Exemplo n.º 1
0
def Key_Default(root, PolicySet):
    ''' This function Defines key default policy'''
    javaclass = 'userKeyDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)
    if result is False:

        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        Key_Default_description = 'This default populates a User-Supplied Certificate Key to the request'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        ### Policy Defintion
        Policy_definition = etree.SubElement(Policy_Value,
                                             'def',
                                             id='Key Default',
                                             classId='userKeyDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition, 'description').text = Key_Default_description

        ### Policy Attributes
        Key_Default_attributes = [
            ('TYPE', 'string', 'readonly', 'Key Type', 'NULL'),
            ('LEN', 'string', 'readonly', 'Key Length', 'NULL'),
            ('KEY', 'string', 'readonly', 'Key', 'NULL')
        ]

        common.policy_attributes(Policy_definition, Key_Default_attributes)
        constraints.keyConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 2
0
def Key_Default(root, PolicySet):

    """ This function Defines key default policy"""
    javaclass = "userKeyDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)
    if result is False:

        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        Key_Default_description = "This default populates a User-Supplied Certificate Key to the request"

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        ### Policy Defintion
        Policy_definition = etree.SubElement(Policy_Value, "def", id="Key Default", classId="userKeyDefaultImpl")
        Policy_description = etree.SubElement(Policy_definition, "description").text = Key_Default_description

        ### Policy Attributes
        Key_Default_attributes = [
            ("TYPE", "string", "readonly", "Key Type", "NULL"),
            ("LEN", "string", "readonly", "Key Length", "NULL"),
            ("KEY", "string", "readonly", "Key", "NULL"),
        ]

        common.policy_attributes(Policy_definition, Key_Default_attributes)
        constraints.keyConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 3
0
def Subject_Alt_Name_Constraint(root, PolicySet, altType, altPattern):

    javaclass = 'subjectAltNameExtDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:

        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        #Description
        s1 = 'This default populates a Subject Alternative Name Extension (2.5.29.17) to the request.'
        s2 = 'The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}'
        Subject_Alt_Name_Constraint_description = s1 + s2

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            'def',
            id='Subject Alt Name Constraint',
            classId='subjectAltNameExtDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition,
            'description').text = Subject_Alt_Name_Constraint_description

        # Policy Attributes
        Subject_Alt_Name_Constraint_attributes = [
            ('subjAltNameExtCritical', 'boolean', 'NULL', 'Criticality',
             'false'),
            ('subjAltNames', 'string_list', 'NULL', 'General Names', 'NULL')
        ]

        common.policy_attributes(Policy_definition,
                                 Subject_Alt_Name_Constraint_attributes)

        # Policy Parameters
        Subject_Alt_Name_Constraint_params = [
            ('subjAltNameExtCritical', 'false'), ('subjAltNameNumGNs', '1'),
            ('subjAltExtType_0', altType), ('subjAltExtPattern_0', altPattern),
            ('subjAltExtGNEnable_0', 'true')
        ]

        common.policy_parameters(Policy_definition,
                                 Subject_Alt_Name_Constraint_params)

        # constraints
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        subjAltExtType_0_param = Policy_Value.find(
            './def/params[@name="subjAltExtType_0"]/value')
        subjAltExtType_0_param.text = altType
        subjAltExtPattern_0_param = Policy_Value.find(
            './def/params[@name="subjAltExtPattern_0"]/value')
        subjAltExtPattern_0_param.text = altPattern
Exemplo n.º 4
0
def Basic_Constraints_Extension_Default(root, PolicySet, PathLength, isCA):

    """ This function Defines Basic Constraints Extension Default Policy"""
    javaclass = "basicConstraintsExtDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        Basic_Constraints_Extension_Default_description = "This default populates a Basic Constraints Extension (2.5.29.19) to the request.,The default values are Criticality=true, Is CA=true, Path Length=-1"

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value, "def", id="Basic Constraints Extension Default", classId="basicConstraintsExtDefaultImpl"
        )
        Policy_description = etree.SubElement(
            Policy_definition, "description"
        ).text = Basic_Constraints_Extension_Default_description

        # Policy Attributes
        Basic_Constraints_Extension_Default_attributes = [
            ("basicConstraintsCritical", "boolean", "Criticality", "false", "NULL"),
            ("basicConstraintsIsCA", "boolean", "Is CA", "true", "NULL"),
            ("basicConstraintsPathLen", "integer", "Path Length", "-1", "NULL"),
        ]

        common.policy_attributes(Policy_definition, Basic_Constraints_Extension_Default_attributes)

