class PKIHeader(univ.Sequence): """ PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('pvno', univ.Integer( namedValues=namedval.NamedValues( ('cmp1999', 1), ('cmp2000', 2) ) ) ), namedtype.NamedType('sender', rfc2459.GeneralName()), namedtype.NamedType('recipient', rfc2459.GeneralName()), namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType('generalInfo', univ.SequenceOf( componentType=InfoTypeAndValue().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) ) ) ) )
class PKIHeader(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'pvno', univ.Integer( namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)))), namedtype.NamedType('sender', rfc2459.GeneralName()), namedtype.NamedType('recipient', rfc2459.GeneralName()), namedtype.OptionalNamedType( 'messageTime', useful.GeneralizedTime().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'protectionAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType( 'senderKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType( 'recipKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType( 'transactionID', univ.OctetString().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType( 'senderNonce', univ.OctetString().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType( 'recipNonce', univ.OctetString().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType( 'freeText', PKIFreeText().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType( 'generalInfo', univ.SequenceOf(componentType=InfoTypeAndValue().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))))
def addAuthorityKeyId(self, akiTypes, critical): types = [st.strip() for st in akiTypes.split(',')] noneSpecified = 0 == len(akiTypes.strip()) if critical: raise UnknownAuthorityKeyIdError(critical) hasher = hashlib.sha1() hasher.update(self.issuerKey.toDER()) akiKi = rfc2459.KeyIdentifier().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0), value=hasher.digest()) aki = rfc2459.AuthorityKeyIdentifier() # If the issuerSerialNumber is set, we can add AKI data for Issuer principal and the issuer serial number if None != self.issuerSerialNumber: issuerName = rfc2459.GeneralNames().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1)) generalName = stringToDN( self.issuer, tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)) issuerName.setComponentByPosition(0, generalName) csn = rfc2459.CertificateSerialNumber().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2), value=decoder.decode(self.issuerSerialNumber)[0]) if noneSpecified or 'ki' in types: aki.setComponentByPosition(0, akiKi) if noneSpecified or 'issuer' in types: aki.setComponentByPosition(1, issuerName) if noneSpecified or 'serialNumber' in types: aki.setComponentByPosition(2, csn) else: if noneSpecified or 'ki' in types: aki.setComponentByPosition(0, akiKi) self.addExtension(rfc2459.id_ce_authorityKeyIdentifier, aki, critical)