Google Git
Sign in
chromium / external / github.com / etingof / pyasn1-modules / bdbcc5d9650a8e8382979f089df3307dd4121b49 / . / pyasn1_modules / rfc3125.py
blob: 00ff9bff48046eb43c7b611cae59a0fb61987991 [file] [log] [blame]
#
# This file is part of pyasn1-modules software.
#
# Created by Russ Housley with assistance from asn1ate v.0.6.0.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# Electronic Signature Policies
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc3125.txt
# https://www.rfc-editor.org/errata/eid5901
# https://www.rfc-editor.org/errata/eid5902
#
from pyasn1.type import constraint
from pyasn1.type import namedtype
from pyasn1.type import namedval
from pyasn1.type import tag
from pyasn1.type import useful
from pyasn1.type import univ
from pyasn1_modules import rfc5280
MAX = float('inf')
# Imports from RFC 5280
AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
Attribute = rfc5280.Attribute
AttributeType = rfc5280.AttributeType
AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
AttributeValue = rfc5280.AttributeValue
Certificate = rfc5280.Certificate
CertificateList = rfc5280.CertificateList
DirectoryString = rfc5280.DirectoryString
GeneralName = rfc5280.GeneralName
GeneralNames = rfc5280.GeneralNames
Name = rfc5280.Name
PolicyInformation = rfc5280.PolicyInformation
# Electronic Signature Policies
class CertPolicyId(univ.ObjectIdentifier):
pass
class AcceptablePolicySet(univ.SequenceOf):
componentType = CertPolicyId()
class SignPolExtn(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('extnID', univ.ObjectIdentifier()),
namedtype.NamedType('extnValue', univ.OctetString())
)
class SignPolExtensions(univ.SequenceOf):
componentType = SignPolExtn()
class AlgAndLength(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('algID', univ.ObjectIdentifier()),
namedtype.OptionalNamedType('minKeyLength', univ.Integer()),
namedtype.OptionalNamedType('other', SignPolExtensions())
)
class AlgorithmConstraints(univ.SequenceOf):
componentType = AlgAndLength()
class AlgorithmConstraintSet(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('signerAlgorithmConstraints',
AlgorithmConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('eeCertAlgorithmConstraints',
AlgorithmConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('caCertAlgorithmConstraints',
AlgorithmConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('aaCertAlgorithmConstraints',
AlgorithmConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('tsaCertAlgorithmConstraints',
AlgorithmConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 4)))
)
class AttributeValueConstraints(univ.SequenceOf):
componentType = AttributeTypeAndValue()
class AttributeTypeConstraints(univ.SequenceOf):
componentType = AttributeType()
class AttributeConstraints(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('attributeTypeConstarints',
AttributeTypeConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('attributeValueConstarints',
AttributeValueConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class HowCertAttribute(univ.Enumerated):
namedValues = namedval.NamedValues(
('claimedAttribute', 0),
('certifiedAttribtes', 1),
('either', 2)
)
class SkipCerts(univ.Integer):
subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
class PolicyConstraints(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('requireExplicitPolicy',
SkipCerts().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('inhibitPolicyMapping',
SkipCerts().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class BaseDistance(univ.Integer):
subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
class GeneralSubtree(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('base', GeneralName()),
namedtype.DefaultedNamedType('minimum',
BaseDistance().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
value=0)),
namedtype.OptionalNamedType('maximum',
BaseDistance().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class GeneralSubtrees(univ.SequenceOf):
componentType = GeneralSubtree()
subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
class NameConstraints(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('permittedSubtrees',
GeneralSubtrees().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('excludedSubtrees',
GeneralSubtrees().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class PathLenConstraint(univ.Integer):
subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
class CertificateTrustPoint(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('trustpoint', Certificate()),
namedtype.OptionalNamedType('pathLenConstraint',
PathLenConstraint().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('acceptablePolicySet',
AcceptablePolicySet().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('nameConstraints',
NameConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('policyConstraints',
PolicyConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class CertificateTrustTrees(univ.SequenceOf):
componentType = CertificateTrustPoint()
class EnuRevReq(univ.Enumerated):
namedValues = namedval.NamedValues(
('clrCheck', 0),
('ocspCheck', 1),
('bothCheck', 2),
('eitherCheck', 3),
('noCheck', 4),
('other', 5)
)
class RevReq(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('enuRevReq', EnuRevReq()),
namedtype.OptionalNamedType('exRevReq', SignPolExtensions())
)
class CertRevReq(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('endCertRevReq', RevReq()),
namedtype.NamedType('caCerts',
RevReq().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0)))
)
class AttributeTrustCondition(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('attributeMandated', univ.Boolean()),
namedtype.NamedType('howCertAttribute', HowCertAttribute()),
namedtype.OptionalNamedType('attrCertificateTrustTrees',
