| # |
| # This file is part of pyasn1-modules software. |
| # |
| # Created by Russ Housley with assistance from asn1ate v.0.6.0. |
| # |
| # Copyright (c) 2019, Vigil Security, LLC |
| # License: http://snmplabs.com/pyasn1/license.html |
| # |
| # Electronic Signature Policies |
| # |
| # ASN.1 source from: |
| # https://www.rfc-editor.org/rfc/rfc3125.txt |
| # https://www.rfc-editor.org/errata/eid5901 |
| # https://www.rfc-editor.org/errata/eid5902 |
| # |
| |
| from pyasn1.type import constraint |
| from pyasn1.type import namedtype |
| from pyasn1.type import namedval |
| from pyasn1.type import tag |
| from pyasn1.type import useful |
| from pyasn1.type import univ |
| |
| from pyasn1_modules import rfc5280 |
| |
| MAX = float('inf') |
| |
| |
| # Imports from RFC 5280 |
| |
| AlgorithmIdentifier = rfc5280.AlgorithmIdentifier |
| |
| Attribute = rfc5280.Attribute |
| |
| AttributeType = rfc5280.AttributeType |
| |
| AttributeTypeAndValue = rfc5280.AttributeTypeAndValue |
| |
| AttributeValue = rfc5280.AttributeValue |
| |
| Certificate = rfc5280.Certificate |
| |
| CertificateList = rfc5280.CertificateList |
| |
| DirectoryString = rfc5280.DirectoryString |
| |
| GeneralName = rfc5280.GeneralName |
| |
| GeneralNames = rfc5280.GeneralNames |
| |
| Name = rfc5280.Name |
| |
| PolicyInformation = rfc5280.PolicyInformation |
| |
| |
| # Electronic Signature Policies |
| |
| class CertPolicyId(univ.ObjectIdentifier): |
| pass |
| |
| |
| class AcceptablePolicySet(univ.SequenceOf): |
| componentType = CertPolicyId() |
| |
| |
| class SignPolExtn(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('extnID', univ.ObjectIdentifier()), |
| namedtype.NamedType('extnValue', univ.OctetString()) |
| ) |
| |
| |
| class SignPolExtensions(univ.SequenceOf): |
| componentType = SignPolExtn() |
| |
| |
| class AlgAndLength(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('algID', univ.ObjectIdentifier()), |
| namedtype.OptionalNamedType('minKeyLength', univ.Integer()), |
| namedtype.OptionalNamedType('other', SignPolExtensions()) |
| ) |
| |
| |
| class AlgorithmConstraints(univ.SequenceOf): |
| componentType = AlgAndLength() |
| |
| |
| class AlgorithmConstraintSet(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('signerAlgorithmConstraints', |
| AlgorithmConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('eeCertAlgorithmConstraints', |
| AlgorithmConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))), |
| namedtype.OptionalNamedType('caCertAlgorithmConstraints', |
| AlgorithmConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 2))), |
| namedtype.OptionalNamedType('aaCertAlgorithmConstraints', |
| AlgorithmConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 3))), |
| namedtype.OptionalNamedType('tsaCertAlgorithmConstraints', |
| AlgorithmConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 4))) |
| ) |
| |
| |
| class AttributeValueConstraints(univ.SequenceOf): |
| componentType = AttributeTypeAndValue() |
| |
| |
| class AttributeTypeConstraints(univ.SequenceOf): |
| componentType = AttributeType() |
| |
| |
| class AttributeConstraints(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('attributeTypeConstarints', |
| AttributeTypeConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('attributeValueConstarints', |
| AttributeValueConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))) |
| ) |
| |
| |
| class HowCertAttribute(univ.Enumerated): |
| namedValues = namedval.NamedValues( |
| ('claimedAttribute', 0), |
| ('certifiedAttribtes', 1), |
| ('either', 2) |
| ) |
| |
| |
| class SkipCerts(univ.Integer): |
| subtypeSpec = constraint.ValueRangeConstraint(0, MAX) |
| |
| |
| class PolicyConstraints(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('requireExplicitPolicy', |
| SkipCerts().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('inhibitPolicyMapping', |
| SkipCerts().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))) |
| ) |
| |
| |
| class BaseDistance(univ.Integer): |
| subtypeSpec = constraint.ValueRangeConstraint(0, MAX) |
| |
| |
| class GeneralSubtree(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('base', GeneralName()), |
| namedtype.DefaultedNamedType('minimum', |
| BaseDistance().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0)).subtype( |
| value=0)), |
| namedtype.OptionalNamedType('maximum', |
| BaseDistance().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))) |
| ) |
| |
| |
| class GeneralSubtrees(univ.SequenceOf): |
| componentType = GeneralSubtree() |
| subtypeSpec = constraint.ValueSizeConstraint(1, MAX) |
| |
| |