        # Policy Parameters
        Basic_Constraints_Extension_Default_params = [
            ("basicConstraintsCritical", "true"),
            ("basicConstraintsIsCA", isCA),
            ("basicConstraintsPathLen", PathLength),
        ]
        common.policy_parameters(Policy_definition, Basic_Constraints_Extension_Default_params)

        # Constraint Definition
        constraints.basicConstraintsCritical(Policy_Value, PathLength, isCA)

    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        basicConstraintsIsCA_params = Policy_Value.find('./def/params[@name="basicConstraintsIsCA"]')
        basicConstraintsIsCA_params[0].text = isCA
        basicConstraintsPathLen_params = Policy_Value.find('./def/params[@name="basicConstraintsPathLen"]')
        basicConstraintsPathLen_params[0].text = PathLength

        basicConstraintsIsCA_constraint = Policy_Value.find("./constraint/constraint[@id=basicConstraintsIsCA]/value")
        basicConstraintsIsCA_constraint.text = isCA
        basicConstraintsPathLen_constraint = Policy_Value.find(
            './constraint/constraint[@id="basicConstraintsMaxPathLen"]/value'
        )
        basicConstraintsPathLen_constraint.text = PathLength
Exemplo n.º 5
0
def Validity_Default(root, PolicySet, defaultRange, range_value):

    javaclass = 'validityDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        #Description
        Validity_Default_description = 'This default populates a Certificate Validity to the request. The default values are Range=180 in days'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(Policy_Value,
                                             'def',
                                             id='Validity Default',
                                             classId='validityDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition,
            'description').text = Validity_Default_description

        # Policy Attributes
        Validity_Default_attributes = [
            ('notBefore', 'string', 'NULL', 'Not Before', 'NULL'),
            ('notAfter', 'string', 'NULL', 'Not After', 'NULL')
        ]

        common.policy_attributes(Policy_definition,
                                 Validity_Default_attributes)
        # Policy Parameters
        Validity_Default_params = [('range', defaultRange), ('startTime', '0')]

        common.policy_parameters(Policy_definition, Validity_Default_params)

        #Constraint
        constraints.validityConstraintImpl(Policy_Value, defaultRange,
                                           range_value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        defaultRange_value = Policy_Value.find(
            './def/params[@name="range"]/value')
        defaultRange_value.text = defaultRange

        Constraint_DefaultValue = Policy_Value.find(
            './constraint[@id="Validity Constraint"]/constraint[@id="range"]/descriptor/DefaultValue'
        )
        Constraint_DefaultValue.text = range_value
        Constraint_Value = Policy_Value.find(
            './constraint[@id="Validity Constraint"]/constraint[@id="range"]/value'
        )
        Constraint_Value.text = range_value
Exemplo n.º 6
0
def AIA_Extension_Default(root, PolicySet):
    ''' This Function defines AIA Extension Default Policy '''

    javaclass = 'authInfoAccessExtDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        s1 = 'This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. '
        s2 = 'The default values are Criticality=false,Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}'
        AIA_Extension_description = s1 + s2

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            'def',
            id='AIA Extension Default',
            classId='authInfoAccessExtDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition, 'description').text = AIA_Extension_description

        # Policy Attributes

        AIA_Extension_Default_attributes = [
            ('authInfoAccessCritical', 'boolean', 'NULL', 'Criticality',
             'false'),
            ('authInfoAccessGeneralNames', 'string_list', 'NULL',
             'General Names', 'NULL')
        ]

        common.policy_attributes(Policy_definition,
                                 AIA_Extension_Default_attributes)

        # Policy Parameters
        AIA_Extension_Default_params = [
            ('authInfoAccessCritical', 'false'), ('authInfoAccessNumADs', '1'),
            ('authInfoAccessADMethod_0', '1.3.6.1.5.5.7.48.1'),
            ('authInfoAccessADLocationType_0', 'URIName'),
            ('authInfoAccessADLocation_0', ''),
            ('authInfoAccessADEnable_0', 'true')
        ]
        common.policy_parameters(Policy_definition,
                                 AIA_Extension_Default_params)

        # Constraint
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 7
0
def Subject_Alt_Name_Constraint(root, PolicySet, altType, altPattern):

    javaclass = "subjectAltNameExtDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:

        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        s1 = "This default populates a Subject Alternative Name Extension (2.5.29.17) to the request."
        s2 = "The default values are Criticality=false, Record #0{Pattern:$request.requestor_email$,Pattern Type:RFC822Name,Enable:true}"
        Subject_Alt_Name_Constraint_description = s1 + s2

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value, "def", id="Subject Alt Name Constraint", classId="subjectAltNameExtDefaultImpl"
        )
        Policy_description = etree.SubElement(
            Policy_definition, "description"
        ).text = Subject_Alt_Name_Constraint_description

