pyasn1-modules-0.0.7/0000755000076400001440000000000012557103654014530 5ustar ilyausers00000000000000pyasn1-modules-0.0.7/CHANGES.txt0000644000076400001440000000333712557073162016347 0ustar ilyausers00000000000000Revision 0.0.7 -------------- - Extensions added to text files, CVS attic flushed. - Fix to rfc2459.BasicConstraints syntax. Revision 0.0.6, released 21-06-2015 ----------------------------------- - Typo fix to id_kp_serverAuth object value - A test case for indefinite length encoding eliminated as it's forbidden in DER. Revision 0.0.5 -------------- - License updated to vanilla BSD 2-Clause to ease package use (http://opensource.org/licenses/BSD-2-Clause). - Missing components added to rfc4210.PKIBody. - Fix to rfc2459.CRLDistPointsSyntax typo. - Fix to rfc2511.CertReqMsg typo. Revision 0.0.4 -------------- - CMP structures (RFC4210), cmpdump.py tool and test case added. - SNMPv2c Message syntax (RFC1901) properly defined. - Package version established in form of __init__.__version__ which is in-sync with distutils. - Package meta information and classifiers updated. Revision 0.0.3 -------------- - Text cases implemented - X.509 CRMF structures (RFC2511) and crmfdump.py tool added - X.509 CRL structures and crldump.py tool added - PKCS#10 structures and pkcs10dump.py tool added - PKCS#8 structures and pkcs8dump.py tool added - PKCS#1 (rfc3447) structures added - OCSP request & response dumping tool added - SNMPv2c & SNMPv3/USM structures added - keydump.py moved into pkcs1dump.py - PEM files read function generalized to be used more universally. - complete PKIX1 '88 code implemented at rfc2459.py Revision 0.0.2 -------------- - Require pyasn1 >= 0.1.1 - Fixes towards Py3K compatibility + use either of existing urllib module + adopt to the new bytes type + print operator is now a function + new exception syntax Revision 0.0.1a --------------- - Initial revision, most code carried from pyasn1 examples. pyasn1-modules-0.0.7/pyasn1_modules/0000755000076400001440000000000012557103654017473 5ustar ilyausers00000000000000pyasn1-modules-0.0.7/pyasn1_modules/rfc2314.py0000644000076400001440000000222211741311745021123 0ustar ilyausers00000000000000# # PKCS#10 syntax # # ASN.1 source from: # http://tools.ietf.org/html/rfc2314 # # Sample captures could be obtained with "openssl req" command # from pyasn1.type import tag, namedtype, namedval, univ, constraint from pyasn1_modules.rfc2459 import * class Attributes(univ.SetOf): componentType = Attribute() class Version(univ.Integer): pass class CertificationRequestInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('subject', Name()), namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), namedtype.NamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class Signature(univ.BitString): pass class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass class CertificationRequest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()), namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()), namedtype.NamedType('signature', Signature()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc3414.py0000644000076400001440000000157411741333400021126 0ustar ilyausers00000000000000# # SNMPv3 message syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc3414.txt # from pyasn1.type import univ, namedtype, namedval, tag, constraint class UsmSecurityParameters(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('msgAuthoritativeEngineID', univ.OctetString()), namedtype.NamedType('msgAuthoritativeEngineBoots', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))), namedtype.NamedType('msgAuthoritativeEngineTime', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))), namedtype.NamedType('msgUserName', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))), namedtype.NamedType('msgAuthenticationParameters', univ.OctetString()), namedtype.NamedType('msgPrivacyParameters', univ.OctetString()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc2511.py0000644000076400001440000002244112346534435021134 0ustar ilyausers00000000000000# # X.509 certificate Request Message Format (CRMF) syntax # # ASN.1 source from: # http://tools.ietf.org/html/rfc2511 # # Sample captures could be obtained with OpenSSL # from pyasn1.type import tag, namedtype, namedval, univ, constraint, char,useful from pyasn1_modules.rfc2459 import * from pyasn1_modules import rfc2315 MAX=16 id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7') id_pkip = univ.ObjectIdentifier('1.3.6.1.5.5.7.5') id_regCtrl = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1') id_regCtrl_regToken = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.1') id_regCtrl_authenticator = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.2') id_regCtrl_pkiPublicationInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.3') id_regCtrl_pkiArchiveOptions = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.4') id_regCtrl_oldCertID = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.5') id_regCtrl_protocolEncrKey = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.6') id_regInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2') id_regInfo_utf8Pairs = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.1') id_regInfo_certReq = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.2') # This should be in PKIX Certificate Extensions module class GeneralName(univ.OctetString): pass # end of PKIX Certificate Extensions module class UTF8Pairs(char.UTF8String): pass class ProtocolEncrKey(SubjectPublicKeyInfo): pass class CertId(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('issuer', GeneralName()), namedtype.NamedType('serialNumber', univ.Integer()) ) class OldCertId(CertId): pass class KeyGenParameters(univ.OctetString): pass class EncryptedValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), namedtype.NamedType('encValue', univ.BitString()) ) class EncryptedKey(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('encryptedValue', EncryptedValue()), namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class PKIArchiveOptions(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('archiveRemGenPrivKey', univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class SinglePubInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('pubMethod', univ.Integer(namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))), namedtype.OptionalNamedType('pubLocation', GeneralName()) ) class PKIPublicationInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('action', univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))), namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class Authenticator(char.UTF8String): pass class RegToken(char.UTF8String): pass class SubsequentMessage(univ.Integer): namedValues = namedval.NamedValues( ('encrCert', 0), ('challengeResp', 1) ) class POPOPrivKey(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('thisMessage', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('dhMAC', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class PBMParameter(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('salt', univ.OctetString()), namedtype.NamedType('owf', AlgorithmIdentifier()), namedtype.NamedType('iterationCount', univ.Integer()), namedtype.NamedType('mac', AlgorithmIdentifier()) ) class PKMACValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('algId', AlgorithmIdentifier()), namedtype.NamedType('value', univ.BitString()) ) class POPOSigningKeyInput(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('authInfo', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('publicKeyMAC', PKMACValue())))), namedtype.NamedType('publicKey', SubjectPublicKeyInfo()) ) class POPOSigningKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()) ) class ProofOfPossession(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('raVerified', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('signature', POPOSigningKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), namedtype.NamedType('keyAgreement', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) ) class Controls(univ.SequenceOf): componentType = AttributeTypeAndValue() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) class OptionalValidity(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('notBefore', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('notAfter', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class CertTemplate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('version', Version().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), namedtype.OptionalNamedType('issuer', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.OptionalNamedType('validity', OptionalValidity().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), namedtype.OptionalNamedType('subject', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))) ) class CertRequest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certReqId', univ.Integer()), namedtype.NamedType('certTemplate', CertTemplate()), namedtype.OptionalNamedType('controls', Controls()) ) class CertReq(CertRequest): pass class CertReqMsg(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certReq', CertRequest()), namedtype.OptionalNamedType('pop', ProofOfPossession()), namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class CertReqMessages(univ.SequenceOf): componentType = CertReqMsg() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) pyasn1-modules-0.0.7/pyasn1_modules/rfc2459.py0000644000076400001440000012732212557073106021150 0ustar ilyausers00000000000000# # X.509 message syntax # # ASN.1 source from: # http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn # http://www.ietf.org/rfc/rfc2459.txt # # Sample captures from: # http://wiki.wireshark.org/SampleCaptures/ # from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful MAX = 64 # XXX ? # # PKIX1Explicit88 # # Upper Bounds ub_name = univ.Integer(32768) ub_common_name = univ.Integer(64) ub_locality_name = univ.Integer(128) ub_state_name = univ.Integer(128) ub_organization_name = univ.Integer(64) ub_organizational_unit_name = univ.Integer(64) ub_title = univ.Integer(64) ub_match = univ.Integer(128) ub_emailaddress_length = univ.Integer(128) ub_common_name_length = univ.Integer(64) ub_country_name_alpha_length = univ.Integer(2) ub_country_name_numeric_length = univ.Integer(3) ub_domain_defined_attributes = univ.Integer(4) ub_domain_defined_attribute_type_length = univ.Integer(8) ub_domain_defined_attribute_value_length = univ.Integer(128) ub_domain_name_length = univ.Integer(16) ub_extension_attributes = univ.Integer(256) ub_e163_4_number_length = univ.Integer(15) ub_e163_4_sub_address_length = univ.Integer(40) ub_generation_qualifier_length = univ.Integer(3) ub_given_name_length = univ.Integer(16) ub_initials_length = univ.Integer(5) ub_integer_options = univ.Integer(256) ub_numeric_user_id_length = univ.Integer(32) ub_organization_name_length = univ.Integer(64) ub_organizational_unit_name_length = univ.Integer(32) ub_organizational_units = univ.Integer(4) ub_pds_name_length = univ.Integer(16) ub_pds_parameter_length = univ.Integer(30) ub_pds_physical_address_lines = univ.Integer(6) ub_postal_code_length = univ.Integer(16) ub_surname_length = univ.Integer(40) ub_terminal_id_length = univ.Integer(24) ub_unformatted_address_length = univ.Integer(180) ub_x121_address_length = univ.Integer(16) class UniversalString(char.UniversalString): pass class BMPString(char.BMPString): pass class UTF8String(char.UTF8String): pass id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7') id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1') id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2') id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3') id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48') id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1') id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2') id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1') id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2') class AttributeValue(univ.Any): pass class AttributeType(univ.ObjectIdentifier): pass class AttributeTypeAndValue(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeType()), namedtype.NamedType('value', AttributeValue()) ) class Attribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeType()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) ) id_at = univ.ObjectIdentifier('2.5.4') id_at_name = univ.ObjectIdentifier('2.5.4.41') id_at_sutname = univ.ObjectIdentifier('2.5.4.4') id_at_givenName = univ.ObjectIdentifier('2.5.4.42') id_at_initials = univ.ObjectIdentifier('2.5.4.43') id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44') class X520name(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))) ) id_at_commonName = univ.ObjectIdentifier('2.5.4.3') class X520CommonName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))) ) id_at_localityName = univ.ObjectIdentifier('2.5.4.7') class X520LocalityName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))) ) id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8') class X520StateOrProvinceName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))) ) id_at_organizationName = univ.ObjectIdentifier('2.5.4.10') class X520OrganizationName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))) ) id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11') class X520OrganizationalUnitName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))) ) id_at_title = univ.ObjectIdentifier('2.5.4.12') class X520Title(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))) ) id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46') class X520dnQualifier(char.PrintableString): pass id_at_countryName = univ.ObjectIdentifier('2.5.4.6') class X520countryName(char.PrintableString): subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2) pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9') emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1') class