def Key_Default(root, PolicySet): ''' This function Defines key default policy''' javaclass = 'userKeyDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) # Description Key_Default_description = 'This default populates a User-Supplied Certificate Key to the request' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) ### Policy Defintion Policy_definition = etree.SubElement(Policy_Value, 'def', id='Key Default', classId='userKeyDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = Key_Default_description ### Policy Attributes Key_Default_attributes = [ ('TYPE', 'string', 'readonly', 'Key Type', 'NULL'), ('LEN', 'string', 'readonly', 'Key Length', 'NULL'), ('KEY', 'string', 'readonly', 'Key', 'NULL') ] common.policy_attributes(Policy_definition, Key_Default_attributes) constraints.keyConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Key_Default(root, PolicySet): """ This function Defines key default policy""" javaclass = "userKeyDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Key_Default_description = "This default populates a User-Supplied Certificate Key to the request" # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) ### Policy Defintion Policy_definition = etree.SubElement(Policy_Value, "def", id="Key Default", classId="userKeyDefaultImpl") Policy_description = etree.SubElement(Policy_definition, "description").text = Key_Default_description ### Policy Attributes Key_Default_attributes = [ ("TYPE", "string", "readonly", "Key Type", "NULL"), ("LEN", "string", "readonly", "Key Length", "NULL"), ("KEY", "string", "readonly", "Key", "NULL"), ] common.policy_attributes(Policy_definition, Key_Default_attributes) constraints.keyConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Subject_Alt_Name_Constraint(root, PolicySet, altType, altPattern): javaclass = 'subjectAltNameExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) #Description s1 = 'This default populates a Subject Alternative Name Extension (2.5.29.17) to the request.' s2 = 'The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}' Subject_Alt_Name_Constraint_description = s1 + s2 # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='Subject Alt Name Constraint', classId='subjectAltNameExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = Subject_Alt_Name_Constraint_description # Policy Attributes Subject_Alt_Name_Constraint_attributes = [ ('subjAltNameExtCritical', 'boolean', 'NULL', 'Criticality', 'false'), ('subjAltNames', 'string_list', 'NULL', 'General Names', 'NULL') ] common.policy_attributes(Policy_definition, Subject_Alt_Name_Constraint_attributes) # Policy Parameters Subject_Alt_Name_Constraint_params = [ ('subjAltNameExtCritical', 'false'), ('subjAltNameNumGNs', '1'), ('subjAltExtType_0', altType), ('subjAltExtPattern_0', altPattern), ('subjAltExtGNEnable_0', 'true') ] common.policy_parameters(Policy_definition, Subject_Alt_Name_Constraint_params) # constraints constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) subjAltExtType_0_param = Policy_Value.find( './def/params[@name="subjAltExtType_0"]/value') subjAltExtType_0_param.text = altType subjAltExtPattern_0_param = Policy_Value.find( './def/params[@name="subjAltExtPattern_0"]/value') subjAltExtPattern_0_param.text = altPattern
def Basic_Constraints_Extension_Default(root, PolicySet, PathLength, isCA): """ This function Defines Basic Constraints Extension Default Policy""" javaclass = "basicConstraintsExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Basic_Constraints_Extension_Default_description = "This default populates a Basic Constraints Extension (2.5.29.19) to the request.,The default values are Criticality=true, Is CA=true, Path Length=-1" # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Basic Constraints Extension Default", classId="basicConstraintsExtDefaultImpl" ) Policy_description = etree.SubElement( Policy_definition, "description" ).text = Basic_Constraints_Extension_Default_description # Policy Attributes Basic_Constraints_Extension_Default_attributes = [ ("basicConstraintsCritical", "boolean", "Criticality", "false", "NULL"), ("basicConstraintsIsCA", "boolean", "Is