class X509_ExtNameConstraints(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_SEQUENCE_OF("permittedSubtrees", None,
X509_ExtGeneralSubtree,
implicit_tag=0xa0)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("excludedSubtrees", None,
X509_ExtGeneralSubtree,
implicit_tag=0xa1)))
class OCSP_ResponseData(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_enum_INTEGER("version", 0, {0: "v1"}, explicit_tag=0x80)),
ASN1F_PACKET("responderID", OCSP_ResponderID(), OCSP_ResponderID),
ASN1F_GENERALIZED_TIME("producedAt", str(GeneralizedTime())),
ASN1F_SEQUENCE_OF("responses", [], OCSP_SingleResponse),
ASN1F_optional(
ASN1F_SEQUENCE_OF("responseExtensions",
None,
X509_Extension,
explicit_tag=0xa1)))
class X509_RevokedCertificate(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_INTEGER("serialNumber", 1),
ASN1F_UTC_TIME("revocationDate", str(ZuluTime(+86400))),
ASN1F_optional(
ASN1F_SEQUENCE_OF("crlEntryExtensions", None, X509_Extension)))
class X509_ExtExtendedKeyUsage(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("extendedKeyUsage", [], ASN1P_OID)
def get_extendedKeyUsage(self):
eku_array = self.extendedKeyUsage
return [eku.oid.oidname for eku in eku_array]
class X509_ExtNoticeReference(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_CHOICE("organization", ASN1_UTF8_STRING("Dummy Organization"),
ASN1F_IA5_STRING, ASN1F_ISO646_STRING, ASN1F_BMP_STRING,
ASN1F_UTF8_STRING),
ASN1F_SEQUENCE_OF("noticeNumbers", [], ASN1P_INTEGER))
class X509_ExtPolicyInformation(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_OID("policyIdentifier", "2.5.29.32.0"),
ASN1F_optional(
ASN1F_SEQUENCE_OF("policyQualifiers", None,
X509_ExtPolicyQualifierInfo)))
class SNMPtrapv2(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SNMP_PDU_TRAPv2(ASN1F_INTEGER("id", 0),
ASN1F_enum_INTEGER("error", 0, SNMP_error), # noqa: E501
ASN1F_INTEGER("error_index", 0),
ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) # noqa: E501
)
class SNMPbulk(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SNMP_PDU_BULK(ASN1F_INTEGER("id", 0),
ASN1F_INTEGER("non_repeaters", 0),
ASN1F_INTEGER("max_repetitions", 0),
ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) # noqa: E501
)
class SNMPtrapv1(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SNMP_PDU_TRAPv1(ASN1F_OID("enterprise", "1.3"),
ASN1F_IPADDRESS("agent_addr", "0.0.0.0"),
ASN1F_enum_INTEGER("generic_trap", 0, SNMP_trap_types), # noqa: E501
ASN1F_INTEGER("specific_trap", 0),
ASN1F_TIME_TICKS("time_stamp", IntAutoTime()), # noqa: E501
ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) # noqa: E501
)
class X509_TBSCertList(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_enum_INTEGER("version", 1, ["v1", "v2"])),
ASN1F_PACKET("signature",
X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN),
ASN1F_UTC_TIME("this_update", str(ZuluTime(-1))),
ASN1F_optional(
ASN1F_UTC_TIME("next_update", None)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("revokedCertificates", None,
X509_RevokedCertificate)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("crlExtensions", None,
X509_Extension,
explicit_tag=0xa0)))
def get_issuer(self):
attrs = self.issuer
attrsDict = {}
for attr in attrs:
# we assume there is only one name in each rdn ASN1_SET
attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501
return attrsDict
def get_issuer_str(self):
"""
Returns a one-line string containing every type/value
in a rather specific order. sorted() built-in ensures unicity.