        # Policy Attributes
        Subject_Alt_Name_Constraint_attributes = [
            ("subjAltNameExtCritical", "boolean", "NULL", "Criticality", "false"),
            ("subjAltNames", "string_list", "NULL", "General Names", "NULL"),
        ]

        common.policy_attributes(Policy_definition, Subject_Alt_Name_Constraint_attributes)

        # Policy Parameters
        Subject_Alt_Name_Constraint_params = [
            ("subjAltNameExtCritical", "false"),
            ("subjAltNameNumGNs", "1"),
            ("subjAltExtType_0", altType),
            ("subjAltExtPattern_0", altPattern),
            ("subjAltExtGNEnable_0", "true"),
        ]

        common.policy_parameters(Policy_definition, Subject_Alt_Name_Constraint_params)

        # constraints
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        subjAltExtType_0_param = Policy_Value.find('./def/params[@name="subjAltExtType_0"]/value')
        subjAltExtType_0_param.text = altType
        subjAltExtPattern_0_param = Policy_Value.find('./def/params[@name="subjAltExtPattern_0"]/value')
        subjAltExtPattern_0_param.text = altPattern
Exemplo n.º 8
0
def Extended_Key_Usage_Extension_Default(root, PolicySet):

    javaclass = 'extendedKeyUsageExtDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:

        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        #Description
        s1 = 'This default populates an Extended Key Usage Extension () to the request.'
        s2 = 'The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4'
        Extended_Key_Usage_Extension_Default_Description = s1 + s2

        # policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            'def',
            id='Extended Key Usage Extension Default',
            classId='extendedKeyUsageExtDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition, 'description'
        ).text = Extended_Key_Usage_Extension_Default_Description

        # Policy Attributes
        Extended_Key_Usage_Extension_Default_attributes = [
            ('exKeyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'),
            ('exKeyUsageOIDs', 'string_list', 'NULL',
             'Comma-Separated list of Object Identifiers', 'false')
        ]

        common.policy_attributes(
            Policy_definition, Extended_Key_Usage_Extension_Default_attributes)

        # Policy Parameters
        Extended_Key_Usage_Extension_Default_params = [
            ('exKeyUsageCritical', 'false'),
            ('exKeyUsageOIDs', '1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4')
        ]

        common.policy_parameters(Policy_definition,
                                 Extended_Key_Usage_Extension_Default_params)

        # Constraint
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 9
0
def Subject_Name_Default(root_element, PolicySet, subjectPattern, subjectDefault):

    # Check if the policy is already defined
    javaclass = "userSubjectNameDefaultImpl"

    result = common.check_policy(PolicySet, javaclass)

    if result is False:

        # Get Policy ID
        pvalue = get_policyId(PolicySet)
        Subject_Name_Default_description = (
            "This default populates a User-Supplied Certificate Subject Name to the request"
        )

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        if subjectDefault:
            Policy_definition = etree.SubElement(
                Policy_Value, "def", classId="subjectNameDefaultImpl", id="Subject Name Default"
            )
        else:
            Policy_definition = etree.SubElement(
                Policy_Value, "def", classId="userSubjectNameDefaultImpl", id="Subject Name Default"
            )
        Policy_description = etree.SubElement(Policy_definition, "description").text = Subject_Name_Default_description

        # Policy Attributes
        Subject_Name_Default_attributes = [("name", "string", "NULL", "Subject Name", "NULL")]
        common.policy_attributes(Policy_definition, Subject_Name_Default_attributes)

        # Policy Parameters
        if subjectDefault:
            Subject_Name_Default_params = [("name", subjectDefault)]
            common.policy_parameters(Policy_definition, Subject_Name_Default_params)

        # Policy Constraints
        constraints.subjectNameConstraintImpl(Policy_Value, subjectPattern)

    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        if subjectDefault:
            Policy_Definition = Policy_Value[0]
            Policy_Definition.set("classId", "subjectNameDefaultImpl")
            policy_param_name = etree.SubElement(Policy_Definition, "params", name="name")
            policy_param_value = etree.SubElement(policy_param_name, "value").text = subjectDefault
        if subjectPattern:
            CurrentValue = Policy_Value.find("./constraint/constraint/value")
            CurrentValue.text = subjectPattern
Exemplo n.º 10
0
def AIA_Extension_Default(root, PolicySet):
    """ This Function defines AIA Extension Default Policy """

    javaclass = "authInfoAccessExtDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        s1 = "This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. "
        s2 = "The default values are Criticality=false,Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}"
        AIA_Extension_description = s1 + s2