Pkcs9email(char.IA5String): subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length) # ---- class DSAPrivateKey(univ.Sequence): """PKIX compliant DSA private key structure""" componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))), namedtype.NamedType('p', univ.Integer()), namedtype.NamedType('q', univ.Integer()), namedtype.NamedType('g', univ.Integer()), namedtype.NamedType('public', univ.Integer()), namedtype.NamedType('private', univ.Integer()) ) # ---- class RelativeDistinguishedName(univ.SetOf): componentType = AttributeTypeAndValue() class RDNSequence(univ.SequenceOf): componentType = RelativeDistinguishedName() class Name(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('', RDNSequence()) ) class DirectoryString(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) # hm, this should not be here!? XXX ) # certificate and CRL specific structures begin here class AlgorithmIdentifier(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('algorithm', univ.ObjectIdentifier()), namedtype.OptionalNamedType('parameters', univ.Any()) ) class Extension(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('extnID', univ.ObjectIdentifier()), namedtype.DefaultedNamedType('critical', univ.Boolean('False')), namedtype.NamedType('extnValue', univ.Any()) ) class Extensions(univ.SequenceOf): componentType = Extension() sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) class SubjectPublicKeyInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('algorithm', AlgorithmIdentifier()), namedtype.NamedType('subjectPublicKey', univ.BitString()) ) class UniqueIdentifier(univ.BitString): pass class Time(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('utcTime', useful.UTCTime()), namedtype.NamedType('generalTime', useful.GeneralizedTime()) ) class Validity(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('notBefore', Time()), namedtype.NamedType('notAfter', Time()) ) class CertificateSerialNumber(univ.Integer): pass class Version(univ.Integer): namedValues = namedval.NamedValues( ('v1', 0), ('v2', 1), ('v3', 2) ) class TBSCertificate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('serialNumber', CertificateSerialNumber()), namedtype.NamedType('signature', AlgorithmIdentifier()), namedtype.NamedType('issuer', Name()), namedtype.NamedType('validity', Validity()), namedtype.NamedType('subject', Name()), namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('extensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) ) class Certificate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('tbsCertificate', TBSCertificate()), namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('signatureValue', univ.BitString()) ) # CRL structures class RevokedCertificate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('userCertificate', CertificateSerialNumber()), namedtype.NamedType('revocationDate', Time()), namedtype.OptionalNamedType('crlEntryExtensions', Extensions()) ) class TBSCertList(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('version', Version()), namedtype.NamedType('signature', AlgorithmIdentifier()), namedtype.NamedType('issuer', Name()), namedtype.NamedType('thisUpdate', Time()), namedtype.OptionalNamedType('nextUpdate', Time()), namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())), namedtype.OptionalNamedType('crlExtensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class CertificateList(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('tbsCertList', TBSCertList()), namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()) ) # Algorithm OIDs and parameter structures pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1') rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1') md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2') md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4') sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5') id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3') class Dss_Sig_Value(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('r', univ.Integer()), namedtype.NamedType('s', univ.Integer()) ) dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1') class ValidationParms(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('seed', univ.BitString()), namedtype.NamedType('pgenCounter', univ.Integer()) ) class DomainParameters(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('p', univ.Integer()), namedtype.NamedType('g', univ.Integer()), namedtype.NamedType('q', univ.Integer()), namedtype.NamedType('j', univ.Integer()), namedtype.OptionalNamedType('validationParms', ValidationParms()) ) id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1') class Dss_Parms(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('p', univ.Integer()), namedtype.NamedType('q', univ.Integer()), namedtype.NamedType('g', univ.Integer()) ) # x400 address syntax starts here teletex_domain_defined_attributes = univ.Integer(6) class TeletexDomainDefinedAttribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), namedtype.NamedType('value', char.TeletexString()) ) class TeletexDomainDefinedAttributes(univ.SequenceOf): componentType = TeletexDomainDefinedAttribute() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) terminal_type = univ.Integer(23) class TerminalType(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options) namedValues = namedval.NamedValues( ('telex', 3), ('teletelex', 4), ('g3-facsimile', 5), ('g4-facsimile', 6), ('ia5-terminal', 7), ('videotex', 8) ) class PresentationAddress(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3), subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), ) extended_network_address = univ.Integer(22) class E163_4_address(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('number', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class ExtendedNetworkAddress(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('e163-4-address', E163_4_address()), namedtype.NamedType('psap-address', PresentationAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class PDSParameter(univ.Set): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))), namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))) ) local_postal_attributes = univ.Integer(21) class LocalPostalAttributes(PDSParameter): pass class UniquePostalName(PDSParameter): pass unique_postal_name = univ.Integer(20) poste_restante_address = univ.Integer(19) class PosteRestanteAddress(PDSParameter): pass post_office_box_address = univ.Integer(18) class PostOfficeBoxAddress(PDSParameter): pass street_address = univ.Integer(17) class StreetAddress(PDSParameter): pass class UnformattedPostalAddress(univ.Set): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))), namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length))) ) physical_delivery_office_name = univ.Integer(10) class PhysicalDeliveryOfficeName(PDSParameter): pass physical_delivery_office_number = univ.Integer(11) class PhysicalDeliveryOfficeNumber(PDSParameter): pass extension_OR_address_components = univ.Integer(12) class ExtensionORAddressComponents(PDSParameter): pass physical_delivery_personal_name = univ.Integer(13) class PhysicalDeliveryPersonalName(PDSParameter): pass physical_delivery_organization_name = univ.Integer(14) class PhysicalDeliveryOrganizationName(PDSParameter): pass extension_physical_delivery_address_components = univ.Integer(15) class ExtensionPhysicalDeliveryAddressComponents(PDSParameter): pass unformatted_postal_address = univ.Integer(16) postal_code = univ.Integer(9) class PostalCode(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('numeric-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))), namedtype.NamedType('printable-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))) ) class PhysicalDeliveryCountryName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))), namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) ) class PDSName(char.PrintableString): subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length) physical_delivery_country_name = univ.Integer(8) class TeletexOrganizationalUnitName(char.TeletexString): subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) pds_name = univ.Integer(7) teletex_organizational_unit_names = univ.Integer(5) class TeletexOrganizationalUnitNames(univ.SequenceOf): componentType = TeletexOrganizationalUnitName() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units) teletex_personal_name = univ.Integer(4) class TeletexPersonalName(univ.Set): componentType = namedtype.NamedTypes( namedtype.NamedType('surname', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('initials', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) ) teletex_organization_name = univ.Integer(3) class TeletexOrganizationName(char.TeletexString): subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length) teletex_common_name = univ.Integer(2) class TeletexCommonName(char.TeletexString): subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length) class CommonName(char.PrintableString): subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length) common_name = univ.Integer(1) class ExtensionAttribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('extension-attribute-value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class ExtensionAttributes(univ.SetOf): componentType = ExtensionAttribute() subtypeSpec = univ.SetOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes) class BuiltInDomainDefinedAttribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), namedtype.NamedType('value', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length))) ) class BuiltInDomainDefinedAttributes(univ.SequenceOf): componentType = BuiltInDomainDefinedAttribute() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) class OrganizationalUnitName(char.PrintableString): subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) class OrganizationalUnitNames(univ.SequenceOf): componentType = OrganizationalUnitName() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units) class PersonalName(univ.Set): componentType = namedtype.NamedTypes( namedtype.NamedType('surname', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('initials', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) ) class NumericUserIdentifier(char.NumericString): subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length) class OrganizationName(char.PrintableString): subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length) class PrivateDomainName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))), namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))) ) class TerminalIdentifier(char.PrintableString): subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length) class X121Address(char.NumericString): subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length) class NetworkAddress(X121Address): pass class AdministrationDomainName(univ.Choice): tagSet = univ.Choice.tagSet.tagExplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2) ) componentType = namedtype.NamedTypes( namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))), namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))) ) class CountryName(univ.Choice): tagSet = univ.Choice.tagSet.tagExplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1) ) componentType = namedtype.NamedTypes( namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))), namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) ) class BuiltInStandardAttributes(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('country-name', CountryName()), namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()), namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('personal-name', PersonalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))) ) class ORAddress(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()), namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()), namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes()) ) # # PKIX1Implicit88 # id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24') class InvalidityDate(useful.GeneralizedTime): pass id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1') id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2') id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3') holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2') id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23') class HoldInstructionCode(univ.ObjectIdentifier): pass id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21') class CRLReason(univ.Enumerated): namedValues = namedval.NamedValues( ('unspecified', 0), ('keyCompromise', 1), ('cACompromise', 2), ('affiliationChanged', 3), ('superseded', 4), ('cessationOfOperation', 5), ('certificateHold', 6), ('removeFromCRL', 8) ) id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20') class CRLNumber(univ.Integer): subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(0, MAX) class BaseCRLNumber(CRLNumber): pass id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1') id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2') id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3') id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4') id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5') id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6') id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7') id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8') id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1') id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37') class KeyPurposeId(univ.ObjectIdentifier): pass class ExtKeyUsageSyntax(univ.SequenceOf): componentType = KeyPurposeId() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) class ReasonFlags(univ.BitString): namedValues = namedval.NamedValues( ('unused', 0), ('keyCompromise', 1), ('cACompromise', 2), ('affiliationChanged', 