"""
name_str = ""
attrsDict = self.get_issuer()
for attrType, attrSymbol in _attrName_mapping:
if attrType in attrsDict:
name_str += "/" + attrSymbol + "="
name_str += attrsDict[attrType]
for attrType in sorted(attrsDict):
if attrType not in _attrName_specials:
name_str += "/" + attrType + "="
name_str += attrsDict[attrType]
return name_str
class RSAPrivateKey(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_enum_INTEGER("version", 0, ["two-prime", "multi"]),
ASN1F_INTEGER("modulus", 10), ASN1F_INTEGER("publicExponent", 3),
ASN1F_INTEGER("privateExponent", 3), ASN1F_INTEGER("prime1", 2),
ASN1F_INTEGER("prime2", 5), ASN1F_INTEGER("exponent1", 0),
ASN1F_INTEGER("exponent2", 3), ASN1F_INTEGER("coefficient", 1),
ASN1F_optional(
ASN1F_SEQUENCE_OF("otherPrimeInfos", None, RSAOtherPrimeInfo)))
class NEGOEX_EXCHANGE_NTLM(ASN1_Packet):
"""
GSSAPI NegoEX Exchange metadata blob
This was reversed and may be meaningless
"""
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(ASN1F_SEQUENCE_OF("items", [],
NEGOEX_EXCHANGE_NTLM_ITEM),
implicit_tag=0xa0), )
def __init__(self, **kargs):
seq = [
ASN1F_PACKET("tbsResponseData", OCSP_ResponseData(),
OCSP_ResponseData),
ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_BIT_STRING("signature", "defaultsignature" * 2),
ASN1F_optional(
ASN1F_SEQUENCE_OF("certs", None, X509_Cert, explicit_tag=0xa0))
]
ASN1F_SEQUENCE.__init__(self, *seq, **kargs)
class X509_ExtAuthorityKeyIdentifier(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_STRING("keyIdentifier", b"\xff" * 20, implicit_tag=0x80)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("authorityCertIssuer",
None,
X509_GeneralName,
implicit_tag=0xa1)),
ASN1F_optional(
ASN1F_INTEGER("authorityCertSerialNumber", None,
implicit_tag=0x82)))
class OCSP_SingleResponse(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_PACKET("certID", OCSP_CertID(), OCSP_CertID),
ASN1F_PACKET("certStatus", OCSP_CertStatus(), OCSP_CertStatus),
ASN1F_GENERALIZED_TIME("thisUpdate", ""),
ASN1F_optional(
ASN1F_GENERALIZED_TIME("nextUpdate", "", explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("singleExtensions",
None,
X509_Extension,
explicit_tag=0xa1)))
class X509_ExtDistributionPoint(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_PACKET("distributionPoint",
X509_ExtDistributionPointName(),
X509_ExtDistributionPointName,
explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_FLAGS("reasons", None, _reasons_mapping, implicit_tag=0x81)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("cRLIssuer",
None,
X509_GeneralName,
implicit_tag=0xa2)))
class LDAP_SearchRequest(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
LDAPDN("baseObject", ""),
ASN1F_ENUMERATED("scope", 0, {
0: "baseObject",
1: "singleLevel",
2: "wholeSubtree"
}),
ASN1F_ENUMERATED(
"derefAliases", 0, {
0: "neverDerefAliases",
1: "derefInSearching",
2: "derefFindingBaseObj",
3: "derefAlways"
}), ASN1F_INTEGER("sizeLimit", 0), ASN1F_INTEGER("timeLimit", 0),
ASN1F_BOOLEAN("attrsOnly", False),
ASN1F_PACKET("filter", LDAP_Filter(), LDAP_Filter),
ASN1F_SEQUENCE_OF("attributes", [], LDAP_SearchRequestAttribute))
class LDAP(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_INTEGER("messageID", 0),
ASN1F_CHOICE(
"protocolOp", LDAP_SearchRequest(),
ASN1F_PACKET("bindRequest",
LDAP_BindRequest(),
LDAP_BindRequest,
implicit_tag=0x60),
ASN1F_PACKET("bindResponse",
LDAP_BindResponse(),
LDAP_BindResponse,
implicit_tag=0x61),
ASN1F_PACKET("unbindRequest",
LDAP_UnbindRequest(),
LDAP_UnbindRequest,
implicit_tag=0x42),
ASN1F_PACKET("searchRequest",
LDAP_SearchRequest(),
LDAP_SearchRequest,
implicit_tag=0x63),
ASN1F_PACKET("searchResponse",
LDAP_SearchResponseEntry(),
LDAP_SearchResponseEntry,
implicit_tag=0x64),
ASN1F_PACKET("searchResponse",
LDAP_SearchResponseResultCode(),
LDAP_SearchResponseResultCode,
implicit_tag=0x65),
ASN1F_PACKET("abandonRequest",
LDAP_AbandonRequest(),
LDAP_AbandonRequest,
implicit_tag=0x70)),
# LDAP v3 only
ASN1F_optional(
ASN1F_SEQUENCE_OF("Controls", [], LDAP_Control, implicit_tag=0x0)))
def mysummary(self):