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value, "def", id="AIA Extension Default", classId="authInfoAccessExtDefaultImpl"
        )
        Policy_description = etree.SubElement(Policy_definition, "description").text = AIA_Extension_description

        # Policy Attributes

        AIA_Extension_Default_attributes = [
            ("authInfoAccessCritical", "boolean", "NULL", "Criticality", "false"),
            ("authInfoAccessGeneralNames", "string_list", "NULL", "General Names", "NULL"),
        ]

        common.policy_attributes(Policy_definition, AIA_Extension_Default_attributes)

        # Policy Parameters
        AIA_Extension_Default_params = [
            ("authInfoAccessCritical", "false"),
            ("authInfoAccessNumADs", "1"),
            ("authInfoAccessADMethod_0", "1.3.6.1.5.5.7.48.1"),
            ("authInfoAccessADLocationType_0", "URIName"),
            ("authInfoAccessADLocation_0", ""),
            ("authInfoAccessADEnable_0", "true"),
        ]
        common.policy_parameters(Policy_definition, AIA_Extension_Default_params)

        # Constraint
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 11
0
def CA_Certificate_Validity_Default(root, PolicySet):

    javaclass = 'caValidityDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        #Get Policy ID
        pvalue = get_policyId(PolicySet)
        CA_Certificate_Validity_Default_description = 'This default populates a Certificate Validity to the request. The default values are Range=7305 in days'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            'def',
            id='CA Certificate Validity Default',
            classId='caValidityDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition,
            'description').text = CA_Certificate_Validity_Default_description

        # Policy Attributes
        CA_Certificate_Validity_Default_attributes = [
            ('notBefore', 'string', 'NULL', 'Not Before', 'NULL'),
            ('notAfter', 'string', 'NULL', 'notAfter', 'NULL'),
            ('bypassCAnotafter', 'boolean', 'NULL',
             'Bypass CA notAfter constraint', 'false')
        ]

        common.policy_attributes(Policy_definition,
                                 CA_Certificate_Validity_Default_attributes)

        # Policy Parameters
        CA_Certificate_Validity_Default_params = [('range', '7305'),
                                                  ('startTime', '0'),
                                                  ('bypassCAnotafter', '')]
        common.policy_parameters(Policy_definition,
                                 CA_Certificate_Validity_Default_params)

        # Policy Constraints
        constraints.validityConstraintImpl(Policy_Value, 365, 7305)

    else:

        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 12
0
def Validity_Default(root, PolicySet, defaultRange, range_value):

    javaclass = "validityDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        Validity_Default_description = (
            "This default populates a Certificate Validity to the request. The default values are Range=180 in days"
        )

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(Policy_Value, "def", id="Validity Default", classId="validityDefaultImpl")
        Policy_description = etree.SubElement(Policy_definition, "description").text = Validity_Default_description

        # Policy Attributes
        Validity_Default_attributes = [
            ("notBefore", "string", "NULL", "Not Before", "NULL"),
            ("notAfter", "string", "NULL", "Not After", "NULL"),
        ]

        common.policy_attributes(Policy_definition, Validity_Default_attributes)
        # Policy Parameters
        Validity_Default_params = [("range", defaultRange), ("startTime", "0")]

        common.policy_parameters(Policy_definition, Validity_Default_params)

        # Constraint
        constraints.validityConstraintImpl(Policy_Value, defaultRange, range_value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        defaultRange_value = Policy_Value.find('./def/params[@name="range"]/value')
        defaultRange_value.text = defaultRange

        Constraint_DefaultValue = Policy_Value.find(
            './constraint[@id="Validity Constraint"]/constraint[@id="range"]/descriptor/DefaultValue'
        )
        Constraint_DefaultValue.text = range_value
        Constraint_Value = Policy_Value.find('./constraint[@id="Validity Constraint"]/constraint[@id="range"]/value')
        Constraint_Value.text = range_value
Exemplo n.º 13
0
def Extended_Key_Usage_Extension_Default(root, PolicySet):

    javaclass = "extendedKeyUsageExtDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:

        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        s1 = "This default populates an Extended Key Usage Extension () to the request."
        s2 = "The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
        Extended_Key_Usage_Extension_Default_Description = s1 + s2

        # policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value, "def", id="Extended Key Usage Extension Default", classId="extendedKeyUsageExtDefaultImpl"
        )
        Policy_description = etree.SubElement(
            Policy_definition, "description"
        ).text = Extended_Key_Usage_Extension_Default_Description

