5_Algorithm_Identifier),
ASN1F_STRING("cipher_text", ""),
)
class X509_ExtUserNotice(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(ASN1F_PACKET("noticeRef", None,
X509_ExtNoticeReference)),
ASN1F_optional(
ASN1F_CHOICE("explicitText",
ASN1_UTF8_STRING("Dummy ExplicitText"),
ASN1F_IA5_STRING, ASN1F_ISO646_STRING,
ASN1F_BMP_STRING, ASN1F_UTF8_STRING)))
class SAPPSE_Cont(ASN1_Packet):
"""SAP PSEv2 Content definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("algorithm_identifier", PKCS5_Algorithm_Identifier(),
PKCS5_Algorithm_Identifier),
ASN1F_GENERALIZED_TIME("timestamp", None),
ASN1F_INTEGER("unknown1", 1),
ASN1F_SET_OF("pse_obj", SAPPSE_Obj(), SAPPSE_Obj),
)
class SPNEGO_negTokenInit(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_SEQUENCE_OF("mechTypes",
None,
SPNEGO_MechType,
explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_FLAGS("reqFlags", None, _ContextFlags,
implicit_tag=0x81)),
ASN1F_optional(
ASN1F_PACKET("mechToken",
None,
SPNEGO_Token,
explicit_tag=0xa2)),
ASN1F_optional(
ASN1F_PACKET("mechListMIC",
None,
SPNEGO_MechListMIC,
implicit_tag=0xa3))))
class OCSP_ResponseData(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_enum_INTEGER("version", 0, {0: "v1"}, explicit_tag=0x80)),
ASN1F_PACKET("responderID", OCSP_ResponderID(), OCSP_ResponderID),
ASN1F_GENERALIZED_TIME("producedAt", str(GeneralizedTime())),
ASN1F_SEQUENCE_OF("responses", [], OCSP_SingleResponse),
ASN1F_optional(
ASN1F_SEQUENCE_OF("responseExtensions",
None,
X509_Extension,
explicit_tag=0xa1)))
class X509_ExtDistributionPoint(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_PACKET("distributionPoint",
X509_ExtDistributionPointName(),
X509_ExtDistributionPointName,
explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_FLAGS("reasons", None, _reasons_mapping, implicit_tag=0x81)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("cRLIssuer",
None,
X509_GeneralName,
implicit_tag=0xa2)))
class LDAP_BindRequest(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_INTEGER("version", 2), LDAPDN("bind_name", ""),
ASN1F_CHOICE(
"authentication",
None,
ASN1F_LDAP_Authentication_simple,
ASN1F_LDAP_Authentication_krbv42LDAP,
ASN1F_LDAP_Authentication_krbv42DSA,
ASN1F_PACKET("sasl",
LDAP_SaslCredentials(),
LDAP_SaslCredentials,
implicit_tag=0xa3),
))
