class EncryptionInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('encryptionInfoType', univ.ObjectIdentifier()),
namedtype.NamedType('encryptionInfoValue', univ.Any(),
openType=opentype.OpenType('encryptionInfoType',
ersEncryptionInfoValueMap))
)
class QCStatement(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('statementId', univ.ObjectIdentifier()),
namedtype.OptionalNamedType('statementInfo',
univ.Any(),
openType=opentype.OpenType(
'statementId', qcStatementMap)))
class OtherRevInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('riType', univ.ObjectIdentifier()),
namedtype.NamedType('riValue',
univ.Any(),
openType=opentype.OpenType(
'riType', rfc5652.otherRevInfoFormatMap)))
class ValidationAlg(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('valAlgId', univ.ObjectIdentifier()),
namedtype.OptionalNamedType('parameters',
univ.Any(),
openType=opentype.OpenType(
'valPolId', scvpValidationAlgMap)))
class Message(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
'version',
univ.Integer(namedValues=namedval.NamedValues(('version-2c', 1)))),
namedtype.NamedType('community', univ.OctetString()),
namedtype.NamedType('data', univ.Any()))
class ContentInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('contentType', ContentType()),
namedtype.OptionalNamedType(
'content',
univ.Any().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))))
class OtherEvidence(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('oeType', univ.ObjectIdentifier()),
namedtype.NamedType('oeValue',
univ.Any(),
openType=opentype.OpenType('oeType',
otherEvidenceMap)))
class GLAQueryResponse(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('glaResponseType', univ.ObjectIdentifier()),
namedtype.NamedType('glaResponseValue',
univ.Any(),
openType=opentype.OpenType('glaResponseType',
glaQueryRRMap)))
class SigPolicyQualifierInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('sigPolicyQualifierId', SigPolicyQualifierId()),
namedtype.NamedType('sigQualifier',
univ.Any(),
openType=opentype.OpenType('sigPolicyQualifierId',
sigQualifiersMap)))
class OtherRevVals(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('otherRevValType', OtherRevValType()),
namedtype.NamedType('otherRevVals',
univ.Any(),
openType=opentype.OpenType('otherRevValType',
otherRevValMap)))
class ExplicitTagDecoder(AbstractSimpleDecoder):
protoComponent = univ.Any('')
tagFormats = (tag.tagFormatConstructed, )
def valueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet, length,
state, decodeFun, substrateFun):
if substrateFun:
return substrateFun(self._createComponent(asn1Spec, tagSet, ''),
substrate, length)
head, tail = substrate[:length], substrate[length:]
value, _ = decodeFun(head, asn1Spec, tagSet, length)
return value, tail
def indefLenValueDecoder(self, fullSubstrate, substrate, asn1Spec, tagSet,
length, state, decodeFun, substrateFun):
if substrateFun:
return substrateFun(self._createComponent(asn1Spec, tagSet, ''),
substrate, length)
value, substrate = decodeFun(substrate, asn1Spec, tagSet, length)
terminator, substrate = decodeFun(substrate, allowEoo=True)
if eoo.endOfOctets.isSameTypeWith(terminator) and \
terminator == eoo.endOfOctets:
return value, substrate
else:
raise error.PyAsn1Error('Missing end-of-octets terminator')
class AnotherName(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('type-id', univ.ObjectIdentifier()),
namedtype.NamedType(
'value',
univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))))
class TimeStampResp(univ.Sequence):
"""RFC3161 Timestamp Response."""
componentType = namedtype.NamedTypes(
namedtype.NamedType("status", PKIStatusInfo()),
namedtype.OptionalNamedType("timeStampToken", univ.Any()),
)
class ValidationPolRef(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('valPolId', univ.ObjectIdentifier()),
namedtype.OptionalNamedType('valPolParams',
univ.Any(),
openType=opentype.OpenType(
'valPolId', scvpValidationPolMap)))
def _encode_extension(oid, critical, value):
ext = rfc2459.Extension()
ext['extnID'] = univ.ObjectIdentifier(oid)
ext['critical'] = univ.Boolean(critical)
ext['extnValue'] = univ.Any(encoder.encode(univ.OctetString(value)))
ext = encoder.encode(ext)
return ext
def copy_to(self, target_):
self.set_component(self.asn1_choice, self.component_name,
self.component_value)
target_.setComponentByName('id',
str(asn1.sorm_request_identifier_voip))
target_.setComponentByName('data',
univ.Any(der_encode(self.asn1_choice)))
class CommitmentTypeQualifier(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('commitmentTypeIdentifier',
CommitmentTypeIdentifier()),
namedtype.NamedType('qualifier', univ.Any(),
openType=opentype.OpenType('commitmentTypeIdentifier',
commitmentQualifierMap))
)
def setUp(self):
openType = opentype.OpenType('id', {
1: univ.Integer(),
2: univ.OctetString()
})
self.s = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('id', univ.Integer()),
namedtype.NamedType('blob', univ.Any(), openType=openType)))
def encode(self):
message = asn1.SkrMessage()
message['version'] = self.version
message['message-id'] = self.message_id
message['message-time'] = self.message_time
message['id'] = self.id
message['data'] = univ.Any(self.encode_data())
return der_encode(message)
class ExtensionAttribute(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(
subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes),
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('extension-attribute-value',
univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
def copy_to(self, target_):
identifier = asn1.SkrRequestedPstnIdentifier()
self.set_component(identifier, 'directory-number',
self.directory_number)
self.set_component(identifier, 'internal-number', self.internal_number)
target_.setComponentByName('id',
str(asn1.sorm_request_identifier_pstn))
target_.setComponentByName('data', univ.Any(der_encode(identifier)))
def testTypeCheckOnAssignment(self):
self.s.clear()
self.s['blob'] = univ.Any(str2octs('xxx'))
# this should succeed because Any is untagged and unconstrained
self.s['blob'] = univ.Integer(123)
class PolicyQualifierInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
namedtype.NamedType(
'qualifier', univ.Any(),
openType=opentype.OpenType('policyQualifierId', policyQualifierInfoMap)
)
)
class RevokedCertInfo(univ.Sequence):
'''
univ.Any type is used instead of this type to avoid
unnecessary parsing.