CA", "true", "NULL"), ("basicConstraintsPathLen", "integer", "Path Length", "-1", "NULL"), ] common.policy_attributes(Policy_definition, Basic_Constraints_Extension_Default_attributes) # Policy Parameters Basic_Constraints_Extension_Default_params = [ ("basicConstraintsCritical", "true"), ("basicConstraintsIsCA", isCA), ("basicConstraintsPathLen", PathLength), ] common.policy_parameters(Policy_definition, Basic_Constraints_Extension_Default_params) # Constraint Definition constraints.basicConstraintsCritical(Policy_Value, PathLength, isCA) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) basicConstraintsIsCA_params = Policy_Value.find('./def/params[@name="basicConstraintsIsCA"]') basicConstraintsIsCA_params[0].text = isCA basicConstraintsPathLen_params = Policy_Value.find('./def/params[@name="basicConstraintsPathLen"]') basicConstraintsPathLen_params[0].text = PathLength basicConstraintsIsCA_constraint = Policy_Value.find("./constraint/constraint[@id=basicConstraintsIsCA]/value") basicConstraintsIsCA_constraint.text = isCA basicConstraintsPathLen_constraint = Policy_Value.find( './constraint/constraint[@id="basicConstraintsMaxPathLen"]/value' ) basicConstraintsPathLen_constraint.text = PathLength
def Validity_Default(root, PolicySet, defaultRange, range_value): javaclass = 'validityDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) #Description Validity_Default_description = 'This default populates a Certificate Validity to the request. The default values are Range=180 in days' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement(Policy_Value, 'def', id='Validity Default', classId='validityDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = Validity_Default_description # Policy Attributes Validity_Default_attributes = [ ('notBefore', 'string', 'NULL', 'Not Before', 'NULL'), ('notAfter', 'string', 'NULL', 'Not After', 'NULL') ] common.policy_attributes(Policy_definition, Validity_Default_attributes) # Policy Parameters Validity_Default_params = [('range', defaultRange), ('startTime', '0')] common.policy_parameters(Policy_definition, Validity_Default_params) #Constraint constraints.validityConstraintImpl(Policy_Value, defaultRange, range_value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) defaultRange_value = Policy_Value.find( './def/params[@name="range"]/value') defaultRange_value.text = defaultRange Constraint_DefaultValue = Policy_Value.find( './constraint[@id="Validity Constraint"]/constraint[@id="range"]/descriptor/DefaultValue' ) Constraint_DefaultValue.text = range_value Constraint_Value = Policy_Value.find( './constraint[@id="Validity Constraint"]/constraint[@id="range"]/value' ) Constraint_Value.text = range_value
def AIA_Extension_Default(root, PolicySet): ''' This Function defines AIA Extension Default Policy ''' javaclass = 'authInfoAccessExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) s1 = 'This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. ' s2 = 'The default values are Criticality=false,Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}' AIA_Extension_description = s1 + s2 # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='AIA Extension Default', classId='authInfoAccessExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = AIA_Extension_description # Policy Attributes AIA_Extension_Default_attributes = [ ('authInfoAccessCritical', 'boolean', 'NULL', 'Criticality', 'false'), ('authInfoAccessGeneralNames', 'string_list', 'NULL', 'General Names', 'NULL') ] common.policy_attributes(Policy_definition, AIA_Extension_Default_attributes) # Policy Parameters AIA_Extension_Default_params = [ ('authInfoAccessCritical', 'false'), ('authInfoAccessNumADs', '1'), ('authInfoAccessADMethod_0', '1.3.6.1.5.5.7.48.1'), ('authInfoAccessADLocationType_0', 'URIName'), ('authInfoAccessADLocation_0', ''), ('authInfoAccessADEnable_0', 'true') ] common.policy_parameters(Policy_definition, AIA_Extension_Default_params) # Constraint constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Subject_Alt_Name_Constraint(root, PolicySet, altType, altPattern): javaclass = "subjectAltNameExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description s1 = "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request." s2 = "The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}" Subject_Alt_Name_Constraint_description = s1 + s2 # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Subject Alt Name Constraint", classId="subjectAltNameExtDefaultImpl" ) Policy_description = etree.SubElement( Policy_definition, "description" ).text = Subject_Alt_Name_Constraint_description # Policy Attributes Subject_Alt_Name_Constraint_attributes = [ ("subjAltNameExtCritical", "boolean", "NULL", "Criticality", "false"), ("subjAltNames", "string_list", "NULL", "General Names", "NULL"), ] common.policy_attributes(Policy_definition, Subject_Alt_Name_Constraint_attributes) # Policy Parameters Subject_Alt_Name_Constraint_params = [ ("subjAltNameExtCritical", "false"), ("subjAltNameNumGNs", "1"), ("subjAltExtType_0", altType), ("subjAltExtPattern_0", altPattern), ("subjAltExtGNEnable_0", "true"), ] common.policy_parameters(Policy_definition, Subject_Alt_Name_Constraint_params) # constraints constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) subjAltExtType_0_param = Policy_Value.find('./def/params[@name="subjAltExtType_0"]/value') subjAltExtType_0_param.text = altType subjAltExtPattern_0_param = Policy_Value.find('./def/params[@name="subjAltExtPattern_0"]/value') subjAltExtPattern_0_param.text = altPattern
def Extended_Key_Usage_Extension_Default(root, PolicySet): javaclass = 'extendedKeyUsageExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) #Description s1 = 'This default populates an Extended Key Usage Extension () to the request.' s2 = 'The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4' Extended_Key_Usage_Extension_Default_Description = s1 + s2 # policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='Extended Key Usage Extension Default', classId='extendedKeyUsageExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description' ).text = Extended_Key_Usage_Extension_Default_Description # Policy Attributes Extended_Key_Usage_Extension_Default_attributes = [ ('exKeyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'), ('exKeyUsageOIDs', 'string_list', 'NULL', 'Comma-Separated list of Object Identifiers', 'false') ] common.policy_attributes( Policy_definition, Extended_Key_Usage_Extension_Default_attributes) # Policy Parameters Extended_Key_Usage_Extension_Default_params = [ ('exKeyUsageCritical', 'false'), ('exKeyUsageOIDs', '1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4') ] common.policy_parameters(Policy_definition, Extended_Key_Usage_Extension_Default_params) # Constraint constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Subject_Name_Default(root_element, PolicySet, subjectPattern, subjectDefault): # Check if the policy is already defined javaclass = "userSubjectNameDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) Subject_Name_Default_description = ( "This default populates a User-Supplied Certificate Subject Name to the request" ) # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) if subjectDefault: Policy_definition = etree.SubElement( Policy_Value, "def", classId="subjectNameDefaultImpl", id="Subject Name Default" ) else: Policy_definition = etree.SubElement( Policy_Value, "def", classId="userSubjectNameDefaultImpl", id="Subject Name Default" ) Policy_description = etree.SubElement(Policy_definition, "description").text = Subject_Name_Default_description # Policy Attributes Subject_Name_Default_attributes = [("name", "string", "NULL", "Subject Name", "NULL")] common.policy_attributes(Policy_definition, Subject_Name_Default_attributes) # Policy Parameters if subjectDefault: Subject_Name_Default_params = [("name", subjectDefault)] common.policy_parameters(Policy_definition, Subject_Name_Default_params) # Policy Constraints constraints.subjectNameConstraintImpl(Policy_Value, subjectPattern) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) if subjectDefault: Policy_Definition = Policy_Value[0] Policy_Definition.set("classId", "subjectNameDefaultImpl") policy_param_name = etree.SubElement(Policy_Definition, "params", name="name") policy_param_value = etree.SubElement(policy_param_name, "value").text = subjectDefault if subjectPattern: CurrentValue = Policy_Value.find("./constraint/constraint/value") CurrentValue.text = subjectPattern
