class Scope(Enumerated):
# scope ENUMERATED {
# baseObject (0),
# singleLevel (1),
# wholeSubtree (2),
namedValues = NamedValues(('baseObject', 0), ('singleLevel', 1),
('wholeSubtree', 2))
class SecurityLevel(Enumerated):
"""The extent to which the key pair is protected.
References:
* https://developer.android.com/training/articles/security-key-attestation#certificate_schema_securitylevel
"""
componentType = NamedValues(Software=0, TrustedEnvironment=1, StrongBox=2)
class Operation(Enumerated):
# operation ENUMERATED {
# add (0),
# delete (1),
# replace (2),
# ... }
namedValues = NamedValues(('add', 0), ('delete', 1), ('replace', 2), ('increment', 3))
class ConditionTypes(BitString):
namedValues = NamedValues(
('preImageSha256', 0),
('prefixSha256', 1),
('thresholdSha256', 2),
('rsaSha256', 3),
('ed25519Sha256', 4),
)
class DerefAliases(Enumerated):
# derefAliases ENUMERATED {
# neverDerefAliases (0),
# derefInSearching (1),
# derefFindingBaseObj (2),
# derefAlways (3) },
namedValues = NamedValues(('neverDerefAliases', 0),
('derefInSearching', 1),
('derefFindingBaseObj', 2), ('derefAlways', 3))
class Scope(Enumerated):
"""
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2),
"""
namedValues = NamedValues(('baseObject', 0), ('singleLevel', 1),
('wholeSubtree', 2))
class ChangeType(Enumerated):
# changeType ENUMERATED {
# add (1),
# delete (2),
# modify (4),
# modDN (8)
# }
namedValues = NamedValues(('add', 1), ('delete', 2), ('modify', 4),
('modDN', 8))
class Operation(Enumerated):
"""
operation ENUMERATED {
add (0),
delete (1),
replace (2),
... }
"""
namedValues = NamedValues(('add', 0), ('delete', 1), ('replace', 2),
('increment', 3))
class VerifiedBootState(Enumerated):
"""The level of protection provided to the user and to apps after booting.
References:
* https://developer.android.com/training/articles/security-key-attestation#certificate_schema_verifiedbootstate
"""
componentType = NamedValues(Verified=0,
SelfSigned=1,
Unverified=2,
Failed=3)
class PrivateKeyInfo(Sequence):
componentType = NamedTypes(
NamedType(
"version",
Integer(namedValues=NamedValues(("v1", 0))).subtype(
subtypeSpec=Integer.subtypeSpec + SingleValueConstraint(0))),
NamedType("privateKeyAlgorithm", AlgorithmIdentifier()),
NamedType("privateKey", OctetString()),
OptionalNamedType(
"attributes",
SetOf(componentType=Attribute()).subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 0))))
class ECPrivateKey(Sequence):
componentType = NamedTypes(
NamedType(
"version",
Integer(namedValues=NamedValues(("ecPrivkeyVer1", 1))).subtype(
subtypeSpec=Integer.subtypeSpec + SingleValueConstraint(1))),
NamedType("privateKey", OctetString()),
OptionalNamedType(
"parameters",
ObjectIdentifier().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 0))),
OptionalNamedType(
"publicKey",
BitString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 1))))
class NegStat(Enumerated):
"""
[RFC-4178]
NegState ::= ENUMERATED {
accept-completed (0),
accept-incomplete (1),
reject (2),
request-mic (3)
}
"""
namedValues = NamedValues(
('accept-complete', 0),
('accept-incomplete', 1),
('reject', 2),
('request-mic', 3)
)
subtypeSpec = Enumerated.subtypeSpec + SingleValueConstraint(0, 1, 2, 3)
class ContextFlags(BitString):
"""
[RFC-4178]
ContextFlags ::= BIT STRING {
delegFlag (0),
mutualFlag (1),
replayFlag (2),
sequenceFlag (3),
anonFlag (4),
confFlag (5),
integFlag (6)
}
"""
componentType = NamedValues(
('delegFlag', 0),
('mutualFlag', 1),
('replayFlag', 2),
('sequenceFlag', 3),
('anonFlag', 4),
('confFlag', 5),
('integFlag', 6)
)
class ResultCode(Enumerated):
