class PKIHeader(univ.Sequence):
"""
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
recipient GeneralName,
messageTime [0] GeneralizedTime OPTIONAL,
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
transactionID [4] OCTET STRING OPTIONAL,
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
freeText [7] PKIFreeText OPTIONAL,
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
}
"""
componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer(
namedValues=namedval.NamedValues(
('cmp1999', 1),
('cmp2000', 2)
)
)
),
namedtype.NamedType('sender', rfc2459.GeneralName()),
namedtype.NamedType('recipient', rfc2459.GeneralName()),
namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
namedtype.OptionalNamedType('generalInfo',
univ.SequenceOf(
componentType=InfoTypeAndValue().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
)
)
)
)
class PKIHeader(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
'pvno',
univ.Integer(
namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000',
2)))),
namedtype.NamedType('sender', rfc2459.GeneralName()),
namedtype.NamedType('recipient', rfc2459.GeneralName()),
namedtype.OptionalNamedType(
'messageTime',
useful.GeneralizedTime().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType(
'protectionAlg',
rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType(
'senderKID',
rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType(
'recipKID',
rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType(
'transactionID',
univ.OctetString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType(
'senderNonce',
univ.OctetString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType(
'recipNonce',
univ.OctetString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType(
'freeText',
PKIFreeText().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 7))),
namedtype.OptionalNamedType(
'generalInfo',
univ.SequenceOf(componentType=InfoTypeAndValue().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,
8)))))
def addAuthorityKeyId(self, akiTypes, critical):
types = [st.strip() for st in akiTypes.split(',')]
noneSpecified = 0 == len(akiTypes.strip())
if critical:
raise UnknownAuthorityKeyIdError(critical)
hasher = hashlib.sha1()
hasher.update(self.issuerKey.toDER())
akiKi = rfc2459.KeyIdentifier().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0),
value=hasher.digest())
aki = rfc2459.AuthorityKeyIdentifier()
# If the issuerSerialNumber is set, we can add AKI data for Issuer principal and the issuer serial number
if None != self.issuerSerialNumber:
issuerName = rfc2459.GeneralNames().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))
generalName = stringToDN(
self.issuer,
tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
issuerName.setComponentByPosition(0, generalName)
csn = rfc2459.CertificateSerialNumber().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,
2),
value=decoder.decode(self.issuerSerialNumber)[0])
if noneSpecified or 'ki' in types:
aki.setComponentByPosition(0, akiKi)
if noneSpecified or 'issuer' in types:
aki.setComponentByPosition(1, issuerName)
if noneSpecified or 'serialNumber' in types:
aki.setComponentByPosition(2, csn)
else:
if noneSpecified or 'ki' in types:
aki.setComponentByPosition(0, akiKi)
self.addExtension(rfc2459.id_ce_authorityKeyIdentifier, aki, critical)