3), ('superseded', 4), ('cessationOfOperation', 5), ('certificateHold', 6) ) class SkipCerts(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX) id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36') class PolicyConstraints(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) ) id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19') class BasicConstraints(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('cA', univ.Boolean(False)), namedtype.OptionalNamedType('pathLenConstraint', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))) ) id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9') class SubjectDirectoryAttributes(univ.SequenceOf): componentType = Attribute() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) class EDIPartyName(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('partyName', DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class AnotherName(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type-id', univ.ObjectIdentifier()), namedtype.NamedType('value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class GeneralName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('otherName', AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('rfc822Name', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('dNSName', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.NamedType('x400Address', ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.NamedType('directoryName', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.NamedType('ediPartyName', EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.NamedType('uniformResourceIdentifier', char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.NamedType('iPAddress', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) ) class GeneralNames(univ.SequenceOf): componentType = GeneralName() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) class AccessDescription(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('accessMethod', univ.ObjectIdentifier()), namedtype.NamedType('accessLocation', GeneralName()) ) class AuthorityInfoAccessSyntax(univ.SequenceOf): componentType = AccessDescription() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27') class DistributionPointName(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('fullName', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) ) class DistributionPoint(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) ) class BaseDistance(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX) id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31') class CRLDistPointsSyntax(univ.SequenceOf): componentType = DistributionPoint() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28') class IssuingDistributionPoint(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) ) class GeneralSubtree(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('base', GeneralName()), namedtype.NamedType('minimum', BaseDistance(0).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('maximum', BaseDistance().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) ) class GeneralSubtrees(univ.SequenceOf): componentType = GeneralSubtree() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30') class NameConstraints(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class DisplayText(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('visibleString', char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))), namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))), namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))) ) class NoticeReference(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('organization', DisplayText()), namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer())) ) class UserNotice(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('noticeRef', NoticeReference()), namedtype.OptionalNamedType('explicitText', DisplayText()) ) class CPSuri(char.IA5String): pass class PolicyQualifierId(univ.ObjectIdentifier): subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice) class CertPolicyId(univ.ObjectIdentifier): pass class PolicyQualifierInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('policyQualifierId', PolicyQualifierId()), namedtype.NamedType('qualifier', univ.Any()) ) id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32') class PolicyInformation(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('policyIdentifier', CertPolicyId()), namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) ) class CertificatePolicies(univ.SequenceOf): componentType = PolicyInformation() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33') class PolicyMapping(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('issuerDomainPolicy', CertPolicyId()), namedtype.NamedType('subjectDomainPolicy', CertPolicyId()) ) class PolicyMappings(univ.SequenceOf): componentType = PolicyMapping() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16') class PrivateKeyUsagePeriod(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15') class KeyUsage(univ.BitString): namedValues = namedval.NamedValues( ('digitalSignature', 0), ('nonRepudiation', 1), ('keyEncipherment', 2), ('dataEncipherment', 3), ('keyAgreement', 4), ('keyCertSign', 5), ('cRLSign', 6), ('encipherOnly', 7), ('decipherOnly', 8) ) id_ce = univ.ObjectIdentifier('2.5.29') id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35') class KeyIdentifier(univ.OctetString): pass id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14') class SubjectKeyIdentifier(KeyIdentifier): pass class AuthorityKeyIdentifier(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29') class CertificateIssuer(GeneralNames): pass id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17') class SubjectAltName(GeneralNames): pass id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18') class IssuerAltName(GeneralNames): pass pyasn1-modules-0.0.7/pyasn1_modules/rfc2437.py0000644000076400001440000000451211740610673021136 0ustar ilyausers00000000000000# # PKCS#1 syntax # # ASN.1 source from: # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2.asn # # Sample captures could be obtained with "openssl genrsa" command # from pyasn1.type import tag, namedtype, namedval, univ, constraint from pyasn1_modules.rfc2459 import AlgorithmIdentifier pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1') rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1') md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2') md4WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.3') md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4') sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5') rsaOAEPEncryptionSET = univ.ObjectIdentifier('1.2.840.113549.1.1.6') id_RSAES_OAEP = univ.ObjectIdentifier('1.2.840.113549.1.1.7') id_mgf1 = univ.ObjectIdentifier('1.2.840.113549.1.1.8') id_pSpecified = univ.ObjectIdentifier('1.2.840.113549.1.1.9') id_sha1 = univ.ObjectIdentifier('1.3.14.3.2.26') MAX = 16 class Version(univ.Integer): pass class RSAPrivateKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('modulus', univ.Integer()), namedtype.NamedType('publicExponent', univ.Integer()), namedtype.NamedType('privateExponent', univ.Integer()), namedtype.NamedType('prime1', univ.Integer()), namedtype.NamedType('prime2', univ.Integer()), namedtype.NamedType('exponent1', univ.Integer()), namedtype.NamedType('exponent2', univ.Integer()), namedtype.NamedType('coefficient', univ.Integer()) ) class RSAPublicKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('modulus', univ.Integer()), namedtype.NamedType('publicExponent', univ.Integer()) ) # XXX defaults not set class RSAES_OAEP_params(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) ) pyasn1-modules-0.0.7/pyasn1_modules/__init__.py0000644000076400001440000000010112546225433021572 0ustar ilyausers00000000000000# http://www.python.org/dev/peps/pep-0396/ __version__ = '0.0.7' pyasn1-modules-0.0.7/pyasn1_modules/rfc1902.py0000644000076400001440000000666211741333400021131 0ustar ilyausers00000000000000# # SNMPv2c message syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc1902.txt # from pyasn1.type import univ, namedtype, namedval, tag, constraint class Integer(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( -2147483648, 2147483647 ) class Integer32(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( -2147483648, 2147483647 ) class OctetString(univ.OctetString): subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueSizeConstraint( 0, 65535 ) class IpAddress(univ.OctetString): tagSet = univ.OctetString.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x00) ) subtypeSpec = univ.OctetString.subtypeSpec+constraint.ValueSizeConstraint( 4, 4 ) class Counter32(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x01) ) subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( 0, 4294967295 ) class Gauge32(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02) ) subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( 0, 4294967295 ) class Unsigned32(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02) ) subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( 0, 4294967295 ) class TimeTicks(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x03) ) subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( 0, 4294967295 ) class Opaque(univ.OctetString): tagSet = univ.OctetString.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x04) ) class Counter64(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x06) ) subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint( 0, 18446744073709551615 ) class Bits(univ.OctetString): pass class ObjectName(univ.ObjectIdentifier): pass class SimpleSyntax(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('integer-value', Integer()), namedtype.NamedType('string-value', OctetString()), namedtype.NamedType('objectID-value', univ.ObjectIdentifier()) ) class ApplicationSyntax(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('ipAddress-value', IpAddress()), namedtype.NamedType('counter-value', Counter32()), namedtype.NamedType('timeticks-value', TimeTicks()), namedtype.NamedType('arbitrary-value', Opaque()), namedtype.NamedType('big-counter-value', Counter64()), # This conflicts with Counter32 # namedtype.NamedType('unsigned-integer-value', Unsigned32()), namedtype.NamedType('gauge32-value', Gauge32()) ) # BITS misplaced? class ObjectSyntax(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('simple', SimpleSyntax()), namedtype.NamedType('application-wide', ApplicationSyntax()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc3412.py0000644000076400001440000000321311741333400021114 0ustar ilyausers00000000000000# # SNMPv3 message syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc3412.txt # from pyasn1.type import univ, namedtype, namedval, tag, constraint from pyasn1_modules import rfc1905 class ScopedPDU(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('contextEngineId', univ.OctetString()), namedtype.NamedType('contextName', univ.OctetString()), namedtype.NamedType('data', rfc1905.PDUs()) ) class ScopedPduData(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('plaintext', ScopedPDU()), namedtype.NamedType('encryptedPDU', univ.OctetString()), ) class HeaderData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('msgID', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))), namedtype.NamedType('msgMaxSize', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))), namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))), namedtype.NamedType('msgSecurityModel', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647))) ) class SNMPv3Message(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('msgVersion', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))), namedtype.NamedType('msgGlobalData', HeaderData()), namedtype.NamedType('msgSecurityParameters', univ.OctetString()), namedtype.NamedType('msgData', ScopedPduData()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc4210.py0000644000076400001440000006537712346001207021133 0ustar ilyausers00000000000000# # Certificate Management Protocol structures as per RFC4210 # # Based on Alex Railean's work # from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful from pyasn1_modules import rfc2459, rfc2511, rfc2314 MAX = 64 class KeyIdentifier(univ.OctetString): pass class CMPCertificate(rfc2459.Certificate): pass class OOBCert(CMPCertificate): pass class CertAnnContent(CMPCertificate): pass class PKIFreeText(univ.SequenceOf): """ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String """ componentType = char.UTF8String() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) class PollRepContent(univ.SequenceOf): """ PollRepContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER, checkAfter INTEGER, -- time in seconds reason PKIFreeText OPTIONAL } """ class CertReq(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certReqId', univ.Integer()), namedtype.NamedType('checkAfter', univ.Integer()), namedtype.OptionalNamedType('reason', PKIFreeText()) ) componentType = CertReq() class PollReqContent(univ.SequenceOf): """ PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER } """ class CertReq(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certReqId', univ.Integer()) ) componentType = CertReq() class InfoTypeAndValue(univ.Sequence): """ InfoTypeAndValue ::= SEQUENCE { infoType OBJECT IDENTIFIER, infoValue ANY DEFINED BY infoType OPTIONAL }""" componentType = namedtype.NamedTypes( namedtype.NamedType('infoType', univ.ObjectIdentifier()), namedtype.OptionalNamedType('infoValue', univ.Any()) ) class GenRepContent(univ.SequenceOf): componentType = InfoTypeAndValue() class GenMsgContent(univ.SequenceOf): componentType = InfoTypeAndValue() class PKIConfirmContent(univ.Null): pass class CRLAnnContent(univ.SequenceOf): componentType = rfc2459.CertificateList() class CAKeyUpdAnnContent(univ.Sequence): """ CAKeyUpdAnnContent ::= SEQUENCE { oldWithNew CMPCertificate, newWithOld CMPCertificate, newWithNew CMPCertificate } """ componentType = namedtype.NamedTypes( namedtype.NamedType('oldWithNew', CMPCertificate()), namedtype.NamedType('newWithOld', CMPCertificate()), namedtype.NamedType('newWithNew', CMPCertificate()) ) class RevDetails(univ.Sequence): """ RevDetails ::= SEQUENCE { certDetails CertTemplate, crlEntryDetails Extensions OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('certDetails', rfc2511.CertTemplate()), namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions()) ) class RevReqContent(univ.SequenceOf): componentType = RevDetails() class CertOrEncCert(univ.Choice): """ CertOrEncCert ::= CHOICE { certificate [0] CMPCertificate, encryptedCert [1] EncryptedValue } """ componentType = namedtype.NamedTypes( namedtype.NamedType('certificate', CMPCertificate().