1 # coding: utf-8 2 # 3 # This file is part of pyasn1-modules software. 4 # 5 # Created by Stanisaw Pitucha with asn1ate tool. 6 # Copyright (c) 2005-2017, Ilya Etingof <etingof (at] gmail.com> 7 # License: http://pyasn1.sf.net/license.html 8 # 9 # An Internet Attribute Certificate Profile for Authorization 10 # 11 # ASN.1 source from: 12 # http://www.ietf.org/rfc/rfc3281.txt 13 # 14 from pyasn1.type import char 15 from pyasn1.type import constraint 16 from pyasn1.type import namedtype 17 from pyasn1.type import namedval 18 from pyasn1.type import tag 19 from pyasn1.type import univ 20 from pyasn1.type import useful 21 22 from pyasn1_modules import rfc3280 23 24 MAX = float('inf') 25 26 27 def _buildOid(*components): 28 output = [] 29 for x in tuple(components): 30 if isinstance(x, univ.ObjectIdentifier): 31 output.extend(list(x)) 32 else: 33 output.append(int(x)) 34 35 return univ.ObjectIdentifier(output) 36 37 38 class ObjectDigestInfo(univ.Sequence): 39 pass 40 41 42 ObjectDigestInfo.componentType = namedtype.NamedTypes( 43 namedtype.NamedType('digestedObjectType', univ.Enumerated( 44 namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))), 45 namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()), 46 namedtype.NamedType('digestAlgorithm', rfc3280.AlgorithmIdentifier()), 47 namedtype.NamedType('objectDigest', univ.BitString()) 48 ) 49 50 51 class IssuerSerial(univ.Sequence): 52 pass 53 54 55 IssuerSerial.componentType = namedtype.NamedTypes( 56 namedtype.NamedType('issuer', rfc3280.GeneralNames()), 57 namedtype.NamedType('serial', rfc3280.CertificateSerialNumber()), 58 namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier()) 59 ) 60 61 62 class TargetCert(univ.Sequence): 63 pass 64 65 66 TargetCert.componentType = namedtype.NamedTypes( 67 namedtype.NamedType('targetCertificate', IssuerSerial()), 68 namedtype.OptionalNamedType('targetName', rfc3280.GeneralName()), 69 namedtype.OptionalNamedType('certDigestInfo', ObjectDigestInfo()) 70 ) 71 72 73 class Target(univ.Choice): 74 pass 75 76 77 Target.componentType = namedtype.NamedTypes( 78 namedtype.NamedType('targetName', rfc3280.GeneralName().subtype( 79 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 80 namedtype.NamedType('targetGroup', rfc3280.GeneralName().subtype( 81 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 82 namedtype.NamedType('targetCert', 83 TargetCert().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 84 ) 85 86 87 class Targets(univ.SequenceOf): 88 pass 89 90 91 Targets.componentType = Target() 92 93 94 class ProxyInfo(univ.SequenceOf): 95 pass 96 97 98 ProxyInfo.componentType = Targets() 99 100 id_at_role = _buildOid(rfc3280.id_at, 72) 101 102 id_pe_aaControls = _buildOid(rfc3280.id_pe, 6) 103 104 id_ce_targetInformation = _buildOid(rfc3280.id_ce, 55) 105 106 id_pe_ac_auditIdentity = _buildOid(rfc3280.id_pe, 4) 107 108 109 class ClassList(univ.BitString): 110 pass 111 112 113 ClassList.namedValues = namedval.NamedValues( 114 ('unmarked', 0), 115 ('unclassified', 1), 116 ('restricted', 2), 117 ('confidential', 3), 118 ('secret', 4), 119 ('topSecret', 5) 120 ) 121 122 123 class SecurityCategory(univ.Sequence): 124 pass 125 126 127 SecurityCategory.componentType = namedtype.NamedTypes( 128 namedtype.NamedType('type', univ.ObjectIdentifier().subtype( 129 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 130 namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 131 ) 132 133 134 class Clearance(univ.Sequence): 135 pass 136 137 138 Clearance.componentType = namedtype.NamedTypes( 139 namedtype.NamedType('policyId', univ.ObjectIdentifier().subtype( 140 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 141 namedtype.DefaultedNamedType('classList', 142 ClassList().subtype(implicitTag=tag.Tag(tag.tagClassContext, 143 tag.tagFormatSimple, 1)).subtype( 144 value="unclassified")), 145 namedtype.OptionalNamedType('securityCategories', univ.SetOf(componentType=SecurityCategory()).subtype( 146 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) 147 ) 148 149 150 class AttCertVersion(univ.Integer): 151 pass 152 153 154 AttCertVersion.namedValues = namedval.NamedValues( 155 ('v2', 1) 156 ) 157 158 id_aca = _buildOid(rfc3280.id_pkix, 10) 159 160 id_at_clearance = _buildOid(2, 5, 1, 5, 55) 161 162 163 class AttrSpec(univ.SequenceOf): 164 pass 165 166 167 AttrSpec.componentType = univ.ObjectIdentifier() 168 169 170 class AAControls(univ.Sequence): 171 pass 172 173 174 AAControls.componentType = namedtype.NamedTypes( 175 namedtype.OptionalNamedType('pathLenConstraint', 176 univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), 177 namedtype.OptionalNamedType('permittedAttrs', 178 AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 