return (self.protocolOp.__class__.__name__.replace("_", " "), [LDAP])
class SPNEGO_negTokenInit(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_SEQUENCE_OF("mechTypes",
None,
SPNEGO_MechType,
explicit_tag=0xa0)),
ASN1F_optional(
ASN1F_FLAGS("reqFlags", None, _ContextFlags,
implicit_tag=0x81)),
ASN1F_optional(
ASN1F_PACKET("mechToken",
None,
SPNEGO_Token,
explicit_tag=0xa2)),
ASN1F_optional(
ASN1F_PACKET("mechListMIC",
None,
SPNEGO_MechListMIC,
implicit_tag=0xa3))))
class X509_Extensions(ASN1_Packet):
# we use this in OCSP status requests, in tls/handshake.py
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_optional(
ASN1F_SEQUENCE_OF("extensions", None, X509_Extension))
class X509_ExtSubjInfoAccess(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("subjectInfoAccess",
[X509_AccessDescription()],
X509_AccessDescription)
class X509_ExtQcStatements(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("qcStatements", [X509_ExtQcStatement()],
X509_ExtQcStatement)
class X509_ExtAuthInfoAccess(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("authorityInfoAccess",
[X509_AccessDescription()],
X509_AccessDescription)
class X509_ExtFreshestCRL(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints",
[X509_ExtDistributionPoint()],
X509_ExtDistributionPoint)
class X509_ExtCertificatePolicies(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("certificatePolicies",
[X509_ExtPolicyInformation()],
X509_ExtPolicyInformation)
class X509_ExtIssuerAltName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("issuerAltName", [], X509_GeneralName)
class X509_ExtSubjectAltName(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("subjectAltName", [], X509_GeneralName)
class X509_ExtCertificateIssuer(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("certificateIssuer", [], X509_GeneralName)
class X509_TBSCertificate(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE(
ASN1F_optional(
ASN1F_enum_INTEGER("version",
0x2, ["v1", "v2", "v3"],
explicit_tag=0xa0)),
ASN1F_INTEGER("serialNumber", 1),
ASN1F_PACKET("signature", X509_AlgorithmIdentifier(),
X509_AlgorithmIdentifier),
ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN),
ASN1F_PACKET("validity", X509_Validity(), X509_Validity),
ASN1F_SEQUENCE_OF("subject", _default_subject, X509_RDN),
ASN1F_PACKET("subjectPublicKeyInfo", X509_SubjectPublicKeyInfo(),
X509_SubjectPublicKeyInfo),
ASN1F_optional(
ASN1F_BIT_STRING("issuerUniqueID", None, implicit_tag=0x81)),
ASN1F_optional(
ASN1F_BIT_STRING("subjectUniqueID", None, implicit_tag=0x82)),
ASN1F_optional(
ASN1F_SEQUENCE_OF("extensions", [X509_Extension()],
X509_Extension,
explicit_tag=0xa3)))
def get_issuer(self):
attrs = self.issuer
attrsDict = {}
for attr in attrs:
# we assume there is only one name in each rdn ASN1_SET
attrsDict[attr.rdn[0].type.oidname] = plain_str(
attr.rdn[0].value.val) # noqa: E501
return attrsDict
def get_issuer_str(self):
"""
Returns a one-line string containing every type/value
in a rather specific order. sorted() built-in ensures unicity.
"""
name_str = ""
attrsDict = self.get_issuer()
for attrType, attrSymbol in _attrName_mapping:
if attrType in attrsDict:
name_str += "/" + attrSymbol + "="
name_str += attrsDict[attrType]
for attrType in sorted(attrsDict):
if attrType not in _attrName_specials:
name_str += "/" + attrType + "="
name_str += attrsDict[attrType]
return name_str
def get_subject(self):
attrs = self.subject
attrsDict = {}
for attr in attrs:
# we assume there is only one name in each rdn ASN1_SET
attrsDict[attr.rdn[0].type.oidname] = plain_str(
attr.rdn[0].value.val) # noqa: E501
return attrsDict
def get_subject_str(self):
name_str = ""
attrsDict = self.get_subject()
for attrType, attrSymbol in _attrName_mapping:
if attrType in attrsDict:
name_str += "/" + attrSymbol + "="
name_str += attrsDict[attrType]
for attrType in sorted(attrsDict):
if attrType not in _attrName_specials:
name_str += "/" + attrType + "="
name_str += attrsDict[attrType]
return name_str
class X509_ExtPolicyMappings(ASN1_Packet):
ASN1_codec = ASN1_Codecs.BER
ASN1_root = ASN1F_SEQUENCE_OF("policyMappings", [], X509_PolicyMapping)