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) ), namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) ) ) class CertifiedKeyPair(univ.Sequence): """ CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedValue OPTIONAL, publicationInfo [1] PKIPublicationInfo OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('certOrEncCert', CertOrEncCert()), namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) ), namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) ) ) class POPODecKeyRespContent(univ.SequenceOf): componentType = univ.Integer() class Challenge(univ.Sequence): """ Challenge ::= SEQUENCE { owf AlgorithmIdentifier OPTIONAL, witness OCTET STRING, challenge OCTET STRING } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('witness', univ.OctetString()), namedtype.NamedType('challenge', univ.OctetString()) ) class PKIStatus(univ.Integer): """ PKIStatus ::= INTEGER { accepted (0), grantedWithMods (1), rejection (2), waiting (3), revocationWarning (4), revocationNotification (5), keyUpdateWarning (6) } """ namedValues = namedval.NamedValues( ('accepted', 0), ('grantedWithMods', 1), ('rejection', 2), ('waiting', 3), ('revocationWarning', 4), ('revocationNotification', 5), ('keyUpdateWarning', 6) ) class PKIFailureInfo(univ.BitString): """ PKIFailureInfo ::= BIT STRING { badAlg (0), badMessageCheck (1), badRequest (2), badTime (3), badCertId (4), badDataFormat (5), wrongAuthority (6), incorrectData (7), missingTimeStamp (8), badPOP (9), certRevoked (10), certConfirmed (11), wrongIntegrity (12), badRecipientNonce (13), timeNotAvailable (14), unacceptedPolicy (15), unacceptedExtension (16), addInfoNotAvailable (17), badSenderNonce (18), badCertTemplate (19), signerNotTrusted (20), transactionIdInUse (21), unsupportedVersion (22), notAuthorized (23), systemUnavail (24), systemFailure (25), duplicateCertReq (26) """ namedValues = namedval.NamedValues( ('badAlg', 0), ('badMessageCheck', 1), ('badRequest', 2), ('badTime', 3), ('badCertId', 4), ('badDataFormat', 5), ('wrongAuthority', 6), ('incorrectData', 7), ('missingTimeStamp', 8), ('badPOP', 9), ('certRevoked', 10), ('certConfirmed', 11), ('wrongIntegrity', 12), ('badRecipientNonce', 13), ('timeNotAvailable', 14), ('unacceptedPolicy', 15), ('unacceptedExtension', 16), ('addInfoNotAvailable', 17), ('badSenderNonce', 18), ('badCertTemplate', 19), ('signerNotTrusted', 20), ('transactionIdInUse', 21), ('unsupportedVersion', 22), ('notAuthorized', 23), ('systemUnavail', 24), ('systemFailure', 25), ('duplicateCertReq', 26) ) class PKIStatusInfo(univ.Sequence): """ PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusString PKIFreeText OPTIONAL, failInfo PKIFailureInfo OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatus()), namedtype.OptionalNamedType('statusString', PKIFreeText()), namedtype.OptionalNamedType('failInfo', PKIFailureInfo()) ) class ErrorMsgContent(univ.Sequence): """ ErrorMsgContent ::= SEQUENCE { pKIStatusInfo PKIStatusInfo, errorCode INTEGER OPTIONAL, -- implementation-specific error codes errorDetails PKIFreeText OPTIONAL -- implementation-specific error details } """ componentType = namedtype.NamedTypes( namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()), namedtype.OptionalNamedType('errorCode', univ.Integer()), namedtype.OptionalNamedType('errorDetails', PKIFreeText()) ) class CertStatus(univ.Sequence): """ CertStatus ::= SEQUENCE { certHash OCTET STRING, certReqId INTEGER, statusInfo PKIStatusInfo OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('certHash', univ.OctetString()), namedtype.NamedType('certReqId', univ.Integer()), namedtype.OptionalNamedType('statusInfo', PKIStatusInfo()) ) class CertConfirmContent(univ.SequenceOf): componentType = CertStatus() class RevAnnContent(univ.Sequence): """ RevAnnContent ::= SEQUENCE { status PKIStatus, certId CertId, willBeRevokedAt GeneralizedTime, badSinceDate GeneralizedTime, crlDetails Extensions OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatus()), namedtype.NamedType('certId', rfc2511.CertId()), namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()) ) class RevRepContent(univ.Sequence): """ RevRepContent ::= SEQUENCE { status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL """ componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatusInfo()), namedtype.OptionalNamedType('revCerts', univ.SequenceOf( componentType=rfc2511.CertId() ).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) ), namedtype.OptionalNamedType('crls', univ.SequenceOf( componentType=rfc2459.CertificateList() ).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) ) ) class KeyRecRepContent(univ.Sequence): """ KeyRecRepContent ::= SEQUENCE { status PKIStatusInfo, newSigCert [0] CMPCertificate OPTIONAL, caCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, keyPairHist [2] SEQUENCE SIZE (1..MAX) OF CertifiedKeyPair OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatusInfo()), namedtype.OptionalNamedType('newSigCert', CMPCertificate().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) ), namedtype.OptionalNamedType('caCerts', univ.SequenceOf( componentType=CMPCertificate() ).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), subtypeSpec=constraint.ValueSizeConstraint(1, MAX) ) ), namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf( componentType=CertifiedKeyPair() ).subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2), subtypeSpec=constraint.ValueSizeConstraint(1, MAX) ) ) ) class CertResponse(univ.Sequence): """ CertResponse ::= SEQUENCE { certReqId INTEGER, status PKIStatusInfo, certifiedKeyPair CertifiedKeyPair OPTIONAL, rspInfo OCTET STRING OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('certReqId', univ.Integer()), namedtype.NamedType('status', PKIStatusInfo()), namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()), namedtype.OptionalNamedType('rspInfo', univ.OctetString()) ) class CertRepMessage(univ.Sequence): """ CertRepMessage ::= SEQUENCE { caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, response SEQUENCE OF CertResponse } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('caPubs', univ.SequenceOf( componentType=CMPCertificate() ).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1) ) ), namedtype.NamedType('response', univ.SequenceOf( componentType=CertResponse()) ) ) class POPODecKeyChallContent(univ.SequenceOf): componentType = Challenge() class OOBCertHash(univ.Sequence): """ OOBCertHash ::= SEQUENCE { hashAlg [0] AlgorithmIdentifier OPTIONAL, certId [1] CertId OPTIONAL, hashVal BIT STRING } """ componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('hashAlg', rfc2459.AlgorithmIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0) ) ), namedtype.OptionalNamedType('certId', rfc2511.CertId().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1) ) ), namedtype.NamedType('hashVal', univ.BitString()) ) # pyasn1 does not naturally handle recursive definitions, thus this hack: # NestedMessageContent ::= PKIMessages class NestedMessageContent(univ.SequenceOf): """ NestedMessageContent ::= PKIMessages """ componentType = univ.Any() class DHBMParameter(univ.Sequence): """ DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier, -- AlgId for a One-Way Function (SHA-1 recommended) mac AlgorithmIdentifier -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], } -- or HMAC [RFC2104, RFC2202]) """ componentType = namedtype.NamedTypes( namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) ) id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30') class PBMParameter(univ.Sequence): """ PBMParameter ::= SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, mac AlgorithmIdentifier } """ componentType = namedtype.NamedTypes( namedtype.NamedType('salt', univ.OctetString().subtype( subtypeSpec=constraint.ValueSizeConstraint(0, 128) ) ), namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('iterationCount', univ.Integer()), namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) ) id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13') class PKIProtection(univ.BitString): pass # pyasn1 does not naturally handle recursive definitions, thus this hack: # NestedMessageContent ::= PKIMessages nestedMessageContent = NestedMessageContent().subtype(explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)) class PKIBody(univ.Choice): """ PKIBody ::= CHOICE { -- message-specific body elements ir [0] CertReqMessages, --Initialization Request ip [1] CertRepMessage, --Initialization Response cr [2] CertReqMessages, --Certification Request cp [3] CertRepMessage, --Certification Response p10cr [4] CertificationRequest, --imported from [PKCS10] popdecc [5] POPODecKeyChallContent, --pop Challenge popdecr [6] POPODecKeyRespContent, --pop Response kur [7] CertReqMessages, --Key Update Request kup [8] CertRepMessage, --Key Update Response krr [9] CertReqMessages, --Key Recovery Request krp [10] KeyRecRepContent, --Key Recovery Response rr [11] RevReqContent, --Revocation Request rp [12] RevRepContent, --Revocation Response ccr [13] CertReqMessages, --Cross-Cert. Request ccp [14] CertRepMessage, --Cross-Cert. Response ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. cann [16] CertAnnContent, --Certificate Ann. rann [17] RevAnnContent, --Revocation Ann. crlann [18] CRLAnnContent, --CRL Announcement pkiconf [19] PKIConfirmContent, --Confirmation nested [20] NestedMessageContent, --Nested Message genm [21] GenMsgContent, --General Message genp [22] GenRepContent, --General Response error [23] ErrorMsgContent, --Error Message certConf [24] CertConfirmContent, --Certificate confirm pollReq [25] PollReqContent, --Polling request pollRep [26] PollRepContent --Polling response """ componentType = namedtype.NamedTypes( namedtype.NamedType('ir', rfc2511.CertReqMessages().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0) ) ), namedtype.NamedType('ip', CertRepMessage().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1) ) ), namedtype.NamedType('cr', rfc2511.CertReqMessages().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,2) ) ), namedtype.NamedType('cp', CertRepMessage().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,3) ) ), namedtype.NamedType('p10cr', rfc2314.CertificationRequest().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,4) ) ), namedtype.NamedType('popdecc', POPODecKeyChallContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,5) ) ), namedtype.NamedType('popdecr', POPODecKeyRespContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,6) ) ), namedtype.NamedType('kur', rfc2511.CertReqMessages().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,7) ) ), namedtype.NamedType('kup', CertRepMessage().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,8) ) ), namedtype.NamedType('krr', rfc2511.CertReqMessages().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,9) ) ), namedtype.NamedType('krp', KeyRecRepContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,10) ) ), namedtype.NamedType('rr', RevReqContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,11) ) ), namedtype.NamedType('rp', RevRepContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,12) ) ), namedtype.NamedType('ccr', rfc2511.CertReqMessages().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,13) ) ), namedtype.NamedType('ccp', CertRepMessage().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,14) ) ), namedtype.NamedType('ckuann', CAKeyUpdAnnContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,15) ) ), namedtype.NamedType('cann', CertAnnContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,16) ) ), namedtype.NamedType('rann', RevAnnContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,17) ) ), namedtype.NamedType('crlann', CRLAnnContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,18) ) ), namedtype.NamedType('pkiconf', PKIConfirmContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,19) ) ), namedtype.NamedType('nested', nestedMessageContent), # namedtype.NamedType('nested', NestedMessageContent().subtype( # explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20) # ) # ), namedtype.NamedType('genm', GenMsgContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,21) ) ), namedtype.NamedType('gen', GenRepContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,22) ) ), namedtype.NamedType('error', ErrorMsgContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,23) ) ), namedtype.NamedType('certConf', CertConfirmContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,24) ) ), namedtype.NamedType('pollReq', PollReqContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,25) ) ), namedtype.NamedType('pollRep', PollRepContent().subtype( explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,26) ) ) ) class PKIHeader(univ.Sequence): """ PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('pvno', univ.Integer( namedValues=namedval.NamedValues( ('cmp1999', 1), ('cmp2000', 2) ) ) ), namedtype.NamedType('sender', rfc2459.GeneralName()), namedtype.NamedType('recipient', rfc2459.GeneralName()), namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType('generalInfo', univ.SequenceOf( componentType=InfoTypeAndValue().