179 namedtype.OptionalNamedType('excludedAttrs', 180 AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 181 namedtype.DefaultedNamedType('permitUnSpecified', univ.Boolean().subtype(value=1)) 182 ) 183 184 185 class AttCertValidityPeriod(univ.Sequence): 186 pass 187 188 189 AttCertValidityPeriod.componentType = namedtype.NamedTypes( 190 namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()), 191 namedtype.NamedType('notAfterTime', useful.GeneralizedTime()) 192 ) 193 194 195 id_aca_authenticationInfo = _buildOid(id_aca, 1) 196 197 198 class V2Form(univ.Sequence): 199 pass 200 201 202 V2Form.componentType = namedtype.NamedTypes( 203 namedtype.OptionalNamedType('issuerName', rfc3280.GeneralNames()), 204 namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype( 205 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 206 namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype( 207 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 208 ) 209 210 211 class AttCertIssuer(univ.Choice): 212 pass 213 214 215 AttCertIssuer.componentType = namedtype.NamedTypes( 216 namedtype.NamedType('v1Form', rfc3280.GeneralNames()), 217 namedtype.NamedType('v2Form', 218 V2Form().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) 219 ) 220 221 222 class Holder(univ.Sequence): 223 pass 224 225 226 Holder.componentType = namedtype.NamedTypes( 227 namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype( 228 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 229 namedtype.OptionalNamedType('entityName', rfc3280.GeneralNames().subtype( 230 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 231 namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype( 232 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 233 ) 234 235 236 class AttributeCertificateInfo(univ.Sequence): 237 pass 238 239 240 AttributeCertificateInfo.componentType = namedtype.NamedTypes( 241 namedtype.NamedType('version', AttCertVersion()), 242 namedtype.NamedType('holder', Holder()), 243 namedtype.NamedType('issuer', AttCertIssuer()), 244 namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()), 245 namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()), 246 namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()), 247 namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())), 248 namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()), 249 namedtype.OptionalNamedType('extensions', rfc3280.Extensions()) 250 ) 251 252 253 class AttributeCertificate(univ.Sequence): 254 pass 255 256 257 AttributeCertificate.componentType = namedtype.NamedTypes( 258 namedtype.NamedType('acinfo', AttributeCertificateInfo()), 259 namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()), 260 namedtype.NamedType('signatureValue', univ.BitString()) 261 ) 262 263 id_mod = _buildOid(rfc3280.id_pkix, 0) 264 265 id_mod_attribute_cert = _buildOid(id_mod, 12) 266 267 id_aca_accessIdentity = _buildOid(id_aca, 2) 268 269 270 class RoleSyntax(univ.Sequence): 271 pass 272 273 274 RoleSyntax.componentType = namedtype.NamedTypes( 275 namedtype.OptionalNamedType('roleAuthority', rfc3280.GeneralNames().subtype( 276 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 277 namedtype.NamedType('roleName', 278 rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 279 ) 280 281 id_aca_chargingIdentity = _buildOid(id_aca, 3) 282 283 284 class ACClearAttrs(univ.Sequence): 285 pass 286 287 288 ACClearAttrs.componentType = namedtype.NamedTypes( 289 namedtype.NamedType('acIssuer', rfc3280.GeneralName()), 290 namedtype.NamedType('acSerial', univ.Integer()), 291 namedtype.NamedType('attrs', univ.SequenceOf(componentType=rfc3280.Attribute())) 292 ) 293 294 id_aca_group = _buildOid(id_aca, 4) 295 296 id_pe_ac_proxying = _buildOid(rfc3280.id_pe, 10) 297 298 299 class SvceAuthInfo(univ.Sequence): 300 pass 301 302 303 SvceAuthInfo.componentType = namedtype.NamedTypes( 304 namedtype.NamedType('service', rfc3280.GeneralName()), 305 namedtype.NamedType('ident', rfc3280.GeneralName()), 306 namedtype.OptionalNamedType('authInfo', univ.OctetString()) 307 ) 308 309 310 class IetfAttrSyntax(univ.Sequence): 311 pass 312 313 314 IetfAttrSyntax.componentType = namedtype.NamedTypes( 315 namedtype.OptionalNamedType( 316 'policyAuthority', rfc3280.GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) 317 ), 318 namedtype.NamedType( 319 'values', univ.SequenceOf( 320 componentType=univ.Choice( 321 componentType=namedtype.NamedTypes( 322 namedtype.NamedType('octets', univ.OctetString()), 323 namedtype.NamedType('oid', univ.ObjectIdentifier()), 324 namedtype.NamedType('string', char.UTF8String()) 325 ) 326 ) 327 ) 328 ) 329 ) 330 331 id_aca_encAttrs = _buildOid(id_aca, 6) 332