| class NameConstraints(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('permittedSubtrees', |
| GeneralSubtrees().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('excludedSubtrees', |
| GeneralSubtrees().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))) |
| ) |
| |
| |
| class PathLenConstraint(univ.Integer): |
| subtypeSpec = constraint.ValueRangeConstraint(0, MAX) |
| |
| |
| class CertificateTrustPoint(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('trustpoint', Certificate()), |
| namedtype.OptionalNamedType('pathLenConstraint', |
| PathLenConstraint().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('acceptablePolicySet', |
| AcceptablePolicySet().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))), |
| namedtype.OptionalNamedType('nameConstraints', |
| NameConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))), |
| namedtype.OptionalNamedType('policyConstraints', |
| PolicyConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 3))) |
| ) |
| |
| |
| class CertificateTrustTrees(univ.SequenceOf): |
| componentType = CertificateTrustPoint() |
| |
| |
| class EnuRevReq(univ.Enumerated): |
| namedValues = namedval.NamedValues( |
| ('clrCheck', 0), |
| ('ocspCheck', 1), |
| ('bothCheck', 2), |
| ('eitherCheck', 3), |
| ('noCheck', 4), |
| ('other', 5) |
| ) |
| |
| |
| class RevReq(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('enuRevReq', EnuRevReq()), |
| namedtype.OptionalNamedType('exRevReq', SignPolExtensions()) |
| ) |
| |
| |
| class CertRevReq(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('endCertRevReq', RevReq()), |
| namedtype.NamedType('caCerts', |
| RevReq().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 0))) |
| ) |
| |
| |
| class AttributeTrustCondition(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('attributeMandated', univ.Boolean()), |
| namedtype.NamedType('howCertAttribute', HowCertAttribute()), |
| namedtype.OptionalNamedType('attrCertificateTrustTrees', |
| CertificateTrustTrees().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('attrRevReq', |
| CertRevReq().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 1))), |
| namedtype.OptionalNamedType('attributeConstraints', |
| AttributeConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))) |
| ) |
| |
| |
| class CMSAttrs(univ.SequenceOf): |
| componentType = univ.ObjectIdentifier() |
| |
| |
| class CertInfoReq(univ.Enumerated): |
| namedValues = namedval.NamedValues( |
| ('none', 0), |
| ('signerOnly', 1), |
| ('fullPath', 2) |
| ) |
| |
| |
| class CertRefReq(univ.Enumerated): |
| namedValues = namedval.NamedValues( |
| ('signerOnly', 1), |
| ('fullPath', 2) |
| ) |
| |
| |
| class DeltaTime(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('deltaSeconds', univ.Integer()), |
| namedtype.NamedType('deltaMinutes', univ.Integer()), |
| namedtype.NamedType('deltaHours', univ.Integer()), |
| namedtype.NamedType('deltaDays', univ.Integer()) |
| ) |
| |
| |
| class TimestampTrustCondition(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('ttsCertificateTrustTrees', |
| CertificateTrustTrees().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('ttsRevReq', |
| CertRevReq().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 1))), |
| namedtype.OptionalNamedType('ttsNameConstraints', |
| NameConstraints().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))), |
| namedtype.OptionalNamedType('cautionPeriod', |
| DeltaTime().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 3))), |
| namedtype.OptionalNamedType('signatureTimestampDelay', |
| DeltaTime().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 4))) |
| ) |
| |
| |
| class SignerRules(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('externalSignedData', univ.Boolean()), |
| namedtype.NamedType('mandatedSignedAttr', CMSAttrs()), |
| namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()), |
| namedtype.DefaultedNamedType('mandatedCertificateRef', |
| CertRefReq().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0)).subtype( |
| value='signerOnly')), |
| namedtype.DefaultedNamedType('mandatedCertificateInfo', |
| CertInfoReq().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1)).subtype( |
| value='none')), |
| namedtype.OptionalNamedType('signPolExtensions', |
| SignPolExtensions().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 2))) |
| ) |
| |
| |
| class MandatedUnsignedAttr(CMSAttrs): |
| pass |
| |
| |
| class VerifierRules(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()), |
| namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()) |
| ) |
| |
| |