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) ) ) ) ) class ProtectedPart(univ.Sequence): """ ProtectedPart ::= SEQUENCE { header PKIHeader, body PKIBody } """ componentType = namedtype.NamedTypes( namedtype.NamedType('header', PKIHeader()), namedtype.NamedType('infoValue', PKIBody()) ) class PKIMessage(univ.Sequence): """ PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL }""" componentType = namedtype.NamedTypes( namedtype.NamedType('header', PKIHeader()), namedtype.NamedType('body', PKIBody()), namedtype.OptionalNamedType('protection', PKIProtection().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'extraCerts', univ.SequenceOf( componentType=CMPCertificate() ).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) ) ) class PKIMessages(univ.SequenceOf): """ PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage """ componentType = PKIMessage() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) # pyasn1 does not naturally handle recursive definitions, thus this hack: # NestedMessageContent ::= PKIMessages NestedMessageContent.componentType = PKIMessages() nestedMessageContent.componentType = PKIMessages() pyasn1-modules-0.0.7/pyasn1_modules/rfc5208.py0000644000076400001440000000242411740575121021133 0ustar ilyausers00000000000000# # PKCS#8 syntax # # ASN.1 source from: # http://tools.ietf.org/html/rfc5208 # # Sample captures could be obtained with "openssl pkcs8 -topk8" command # from pyasn1.type import tag, namedtype, namedval, univ, constraint from pyasn1_modules.rfc2459 import * from pyasn1_modules import rfc2251 class KeyEncryptionAlgorithms(AlgorithmIdentifier): pass class PrivateKeyAlgorithms(AlgorithmIdentifier): pass class EncryptedData(univ.OctetString): pass class EncryptedPrivateKeyInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('encryptionAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('encryptedData', EncryptedData()) ) class PrivateKey(univ.OctetString): pass class Attributes(univ.SetOf): componentType = rfc2251.Attribute() class Version(univ.Integer): namedValues = namedval.NamedValues(('v1', 0), ('v2', 1)) class PrivateKeyInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('privateKeyAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('privateKey', PrivateKey()), namedtype.OptionalNamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc1905.py0000644000076400001440000001020611777316662021145 0ustar ilyausers00000000000000# # SNMPv2c PDU syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc1905.txt # from pyasn1.type import univ, namedtype, namedval, tag, constraint from pyasn1_modules import rfc1902 max_bindings = rfc1902.Integer(2147483647) class _BindValue(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('value', rfc1902.ObjectSyntax()), namedtype.NamedType('unSpecified', univ.Null()), namedtype.NamedType('noSuchObject', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('noSuchInstance', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('endOfMibView', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class VarBind(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('name', rfc1902.ObjectName()), namedtype.NamedType('', _BindValue()) ) class VarBindList(univ.SequenceOf): componentType = VarBind() subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint( 0, max_bindings ) class PDU(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('request-id', rfc1902.Integer32()), namedtype.NamedType('error-status', univ.Integer(namedValues=namedval.NamedValues(('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3), ('readOnly', 4), ('genErr', 5), ('noAccess', 6), ('wrongType', 7), ('wrongLength', 8), ('wrongEncoding', 9), ('wrongValue', 10), ('noCreation', 11), ('inconsistentValue', 12), ('resourceUnavailable', 13), ('commitFailed', 14), ('undoFailed', 15), ('authorizationError', 16), ('notWritable', 17), ('inconsistentName', 18)))), namedtype.NamedType('error-index', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))), namedtype.NamedType('variable-bindings', VarBindList()) ) class BulkPDU(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('request-id', rfc1902.Integer32()), namedtype.NamedType('non-repeaters', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))), namedtype.NamedType('max-repetitions', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))), namedtype.NamedType('variable-bindings', VarBindList()) ) class GetRequestPDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) class GetNextRequestPDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) class ResponsePDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2) ) class SetRequestPDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3) ) class GetBulkRequestPDU(BulkPDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5) ) class InformRequestPDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6) ) class SNMPv2TrapPDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7) ) class ReportPDU(PDU): tagSet = PDU.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8) ) class PDUs(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('get-request', GetRequestPDU()), namedtype.NamedType('get-next-request', GetNextRequestPDU()), namedtype.NamedType('get-bulk-request', GetBulkRequestPDU()), namedtype.NamedType('response', ResponsePDU()), namedtype.NamedType('set-request', SetRequestPDU()), namedtype.NamedType('inform-request', InformRequestPDU()), namedtype.NamedType('snmpV2-trap', SNMPv2TrapPDU()), namedtype.NamedType('report', ReportPDU()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc1155.py0000644000076400001440000000470711741333252021134 0ustar ilyausers00000000000000# # SNMPv1 message syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc1155.txt # # Sample captures from: # http://wiki.wireshark.org/SampleCaptures/ # from pyasn1.type import univ, namedtype, namedval, tag, constraint class ObjectName(univ.ObjectIdentifier): pass class SimpleSyntax(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('number', univ.Integer()), namedtype.NamedType('string', univ.OctetString()), namedtype.NamedType('object', univ.ObjectIdentifier()), namedtype.NamedType('empty', univ.Null()) ) class IpAddress(univ.OctetString): tagSet = univ.OctetString.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0) ) subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint( 4, 4 ) class NetworkAddress(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('internet', IpAddress()) ) class Counter(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 1) ) subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 0, 4294967295 ) class Gauge(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2) ) subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 0, 4294967295 ) class TimeTicks(univ.Integer): tagSet = univ.Integer.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 3) ) subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 0, 4294967295 ) class Opaque(univ.OctetString): tagSet = univ.OctetString.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 4) ) class ApplicationSyntax(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('address', NetworkAddress()), namedtype.NamedType('counter', Counter()), namedtype.NamedType('gauge', Gauge()), namedtype.NamedType('ticks', TimeTicks()), namedtype.NamedType('arbitrary', Opaque()) ) class ObjectSyntax(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('simple', SimpleSyntax()), namedtype.NamedType('application-wide', ApplicationSyntax()) ) pyasn1-modules-0.0.7/pyasn1_modules/pem.py0000644000076400001440000000354511741637141020632 0ustar ilyausers00000000000000import base64, sys stSpam, stHam, stDump = 0, 1, 2 # The markers parameters is in form ('start1', 'stop1'), ('start2', 'stop2')... # Return is (marker-index, substrate) def readPemBlocksFromFile(fileObj, *markers): startMarkers = dict(map(lambda x: (x[1],x[0]), enumerate(map(lambda x: x[0], markers)))) stopMarkers = dict(map(lambda x: (x[1],x[0]), enumerate(map(lambda x: x[1], markers)))) idx = -1; substrate = '' state = stSpam while 1: certLine = fileObj.readline() if not certLine: break certLine = certLine.strip() if state == stSpam: if certLine in startMarkers: certLines = [] idx = startMarkers[certLine] state = stHam continue if state == stHam: if certLine in stopMarkers and stopMarkers[certLine] == idx: state = stDump else: certLines.append(certLine) if state == stDump: if sys.version_info[0] <= 2: substrate = ''.join([ base64.b64decode(x) for x in certLines ]) else: substrate = ''.encode().join([ base64.b64decode(x.encode()) for x in certLines ]) break return idx, substrate # Backward compatibility routine def readPemFromFile(fileObj, startMarker='-----BEGIN CERTIFICATE-----', endMarker='-----END CERTIFICATE-----'): idx, substrate = readPemBlocksFromFile(fileObj, (startMarker, endMarker)) return substrate def readBase64FromFile(fileObj): if sys.version_info[0] <= 2: return ''.join([ base64.b64decode(x) for x in fileObj.readlines() ]) else: return ''.encode().join( [ base64.b64decode(x.encode()) for x in fileObj.readlines() ] ) pyasn1-modules-0.0.7/pyasn1_modules/rfc1901.py0000644000076400001440000000067311777316662021150 0ustar ilyausers00000000000000# # SNMPv2c message syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc1901.txt # from pyasn1.type import univ, namedtype, namedval class Message(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues = namedval.NamedValues(('version-2c', 1)))), namedtype.NamedType('community', univ.OctetString()), namedtype.NamedType('data', univ.Any()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc1157.py0000644000076400001440000000632511741333252021134 0ustar ilyausers00000000000000# # SNMPv1 message syntax # # ASN.1 source from: # http://www.ietf.org/rfc/rfc1157.txt # # Sample captures from: # http://wiki.wireshark.org/SampleCaptures/ # from pyasn1.type import univ, namedtype, namedval, tag, constraint from pyasn1_modules import rfc1155 class Version(univ.Integer): namedValues = namedval.NamedValues( ('version-1', 0) ) defaultValue = 0 class Community(univ.OctetString): pass class RequestID(univ.Integer): pass class ErrorStatus(univ.Integer): namedValues = namedval.NamedValues( ('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3), ('readOnly', 4), ('genErr', 5) ) class ErrorIndex(univ.Integer): pass class VarBind(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('name', rfc1155.ObjectName()), namedtype.NamedType('value', rfc1155.ObjectSyntax()) ) class VarBindList(univ.SequenceOf): componentType = VarBind() class _RequestBase(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('request-id', RequestID()), namedtype.NamedType('error-status', ErrorStatus()), namedtype.NamedType('error-index', ErrorIndex()), namedtype.NamedType('variable-bindings', VarBindList()) ) class GetRequestPDU(_RequestBase): tagSet = _RequestBase.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) class GetNextRequestPDU(_RequestBase): tagSet = _RequestBase.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) class GetResponsePDU(_RequestBase): tagSet = _RequestBase.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2) ) class SetRequestPDU(_RequestBase): tagSet = _RequestBase.tagSet.tagImplicitly( tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3) ) class TrapPDU(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('enterprise', univ.ObjectIdentifier()), namedtype.NamedType('agent-addr', rfc1155.NetworkAddress()), namedtype.NamedType('generic-trap', univ.Integer().clone(namedValues=namedval.NamedValues(('coldStart', 0), ('warmStart', 1), ('linkDown', 2), ('linkUp', 3), ('authenticationFailure', 4), ('egpNeighborLoss', 5), ('enterpriseSpecific', 6)))), namedtype.NamedType('specific-trap', univ.Integer()), namedtype.NamedType('time-stamp', rfc1155.TimeTicks()), namedtype.NamedType('variable-bindings', VarBindList()) ) class Pdus(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('get-request', GetRequestPDU()), namedtype.NamedType('get-next-request', GetNextRequestPDU()), namedtype.NamedType('get-response', GetResponsePDU()), namedtype.NamedType('set-request', SetRequestPDU()), namedtype.NamedType('trap', TrapPDU()) ) class Message(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('community', Community()), namedtype.NamedType('data', Pdus()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc2251.py0000644000076400001440000005345211527265144021141 0ustar ilyausers00000000000000# # LDAP message syntax # # ASN.1 source from: # http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/ldap.asn # # Sample captures from: # http://wiki.wireshark.org/SampleCaptures/ # from pyasn1.type import tag, namedtype, namedval, univ, constraint,char,useful from pyasn1.codec.der import decoder, encoder maxInt = univ.Integer(2147483647) class LDAPString(univ.OctetString): pass class LDAPOID(univ.OctetString): pass class LDAPDN(LDAPString): pass class RelativeLDAPDN(LDAPString): pass class AttributeType(LDAPString): pass class AttributeDescription(LDAPString): pass class AttributeDescriptionList(univ.SequenceOf): componentType = AttributeDescription() class AttributeValue(univ.OctetString): pass class AssertionValue(univ.OctetString): pass class AttributeValueAssertion(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('attributeDesc', AttributeDescription()), namedtype.NamedType('assertionValue', AssertionValue()) ) class Attribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) ) class MatchingRuleId(LDAPString): pass class Control(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('controlType', LDAPOID()), namedtype.DefaultedNamedType('criticality', univ.Boolean('False')), namedtype.OptionalNamedType('controlValue', univ.OctetString()) ) class Controls(univ.SequenceOf): componentType = Control() class LDAPURL(LDAPString): pass class Referral(univ.SequenceOf): componentType = LDAPURL() class SaslCredentials(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('mechanism', LDAPString()), namedtype.OptionalNamedType('credentials', univ.OctetString()) ) class AuthenticationChoice(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('simple', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('reserved-1', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('reserved-2', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.NamedType('sasl', SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) ) class BindRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0) ) componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 127))), namedtype.NamedType('name', LDAPDN()), namedtype.NamedType('authentication', AuthenticationChoice()) ) class PartialAttributeList(univ.SequenceOf): componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())))) class SearchResultEntry(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 4) ) componentType = namedtype.NamedTypes( namedtype.NamedType('objectName', LDAPDN()), namedtype.NamedType('attributes', PartialAttributeList()) ) class MatchingRuleAssertion(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('type', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.NamedType('matchValue', AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) ) class SubstringFilter(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('substrings', univ.SequenceOf(componentType=univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))))))) ) # Ugly hack to handle recursive Filter reference (up to 3-levels deep). class Filter3(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))), namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))) ) class Filter2(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('not', Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))), namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))) ) class Filter(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('not', Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))), namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))) ) # End of Filter hack class SearchRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3) ) componentType = namedtype.NamedTypes( namedtype.NamedType('baseObject', LDAPDN()), namedtype.NamedType('scope', univ.Enumerated(namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))), namedtype.NamedType('derefAliases', univ.Enumerated(namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1), ('derefFindingBaseObj', 2), ('derefAlways', 3)))), namedtype.NamedType('sizeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))), namedtype.NamedType('timeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))), namedtype.NamedType('typesOnly', univ.Boolean()), namedtype.NamedType('filter', Filter()), namedtype.NamedType('attributes', AttributeDescriptionList()) ) class UnbindRequest(univ.Null): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2) ) class BindResponse(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1) ) componentType = namedtype.NamedTypes( namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))), namedtype.NamedType('matchedDN', LDAPDN()), namedtype.NamedType('errorMessage', LDAPString()), namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))) ) class LDAPResult(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))), namedtype.NamedType('matchedDN', LDAPDN()), namedtype.NamedType('errorMessage', LDAPString()), namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) ) class SearchResultReference(univ.SequenceOf): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 19) ) componentType = LDAPURL() class SearchResultDone(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 5) ) class AttributeTypeAndValues(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())) ) class ModifyRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 6) ) componentType = namedtype.NamedTypes( namedtype.NamedType('object', LDAPDN()), namedtype.NamedType('modification', univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))), namedtype.NamedType('modification', AttributeTypeAndValues()))))) ) class ModifyResponse(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 7) ) class AttributeList(univ.SequenceOf): componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue())))) class AddRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 8) ) componentType = namedtype.NamedTypes( namedtype.NamedType('entry', LDAPDN()), namedtype.NamedType('attributes', AttributeList()) ) class AddResponse(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 9) ) class DelRequest(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10) ) class DelResponse(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11) ) class ModifyDNRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12) ) componentType = namedtype.NamedTypes( namedtype.NamedType('entry', LDAPDN()), namedtype.NamedType('newrdn', RelativeLDAPDN()), namedtype.NamedType('deleteoldrdn', univ.Boolean()), namedtype.OptionalNamedType('newSuperior', LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class ModifyDNResponse(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13) ) class CompareRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14) ) componentType = namedtype.NamedTypes( namedtype.NamedType('entry', LDAPDN()), namedtype.NamedType('ava', AttributeValueAssertion()) ) class CompareResponse(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15) ) class AbandonRequest(LDAPResult): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 16) ) class ExtendedRequest(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 23) ) componentType = namedtype.NamedTypes( namedtype.NamedType('requestName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class ExtendedResponse(univ.Sequence): tagSet = univ.Sequence.tagSet.tagImplicitly( tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 24) ) componentType = namedtype.NamedTypes( namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))), namedtype.NamedType('matchedDN', LDAPDN()), namedtype.NamedType('errorMessage', LDAPString()), namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), namedtype.OptionalNamedType('responseName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))), namedtype.OptionalNamedType('response', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))) ) class MessageID(univ.Integer): subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 0, maxInt ) class LDAPMessage(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('messageID', MessageID()), namedtype.NamedType('protocolOp', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('bindRequest', BindRequest()), namedtype.NamedType('bindResponse', BindResponse()), namedtype.NamedType('unbindRequest', UnbindRequest()), namedtype.NamedType('searchRequest', SearchRequest()), namedtype.NamedType('searchResEntry', SearchResultEntry()), namedtype.NamedType('searchResDone', SearchResultDone()), namedtype.NamedType('searchResRef', SearchResultReference()), namedtype.NamedType('modifyRequest', ModifyRequest()), namedtype.NamedType('modifyResponse', ModifyResponse()), namedtype.NamedType('addRequest', AddRequest()), namedtype.NamedType('addResponse', AddResponse()), namedtype.NamedType('delRequest', DelRequest()), namedtype.NamedType('delResponse', DelResponse()), namedtype.NamedType('modDNRequest', ModifyDNRequest()), namedtype.NamedType('modDNResponse', ModifyDNResponse()), namedtype.NamedType('compareRequest', CompareRequest()), namedtype.NamedType('compareResponse', CompareResponse()), namedtype.NamedType('abandonRequest', AbandonRequest()), namedtype.NamedType('extendedReq', ExtendedRequest()), namedtype.NamedType('extendedResp', ExtendedResponse())))), namedtype.OptionalNamedType('controls', Controls().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc3447.py0000644000076400001440000000257011740610673021142 0ustar ilyausers00000000000000# # PKCS#1 syntax # # ASN.1 source from: # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn # # Sample captures could be obtained with "openssl genrsa" command # from pyasn1_modules.rfc2437 import * class OtherPrimeInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('prime', univ.Integer()), namedtype.NamedType('exponent', univ.Integer()), namedtype.NamedType('coefficient', univ.Integer()) ) class OtherPrimeInfos(univ.SequenceOf): componentType = OtherPrimeInfo() subtypeSpec = univ.SequenceOf.subtypeSpec + \ constraint.ValueSizeConstraint(1, MAX) class RSAPrivateKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('two-prime', 0), ('multi', 1)))), namedtype.NamedType('modulus', univ.Integer()), namedtype.NamedType('publicExponent', univ.Integer()), namedtype.NamedType('privateExponent', univ.Integer()), namedtype.NamedType('prime1', univ.Integer()), namedtype.NamedType('prime2', univ.Integer()), namedtype.NamedType('exponent1', univ.Integer()), namedtype.NamedType('exponent2', univ.Integer()), namedtype.NamedType('coefficient', univ.Integer()), namedtype.OptionalNamedType('otherPrimeInfos', OtherPrimeInfos()) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc2560.py0000644000076400001440000001721511527265144021141 0ustar ilyausers00000000000000# # OCSP request/response syntax # # Derived from a minimal OCSP library (RFC2560) code written by # Bud P. Bruegger # Copyright: Ancitel, S.p.a, Rome, Italy # License: BSD # # # current limitations: # * request and response works only for a single certificate # * only some values are parsed out of the response # * the request does't set a nonce nor signature # * there is no signature validation of the response # * dates are left as strings in GeneralizedTime format -- datetime.datetime # would be nicer # from pyasn1.type import tag, namedtype, namedval, univ, constraint, useful from pyasn1_modules import rfc2459 # Start of OCSP module definitions # This should be in directory Authentication Framework (X.509) module class CRLReason(univ.Enumerated): namedValues = namedval.NamedValues( ('unspecified', 0), ('keyCompromise', 1), ('cACompromise', 2), ('affiliationChanged', 3), ('superseded', 4), ('cessationOfOperation', 5), ('certificateHold', 6), ('removeFromCRL', 8), ('privilegeWithdrawn', 9), ('aACompromise', 10) ) # end of directory Authentication Framework (X.509) module # This should be in PKIX Certificate Extensions module class GeneralName(univ.OctetString): pass # end of PKIX Certificate Extensions module id_kp_OCSPSigning = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 3, 9)) id_pkix_ocsp = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1)) id_pkix_ocsp_basic = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 1)) id_pkix_ocsp_nonce = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 2)) id_pkix_ocsp_crl = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 3)) id_pkix_ocsp_response = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 4)) id_pkix_ocsp_nocheck = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 5)) id_pkix_ocsp_archive_cutoff = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 6)) id_pkix_ocsp_service_locator = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 7)) class AcceptableResponses(univ.SequenceOf): componentType = univ.ObjectIdentifier() class ArchiveCutoff(useful.GeneralizedTime): pass class UnknownInfo(univ.Null): pass class RevokedInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('revocationTime', useful.GeneralizedTime()), namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class CertID(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('hashAlgorithm', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('issuerNameHash', univ.OctetString()), namedtype.NamedType('issuerKeyHash', univ.OctetString()), namedtype.NamedType('serialNumber', rfc2459.CertificateSerialNumber()) ) class CertStatus(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('good', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('revoked', RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('unknown', UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class SingleResponse(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certID', CertID()), namedtype.NamedType('certStatus', CertStatus()), namedtype.NamedType('thisUpdate', useful.GeneralizedTime()), namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class KeyHash(univ.OctetString): pass class ResponderID(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('byName', rfc2459.Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('byKey', KeyHash().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class Version(univ.Integer): namedValues = namedval.NamedValues(('v1', 0)) class ResponseData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('responderID', ResponderID()), namedtype.NamedType('producedAt', useful.GeneralizedTime()), namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())), namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) class BasicOCSPResponse(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('tbsResponseData', ResponseData()), namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()), namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class ResponseBytes(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('responseType', univ.ObjectIdentifier()), namedtype.NamedType('response', univ.OctetString()) ) class OCSPResponseStatus(univ.Enumerated): namedValues = namedval.NamedValues( ('successful', 0), ('malformedRequest', 1), ('internalError', 2), ('tryLater', 3), ('undefinedStatus', 4), # should never occur ('sigRequired', 5), ('unauthorized', 6) ) class OCSPResponse(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('responseStatus', OCSPResponseStatus()), namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class Request(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('reqCert', CertID()), namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class Signature(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()), namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) class TBSRequest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('requestorName', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('requestList', univ.SequenceOf(Request())), namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) ) class OCSPRequest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('tbsRequest', TBSRequest()), namedtype.OptionalNamedType('optionalSignature', Signature().