class X509_ExtSubjectDirectoryAttributes(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("subjectDirectoryAttributes",
[X509_Attribute()], X509_Attribute)
class OCSP_ByName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("byName", [], X509_RDN)
class X509_DirectoryName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("directoryName", _default_directoryName,
X509_RDN)
class SPNEGO_MechTypes(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType)
class SAPCredv2(ASN1_Packet):
"""SAP Credv2 Credential set definition"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("creds", None, SAPCredv2Cred)
class X509_ExtCertificateIssuer(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("certificateIssuer", [], X509_GeneralName)
class X509_ExtCertificatePolicies(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("certificatePolicies",
[X509_ExtPolicyInformation()],
X509_ExtPolicyInformation)
class X509_TBSCertificate(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_enum_INTEGER("version", 0x2, ["v1", "v2", "v3"],
explicit_tag=0xa0)),
ASN1F_INTEGER("serialNumber", 1),
ASN1F_PACKET("signature",
X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN),
ASN1F_PACKET("validity",
X509_Validity(),
X509_Validity),
ASN1F_SEQUENCE_OF("subject", _default_subject, X509_RDN),
ASN1F_PACKET("subjectPublicKeyInfo",
X509_SubjectPublicKeyInfo(),
X509_SubjectPublicKeyInfo),
ASN1F_optional(
ASN1F_BIT_STRING("issuerUniqueID", None,
implicit_tag=0x81)),
ASN1F_optional(
ASN1F_BIT_STRING("subjectUniqueID", None,
implicit_tag=0x82)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("extensions",
[X509_Extension()],
X509_Extension,
explicit_tag=0xa3)))
def get_issuer(self):
attrs = self.issuer
attrsDict = {}
for attr in attrs:
# we assume there is only one name in each rdn ASN1_SET
attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501
return attrsDict
def get_issuer_str(self):
"""
Returns a one-line string containing every type/value
in a rather specific order. sorted() built-in ensures unicity.
"""
name_str = ""
attrsDict = self.get_issuer()
for attrType, attrSymbol in _attrName_mapping:
if attrType in attrsDict:
name_str += "/" + attrSymbol + "="
name_str += attrsDict[attrType]
for attrType in sorted(attrsDict):
if attrType not in _attrName_specials:
name_str += "/" + attrType + "="
name_str += attrsDict[attrType]
return name_str
def get_subject(self):
attrs = self.subject
attrsDict = {}
for attr in attrs:
# we assume there is only one name in each rdn ASN1_SET
attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501
return attrsDict
def get_subject_str(self):
name_str = ""
attrsDict = self.get_subject()
for attrType, attrSymbol in _attrName_mapping:
if attrType in attrsDict:
name_str += "/" + attrSymbol + "="
name_str += attrsDict[attrType]
for attrType in sorted(attrsDict):
if attrType not in _attrName_specials:
name_str += "/" + attrType + "="
name_str += attrsDict[attrType]
return name_str
53: "unwillingToPerform",
54: "loopDetect",
64: "namingViolation",
65: "objectClassViolation",
66: "notAllowedOnNonLeaf",
67: "notAllowedOnRDN",
68: "entryAlreadyExists",
69: "objectClassModsProhibited",
70: "resultsTooLarge", # CLDAP
80: "other",
}),
LDAPDN("matchedDN", ""),
LDAPString("diagnosticMessage", ""),
# LDAP v3 only
ASN1F_optional(
ASN1F_SEQUENCE_OF("referral", [], LDAPReferral, implicit_tag=0xa3)))
# Bind operation
# https://datatracker.ietf.org/doc/html/rfc1777#section-4.1
class ASN1_Class_LDAP_Authentication(ASN1_Class_UNIVERSAL):
name = "LDAP Authentication"
simple = 0xa0
krbv42LDAP = 0xa1
krbv42DSA = 0xa2
sasl = 0xa3
class ASN1_LDAP_Authentication_simple(ASN1_STRING):
tag = ASN1_Class_LDAP_Authentication.simple
class X509_ExtSubjInfoAccess(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("subjectInfoAccess",
[X509_AccessDescription()],
X509_AccessDescription)
class X509_Extensions(ASN1_Packet):
# we use this in OCSP status requests, in tls/handshake.py
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_optional(
ASN1F_SEQUENCE_OF("extensions",
None, X509_Extension))
class X509_ExtQcStatements(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("qcStatements",
[X509_ExtQcStatement()],
X509_ExtQcStatement)
class X509_ExtAuthInfoAccess(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("authorityInfoAccess",
[X509_AccessDescription()],
X509_AccessDescription)
class X509_ExtFreshestCRL(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints",
[X509_ExtDistributionPoint()],
X509_ExtDistributionPoint)
class X509_ExtFullName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("fullName", [X509_GeneralName()],
X509_GeneralName,
implicit_tag=0xa0)
class LDAP_SubstringFilter(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
AttributeType("type", ""),
ASN1F_SEQUENCE_OF("filters", [], LDAP_SubstringFilterStr))
class X509_ExtPolicyMappings(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("policyMappings", [], X509_PolicyMapping)
class LDAP_SearchResponseEntry(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
LDAPDN("objectName", ""),
ASN1F_SEQUENCE_OF("attributes", LDAP_SearchResponseEntryAttribute(),
LDAP_SearchResponseEntryAttribute))
class X509_ExtSubjectAltName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("subjectAltName", [], X509_GeneralName)
class X509_ExtIssuerAltName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("issuerAltName", [], X509_GeneralName)
