class BooleanDecoder(decoder.AbstractSimpleDecoder):
protoComponent = univ.Boolean(0)
def valueDecoder(self,
substrate,
asn1Spec,
tagSet=None,
length=None,
state=None,
decodeFun=None,
substrateFun=None,
**options):
head, tail = substrate[:length], substrate[length:]
if not head or length != 1:
raise error.PyAsn1Error('Not single-octet Boolean payload')
byte = oct2int(head[0])
# CER/DER specifies encoding of TRUE as 0xFF and FALSE as 0x0, while
# BER allows any non-zero value as TRUE; cf. sections 8.2.2. and 11.1
# in https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
if byte == 0xff:
value = 1
elif byte == 0x00:
value = 0
else:
raise error.PyAsn1Error('Unexpected Boolean payload: %s' % byte)
return self._createComponent(asn1Spec, tagSet, value, **options), tail
def testConstraints(self):
try:
univ.Boolean(2)
except error.ValueConstraintError:
pass
else:
assert 0, 'constraint fail'
def _build_extension_request(extensions):
SUPPORTED_EXTENSIONS = {
'subjectAlternativeName':
(rfc2314.id_ce_subjectAltName, _build_subject_alt_name),
'x509basicConstraints':
(rfc2314.id_ce_basicConstraints, _build_basic_constraints),
'x509v3KeyUsage': (rfc2314.id_ce_keyUsage, _build_key_usage),
'x509v3ExtendedKeyUsage':
(rfc2314.id_ce_extKeyUsage, _build_extended_key_usage),
}
count = 0
exts = rfc2314.Extensions()
for key, critical, value in extensions:
if key in SUPPORTED_EXTENSIONS:
extoid, builder = SUPPORTED_EXTENSIONS[key]
extval = builder(value)
ext = rfc2314.Extension()
encapsulated = univ.OctetString(encoder.encode(extval))
ext.setComponentByName('extnID', extoid)
ext.setComponentByName('critical', univ.Boolean(critical))
ext.setComponentByName('extnValue', encapsulated)
exts.setComponentByPosition(count, ext)
count += 1
if count > 0:
retval = univ.SetOf(componentType=rfc2314.AttributeTypeAndValue())
retval.setComponentByPosition(0, exts)
return retval
class SearchRequest(univ.Sequence):
tagSet = univ.Sequence.tagSet.tagImplicitly(
tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3))
componentType = namedtype.NamedTypes(
namedtype.NamedType('baseObject', LDAPDN()),
namedtype.NamedType(
'scope',
univ.Enumerated(namedValues=namedval.NamedValues((
'baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
namedtype.NamedType(
'derefAliases',
univ.Enumerated(
namedValues=namedval.NamedValues(('neverDerefAliases', 0), (
'derefInSearching', 1), ('derefFindingBaseObj',
2), ('derefAlways', 3)))),
namedtype.NamedType(
'sizeLimit',
univ.Integer().subtype(
subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
namedtype.NamedType(
'timeLimit',
univ.Integer().subtype(
subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
namedtype.NamedType('typesOnly', univ.Boolean()),
namedtype.NamedType('filter', Filter()),
namedtype.NamedType('attributes', AttributeDescriptionList()))
class GLRekey(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('glName', GeneralName()),
namedtype.OptionalNamedType('glAdministration', GLAdministration()),
namedtype.OptionalNamedType('glNewKeyAttributes',
GLNewKeyAttributes()),
namedtype.OptionalNamedType('glRekeyAllGLKeys', univ.Boolean()))
def setUp(self):
BaseTestCase.setUp(self)
c = univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('actual', univ.Boolean(0))))
self.s = univ.Set(componentType=namedtype.NamedTypes(
namedtype.NamedType('place-holder', univ.Null('')),
namedtype.NamedType('status', c)))
def setUp(self):
innerComp = univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('count', univ.Integer()),
namedtype.NamedType('flag', univ.Boolean())))
self.s1 = univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('name', univ.OctetString()),
namedtype.NamedType('sex', innerComp)))
class Extension(univ.Sequence):
'''ASN.1 extension class'''
componentType = namedtype.NamedTypes(
namedtype.NamedType('extnID', univ.ObjectIdentifier()),
namedtype.DefaultedNamedType('critical', univ.Boolean('False')),
namedtype.NamedType('extnValue', univ.OctetString()),
)
def encodeControlValue(self):
rcv = SyncRequestValue()
rcv.setComponentByName('mode', SyncRequestMode(self.mode))
if self.cookie is not None:
rcv.setComponentByName('cookie', SyncCookie(self.cookie))
if self.reloadHint:
rcv.setComponentByName('reloadHint', univ.Boolean(self.reloadHint))
return encoder.encode(rcv)
class GSSAPIHeader_KRB5_AP_REQ(univ.Sequence):
tagSet = univ.Sequence.tagSet.tagImplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0))
componentType = namedtype.NamedTypes(
namedtype.NamedType('tokenOid', univ.ObjectIdentifier()),
# Actualy this is a constant 0x0001, but this decodes as an asn1 boolean
namedtype.NamedType('krb5_ap_req', univ.Boolean()),
namedtype.NamedType('apReq', AP_REQ()),
)
class BasicConstraints(asn1_univ.Sequence):
"""Custom BasicConstraint implementation until pyasn1_modules is fixes."""