'''
componentType = namedtype.NamedTypes(
namedtype.NamedType('userCertificate', CertificateSerialNumber()),
namedtype.NamedType('revocationDate', Time()),
namedtype.OptionalNamedType('crlEntryExts', univ.Any()))
class TSTInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', rfc2315.Version()),
namedtype.NamedType('policy', univ.ObjectIdentifier()),
namedtype.NamedType('messageImprint', univ.Any()),
namedtype.NamedType('serialNumber', univ.Integer()),
namedtype.NamedType('genTime', useful.GeneralizedTime()),
namedtype.OptionalNamedType('accuracy', univ.Any()),
namedtype.OptionalNamedType('ordering', univ.Boolean()),
namedtype.OptionalNamedType('nonce', univ.Integer()),
namedtype.OptionalNamedType(
'tsa',
rfc2315.GeneralName().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType(
'extensions',
rfc2315.Extensions().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))))
class InfoTypeAndValue(univ.Sequence):
"""
InfoTypeAndValue ::= SEQUENCE {
infoType OBJECT IDENTIFIER,
infoValue ANY DEFINED BY infoType OPTIONAL
}"""
componentType = namedtype.NamedTypes(
namedtype.NamedType('infoType', univ.ObjectIdentifier()),
namedtype.OptionalNamedType('infoValue', univ.Any()))
class SecurityCategory(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('type',
univ.ObjectIdentifier().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('value',
univ.Any().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)),
openType=opentype.OpenType('type', securityCategoryMap))
)
class GeneralName(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType('rfc822Name', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
# namedtype.NamedType('dNSName', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
# namedtype.NamedType('x400Address', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('directoryName', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
# namedtype.NamedType('ediPartyName', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
# namedtype.NamedType('uniformResourceIdentifier', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
# namedtype.NamedType('iPAddress', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))))
def __encode_extension(self, oid, critical, value):
# TODO: have another proxy for crypto_x509.Extension which would
# provide public_bytes on the top of what python-cryptography has
ext = rfc2459.Extension()
# TODO: this does not have to be so weird, pyasn1 now has codecs
# which are capable of providing python-native types
ext['extnID'] = univ.ObjectIdentifier(oid)
ext['critical'] = univ.Boolean(critical)
ext['extnValue'] = univ.Any(encoder.encode(univ.OctetString(value)))
ext = encoder.encode(ext)
return ext
def _extract_values_from_certificate(cert):
"""
Gets Serial Number, DN and Public Key Hashes. Currently SHA1 is used
to generate hashes for DN and Public Key.
"""
logger = getLogger(__name__)
# cert and serial number
data = {
u'cert': cert,
u'issuer': cert.get_issuer().der(),
u'serial_number': cert.get_serial_number(),
u'algorithm': rfc2437.id_sha1,
u'algorithm_parameter': univ.Any(hexValue='0500') # magic number
}
# DN Hash
data[u'name'] = cert.get_subject()
cert_der = data[u'name'].der()
sha1_hash = hashlib.sha1()
sha1_hash.update(cert_der)
data[u'name_hash'] = sha1_hash.hexdigest()
# public key Hash
data['key_hash'] = _get_pubickey_sha1_hash(cert).hexdigest()
# CRL and OCSP
data['crl'] = None
ocsp_uris0 = []
for idx in range(cert.get_extension_count()):
e = cert.get_extension(idx)
if e.get_short_name() == b'authorityInfoAccess':
for line in str(e).split(u"\n"):
m = OCSP_RE.match(line)
if m:
logger.debug(u'OCSP URL: %s', m.group(1))
ocsp_uris0.append(m.group(1))
elif e.get_short_name() == b'crlDistributionPoints':
for line in str(e).split(u"\n"):
m = CRL_RE.match(line)
if m:
logger.debug(u"CRL: %s", m.group(1))
data['crl'] = m.group(1)
if len(ocsp_uris0) == 1:
data['ocsp_uri'] = ocsp_uris0[0]
elif len(ocsp_uris0) == 0:
data['ocsp_uri'] = u''
else:
raise OperationalError(
msg=u'More than one OCSP URI entries are specified in '
u'the certificate',
errno=ER_FAILED_TO_GET_OCSP_URI,
)
data[u'is_root_ca'] = cert.get_subject() == cert.get_issuer()
return data
