| # |
| # This file is part of pyasn1-modules software. |
| # |
| # Created by Russ Housley with assistance from asn1ate v.0.6.0. |
| # |
| # Copyright (c) 2019, Vigil Security, LLC |
| # License: http://snmplabs.com/pyasn1/license.html |
| # |
| # CMS Advanced Electronic Signatures (CAdES) |
| # |
| # ASN.1 source from: |
| # https://www.rfc-editor.org/rfc/rfc5126.txt |
| # |
| |
| from pyasn1.type import char |
| from pyasn1.type import constraint |
| from pyasn1.type import namedtype |
| from pyasn1.type import opentype |
| from pyasn1.type import tag |
| from pyasn1.type import useful |
| from pyasn1.type import univ |
| |
| from pyasn1_modules import rfc5280 |
| from pyasn1_modules import rfc5652 |
| from pyasn1_modules import rfc5035 |
| from pyasn1_modules import rfc5755 |
| from pyasn1_modules import rfc6960 |
| from pyasn1_modules import rfc3161 |
| |
| MAX = float('inf') |
| |
| |
| # Maps for OpenTypes |
| |
| commitmentQualifierMap = { } |
| |
| sigQualifiersMap = { } |
| |
| otherRevRefMap = { } |
| |
| otherRevValMap = { } |
| |
| |
| # Imports from RFC 5652 |
| |
| ContentInfo = rfc5652.ContentInfo |
| |
| ContentType = rfc5652.ContentType |
| |
| SignedData = rfc5652.SignedData |
| |
| EncapsulatedContentInfo = rfc5652.EncapsulatedContentInfo |
| |
| SignerInfo = rfc5652.SignerInfo |
| |
| MessageDigest = rfc5652.MessageDigest |
| |
| SigningTime = rfc5652.SigningTime |
| |
| Countersignature = rfc5652.Countersignature |
| |
| id_data = rfc5652.id_data |
| |
| id_signedData = rfc5652.id_signedData |
| |
| id_contentType= rfc5652.id_contentType |
| |
| id_messageDigest = rfc5652.id_messageDigest |
| |
| id_signingTime = rfc5652.id_signingTime |
| |
| id_countersignature = rfc5652.id_countersignature |
| |
| |
| # Imports from RFC 5035 |
| |
| SigningCertificate = rfc5035.SigningCertificate |
| |
| IssuerSerial = rfc5035.IssuerSerial |
| |
| ContentReference = rfc5035.ContentReference |
| |
| ContentIdentifier = rfc5035.ContentIdentifier |
| |
| id_aa_contentReference = rfc5035.id_aa_contentReference |
| |
| id_aa_contentIdentifier = rfc5035.id_aa_contentIdentifier |
| |
| id_aa_signingCertificate = rfc5035.id_aa_signingCertificate |
| |
| id_aa_signingCertificateV2 = rfc5035.id_aa_signingCertificateV2 |
| |
| |
| # Imports from RFC 5280 |
| |
| Certificate = rfc5280.Certificate |
| |
| AlgorithmIdentifier = rfc5280.AlgorithmIdentifier |
| |
| CertificateList = rfc5280.CertificateList |
| |
| Name = rfc5280.Name |
| |
| Attribute = rfc5280.Attribute |
| |
| GeneralNames = rfc5280.GeneralNames |
| |
| GeneralName = rfc5280.GeneralName |
| |
| PolicyInformation = rfc5280.PolicyInformation |
| |
| DirectoryString = rfc5280.DirectoryString |
| |
| |
| # Imports from RFC 5755 |
| |
| AttributeCertificate = rfc5755.AttributeCertificate |
| |
| |
| # Imports from RFC 6960 |
| |
| BasicOCSPResponse = rfc6960.BasicOCSPResponse |
| |
| ResponderID = rfc6960.ResponderID |
| |
| |
| # Imports from RFC 3161 |
| |
| TimeStampToken = rfc3161.TimeStampToken |
| |
| |
| # OID used referencing electronic signature mechanisms |
| |
| id_etsi_es_IDUP_Mechanism_v1 = univ.ObjectIdentifier('0.4.0.1733.1.4.1') |
| |
| |
| # OtherSigningCertificate - deprecated |
| |
| id_aa_ets_otherSigCert = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.19') |
| |
| |
| class OtherHashValue(univ.OctetString): |
| pass |
| |
| |
| class OtherHashAlgAndValue(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()), |
| namedtype.NamedType('hashValue', OtherHashValue()) |
| ) |
| |
| |
| class OtherHash(univ.Choice): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('sha1Hash', OtherHashValue()), |
| namedtype.NamedType('otherHash', OtherHashAlgAndValue()) |
| ) |
| |
| |
| class OtherCertID(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('otherCertHash', OtherHash()), |
| namedtype.OptionalNamedType('issuerSerial', IssuerSerial()) |
| ) |
| |
| |