def AIA_Extension_Default(root, PolicySet): """ This Function defines AIA Extension Default Policy """ javaclass = "authInfoAccessExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) s1 = "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. " s2 = "The default values are Criticality=false,Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}" AIA_Extension_description = s1 + s2 # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="AIA Extension Default", classId="authInfoAccessExtDefaultImpl" ) Policy_description = etree.SubElement(Policy_definition, "description").text = AIA_Extension_description # Policy Attributes AIA_Extension_Default_attributes = [ ("authInfoAccessCritical", "boolean", "NULL", "Criticality", "false"), ("authInfoAccessGeneralNames", "string_list", "NULL", "General Names", "NULL"), ] common.policy_attributes(Policy_definition, AIA_Extension_Default_attributes) # Policy Parameters AIA_Extension_Default_params = [ ("authInfoAccessCritical", "false"), ("authInfoAccessNumADs", "1"), ("authInfoAccessADMethod_0", "1.3.6.1.5.5.7.48.1"), ("authInfoAccessADLocationType_0", "URIName"), ("authInfoAccessADLocation_0", ""), ("authInfoAccessADEnable_0", "true"), ] common.policy_parameters(Policy_definition, AIA_Extension_Default_params) # Constraint constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def CA_Certificate_Validity_Default(root, PolicySet): javaclass = 'caValidityDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) CA_Certificate_Validity_Default_description = 'This default populates a Certificate Validity to the request. The default values are Range=7305 in days' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='CA Certificate Validity Default', classId='caValidityDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = CA_Certificate_Validity_Default_description # Policy Attributes CA_Certificate_Validity_Default_attributes = [ ('notBefore', 'string', 'NULL', 'Not Before', 'NULL'), ('notAfter', 'string', 'NULL', 'notAfter', 'NULL'), ('bypassCAnotafter', 'boolean', 'NULL', 'Bypass CA notAfter constraint', 'false') ] common.policy_attributes(Policy_definition, CA_Certificate_Validity_Default_attributes) # Policy Parameters CA_Certificate_Validity_Default_params = [('range', '7305'), ('startTime', '0'), ('bypassCAnotafter', '')] common.policy_parameters(Policy_definition, CA_Certificate_Validity_Default_params) # Policy Constraints constraints.validityConstraintImpl(Policy_Value, 365, 7305) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Validity_Default(root, PolicySet, defaultRange, range_value): javaclass = "validityDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Validity_Default_description = ( "This default populates a Certificate Validity to the request. The default values are Range=180 in days" ) # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement(Policy_Value, "def", id="Validity Default", classId="validityDefaultImpl") Policy_description = etree.SubElement(Policy_definition, "description").text = Validity_Default_description # Policy Attributes Validity_Default_attributes = [ ("notBefore", "string", "NULL", "Not Before", "NULL"), ("notAfter", "string", "NULL", "Not After", "NULL"), ] common.policy_attributes(Policy_definition, Validity_Default_attributes) # Policy Parameters Validity_Default_params = [("range", defaultRange), ("startTime", "0")] common.policy_parameters(Policy_definition, Validity_Default_params) # Constraint constraints.validityConstraintImpl(Policy_Value, defaultRange, range_value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) defaultRange_value = Policy_Value.find('./def/params[@name="range"]/value') defaultRange_value.text = defaultRange Constraint_DefaultValue = Policy_Value.find( './constraint[@id="Validity Constraint"]/constraint[@id="range"]/descriptor/DefaultValue' ) Constraint_DefaultValue.text = range_value Constraint_Value = Policy_Value.find('./constraint[@id="Validity Constraint"]/constraint[@id="range"]/value') Constraint_Value.text = range_value