        # Policy Attributes
        Extended_Key_Usage_Extension_Default_attributes = [
            ("exKeyUsageCritical", "boolean", "NULL", "Criticality", "false"),
            ("exKeyUsageOIDs", "string_list", "NULL", "Comma-Separated list of Object Identifiers", "false"),
        ]

        common.policy_attributes(Policy_definition, Extended_Key_Usage_Extension_Default_attributes)

        # Policy Parameters
        Extended_Key_Usage_Extension_Default_params = [
            ("exKeyUsageCritical", "false"),
            ("exKeyUsageOIDs", "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"),
        ]

        common.policy_parameters(Policy_definition, Extended_Key_Usage_Extension_Default_params)

        # Constraint
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 14
0
def Signing_Alg(root, PolicySet):

    """ This Function defines Signing Algorithm Policy """
    javaclass = "signingAlgDefaultImpl"

    result = common.check_policy(PolicySet, javaclass)
    if result is False:

        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        # Description
        Signing_Alg_description = (
            "This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA512withRSA"
        )

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        #  Policy Definition
        Policy_definition = etree.SubElement(Policy_Value, "def", id="Signing Alg", classId="signingAlgDefaultImpl")
        Policy_description = etree.SubElement(Policy_definition, "description").text = Signing_Alg_description

        # Policy Attributes

        Signing_Alg_attributes = [
            (
                "signingAlg",
                "choice",
                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA",
                "Signing Algorithm",
                "NULL",
            )
        ]
        common.policy_attributes(Policy_definition, Signing_Alg_attributes)

        # Policy Parameters
        Signing_Alg_params = [("signingAlg", "-")]
        common.policy_parameters(Policy_definition, Signing_Alg_params)

        # Constraint
        constraints.signingAlgConstraintImpl(Policy_Value)

    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 15
0
def CA_Certificate_Validity_Default(root, PolicySet):

    javaclass = "caValidityDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)
        CA_Certificate_Validity_Default_description = (
            "This default populates a Certificate Validity to the request. The default values are Range=7305 in days"
        )

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value, "def", id="CA Certificate Validity Default", classId="caValidityDefaultImpl"
        )
        Policy_description = etree.SubElement(
            Policy_definition, "description"
        ).text = CA_Certificate_Validity_Default_description

        # Policy Attributes
        CA_Certificate_Validity_Default_attributes = [
            ("notBefore", "string", "NULL", "Not Before", "NULL"),
            ("notAfter", "string", "NULL", "notAfter", "NULL"),
            ("bypassCAnotafter", "boolean", "NULL", "Bypass CA notAfter constraint", "false"),
        ]

        common.policy_attributes(Policy_definition, CA_Certificate_Validity_Default_attributes)

        # Policy Parameters
        CA_Certificate_Validity_Default_params = [("range", "7305"), ("startTime", "0"), ("bypassCAnotafter", "")]
        common.policy_parameters(Policy_definition, CA_Certificate_Validity_Default_params)

        # Policy Constraints
        constraints.validityConstraintImpl(Policy_Value, 365, 7305)

    else:

        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 16
0
def Subject_Key_Identifier_Extension_Default(root, PolicySet):
    """ This function defines Subject Key Identifier Extension Default Policy """

    javaclass = "subjectKeyIdentifierExtDefaultImpl"
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)
        # Description
        Subject_Key_Identifier_Extension_Default_description = (
            "This default populates a Subject Key Identifier Extension (2.5.29.14) to the request."
        )

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            "def",
            id="Subject Key Identifier Extension Default",
            classId="subjectKeyIdentifierExtDefaultImpl",
        )
        Policy_description = etree.SubElement(
            Policy_definition, "description"
        ).text = Subject_Key_Identifier_Extension_Default_description

        # Policy Attributes
        Subject_Key_Identifier_Extension_Default_attributes = [
            ("critical", "string", "readonly", "Criticality", "NULL"),
            ("keyid", "string", "readonly", "Key ID", "NULL"),
        ]

        common.policy_attributes(Policy_definition, Subject_Key_Identifier_Extension_Default_attributes)
        # Policy Parameters
        # None

        # Constraint Definition
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 17
0
def Signing_Alg(root, PolicySet):
    ''' This Function defines Signing Algorithm Policy '''
    javaclass = 'signingAlgDefaultImpl'

    result = common.check_policy(PolicySet, javaclass)
    if result is False:

        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        #Description
        Signing_Alg_description = 'This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA512withRSA'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        #  Policy Definition
        Policy_definition = etree.SubElement(Policy_Value,
                                             'def',
                                             id='Signing Alg',
                                             classId='signingAlgDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition, 'description').text = Signing_Alg_description