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) ) pyasn1-modules-0.0.7/pyasn1_modules/rfc2315.py0000644000076400001440000002127611740610415021131 0ustar ilyausers00000000000000# # PKCS#7 message syntax # # ASN.1 source from: # http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/pkcs7.asn # # Sample captures from: # openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b # from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful from pyasn1_modules.rfc2459 import * class Attribute(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('type', AttributeType()), namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue())) ) class AttributeValueAssertion(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('attributeType', AttributeType()), namedtype.NamedType('attributeValue', AttributeValue()) ) pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7') data = univ.ObjectIdentifier('1.2.840.113549.1.7.1') signedData = univ.ObjectIdentifier('1.2.840.113549.1.7.2') envelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.3') signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4') digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5') encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6') class ContentType(univ.ObjectIdentifier): pass class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass class EncryptedContent(univ.OctetString): pass class EncryptedContentInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('contentType', ContentType()), namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()), namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class Version(univ.Integer): pass # overrides x509.Version class EncryptedData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()) ) class DigestAlgorithmIdentifier(AlgorithmIdentifier): pass class DigestAlgorithmIdentifiers(univ.SetOf): componentType = DigestAlgorithmIdentifier() class Digest(univ.OctetString): pass class ContentInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('contentType', ContentType()), namedtype.OptionalNamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class DigestedData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()), namedtype.NamedType('contentInfo', ContentInfo()), namedtype.NamedType('digest', Digest) ) class IssuerAndSerialNumber(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('issuer', Name()), namedtype.NamedType('serialNumber', CertificateSerialNumber()) ) class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass class EncryptedKey(univ.OctetString): pass class RecipientInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()), namedtype.NamedType('encryptedKey', EncryptedKey()) ) class RecipientInfos(univ.SetOf): componentType = RecipientInfo() class Attributes(univ.SetOf): componentType = Attribute() class ExtendedCertificateInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('certificate', Certificate()), namedtype.NamedType('attributes', Attributes()) ) class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass class Signature(univ.BitString): pass class ExtendedCertificate(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()), namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()), namedtype.NamedType('signature', Signature()) ) class ExtendedCertificateOrCertificate(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('certificate', Certificate()), namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) class ExtendedCertificatesAndCertificates(univ.SetOf): componentType = ExtendedCertificateOrCertificate() class SerialNumber(univ.Integer): pass class CRLEntry(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('userCertificate', SerialNumber()), namedtype.NamedType('revocationDate', useful.UTCTime()) ) class TBSCertificateRevocationList(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('signature', AlgorithmIdentifier()), namedtype.NamedType('issuer', Name()), namedtype.NamedType('lastUpdate', useful.UTCTime()), namedtype.NamedType('nextUpdate', useful.UTCTime()), namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry())) ) class CertificateRevocationList(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()), namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('signature', univ.BitString()) ) class CertificateRevocationLists(univ.SetOf): componentType = CertificateRevocationList() class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass class EncryptedDigest(univ.OctetString): pass class SignerInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()), namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()), namedtype.NamedType('encryptedDigest', EncryptedDigest()), namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) ) class SignerInfos(univ.SetOf): componentType = SignerInfo() class SignedAndEnvelopedData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('recipientInfos', RecipientInfos()), namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()), namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()), namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('signerInfos', SignerInfos()) ) class EnvelopedData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('recipientInfos', RecipientInfos()), namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()) ) class DigestInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()), namedtype.NamedType('digest', Digest()) ) class SignedData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', Version()), namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()), namedtype.NamedType('contentInfo', ContentInfo()), namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.NamedType('signerInfos', SignerInfos()) ) class Data(univ.OctetString): pass pyasn1-modules-0.0.7/PKG-INFO0000644000076400001440000000231312557103654015624 0ustar ilyausers00000000000000Metadata-Version: 1.0 Name: pyasn1-modules Version: 0.0.7 Summary: A collection of ASN.1-based protocols modules. Home-page: http://sourceforge.net/projects/pyasn1/ Author: Ilya Etingof Author-email: ilya@glas.net License: BSD Description: A collection of ASN.1 modules expressed in form of pyasn1 classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data structures (X.509, PKCS etc.). Platform: any Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Console Classifier: Intended Audience :: Developers Classifier: Intended Audience :: Education Classifier: Intended Audience :: Information Technology Classifier: Intended Audience :: Science/Research Classifier: Intended Audience :: System Administrators Classifier: Intended Audience :: Telecommunications Industry Classifier: License :: OSI Approved :: BSD License Classifier: Natural Language :: English Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 3 Classifier: Topic :: Communications Classifier: Topic :: Security :: Cryptography Classifier: Topic :: Software Development :: Libraries :: Python Modules pyasn1-modules-0.0.7/MANIFEST.in0000644000076400001440000000010712546225433016262 0ustar ilyausers00000000000000include *.txt recursive-include tools *.py recursive-include test *.sh pyasn1-modules-0.0.7/setup.cfg0000644000076400001440000000007312557103654016351 0ustar ilyausers00000000000000[egg_info] tag_build = tag_date = 0 tag_svn_revision = 0 pyasn1-modules-0.0.7/pyasn1_modules.egg-info/0000755000076400001440000000000012557103654021165 5ustar ilyausers00000000000000pyasn1-modules-0.0.7/pyasn1_modules.egg-info/top_level.txt0000644000076400001440000000001712557103653023714 0ustar ilyausers00000000000000pyasn1_modules pyasn1-modules-0.0.7/pyasn1_modules.egg-info/SOURCES.txt0000644000076400001440000000216112557103653023050 0ustar ilyausers00000000000000CHANGES.txt LICENSE.txt MANIFEST.in README.txt setup.py pyasn1_modules/__init__.py pyasn1_modules/pem.py pyasn1_modules/rfc1155.py pyasn1_modules/rfc1157.py pyasn1_modules/rfc1901.py pyasn1_modules/rfc1902.py pyasn1_modules/rfc1905.py pyasn1_modules/rfc2251.py pyasn1_modules/rfc2314.py pyasn1_modules/rfc2315.py pyasn1_modules/rfc2437.py pyasn1_modules/rfc2459.py pyasn1_modules/rfc2511.py pyasn1_modules/rfc2560.py pyasn1_modules/rfc3412.py pyasn1_modules/rfc3414.py pyasn1_modules/rfc3447.py pyasn1_modules/rfc4210.py pyasn1_modules/rfc5208.py pyasn1_modules.egg-info/PKG-INFO pyasn1_modules.egg-info/SOURCES.txt pyasn1_modules.egg-info/dependency_links.txt pyasn1_modules.egg-info/requires.txt pyasn1_modules.egg-info/top_level.txt pyasn1_modules.egg-info/zip-safe test/cmp.sh test/crl.sh test/crmf.sh test/ocspreq.sh test/ocsprsp.sh test/pkcs1.sh test/pkcs10.sh test/pkcs7.sh test/pkcs8.sh test/x509dump.sh tools/cmpdump.py tools/crldump.py tools/crmfdump.py tools/ocspclient.py tools/ocspreqdump.py tools/ocsprspdump.py tools/pkcs10dump.py tools/pkcs1dump.py tools/pkcs7dump.py tools/pkcs8dump.py tools/snmpget.py tools/x509dump.pypyasn1-modules-0.0.7/pyasn1_modules.egg-info/PKG-INFO0000644000076400001440000000231312557103653022260 0ustar ilyausers00000000000000Metadata-Version: 1.0 Name: pyasn1-modules Version: 0.0.7 Summary: A collection of ASN.1-based protocols modules. Home-page: http://sourceforge.net/projects/pyasn1/ Author: Ilya Etingof Author-email: ilya@glas.net License: BSD Description: A collection of ASN.1 modules expressed in form of pyasn1 classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data structures (X.509, PKCS etc.). Platform: any Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Console Classifier: Intended Audience :: Developers Classifier: Intended Audience :: Education Classifier: Intended Audience :: Information Technology Classifier: Intended Audience :: Science/Research Classifier: Intended Audience :: System Administrators Classifier: Intended Audience :: Telecommunications Industry Classifier: License :: OSI Approved :: BSD License Classifier: Natural Language :: English Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 3 Classifier: Topic :: Communications Classifier: Topic :: Security :: Cryptography Classifier: Topic :: Software Development :: Libraries :: Python Modules pyasn1-modules-0.0.7/pyasn1_modules.egg-info/requires.txt0000644000076400001440000000001612557103653023561 0ustar ilyausers00000000000000pyasn1>=0.1.8 pyasn1-modules-0.0.7/pyasn1_modules.egg-info/zip-safe0000644000076400001440000000000112557073663022623 0ustar ilyausers00000000000000 pyasn1-modules-0.0.7/pyasn1_modules.egg-info/dependency_links.txt0000644000076400001440000000000112557103653025232 0ustar ilyausers00000000000000 pyasn1-modules-0.0.7/setup.py0000644000076400001440000000507112350057360016236 0ustar ilyausers00000000000000#!/usr/bin/env python """A collection of ASN.1-based protocols modules. A collection of ASN.1 modules expressed in form of pyasn1 classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data structures (X.509, PKCS etc.). """ classifiers = """\ Development Status :: 5 - Production/Stable Environment :: Console Intended Audience :: Developers Intended Audience :: Education Intended Audience :: Information Technology Intended Audience :: Science/Research Intended Audience :: System Administrators Intended Audience :: Telecommunications Industry License :: OSI Approved :: BSD License Natural Language :: English Operating System :: OS Independent Programming Language :: Python :: 2 Programming Language :: Python :: 3 Topic :: Communications Topic :: Security :: Cryptography Topic :: Software Development :: Libraries :: Python Modules """ def howto_install_distribute(): print(""" Error: You need the distribute Python package! It's very easy to install it, just type (as root on Linux): wget http://python-distribute.org/distribute_setup.py python distribute_setup.py Then you could make eggs from this package. """) def howto_install_setuptools(): print(""" Error: You need setuptools Python package! It's very easy to install it, just type (as root on Linux): wget http://peak.telecommunity.com/dist/ez_setup.py python ez_setup.py Then you could make eggs from this package. """) try: from setuptools import setup params = { 'install_requires': [ 'pyasn1>=0.1.8' ], 'zip_safe': True } except ImportError: import sys for arg in sys.argv: if arg.find('egg') != -1: if sys.version_info[0] > 2: howto_install_distribute() else: howto_install_setuptools() sys.exit(1) from distutils.core import setup params = {} if sys.version_info[:2] > (2, 4): params['requires'] = [ 'pyasn1(>=0.1.8)' ] doclines = [ x.strip() for x in __doc__.split('\n') if x ] params.update( { 'name': 'pyasn1-modules', 'version': open('pyasn1_modules/__init__.py').read().split('\'')[1], 'description': doclines[0], 'long_description': ' '.join(doclines[1:]), 'maintainer': 'Ilya Etingof ', 'author': 'Ilya Etingof', 'author_email': 'ilya@glas.net', 'url': 'http://sourceforge.net/projects/pyasn1/', 'platforms': ['any'], 'classifiers': [ x for x in classifiers.split('\n') if x ], 'license': 'BSD', 'packages': [ 'pyasn1_modules' ] } ) setup(**params) pyasn1-modules-0.0.7/README.txt0000644000076400001440000000070311642526423016223 0ustar ilyausers00000000000000 ASN.1 modules for Python ------------------------ This is a small but growing collection of ASN.1 data structures [1] expressed in Python terms using pyasn1 [2] data model. It's thought to be useful to protocol developers and testers. All modules are py2k/py3k-compliant. If you happen to convert some ASN.1 module into pyasn1 that is not yet present in this collection and wish to contribute - please send it to me. =-=-= mailto: ilya@glas.net pyasn1-modules-0.0.7/test/0000755000076400001440000000000012557103654015507 5ustar ilyausers00000000000000pyasn1-modules-0.0.7/test/ocsprsp.sh0000644000076400001440000000323112541613611017523 0ustar ilyausers00000000000000#!