# resultCode ENUMERATED {
# success (0),
# operationsError (1),
# protocolError (2),
# timeLimitExceeded (3),
# sizeLimitExceeded (4),
# compareFalse (5),
# compareTrue (6),
# authMethodNotSupported (7),
# strongerAuthRequired (8),
# -- 9 reserved --
# referral (10),
# adminLimitExceeded (11),
# unavailableCriticalExtension (12),
# confidentialityRequired (13),
# saslBindInProgress (14),
# noSuchAttribute (16),
# undefinedAttributeType (17),
# inappropriateMatching (18),
# constraintViolation (19),
# attributeOrValueExists (20),
# invalidAttributeSyntax (21),
# -- 22-31 unused --
# noSuchObject (32),
# aliasProblem (33),
# invalidDNSyntax (34),
# -- 35 reserved for undefined isLeaf --
# aliasDereferencingProblem (36),
# -- 37-47 unused --
# inappropriateAuthentication (48),
# invalidCredentials (49),
# insufficientAccessRights (50),
# busy (51),
# unavailable (52),
# unwillingToPerform (53),
# loopDetect (54),
# -- 55-63 unused --
# namingViolation (64),
# objectClassViolation (65),
# notAllowedOnNonLeaf (66),
# notAllowedOnRDN (67),
# entryAlreadyExists (68),
# objectClassModsProhibited (69),
# -- 70 reserved for CLDAP --
# affectsMultipleDSAs (71),
# -- 72-79 unused --
# other (80),
# ... }
#
# from IANA ldap-parameters:
# lcupResourcesExhausted 113 IESG [RFC3928]
# lcupSecurityViolation 114 IESG [RFC3928]
# lcupInvalidData 115 IESG [RFC3928]
# lcupUnsupportedScheme 116 IESG [RFC3928]
# lcupReloadRequired 117 IESG [RFC3928]
# canceled 118 IESG [RFC3909]
# noSuchOperation 119 IESG [RFC3909]
# tooLate 120 IESG [RFC3909]
# cannotCancel 121 IESG [RFC3909]
# assertionFailed 122 IESG [RFC4528]
# authorizationDenied 123 WELTMAN [RFC4370]
# e-syncRefreshRequired 4096 [Kurt_Zeilenga] [Jong_Hyuk_Choi] [RFC4533]
namedValues = NamedValues(
('success', 0), ('operationsError', 1), ('protocolError', 2),
('timeLimitExceeded', 3), ('sizeLimitExceeded', 4),
('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7),
('strongerAuthRequired', 8), ('referral', 10),
('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
('confidentialityRequired', 13), ('saslBindInProgress', 14),
('noSuchAttribute', 16), ('undefinedAttributeType', 17),
('inappropriateMatching', 18), ('constraintViolation', 19),
('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48),
('invalidCredentials', 49), ('insufficientAccessRights', 50),
('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53),
('loopDetected', 54), ('namingViolation', 64),
('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
('objectClassModsProhibited', 69), ('affectMultipleDSAs', 71),
('other', 80), ('lcupResourcesExhausted', 113),
('lcupSecurityViolation', 114), ('lcupInvalidData', 115),
('lcupUnsupportedScheme', 116), ('lcupReloadRequired', 117),
('canceled', 118), ('noSuchOperation', 119), ('tooLate', 120),
('cannotCancel', 121), ('assertionFailed', 122),
('authorizationDenied', 123), ('e-syncRefreshRequired', 4096))
subTypeSpec = Enumerated.subtypeSpec + responseValueConstraint
class ResultCode(Enumerated):
"""
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongerAuthRequired (8),
-- 9 reserved --
referral (10),
adminLimitExceeded (11),
unavailableCriticalExtension (12),
confidentialityRequired (13),
saslBindInProgress (14),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
-- 35 reserved for undefined isLeaf --
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
-- 70 reserved for CLDAP --
affectsMultipleDSAs (71),
-- 72-79 unused --
other (80),
... },
"""
namedValues = NamedValues(
('success', 0),
('operationsError', 1),
('protocolError', 2),
('timeLimitExceeded', 3),
('sizeLimitExceeded', 4),
('compareFalse', 5),
('compareTrue', 6),
('authMethodNotSupported', 7),
('strongerAuthRequired', 8),
('referral', 10),
('adminLimitExceeded', 11),
('unavailableCriticalExtension', 12),
('confidentialityRequired', 13),
('saslBindInProgress', 14),
('noSuchAttribute', 16),
('undefinedAttributeType', 17),
('inappropriateMatching', 18),
('constraintViolatio', 19),
('attributeOrValueExists', 20),
('invalidAttributeSyntax', 21),
('noSuchObject', 32),
('aliasProblem', 33),
('invalidDNSyntaxn', 34),
('aliasDereferencingProblem', 36),
('inappropriateAuthentication', 48),
('invalidCredentials', 49),
('insufficientAccessRights', 50),
('busy', 51),
('unavailable', 52),
('unwillingToPerform', 53),
('loopDetect', 54),
('namingViolation', 64),
('objectClassViolation', 65),
('notAllowedOnNonLeaf', 66),
('notAllowedOnRDN', 67),
('entryAlreadyExists', 68),
('objectClassModsProhibited', 69),
('affectsMultipleDSAs', 71),
('other', 80),
)