        # Policy Attributes

        Signing_Alg_attributes = [
            ('signingAlg', 'choice',
             'SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA',
             'Signing Algorithm', 'NULL')
        ]
        common.policy_attributes(Policy_definition, Signing_Alg_attributes)

        # Policy Parameters
        Signing_Alg_params = [('signingAlg', '-')]
        common.policy_parameters(Policy_definition, Signing_Alg_params)

        #Constraint
        constraints.signingAlgConstraintImpl(Policy_Value)

    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 18
0
def Subject_Key_Identifier_Extension_Default(root, PolicySet):
    ''' This function defines Subject Key Identifier Extension Default Policy '''

    javaclass = 'subjectKeyIdentifierExtDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)
        # Description
        Subject_Key_Identifier_Extension_Default_description = 'This default populates a Subject Key Identifier Extension (2.5.29.14) to the request.'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            'def',
            id='Subject Key Identifier Extension Default',
            classId='subjectKeyIdentifierExtDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition, 'description'
        ).text = Subject_Key_Identifier_Extension_Default_description

        # Policy Attributes
        Subject_Key_Identifier_Extension_Default_attributes = [
            ('critical', 'string', 'readonly', 'Criticality', 'NULL'),
            ('keyid', 'string', 'readonly', 'Key ID', 'NULL')
        ]

        common.policy_attributes(
            Policy_definition,
            Subject_Key_Identifier_Extension_Default_attributes)
        # Policy Parameters
        # None

        # Constraint Definition
        constraints.noConstraintImpl(Policy_Value)
    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
Exemplo n.º 19
0
def Subject_Name_Default(root_element, PolicySet, subjectPattern,
                         subjectDefault):

    # Check if the policy is already defined
    javaclass = 'userSubjectNameDefaultImpl'

    result = common.check_policy(PolicySet, javaclass)

    if result is False:

        #Get Policy ID
        pvalue = get_policyId(PolicySet)
        Subject_Name_Default_description = 'This default populates a User-Supplied Certificate Subject Name to the request'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        if subjectDefault:
            Policy_definition = etree.SubElement(
                Policy_Value,
                'def',
                classId='subjectNameDefaultImpl',
                id='Subject Name Default')
        else:
            Policy_definition = etree.SubElement(
                Policy_Value,
                'def',
                classId='userSubjectNameDefaultImpl',
                id='Subject Name Default')
        Policy_description = etree.SubElement(
            Policy_definition,
            'description').text = Subject_Name_Default_description

        # Policy Attributes
        Subject_Name_Default_attributes = [('name', 'string', 'NULL',
                                            'Subject Name', 'NULL')]
        common.policy_attributes(Policy_definition,
                                 Subject_Name_Default_attributes)

        # Policy Parameters
        if subjectDefault:
            Subject_Name_Default_params = [('name', subjectDefault)]
            common.policy_parameters(Policy_definition,
                                     Subject_Name_Default_params)

        # Policy Constraints
        constraints.subjectNameConstraintImpl(Policy_Value, subjectPattern)

    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        if subjectDefault:
            Policy_Definition = Policy_Value[0]
            Policy_Definition.set('classId', 'subjectNameDefaultImpl')
            policy_param_name = etree.SubElement(Policy_Definition,
                                                 'params',
                                                 name='name')
            policy_param_value = etree.SubElement(
                policy_param_name, 'value').text = subjectDefault
        if subjectPattern:
            CurrentValue = Policy_Value.find('./constraint/constraint/value')
            CurrentValue.text = subjectPattern
Exemplo n.º 20
0
def Basic_Constraints_Extension_Default(root, PolicySet, PathLength, isCA):
    ''' This function Defines Basic Constraints Extension Default Policy'''
    javaclass = 'basicConstraintsExtDefaultImpl'
    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        #Description
        Basic_Constraints_Extension_Default_description = 'This default populates a Basic Constraints Extension (2.5.29.19) to the request.,The default values are Criticality=true, Is CA=true, Path Length=-1'

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value,
            'def',
            id='Basic Constraints Extension Default',
            classId='basicConstraintsExtDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition, 'description'
        ).text = Basic_Constraints_Extension_Default_description

        # Policy Attributes
        Basic_Constraints_Extension_Default_attributes = [
            ('basicConstraintsCritical', 'boolean', 'Criticality', 'false',
             'NULL'),
            ('basicConstraintsIsCA', 'boolean', 'Is CA', 'true', 'NULL'),
            ('basicConstraintsPathLen', 'integer', 'Path Length', '-1', 'NULL')
        ]

        common.policy_attributes(
            Policy_definition, Basic_Constraints_Extension_Default_attributes)