| class OtherSigningCertificate(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('certs', |
| univ.SequenceOf(componentType=OtherCertID())), |
| namedtype.OptionalNamedType('policies', |
| univ.SequenceOf(componentType=PolicyInformation())) |
| ) |
| |
| |
| # Signature Policy Identifier |
| |
| id_aa_ets_sigPolicyId = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.15') |
| |
| |
| class SigPolicyId(univ.ObjectIdentifier): |
| pass |
| |
| |
| class SigPolicyHash(OtherHashAlgAndValue): |
| pass |
| |
| |
| class SigPolicyQualifierId(univ.ObjectIdentifier): |
| pass |
| |
| |
| class SigPolicyQualifierInfo(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('sigPolicyQualifierId', SigPolicyQualifierId()), |
| namedtype.NamedType('sigQualifier', univ.Any(), |
| openType=opentype.OpenType('sigPolicyQualifierId', sigQualifiersMap)) |
| ) |
| |
| |
| class SignaturePolicyId(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('sigPolicyId', SigPolicyId()), |
| namedtype.NamedType('sigPolicyHash', SigPolicyHash()), |
| namedtype.OptionalNamedType('sigPolicyQualifiers', |
| univ.SequenceOf(componentType=SigPolicyQualifierInfo()).subtype( |
| subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) |
| ) |
| |
| |
| class SignaturePolicyImplied(univ.Null): |
| pass |
| |
| |
| class SignaturePolicy(univ.Choice): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('signaturePolicyId', SignaturePolicyId()), |
| namedtype.NamedType('signaturePolicyImplied', SignaturePolicyImplied()) |
| ) |
| |
| |
| id_spq_ets_unotice = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.2') |
| |
| |
| class DisplayText(univ.Choice): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('visibleString', char.VisibleString().subtype( |
| subtypeSpec=constraint.ValueSizeConstraint(1, 200))), |
| namedtype.NamedType('bmpString', char.BMPString().subtype( |
| subtypeSpec=constraint.ValueSizeConstraint(1, 200))), |
| namedtype.NamedType('utf8String', char.UTF8String().subtype( |
| subtypeSpec=constraint.ValueSizeConstraint(1, 200))) |
| ) |
| |
| |
| class NoticeReference(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('organization', DisplayText()), |
| namedtype.NamedType('noticeNumbers', |
| univ.SequenceOf(componentType=univ.Integer())) |
| ) |
| |
| class SPUserNotice(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('noticeRef', NoticeReference()), |
| namedtype.OptionalNamedType('explicitText', DisplayText()) |
| ) |
| |
| |
| noticeToUser = SigPolicyQualifierInfo() |
| noticeToUser['sigPolicyQualifierId'] = id_spq_ets_unotice |
| noticeToUser['sigQualifier'] = SPUserNotice() |
| |
| |
| id_spq_ets_uri = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.1') |
| |
| |
| class SPuri(char.IA5String): |
| pass |
| |
| |
| pointerToSigPolSpec = SigPolicyQualifierInfo() |
| pointerToSigPolSpec['sigPolicyQualifierId'] = id_spq_ets_uri |
| pointerToSigPolSpec['sigQualifier'] = SPuri() |
| |
| |
| # Commitment Type |
| |
| id_aa_ets_commitmentType = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.16') |
| |
| |
| class CommitmentTypeIdentifier(univ.ObjectIdentifier): |
| pass |
| |
| |
| class CommitmentTypeQualifier(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('commitmentTypeIdentifier', |
| CommitmentTypeIdentifier()), |
| namedtype.NamedType('qualifier', univ.Any(), |
| openType=opentype.OpenType('commitmentTypeIdentifier', |
| commitmentQualifierMap)) |
| ) |
| |
| |
| class CommitmentTypeIndication(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('commitmentTypeId', CommitmentTypeIdentifier()), |
| namedtype.OptionalNamedType('commitmentTypeQualifier', |
| univ.SequenceOf(componentType=CommitmentTypeQualifier()).subtype( |
| subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) |
| ) |
| |
| |
| id_cti_ets_proofOfOrigin = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.1') |
| |