| class SignerAndVerifierRules(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('signerRules', SignerRules()), |
| namedtype.NamedType('verifierRules', VerifierRules()) |
| ) |
| |
| |
| class SigningCertTrustCondition(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()), |
| namedtype.NamedType('signerRevReq', CertRevReq()) |
| ) |
| |
| |
| class CommitmentTypeIdentifier(univ.ObjectIdentifier): |
| pass |
| |
| |
| class FieldOfApplication(DirectoryString): |
| pass |
| |
| |
| class CommitmentType(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('identifier', CommitmentTypeIdentifier()), |
| namedtype.OptionalNamedType('fieldOfApplication', |
| FieldOfApplication().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 0))), |
| namedtype.OptionalNamedType('semantics', |
| DirectoryString().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 1))) |
| ) |
| |
| |
| class SelectedCommitmentTypes(univ.SequenceOf): |
| componentType = univ.Choice(componentType=namedtype.NamedTypes( |
| namedtype.NamedType('empty', univ.Null()), |
| namedtype.NamedType('recognizedCommitmentType', CommitmentType()) |
| )) |
| |
| |
| class CommitmentRule(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()), |
| namedtype.OptionalNamedType('signerAndVeriferRules', |
| SignerAndVerifierRules().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 0))), |
| namedtype.OptionalNamedType('signingCertTrustCondition', |
| SigningCertTrustCondition().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 1))), |
| namedtype.OptionalNamedType('timeStampTrustCondition', |
| TimestampTrustCondition().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))), |
| namedtype.OptionalNamedType('attributeTrustCondition', |
| AttributeTrustCondition().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 3))), |
| namedtype.OptionalNamedType('algorithmConstraintSet', |
| AlgorithmConstraintSet().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 4))), |
| namedtype.OptionalNamedType('signPolExtensions', |
| SignPolExtensions().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 5))) |
| ) |
| |
| |
| class CommitmentRules(univ.SequenceOf): |
| componentType = CommitmentRule() |
| |
| |
| class CommonRules(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.OptionalNamedType('signerAndVeriferRules', |
| SignerAndVerifierRules().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 0))), |
| namedtype.OptionalNamedType('signingCertTrustCondition', |
| SigningCertTrustCondition().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 1))), |
| namedtype.OptionalNamedType('timeStampTrustCondition', |
| TimestampTrustCondition().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 2))), |
| namedtype.OptionalNamedType('attributeTrustCondition', |
| AttributeTrustCondition().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 3))), |
| namedtype.OptionalNamedType('algorithmConstraintSet', |
| AlgorithmConstraintSet().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatConstructed, 4))), |
| namedtype.OptionalNamedType('signPolExtensions', |
| SignPolExtensions().subtype(explicitTag=tag.Tag( |
| tag.tagClassContext, tag.tagFormatSimple, 5))) |
| ) |
| |
| |
| class PolicyIssuerName(GeneralNames): |
| pass |
| |
| |
| class SignPolicyHash(univ.OctetString): |
| pass |
| |
| |
| class SignPolicyId(univ.ObjectIdentifier): |
| pass |
| |
| |
| class SigningPeriod(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('notBefore', useful.GeneralizedTime()), |
| namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime()) |
| ) |
| |
| |
| class SignatureValidationPolicy(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('signingPeriod', SigningPeriod()), |
| namedtype.NamedType('commonRules', CommonRules()), |
| namedtype.NamedType('commitmentRules', CommitmentRules()), |
| namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()) |
| ) |
| |
| |
| class SignPolicyInfo(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('signPolicyIdentifier', SignPolicyId()), |
| namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()), |
| namedtype.NamedType('policyIssuerName', PolicyIssuerName()), |
| namedtype.NamedType('fieldOfApplication', FieldOfApplication()), |
| namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()), |
| namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()) |
| ) |
| |
| |
| class SignaturePolicy(univ.Sequence): |
| componentType = namedtype.NamedTypes( |
| namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()), |
| namedtype.NamedType('signPolicyInfo', SignPolicyInfo()), |
| namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash()) |
| ) |
| |
| |