def Extended_Key_Usage_Extension_Default(root, PolicySet): javaclass = "extendedKeyUsageExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description s1 = "This default populates an Extended Key Usage Extension () to the request." s2 = "The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" Extended_Key_Usage_Extension_Default_Description = s1 + s2 # policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Extended Key Usage Extension Default", classId="extendedKeyUsageExtDefaultImpl" ) Policy_description = etree.SubElement( Policy_definition, "description" ).text = Extended_Key_Usage_Extension_Default_Description # Policy Attributes Extended_Key_Usage_Extension_Default_attributes = [ ("exKeyUsageCritical", "boolean", "NULL", "Criticality", "false"), ("exKeyUsageOIDs", "string_list", "NULL", "Comma-Separated list of Object Identifiers", "false"), ] common.policy_attributes(Policy_definition, Extended_Key_Usage_Extension_Default_attributes) # Policy Parameters Extended_Key_Usage_Extension_Default_params = [ ("exKeyUsageCritical", "false"), ("exKeyUsageOIDs", "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"), ] common.policy_parameters(Policy_definition, Extended_Key_Usage_Extension_Default_params) # Constraint constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Signing_Alg(root, PolicySet): """ This Function defines Signing Algorithm Policy """ javaclass = "signingAlgDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Signing_Alg_description = ( "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA512withRSA" ) # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement(Policy_Value, "def", id="Signing Alg", classId="signingAlgDefaultImpl") Policy_description = etree.SubElement(Policy_definition, "description").text = Signing_Alg_description # Policy Attributes Signing_Alg_attributes = [ ( "signingAlg", "choice", "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA", "Signing Algorithm", "NULL", ) ] common.policy_attributes(Policy_definition, Signing_Alg_attributes) # Policy Parameters Signing_Alg_params = [("signingAlg", "-")] common.policy_parameters(Policy_definition, Signing_Alg_params) # Constraint constraints.signingAlgConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def CA_Certificate_Validity_Default(root, PolicySet): javaclass = "caValidityDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) CA_Certificate_Validity_Default_description = ( "This default populates a Certificate Validity to the request. The default values are Range=7305 in days" ) # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="CA Certificate Validity Default", classId="caValidityDefaultImpl" ) Policy_description = etree.SubElement( Policy_definition, "description" ).text = CA_Certificate_Validity_Default_description # Policy Attributes CA_Certificate_Validity_Default_attributes = [ ("notBefore", "string", "NULL", "Not Before", "NULL"), ("notAfter", "string", "NULL", "notAfter", "NULL"), ("bypassCAnotafter", "boolean", "NULL", "Bypass CA notAfter constraint", "false"), ] common.policy_attributes(Policy_definition, CA_Certificate_Validity_Default_attributes) # Policy Parameters CA_Certificate_Validity_Default_params = [("range", "7305"), ("startTime", "0"), ("bypassCAnotafter", "")] common.policy_parameters(Policy_definition, CA_Certificate_Validity_Default_params) # Policy Constraints constraints.validityConstraintImpl(Policy_Value, 365, 7305) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Subject_Key_Identifier_Extension_Default(root, PolicySet): """ This function defines Subject Key Identifier Extension Default Policy """ javaclass = "subjectKeyIdentifierExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Subject_Key_Identifier_Extension_Default_description = ( "This default populates a Subject Key Identifier Extension (2.5.29.14) to the request." ) # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Subject Key Identifier Extension Default", classId="subjectKeyIdentifierExtDefaultImpl", ) Policy_description = etree.SubElement( Policy_definition, "description" ).text = Subject_Key_Identifier_Extension_Default_description # Policy Attributes Subject_Key_Identifier_Extension_Default_attributes = [ ("critical", "string", "readonly", "Criticality", "NULL"), ("keyid", "string", "readonly", "Key ID", "NULL"), ] common.policy_attributes(Policy_definition, Subject_Key_Identifier_Extension_Default_attributes) # Policy Parameters # None # Constraint Definition constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Signing_Alg(root, PolicySet): ''' This Function defines Signing Algorithm Policy ''' javaclass = 'signingAlgDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) #Description Signing_Alg_description = 'This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA512withRSA' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement(Policy_Value, 'def', id='Signing Alg', classId='signingAlgDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = Signing_Alg_description # Policy Attributes Signing_Alg_attributes = [ ('signingAlg', 'choice', 'SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA', 'Signing Algorithm', 'NULL') ] common.policy_attributes(Policy_definition, Signing_Alg_attributes) # Policy Parameters Signing_Alg_params = [('signingAlg', '-')] common.policy_parameters(Policy_definition, Signing_Alg_params) #Constraint constraints.signingAlgConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Subject_Key_Identifier_Extension_Default(root, PolicySet): ''' This function defines Subject Key Identifier Extension Default Policy ''' javaclass = 'subjectKeyIdentifierExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) # Description Subject_Key_Identifier_Extension_Default_description = 'This default populates a Subject Key Identifier Extension (2.5.29.14) to the request.' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='Subject Key Identifier Extension Default', classId='subjectKeyIdentifierExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description' ).text = Subject_Key_Identifier_Extension_Default_description # Policy Attributes Subject_Key_Identifier_Extension_Default_attributes = [ ('critical', 'string', 'readonly', 'Criticality', 'NULL'), ('keyid', 'string', 'readonly', 'Key ID', 'NULL') ] common.policy_attributes( Policy_definition, Subject_Key_Identifier_Extension_Default_attributes) # Policy Parameters # None # Constraint Definition constraints.noConstraintImpl(Policy_Value) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
def Subject_Name_Default(root_element, PolicySet, subjectPattern, subjectDefault): # Check if the policy is already defined javaclass = 'userSubjectNameDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) Subject_Name_Default_description = 'This default populates a User-Supplied Certificate Subject Name to the request' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) if subjectDefault: Policy_definition = etree.SubElement( Policy_Value, 'def', classId='subjectNameDefaultImpl', id='Subject Name Default') else: Policy_definition = etree.SubElement( Policy_Value, 'def', classId='userSubjectNameDefaultImpl', id='Subject Name Default') Policy_description = etree.SubElement( Policy_definition, 'description').text = Subject_Name_Default_description # Policy Attributes Subject_Name_Default_attributes = [('name', 'string', 'NULL', 'Subject Name', 'NULL')] common.policy_attributes(Policy_definition, Subject_Name_Default_attributes) # Policy Parameters if subjectDefault: Subject_Name_Default_params = [('name', subjectDefault)] common.policy_parameters(Policy_definition, Subject_Name_Default_params) # Policy Constraints constraints.subjectNameConstraintImpl(Policy_Value, subjectPattern) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) if subjectDefault: Policy_Definition = Policy_Value[0] Policy_Definition.set('classId', 'subjectNameDefaultImpl') policy_param_name = etree.SubElement(Policy_Definition, 'params', name='name') policy_param_value = etree.SubElement( policy_param_name, 'value').text = subjectDefault if subjectPattern: CurrentValue = Policy_Value.find('./constraint/constraint/value') CurrentValue.text = subjectPattern