| id_cti_ets_proofOfReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.2') |
| |
| id_cti_ets_proofOfDelivery = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.3') |
| |
| id_cti_ets_proofOfSender = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.4') |
| |
| id_cti_ets_proofOfApproval = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.5') |
| |
| id_cti_ets_proofOfCreation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.6') |
| |
| |
| # Signer Location |
| |
| id_aa_ets_signerLocation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.17') |
| |
| |
| class PostalAddress(univ.SequenceOf): |
| componentType = DirectoryString() |
| subtypeSpec = constraint.ValueSizeConstraint(1, 6) |
| |
| |
| class SignerLocation(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('countryName', |
| DirectoryString().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('localityName', |
| DirectoryString().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))), |
| namedtype.OptionalNamedType('postalAdddress', |
| PostalAddress().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 2))) |
| ) |
| |
| |
| # Signature Timestamp |
| |
| id_aa_signatureTimeStampToken = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.14') |
| |
| |
| class SignatureTimeStampToken(TimeStampToken): |
| pass |
| |
| |
| # Content Timestamp |
| |
| id_aa_ets_contentTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.20') |
| |
| |
| class ContentTimestamp(TimeStampToken): |
| pass |
| |
| |
| # Signer Attributes |
| |
| id_aa_ets_signerAttr = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.18') |
| |
| |
| class ClaimedAttributes(univ.SequenceOf): |
| componentType = Attribute() |
| |
| |
| class CertifiedAttributes(AttributeCertificate): |
| pass |
| |
| |
| class SignerAttribute(univ.SequenceOf): |
| componentType = univ.Choice(componentType=namedtype.NamedTypes( |
| namedtype.NamedType('claimedAttributes', |
| ClaimedAttributes().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.NamedType('certifiedAttributes', |
| CertifiedAttributes().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))) |
| )) |
| |
| |
| # Complete Certificate Refs |
| |
| id_aa_ets_certificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.21') |
| |
| |
| class CompleteCertificateRefs(univ.SequenceOf): |
| componentType = OtherCertID() |
| |
| |
| # Complete Revocation Refs |
| |
| id_aa_ets_revocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.22') |
| |
| |
| class CrlIdentifier(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('crlissuer', Name()), |
| namedtype.NamedType('crlIssuedTime', useful.UTCTime()), |
| namedtype.OptionalNamedType('crlNumber', univ.Integer()) |
| ) |
| |
| |
| class CrlValidatedID(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('crlHash', OtherHash()), |
| namedtype.OptionalNamedType('crlIdentifier', CrlIdentifier()) |
| ) |
| |
| |
| class CRLListID(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('crls', |
| univ.SequenceOf(componentType=CrlValidatedID())) |
| ) |
| |
| |
| class OcspIdentifier(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('ocspResponderID', ResponderID()), |
| namedtype.NamedType('producedAt', useful.GeneralizedTime()) |
| ) |
| |
| |
| class OcspResponsesID(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('ocspIdentifier', OcspIdentifier()), |
| namedtype.OptionalNamedType('ocspRepHash', OtherHash()) |
| ) |
| |
| |
| class OcspListID(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('ocspResponses', |
| univ.SequenceOf(componentType=OcspResponsesID())) |
| ) |
| |
| |
| class OtherRevRefType(univ.ObjectIdentifier): |
| pass |
| |
| |
| class OtherRevRefs(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('otherRevRefType', OtherRevRefType()), |
| namedtype.NamedType('otherRevRefs', univ.Any(), |
| openType=opentype.OpenType('otherRevRefType', otherRevRefMap)) |
| ) |
| |
| |