CertificateTrustTrees().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('attrRevReq',
CertRevReq().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('attributeConstraints',
AttributeConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 2)))
)
class CMSAttrs(univ.SequenceOf):
componentType = univ.ObjectIdentifier()
class CertInfoReq(univ.Enumerated):
namedValues = namedval.NamedValues(
('none', 0),
('signerOnly', 1),
('fullPath', 2)
)
class CertRefReq(univ.Enumerated):
namedValues = namedval.NamedValues(
('signerOnly', 1),
('fullPath', 2)
)
class DeltaTime(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('deltaSeconds', univ.Integer()),
namedtype.NamedType('deltaMinutes', univ.Integer()),
namedtype.NamedType('deltaHours', univ.Integer()),
namedtype.NamedType('deltaDays', univ.Integer())
)
class TimestampTrustCondition(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('ttsCertificateTrustTrees',
CertificateTrustTrees().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('ttsRevReq',
CertRevReq().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('ttsNameConstraints',
NameConstraints().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('cautionPeriod',
DeltaTime().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.OptionalNamedType('signatureTimestampDelay',
DeltaTime().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 4)))
)
class SignerRules(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('externalSignedData', univ.Boolean()),
namedtype.NamedType('mandatedSignedAttr', CMSAttrs()),
namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()),
namedtype.DefaultedNamedType('mandatedCertificateRef',
CertRefReq().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
value='signerOnly')),
namedtype.DefaultedNamedType('mandatedCertificateInfo',
CertInfoReq().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
value='none')),
namedtype.OptionalNamedType('signPolExtensions',
SignPolExtensions().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class MandatedUnsignedAttr(CMSAttrs):
pass
class VerifierRules(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()),
namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
)
class SignerAndVerifierRules(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('signerRules', SignerRules()),
namedtype.NamedType('verifierRules', VerifierRules())
)
class SigningCertTrustCondition(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()),
namedtype.NamedType('signerRevReq', CertRevReq())
)
class CommitmentTypeIdentifier(univ.ObjectIdentifier):
pass
class FieldOfApplication(DirectoryString):
pass
class CommitmentType(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('identifier', CommitmentTypeIdentifier()),
namedtype.OptionalNamedType('fieldOfApplication',
FieldOfApplication().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('semantics',
DirectoryString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class SelectedCommitmentTypes(univ.SequenceOf):
componentType = univ.Choice(componentType=namedtype.NamedTypes(
namedtype.NamedType('empty', univ.Null()),
namedtype.NamedType('recognizedCommitmentType', CommitmentType())
))
class CommitmentRule(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()),
namedtype.OptionalNamedType('signerAndVeriferRules',
SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType('signingCertTrustCondition',
SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('timeStampTrustCondition',
TimestampTrustCondition().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('attributeTrustCondition',
AttributeTrustCondition().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.OptionalNamedType('algorithmConstraintSet',
AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('signPolExtensions',
SignPolExtensions().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5)))
)
class CommitmentRules(univ.SequenceOf):
componentType = CommitmentRule()
class CommonRules(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('signerAndVeriferRules',
SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType('signingCertTrustCondition',
SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('timeStampTrustCondition',
TimestampTrustCondition().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('attributeTrustCondition',
AttributeTrustCondition().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.OptionalNamedType('algorithmConstraintSet',
AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('signPolExtensions',
SignPolExtensions().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5)))
)
class PolicyIssuerName(GeneralNames):
pass
class SignPolicyHash(univ.OctetString):
pass
class SignPolicyId(univ.ObjectIdentifier):
pass
class SigningPeriod(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('notBefore', useful.GeneralizedTime()),
namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime())
)
class SignatureValidationPolicy(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('signingPeriod', SigningPeriod()),
namedtype.NamedType('commonRules', CommonRules()),
namedtype.NamedType('commitmentRules', CommitmentRules()),
namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
)
class SignPolicyInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('signPolicyIdentifier', SignPolicyId()),
namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()),
namedtype.NamedType('policyIssuerName', PolicyIssuerName()),
namedtype.NamedType('fieldOfApplication', FieldOfApplication()),
namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()),
namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
)
class SignaturePolicy(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()),
namedtype.NamedType('signPolicyInfo', SignPolicyInfo()),
namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash())
)