componentType = asn1_namedtype.NamedTypes(
asn1_namedtype.DefaultedNamedType('cA', asn1_univ.Boolean(False)),
asn1_namedtype.OptionalNamedType(
'pathLenConstraint',
asn1_univ.Integer().subtype(
subtypeSpec=asn1_constraint.ValueRangeConstraint(0, 64))))
class BooleanDecoder(IntegerDecoder):
protoComponent = univ.Boolean(0)
def _valueFilter(self, value):
if value:
return 1
else:
return 0
def setUp(self):
BaseTestCase.setUp(self)
self.s = univ.Sequence(
componentType=namedtype.NamedTypes(
namedtype.NamedType('number', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
)
)
self.s[0] = True
class BasicConstraints(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('cA', univ.Boolean(False)),
namedtype.OptionalNamedType(
'pathLenConstraint',
univ.Integer().subtype(
subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
)
to_python = extension.parse_basic_constraints
class TimeStampReq(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 1)))),
namedtype.NamedType('messageImprint', MessageImprint()),
namedtype.OptionalNamedType('reqPolicy', TSAPolicyId()),
namedtype.OptionalNamedType('nonce', univ.Integer()),
namedtype.DefaultedNamedType('certReq', univ.Boolean(False)),
namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class ValidationPolicy(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('validationPolRef', ValidationPolRef()),
namedtype.OptionalNamedType(
'validationAlg',
ValidationAlg().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType(
'userPolicySet',
univ.SequenceOf(componentType=univ.ObjectIdentifier()).subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType(
'inhibitPolicyMapping',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType(
'requireExplicitPolicy',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType(
'inhibitAnyPolicy',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType(
'trustAnchors',
TrustAnchors().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType(
'keyUsages',
univ.SequenceOf(
componentType=KeyUsage()).subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType(
'extendedKeyUsages',
univ.SequenceOf(
componentType=KeyPurposeId()).subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType(
'specifiedKeyUsages',
univ.SequenceOf(
componentType=KeyPurposeId()).subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 8))))
def _build_basic_constraints(value):
retval = rfc2314.BasicConstraints()
retval.setComponentByName('cA', univ.Boolean(value[0]))
if value[0]:
retval.setComponentByName(
'pathLenConstraint',
retval.componentType.getTypeByPosition(
retval.componentType.getPositionByName(
'pathLenConstraint')).clone(value[1]))
return retval
def setUp(self):
BaseTestCase.setUp(self)
c = univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('name', univ.OctetString()),
namedtype.NamedType('amount', univ.Boolean())))
self.s = univ.Set(componentType=namedtype.NamedTypes(
namedtype.NamedType('value', univ.Integer(5)),
namedtype.NamedType('status', c)))
class ModifyDNRequest(univ.Sequence):
tagSet = univ.Sequence.tagSet.tagImplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12))
componentType = namedtype.NamedTypes(
namedtype.NamedType('entry', LDAPDN()),
namedtype.NamedType('newrdn', RelativeLDAPDN()),
namedtype.NamedType('deleteoldrdn', univ.Boolean()),
namedtype.OptionalNamedType(
'newSuperior', LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
)
)
class RefreshPresent(univ.Sequence):
"""
refreshPresent [2] SEQUENCE {
cookie syncCookie OPTIONAL,
refreshDone BOOLEAN DEFAULT TRUE
},
"""
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('cookie', SyncCookie()),
namedtype.DefaultedNamedType('refreshDone', univ.Boolean(True)))
class SortKeyType(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('attributeType', univ.OctetString()),
namedtype.OptionalNamedType('orderingRule',
univ.OctetString().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