| class CrlOcspRef(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('crlids', |
| CRLListID().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 0))), |
| namedtype.OptionalNamedType('ocspids', |
| OcspListID().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 1))), |
| namedtype.OptionalNamedType('otherRev', |
| OtherRevRefs().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))) |
| ) |
| |
| |
| class CompleteRevocationRefs(univ.SequenceOf): |
| componentType = CrlOcspRef() |
| |
| |
| # Certificate Values |
| |
| id_aa_ets_certValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.23') |
| |
| |
| class CertificateValues(univ.SequenceOf): |
| componentType = Certificate() |
| |
| |
| # Certificate Revocation Values |
| |
| id_aa_ets_revocationValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.24') |
| |
| |
| class OtherRevValType(univ.ObjectIdentifier): |
| pass |
| |
| |
| class OtherRevVals(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('otherRevValType', OtherRevValType()), |
| namedtype.NamedType('otherRevVals', univ.Any(), |
| openType=opentype.OpenType('otherRevValType', otherRevValMap)) |
| ) |
| |
| |
| class RevocationValues(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('crlVals', |
| univ.SequenceOf(componentType=CertificateList()).subtype( |
| explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('ocspVals', |
| univ.SequenceOf(componentType=BasicOCSPResponse()).subtype( |
| explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), |
| namedtype.OptionalNamedType('otherRevVals', |
| OtherRevVals().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))) |
| ) |
| |
| |
| # CAdES-C Timestamp |
| |
| id_aa_ets_escTimeStamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.25') |
| |
| |
| class ESCTimeStampToken(TimeStampToken): |
| pass |
| |
| |
| # Time-Stamped Certificates and CRLs |
| |
| id_aa_ets_certCRLTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.26') |
| |
| |
| class TimestampedCertsCRLs(TimeStampToken): |
| pass |
| |
| |
| # Archive Timestamp |
| |
| id_aa_ets_archiveTimestampV2 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.48') |
| |
| |
| class ArchiveTimeStampToken(TimeStampToken): |
| pass |
| |
| |
| # Attribute certificate references |
| |
| id_aa_ets_attrCertificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.44') |
| |
| |
| class AttributeCertificateRefs(univ.SequenceOf): |
| componentType = OtherCertID() |
| |
| |
| # Attribute revocation references |
| |
| id_aa_ets_attrRevocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.45') |
| |
| |
| class AttributeRevocationRefs(univ.SequenceOf): |
| componentType = CrlOcspRef() |
| |
| |
| # Update the sigQualifiersMap |
| |
| _sigQualifiersMapUpdate = { |
| id_spq_ets_unotice: SPUserNotice(), |
| id_spq_ets_uri: SPuri(), |
| } |
| |
| sigQualifiersMap.update(_sigQualifiersMapUpdate) |
| |
| |
| # Update the CMS Attribute Map in rfc5652.py |
| |
| _cmsAttributesMapUpdate = { |
| id_aa_ets_otherSigCert: OtherSigningCertificate(), |
| id_aa_ets_sigPolicyId: SignaturePolicy(), |
| id_aa_ets_commitmentType: CommitmentTypeIndication(), |
| id_aa_ets_signerLocation: SignerLocation(), |
| id_aa_signatureTimeStampToken: SignatureTimeStampToken(), |
| id_aa_ets_contentTimestamp: ContentTimestamp(), |
| id_aa_ets_signerAttr: SignerAttribute(), |
| id_aa_ets_certificateRefs: CompleteCertificateRefs(), |
| id_aa_ets_revocationRefs: CompleteRevocationRefs(), |
| id_aa_ets_certValues: CertificateValues(), |
| id_aa_ets_revocationValues: RevocationValues(), |
| id_aa_ets_escTimeStamp: ESCTimeStampToken(), |
| id_aa_ets_certCRLTimestamp: TimestampedCertsCRLs(), |
| id_aa_ets_archiveTimestampV2: ArchiveTimeStampToken(), |
| id_aa_ets_attrCertificateRefs: AttributeCertificateRefs(), |
| id_aa_ets_attrRevocationRefs: AttributeRevocationRefs(), |
| } |
| |
| rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate) |