def Basic_Constraints_Extension_Default(root, PolicySet, PathLength, isCA): ''' This function Defines Basic Constraints Extension Default Policy''' javaclass = 'basicConstraintsExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) #Description Basic_Constraints_Extension_Default_description = 'This default populates a Basic Constraints Extension (2.5.29.19) to the request.,The default values are Criticality=true, Is CA=true, Path Length=-1' # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, 'def', id='Basic Constraints Extension Default', classId='basicConstraintsExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description' ).text = Basic_Constraints_Extension_Default_description # Policy Attributes Basic_Constraints_Extension_Default_attributes = [ ('basicConstraintsCritical', 'boolean', 'Criticality', 'false', 'NULL'), ('basicConstraintsIsCA', 'boolean', 'Is CA', 'true', 'NULL'), ('basicConstraintsPathLen', 'integer', 'Path Length', '-1', 'NULL') ] common.policy_attributes( Policy_definition, Basic_Constraints_Extension_Default_attributes) # Policy Parameters Basic_Constraints_Extension_Default_params = [ ('basicConstraintsCritical', 'true'), ('basicConstraintsIsCA', isCA), ('basicConstraintsPathLen', PathLength) ] common.policy_parameters(Policy_definition, Basic_Constraints_Extension_Default_params) # Constraint Definition constraints.basicConstraintsCritical(Policy_Value, PathLength, isCA) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) basicConstraintsIsCA_params = Policy_Value.find( './def/params[@name="basicConstraintsIsCA"]') basicConstraintsIsCA_params[0].text = isCA basicConstraintsPathLen_params = Policy_Value.find( './def/params[@name="basicConstraintsPathLen"]') basicConstraintsPathLen_params[0].text = PathLength basicConstraintsIsCA_constraint = Policy_Value.find( './constraint/constraint[@id=basicConstraintsIsCA]/value') basicConstraintsIsCA_constraint.text = isCA basicConstraintsPathLen_constraint = Policy_Value.find( './constraint/constraint[@id="basicConstraintsMaxPathLen"]/value') basicConstraintsPathLen_constraint.text = PathLength
def Key_Usage_Default(root, PolicySet, keylist): ''' This function defines Key Usage Default Policy ''' javaclass = 'keyUsageExtDefaultImpl' result = common.check_policy(PolicySet, javaclass) if result is False: #Get Policy ID pvalue = get_policyId(PolicySet) s1 = 'This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true' s2 = 'Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false' s3 = 'Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false' Key_Usage_Default_description = s1 + s2 + s3 # Policy Value Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue) # Policy Definition Policy_definition = etree.SubElement(Policy_Value, 'def', id='Key Usage Default', classId='keyUsageExtDefaultImpl') Policy_description = etree.SubElement( Policy_definition, 'description').text = Key_Usage_Default_description # Policy Attributes #name,syntax,constraint,description,defaultvalue Key_Usage_Default_attributes = [ ('keyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'), ('keyUsageDigitalSignature', 'boolean', 'NULL', 'Digital Signature', 'false'), ('keyUsageNonRepudiation', 'boolean', 'NULL', 'Non-Repudiation', 'false'), ('keyUsageKeyEncipherment', 'boolean', 'NULL', 'Key Encipherment', 'false'), ('keyUsageDataEncipherment', 'boolean', 'NULL', 'Data Encipherment', 'false'), ('keyUsageKeyAgreement', 'boolean', 'NULL', 'Key Agreement', 'false'), ('keyUsageKeyCertSign', 'boolean', 'NULL', 'Key CertSign', 'false'), ('keyUsageCrlSign', 'boolean', 'NULL', 'CRL Sign', 'false'), ('keyUsageEncipherOnly', 'boolean', 'NULL', 'Encipher Only', 'false'), ('keyUsageDecipherOnly', 'boolean', 'NULL', 'Decipher Only', 'false'), ] common.policy_attributes(Policy_definition, Key_Usage_Default_attributes) # Policy Parameters Key_Usage_Default_parms = [ ('keyUsageCritical', common.check_ext_key_usage(keylist, 'keyUsageCritical')), ('keyUsageDigitalSignature', common.check_ext_key_usage(keylist, 'keyUsageDigitalSignature')), ('keyUsageNonRepudiation', common.check_ext_key_usage(keylist, 'keyUsageNonRepudiation')), ('keyUsageKeyEncipherment', common.check_ext_key_usage(keylist, 'keyUsageKeyEncipherment')), ('keyUsageDataEncipherment', common.check_ext_key_usage(keylist, 