        # Policy Parameters
        Basic_Constraints_Extension_Default_params = [
            ('basicConstraintsCritical', 'true'),
            ('basicConstraintsIsCA', isCA),
            ('basicConstraintsPathLen', PathLength)
        ]
        common.policy_parameters(Policy_definition,
                                 Basic_Constraints_Extension_Default_params)

        # Constraint Definition
        constraints.basicConstraintsCritical(Policy_Value, PathLength, isCA)

    else:
        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        basicConstraintsIsCA_params = Policy_Value.find(
            './def/params[@name="basicConstraintsIsCA"]')
        basicConstraintsIsCA_params[0].text = isCA
        basicConstraintsPathLen_params = Policy_Value.find(
            './def/params[@name="basicConstraintsPathLen"]')
        basicConstraintsPathLen_params[0].text = PathLength

        basicConstraintsIsCA_constraint = Policy_Value.find(
            './constraint/constraint[@id=basicConstraintsIsCA]/value')
        basicConstraintsIsCA_constraint.text = isCA
        basicConstraintsPathLen_constraint = Policy_Value.find(
            './constraint/constraint[@id="basicConstraintsMaxPathLen"]/value')
        basicConstraintsPathLen_constraint.text = PathLength
Exemplo n.º 21
0
def Key_Usage_Default(root, PolicySet, keylist):
    ''' This function defines Key Usage Default Policy '''

    javaclass = 'keyUsageExtDefaultImpl'

    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        #Get Policy ID
        pvalue = get_policyId(PolicySet)

        s1 = 'This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true'
        s2 = 'Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false'
        s3 = 'Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false'
        Key_Usage_Default_description = s1 + s2 + s3

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, 'value', id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(Policy_Value,
                                             'def',
                                             id='Key Usage Default',
                                             classId='keyUsageExtDefaultImpl')
        Policy_description = etree.SubElement(
            Policy_definition,
            'description').text = Key_Usage_Default_description

        # Policy Attributes #name,syntax,constraint,description,defaultvalue
        Key_Usage_Default_attributes = [
            ('keyUsageCritical', 'boolean', 'NULL', 'Criticality', 'false'),
            ('keyUsageDigitalSignature', 'boolean', 'NULL',
             'Digital Signature', 'false'),
            ('keyUsageNonRepudiation', 'boolean', 'NULL', 'Non-Repudiation',
             'false'),
            ('keyUsageKeyEncipherment', 'boolean', 'NULL', 'Key Encipherment',
             'false'),
            ('keyUsageDataEncipherment', 'boolean', 'NULL',
             'Data Encipherment', 'false'),
            ('keyUsageKeyAgreement', 'boolean', 'NULL', 'Key Agreement',
             'false'),
            ('keyUsageKeyCertSign', 'boolean', 'NULL', 'Key CertSign',
             'false'),
            ('keyUsageCrlSign', 'boolean', 'NULL', 'CRL Sign', 'false'),
            ('keyUsageEncipherOnly', 'boolean', 'NULL', 'Encipher Only',
             'false'),
            ('keyUsageDecipherOnly', 'boolean', 'NULL', 'Decipher Only',
             'false'),
        ]
        common.policy_attributes(Policy_definition,
                                 Key_Usage_Default_attributes)

        # Policy Parameters
        Key_Usage_Default_parms = [
            ('keyUsageCritical',
             common.check_ext_key_usage(keylist, 'keyUsageCritical')),
            ('keyUsageDigitalSignature',
             common.check_ext_key_usage(keylist, 'keyUsageDigitalSignature')),
            ('keyUsageNonRepudiation',
             common.check_ext_key_usage(keylist, 'keyUsageNonRepudiation')),
            ('keyUsageKeyEncipherment',
             common.check_ext_key_usage(keylist, 'keyUsageKeyEncipherment')),
            ('keyUsageDataEncipherment',
             common.check_ext_key_usage(keylist, 'keyUsageDataEncipherment')),
            ('keyUsageKeyAgreement',
             common.check_ext_key_usage(keylist, 'keyUsageKeyAgreement')),
            ('keyUsageKeyCertSign',
             common.check_ext_key_usage(keylist, 'keyUsageKeyCertSign')),
            ('keyUsageCrlSign',
             common.check_ext_key_usage(keylist, 'keyUsageCrlSign')),
            ('keyUsageEncipherOnly',
             common.check_ext_key_usage(keylist, 'keyUsageEncipherOnly')),
            ('keyUsageDecipherOnly',
             common.check_ext_key_usage(keylist, 'keyUsageDecipherOnly'))
        ]
        common.policy_parameters(Policy_definition, Key_Usage_Default_parms)

        # Policy Constraint
        constraints.keyUsageExtConstraintImpl(Policy_Value, keylist)

    else:

        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        # Change Policy Parameters
        mylist = re.split(',', keylist)
        for v in mylist:
            result_param = Policy_Value.find(
                "./def/params[@name=\"%s\"]/value" % v)
            result_param.text = 'true'
        # Change Policy Constraints
        for v in mylist:
            result_constraint = Policy_Value.find(
                "./constraint/constraint[@id=\"%s\"]/value" % v)
            result_constraint.text = 'true'
Exemplo n.º 22
0
def Key_Usage_Default(root, PolicySet, keylist):
    """ This function defines Key Usage Default Policy """

    javaclass = "keyUsageExtDefaultImpl"

    result = common.check_policy(PolicySet, javaclass)

    if result is False:
        # Get Policy ID
        pvalue = get_policyId(PolicySet)

        s1 = "This default populates a Key Usage Extension (2.5.29.15) to the request,The default values are Criticality=true"
        s2 = "Digital Signature=true, Non-Repudiation=true,Key Encipherment=true, Data Encipherment=false, Key Agreement=false"
        s3 = "Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false"
        Key_Usage_Default_description = s1 + s2 + s3

        # Policy Value
        Policy_Value = etree.SubElement(PolicySet, "value", id=pvalue)

        # Policy Definition
        Policy_definition = etree.SubElement(
            Policy_Value, "def", id="Key Usage Default", classId="keyUsageExtDefaultImpl"
        )
        Policy_description = etree.SubElement(Policy_definition, "description").text = Key_Usage_Default_description

        # Policy Attributes #name,syntax,constraint,description,defaultvalue
        Key_Usage_Default_attributes = [
            ("keyUsageCritical", "boolean", "NULL", "Criticality", "false"),
            ("keyUsageDigitalSignature", "boolean", "NULL", "Digital Signature", "false"),
            ("keyUsageNonRepudiation", "boolean", "NULL", "Non-Repudiation", "false"),
            ("keyUsageKeyEncipherment", "boolean", "NULL", "Key Encipherment", "false"),
            ("keyUsageDataEncipherment", "boolean", "NULL", "Data Encipherment", "false"),
            ("keyUsageKeyAgreement", "boolean", "NULL", "Key Agreement", "false"),
            ("keyUsageKeyCertSign", "boolean", "NULL", "Key CertSign", "false"),
            ("keyUsageCrlSign", "boolean", "NULL", "CRL Sign", "false"),
            ("keyUsageEncipherOnly", "boolean", "NULL", "Encipher Only", "false"),
            ("keyUsageDecipherOnly", "boolean", "NULL", "Decipher Only", "false"),
        ]
        common.policy_attributes(Policy_definition, Key_Usage_Default_attributes)

        # Policy Parameters
        Key_Usage_Default_parms = [
            ("keyUsageCritical", common.check_ext_key_usage(keylist, "keyUsageCritical")),
            ("keyUsageDigitalSignature", common.check_ext_key_usage(keylist, "keyUsageDigitalSignature")),
            ("keyUsageNonRepudiation", common.check_ext_key_usage(keylist, "keyUsageNonRepudiation")),
            ("keyUsageKeyEncipherment", common.check_ext_key_usage(keylist, "keyUsageKeyEncipherment")),
            ("keyUsageDataEncipherment", common.check_ext_key_usage(keylist, "keyUsageDataEncipherment")),
            ("keyUsageKeyAgreement", common.check_ext_key_usage(keylist, "keyUsageKeyAgreement")),
            ("keyUsageKeyCertSign", common.check_ext_key_usage(keylist, "keyUsageKeyCertSign")),
            ("keyUsageCrlSign", common.check_ext_key_usage(keylist, "keyUsageCrlSign")),
            ("keyUsageEncipherOnly", common.check_ext_key_usage(keylist, "keyUsageEncipherOnly")),
            ("keyUsageDecipherOnly", common.check_ext_key_usage(keylist, "keyUsageDecipherOnly")),
        ]
        common.policy_parameters(Policy_definition, Key_Usage_Default_parms)

        # Policy Constraint
        constraints.keyUsageExtConstraintImpl(Policy_Value, keylist)

    else:

        Policy_Value = common.get_Element_PolicyValue(PolicySet, javaclass)
        # Change Policy Parameters
        mylist = re.split(",", keylist)
        for v in mylist:
            result_param = Policy_Value.find('./def/params[@name="%s"]/value' % v)
            result_param.text = "true"
        # Change Policy Constraints
        for v in mylist:
            result_constraint = Policy_Value.find('./constraint/constraint[@id="%s"]/value' % v)
            result_constraint.text = "true"