/bin/sh python ocsprspdump.py < """ % sys.argv[0]) sys.exit(-1) msg = rfc1157.Message() msg.setComponentByPosition(0) msg.setComponentByPosition(1, sys.argv[1]) # pdu pdus = msg.setComponentByPosition(2).getComponentByPosition(2) pdu = pdus.setComponentByPosition(0).getComponentByPosition(0) pdu.setComponentByPosition(0, 123) pdu.setComponentByPosition(1, 0) pdu.setComponentByPosition(2, 0) vbl = pdu.setComponentByPosition(3).getComponentByPosition(3) vb = vbl.setComponentByPosition(0).getComponentByPosition(0) vb.setComponentByPosition(0, sys.argv[3]) v = vb.setComponentByPosition(1).getComponentByPosition(1).setComponentByPosition(0).getComponentByPosition(0).setComponentByPosition(3).getComponentByPosition(3) print('sending: %s' % msg.prettyPrint()) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(encoder.encode(msg), (sys.argv[2], 161)) substrate, _ = sock.recvfrom(2048) rMsg, _ = decoder.decode(substrate, asn1Spec=msg) print('received: %s' % rMsg.prettyPrint()) pyasn1-modules-0.0.7/tools/cmpdump.py0000644000076400001440000000131512534307451017703 0ustar ilyausers00000000000000#!/usr/bin/python # Read ASN.1/PEM CMP message on stdin, parse into # plain text, then build substrate from it from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc4210, pem from pyasn1 import debug import sys if len(sys.argv) == 2 and sys.argv[1] == '-d': debug.setLogger(debug.Debug('all')) elif len(sys.argv) != 1: print("""Usage: $ cat cmp.pem | %s [-d]""" % sys.argv[0]) sys.exit(-1) pkiMessage = rfc4210.PKIMessage() substrate = pem.readBase64FromFile(sys.stdin) if not substrate: sys.exit(0) pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage) print(pkiMsg.prettyPrint()) assert encoder.encode(pkiMsg) == substrate, 'CMP message recode fails' pyasn1-modules-0.0.7/tools/ocspclient.py0000644000076400001440000001164512534307451020410 0ustar ilyausers00000000000000#!/usr/bin/python # from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc2560, rfc2459, pem from pyasn1.type import univ import sys, hashlib try: import urllib2 except ImportError: import urllib.request as urllib2 sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26)) class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder): # These methods just do not encode tag and length fields of TLV def encodeTag(self, *args): return '' def encodeLength(self, *args): return '' def encodeValue(*args): substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args) # OCSP-specific hack follows: cut off the "unused bit count" # encoded bit-string value. return substrate[1:], isConstructed def __call__(self, bitStringValue): return self.encode(None, bitStringValue, maxChunkSize=0) valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder() def mkOcspRequest(issuerCert, userCert): issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate') issuerSubject = issuerTbsCertificate.getComponentByName('subject') userTbsCertificate = userCert.getComponentByName('tbsCertificate') userIssuer = userTbsCertificate.getComponentByName('issuer') assert issuerSubject == userIssuer, '%s\n%s' % ( issuerSubject.prettyPrint(), userIssuer.prettyPrint() ) userIssuerHash = hashlib.sha1( encoder.encode(userIssuer) ).digest() issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey') issuerKeyHash = hashlib.sha1( valueOnlyBitStringEncoder(issuerSubjectPublicKey) ).digest() userSerialNumber = userTbsCertificate.getComponentByName('serialNumber') # Build request object request = rfc2560.Request() reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert') hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm') hashAlgorithm.setComponentByName('algorithm', sha1oid) reqCert.setComponentByName('issuerNameHash', userIssuerHash) reqCert.setComponentByName('issuerKeyHash', issuerKeyHash) reqCert.setComponentByName('serialNumber', userSerialNumber) ocspRequest = rfc2560.OCSPRequest() tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest') tbsRequest.setComponentByName('version', 'v1') requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList') requestList.setComponentByPosition(0, request) return ocspRequest def parseOcspResponse(ocspResponse): responseStatus = ocspResponse.getComponentByName('responseStatus') assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint() responseBytes = ocspResponse.getComponentByName('responseBytes') responseType = responseBytes.getComponentByName('responseType') assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint() response = responseBytes.getComponentByName('response') basicOCSPResponse, _ = decoder.decode( response, asn1Spec=rfc2560.BasicOCSPResponse() ) tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0) return ( tbsResponseData.getComponentByName('producedAt'), response0.getComponentByName('certID'), response0.getComponentByName('certStatus').getName(), response0.getComponentByName('thisUpdate') ) if len(sys.argv) != 2: print("""Usage: $ cat CACertificate.pem userCertificate.pem | %s """ % sys.argv[0]) sys.exit(-1) else: ocspUrl = sys.argv[1] # Parse CA and user certificates issuerCert, _ = decoder.decode( pem.readPemBlocksFromFile( sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') )[1], asn1Spec=rfc2459.Certificate() ) userCert, _ = decoder.decode( pem.readPemBlocksFromFile( sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') )[1], asn1Spec=rfc2459.Certificate() ) # Build OCSP request ocspReq = mkOcspRequest(issuerCert, userCert) # Use HTTP POST to get response (see Appendix A of RFC 2560) # In case you need proxies, set the http_proxy env variable httpReq = urllib2.Request( ocspUrl, encoder.encode(ocspReq), { 'Content-Type': 'application/ocsp-request' } ) httpRsp = urllib2.urlopen(httpReq).read() # Process OCSP response ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse()) producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp) print('Certificate ID %s is %s at %s till %s\n' % ( certId.getComponentByName('serialNumber'), certStatus, producedAt, thisUpdate)) pyasn1-modules-0.0.7/tools/pkcs7dump.py0000644000076400001440000000244512534307451020160 0ustar ilyausers00000000000000#!/usr/bin/python # # Read ASN.1/PEM PKCS#7 on stdin, parse it into plain text, # then build substrate from it # from pyasn1_modules import rfc2315, pem from pyasn1.codec.der import encoder, decoder import sys if len(sys.argv) != 1: print("""Usage: $ cat pkcs7Certificate.pem | %s""" % sys.argv[0]) sys.exit(-1) idx, substrate = pem.readPemBlocksFromFile( sys.stdin, ('-----BEGIN PKCS7-----', '-----END PKCS7-----') ) assert substrate, 'bad PKCS7 data on input' contentInfo, rest = decoder.decode(substrate, asn1Spec=rfc2315.ContentInfo()) if rest: substrate = substrate[:-len(rest)] print(contentInfo.prettyPrint()) assert encoder.encode(contentInfo) == substrate, 're-encode fails' contentType = contentInfo.getComponentByName('contentType') contentInfoMap = { (1, 2, 840, 113549, 1, 7, 1): rfc2315.Data(), (1, 2, 840, 113549, 1, 7, 2): rfc2315.SignedData(), (1, 2, 840, 113549, 1, 7, 3): rfc2315.EnvelopedData(), (1, 2, 840, 113549, 1, 7, 4): rfc2315.SignedAndEnvelopedData(), (1, 2, 840, 113549, 1, 7, 5): rfc2315.DigestedData(), (1, 2, 840, 113549, 1, 7, 6): rfc2315.EncryptedData() } content, _ = decoder.decode( contentInfo.getComponentByName('content'), asn1Spec=contentInfoMap[contentType] ) print(content.prettyPrint()) pyasn1-modules-0.0.7/tools/pkcs10dump.py0000644000076400001440000000177112534307451020233 0ustar ilyausers00000000000000#!/usr/bin/python # # Read ASN.1/PEM X.509 certificate requests (PKCS#10 format) on stdin, # parse each into plain text, then build substrate from it # from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc2314, pem import sys if len(sys.argv) != 1: print("""Usage: $ cat certificateRequest.pem | %s""" % sys.argv[0]) sys.exit(-1) certType = rfc2314.CertificationRequest() certCnt = 0 while 1: idx, substrate = pem.readPemBlocksFromFile( sys.stdin, ('-----BEGIN CERTIFICATE REQUEST-----', '-----END CERTIFICATE REQUEST-----') ) if not substrate: break cert, rest = decoder.decode(substrate, asn1Spec=certType) if rest: substrate = substrate[:-len(rest)] print(cert.prettyPrint()) assert encoder.encode(cert) == substrate, 'cert recode fails' certCnt = certCnt + 1 print('*** %s PEM certificate request(s) de/serialized' % certCnt) pyasn1-modules-0.0.7/tools/crldump.py0000644000076400001440000000155712534307451017714 0ustar ilyausers00000000000000#!/usr/bin/python # # Read X.509 CRL on stdin, print them pretty and encode back into # original wire format. # CRL can be generated with "openssl openssl ca -gencrl ..." commands. # from pyasn1_modules import rfc2459, pem from pyasn1.codec.der import encoder, decoder import sys if len(sys.argv) != 1: print("""Usage: $ cat crl.pem | %s""" % sys.argv[0]) sys.exit(-1) asn1Spec = rfc2459.CertificateList() cnt = 0 while 1: idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----')) if not substrate: break key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) if rest: substrate = substrate[:-len(rest)] print(key.prettyPrint()) assert encoder.encode(key) == substrate, 'pkcs8 recode fails' cnt = cnt + 1 print('*** %s CRL(s) re/serialized' % cnt) pyasn1-modules-0.0.7/tools/crmfdump.py0000644000076400001440000000111212534307451020046 0ustar ilyausers00000000000000#!/usr/bin/python # Read ASN.1/PEM X.509 CRMF request on stdin, parse into # plain text, then build substrate from it from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc2511, pem import sys if len(sys.argv) != 1: print("""Usage: $ cat crmf.pem | %s""" % sys.argv[0]) sys.exit(-1) certReq = rfc2511.CertReqMessages() substrate = pem.readBase64FromFile(sys.stdin) if not substrate: sys.exit(0) cr, rest = decoder.decode(substrate, asn1Spec=certReq) print(cr.prettyPrint()) assert encoder.encode(cr) == substrate, 'crmf recode fails' pyasn1-modules-0.0.7/tools/pkcs1dump.py0000644000076400001440000000216112534307451020145 0ustar ilyausers00000000000000#!/usr/bin/python # # Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on # stdin, print them pretty and encode back into original wire format. # Private keys can be generated with "openssl genrsa|gendsa" commands. # from pyasn1_modules import rfc2459, rfc2437, pem from pyasn1.codec.der import encoder, decoder import sys if len(sys.argv) != 1: print("""Usage: $ cat rsakey.pem | %s""" % sys.argv[0]) sys.exit(-1) cnt = 0 while 1: idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') ) if not substrate: break if idx == 0: asn1Spec = rfc2437.RSAPrivateKey() elif idx == 1: asn1Spec = rfc2459.DSAPrivateKey() else: break key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) if rest: substrate = substrate[:-len(rest)] print(key.prettyPrint()) assert encoder.encode(key) == substrate, 'pkcs8 recode fails' cnt = cnt + 1 print('*** %s key(s) re/serialized' % cnt) pyasn1-modules-0.0.7/tools/x509dump.py0000644000076400001440000000174412534307451017637 0ustar ilyausers00000000000000#!/usr/bin/python # # Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text, # then build substrate from it # from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc2459, pem import sys if len(sys.argv) != 1: print("""Usage: $ cat CACertificate.pem | %s $ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0])) sys.exit(-1) certType = rfc2459.Certificate() certCnt = 0 while 1: idx, substrate = pem.readPemBlocksFromFile( sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') ) if not substrate: break cert, rest = decoder.decode(substrate, asn1Spec=certType) if rest: substrate = substrate[:-len(rest)] print(cert.prettyPrint()) assert encoder.encode(cert) == substrate, 'cert recode fails' certCnt = certCnt + 1 print('*** %s PEM cert(s) de/serialized' % certCnt) pyasn1-modules-0.0.7/tools/ocsprspdump.py0000644000076400001440000000112712534307451020616 0ustar ilyausers00000000000000#!/usr/bin/python # # Read ASN.1/PEM OCSP response on stdin, parse into # plain text, then build substrate from it # from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc2560, pem import sys if len(sys.argv) != 1: print("""Usage: $ cat ocsp-response.pem | %s""" % sys.argv[0]) sys.exit(-1) ocspReq = rfc2560.OCSPResponse() substrate = pem.readBase64FromFile(sys.stdin) if not substrate: sys.exit(0) cr, rest = decoder.decode(substrate, asn1Spec=ocspReq) print(cr.prettyPrint()) assert encoder.encode(cr) == substrate, 'OCSP request recode fails' pyasn1-modules-0.0.7/tools/pkcs8dump.py0000644000076400001440000000207312534307451020156 0ustar ilyausers00000000000000#!/usr/bin/python # # Read bunch of ASN.1/PEM plain/encrypted private keys in PKCS#8 # format on stdin, parse each into plain text, then build substrate from it # from pyasn1.codec.der import decoder, encoder from pyasn1_modules import rfc5208, pem import sys if len(sys.argv) != 1: print("""Usage: $ cat pkcs8key.pem | %s""" % sys.argv[0]) sys.exit(-1) cnt = 0 while 1: idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'), ('-----BEGIN ENCRYPTED PRIVATE KEY-----', '-----END ENCRYPTED PRIVATE KEY-----') ) if not substrate: break if idx == 0: asn1Spec = rfc5208.PrivateKeyInfo() elif idx == 1: asn1Spec = rfc5208.EncryptedPrivateKeyInfo() else: break key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) if rest: substrate = substrate[:-len(rest)] print(key.prettyPrint()) assert encoder.encode(key) == substrate, 'pkcs8 recode fails' cnt = cnt + 1 print('*** %s PKCS#8 key(s) de/serialized' % cnt) pyasn1-modules-0.0.7/LICENSE.txt0000644000076400001440000000246212451261745016356 0ustar ilyausers00000000000000Copyright (c) 2005-2015, Ilya Etingof All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.