'keyUsageDataEncipherment')), ('keyUsageKeyAgreement', common.check_ext_key_usage(keylist, 'keyUsageKeyAgreement')), ('keyUsageKeyCertSign', common.check_ext_key_usage(keylist, 'keyUsageKeyCertSign')), ('keyUsageCrlSign', common.check_ext_key_usage(keylist, 'keyUsageCrlSign')), ('keyUsageEncipherOnly', common.check_ext_key_usage(keylist, 'keyUsageEncipherOnly')), ('keyUsageDecipherOnly', common.check_ext_key_usage(keylist, 'keyUsageDecipherOnly')) ] common.policy_parameters(Policy_definition, Key_Usage_Default_parms) # Policy Constraint constraints.keyUsageExtConstraintImpl(Policy_Value, keylist) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) # Change Policy Parameters mylist = re.split(',', keylist) for v in mylist: result_param = Policy_Value.find( "./def/params[@name=\"%s\"]/value" % v) result_param.text = 'true' # Change Policy Constraints for v in mylist: result_constraint = Policy_Value.find( "./constraint/constraint[@id=\"%s\"]/value" % v) result_constraint.text = 'true'
def Key_Usage_Default(root, PolicySet, keylist): """ This function defines Key Usage Default Policy """ javaclass = "keyUsageExtDefaultImpl" result = common.check_policy(PolicySet, javaclass) if result is False: # Get Policy ID pvalue = get_policyId(PolicySet) s1 = "This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true" s2 = "Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false" s3 = "Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false" Key_Usage_Default_description = s1 + s2 + s3 # Policy Value Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue) # Policy Definition Policy_definition = etree.SubElement( Policy_Value, "def", id="Key Usage Default", classId="keyUsageExtDefaultImpl" ) Policy_description = etree.SubElement(Policy_definition, "description").text = Key_Usage_Default_description # Policy Attributes #name,syntax,constraint,description,defaultvalue Key_Usage_Default_attributes = [ ("keyUsageCritical", "boolean", "NULL", "Criticality", "false"), ("keyUsageDigitalSignature", "boolean", "NULL", "Digital Signature", "false"), ("keyUsageNonRepudiation", "boolean", "NULL", "Non-Repudiation", "false"), ("keyUsageKeyEncipherment", "boolean", "NULL", "Key Encipherment", "false"), ("keyUsageDataEncipherment", "boolean", "NULL", "Data Encipherment", "false"), ("keyUsageKeyAgreement", "boolean", "NULL", "Key Agreement", "false"), ("keyUsageKeyCertSign", "boolean", "NULL", "Key CertSign", "false"), ("keyUsageCrlSign", "boolean", "NULL", "CRL Sign", "false"), ("keyUsageEncipherOnly", "boolean", "NULL", "Encipher Only", "false"), ("keyUsageDecipherOnly", "boolean", "NULL", "Decipher Only", "false"), ] common.policy_attributes(Policy_definition, Key_Usage_Default_attributes) # Policy Parameters Key_Usage_Default_parms = [ ("keyUsageCritical", common.check_ext_key_usage(keylist, "keyUsageCritical")), ("keyUsageDigitalSignature", common.check_ext_key_usage(keylist, "keyUsageDigitalSignature")), ("keyUsageNonRepudiation", common.check_ext_key_usage(keylist, "keyUsageNonRepudiation")), ("keyUsageKeyEncipherment", common.check_ext_key_usage(keylist, "keyUsageKeyEncipherment")), ("keyUsageDataEncipherment", common.check_ext_key_usage(keylist, "keyUsageDataEncipherment")), ("keyUsageKeyAgreement", common.check_ext_key_usage(keylist, "keyUsageKeyAgreement")), ("keyUsageKeyCertSign", common.check_ext_key_usage(keylist, "keyUsageKeyCertSign")), ("keyUsageCrlSign", common.check_ext_key_usage(keylist, "keyUsageCrlSign")), ("keyUsageEncipherOnly", common.check_ext_key_usage(keylist, "keyUsageEncipherOnly")), ("keyUsageDecipherOnly", common.check_ext_key_usage(keylist, "keyUsageDecipherOnly")), ] common.policy_parameters(Policy_definition, Key_Usage_Default_parms) # Policy Constraint constraints.keyUsageExtConstraintImpl(Policy_Value, keylist) else: Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass) # Change Policy Parameters mylist = re.split(",", keylist) for v in mylist: result_param = Policy_Value.find('./def/params[@name="%s"]/value' % v) result_param.text = "true" # Change Policy Constraints for v in mylist: result_constraint = Policy_Value.find('./constraint/constraint[@id="%s"]/value' % v) result_constraint.text = "true"