)
),
namedtype.DefaultedNamedType('reverseOrder', univ.Boolean(False).subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))))
class SyncDoneValue(univ.Sequence):
"""
syncDoneValue ::= SEQUENCE {
cookie syncCookie OPTIONAL,
refreshDeletes BOOLEAN DEFAULT FALSE
}
"""
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('cookie', SyncCookie()),
namedtype.DefaultedNamedType('refreshDeletes', univ.Boolean(False)))
def __encode_extension(self, oid, critical, value):
# TODO: have another proxy for crypto_x509.Extension which would
# provide public_bytes on the top of what python-cryptography has
ext = rfc2459.Extension()
# TODO: this does not have to be so weird, pyasn1 now has codecs
# which are capable of providing python-native types
ext['extnID'] = univ.ObjectIdentifier(oid)
ext['critical'] = univ.Boolean(critical)
ext['extnValue'] = univ.Any(encoder.encode(univ.OctetString(value)))
ext = encoder.encode(ext)
return ext
class MatchingRuleAssertion(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('type', AttributeDescription().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('matchValue',
AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
)
def __init__(self, oid, value, critical=False):
"""Общий класс для всех видов расширений
:oid: OID расширения
:value: значение в ASN.1
"""
self.asn = rfc2459.Extension()
self.asn.setComponentByName('extnID', univ.ObjectIdentifier(oid))
self.asn.setComponentByName('critical', univ.Boolean(critical))
self.asn.setComponentByName('extnValue',
encoder.encode(univ.OctetString(value)))
class SyncIdSet(univ.Sequence):
"""
syncIdSet [3] SEQUENCE {
cookie syncCookie OPTIONAL,
refreshDeletes BOOLEAN DEFAULT FALSE,
syncUUIDs SET OF syncUUID
}
"""
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('cookie', SyncCookie()),
namedtype.DefaultedNamedType('refreshDeletes', univ.Boolean(False)),
namedtype.NamedType('syncUUIDs', SyncUUIDs()))
class GLNewKeyAttributes(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType(
'rekeyControlledByGLO',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType(
'recipientsNotMutuallyAware',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType(
'duration',
univ.Integer().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType(
'generationCounter',
univ.Integer().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType(
'requestedAlgorithm',
AlgorithmIdentifier().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 4))))
class ResponseFlags(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.DefaultedNamedType(
'fullRequestInResponse',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
value=0)),
namedtype.DefaultedNamedType(
'responseValidationPolByRef',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
value=1)),
namedtype.DefaultedNamedType(
'protectResponse',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2)).subtype(
value=1)),
namedtype.DefaultedNamedType(
'cachedResponse',
univ.Boolean().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3)).subtype(
value=1)))
def testWithUntaggedChoice(self):
c = univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('premium', univ.Boolean())))
s = univ.Set(componentType=namedtype.NamedTypes(
namedtype.NamedType('name', univ.OctetString()),
namedtype.NamedType('customer', c)))
s.setComponentByName('name', 'A')
s.getComponentByName('customer').setComponentByName('premium', True)
assert encoder.encode(s) == ints2octs((49, 6, 1, 1, 255, 4, 1, 65))
class basicConstraints(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.DefaultedNamedType('CA', univ.Boolean(False)),
namedtype.OptionalNamedType('pathLenConstraint', univ.Integer()))
def prettyPrint(self):
if self.getComponentByName('CA') == False:
out = 'CA:FALSE'
else:
out = 'CA:TRUE'
pathLen = self.getComponentByName('pathLenConstraint')
if pathLen:
out = out + ', %d' % (int(pathLen), )
return out
