1 ## This file is part of Scapy 2 ## See http://www.secdev.org/projects/scapy for more informations 3 ## Copyright (C) Philippe Biondi <phil (at] secdev.org> 4 ## Modified by Maxence Tury <maxence.tury (at] ssi.gouv.fr> 5 ## This program is published under a GPLv2 license 6 7 """ 8 Management Information Base (MIB) parsing 9 """ 10 11 from __future__ import absolute_import 12 import re 13 from glob import glob 14 from scapy.dadict import DADict,fixname 15 from scapy.config import conf 16 from scapy.utils import do_graph 17 import scapy.modules.six as six 18 from scapy.compat import * 19 20 ################# 21 ## MIB parsing ## 22 ################# 23 24 _mib_re_integer = re.compile("^[0-9]+$") 25 _mib_re_both = re.compile("^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$") 26 _mib_re_oiddecl = re.compile("$\s*([a-zA-Z0-9_-]+)\s+OBJECT([^:\{\}]|\{[^:]+\})+::=\s*\{([^\}]+)\}",re.M) 27 _mib_re_strings = re.compile('"[^"]*"') 28 _mib_re_comments = re.compile('--.*(\r|\n)') 29 30 class MIBDict(DADict): 31 def _findroot(self, x): 32 if x.startswith("."): 33 x = x[1:] 34 if not x.endswith("."): 35 x += "." 36 max=0 37 root="." 38 for k in six.iterkeys(self): 39 if x.startswith(self[k]+"."): 40 if max < len(self[k]): 41 max = len(self[k]) 42 root = k 43 return root, x[max:-1] 44 def _oidname(self, x): 45 root,remainder = self._findroot(x) 46 return root+remainder 47 def _oid(self, x): 48 xl = x.strip(".").split(".") 49 p = len(xl)-1 50 while p >= 0 and _mib_re_integer.match(xl[p]): 51 p -= 1 52 if p != 0 or xl[p] not in self: 53 return x 54 xl[p] = self[xl[p]] 55 return ".".join(xl[p:]) 56 def _make_graph(self, other_keys=None, **kargs): 57 if other_keys is None: 58 other_keys = [] 59 nodes = [(k, self[k]) for k in six.iterkeys(self)] 60 oids = [self[k] for k in six.iterkeys(self)] 61 for k in other_keys: 62 if k not in oids: 63 nodes.append(self.oidname(k),k) 64 s = 'digraph "mib" {\n\trankdir=LR;\n\n' 65 for k,o in nodes: 66 s += '\t"%s" [ label="%s" ];\n' % (o,k) 67 s += "\n" 68 for k,o in nodes: 69 parent,remainder = self._findroot(o[:-1]) 70 remainder = remainder[1:]+o[-1] 71 if parent != ".": 72 parent = self[parent] 73 s += '\t"%s" -> "%s" [label="%s"];\n' % (parent, o,remainder) 74 s += "}\n" 75 do_graph(s, **kargs) 76 77 78 def mib_register(ident, value, the_mib, unresolved): 79 if ident in the_mib or ident in unresolved: 80 return ident in the_mib 81 resval = [] 82 not_resolved = 0 83 for v in value: 84 if _mib_re_integer.match(v): 85 resval.append(v) 86 else: 87 v = fixname(plain_str(v)) 88 if v not in the_mib: 89 not_resolved = 1 90 if v in the_mib: 91 v = the_mib[v] 92 elif v in unresolved: 93 v = unresolved[v] 94 if isinstance(v, list): 95 resval += v 96 else: 97 resval.append(v) 98 if not_resolved: 99 unresolved[ident] = resval 100 return False 101 else: 102 the_mib[ident] = resval 103 keys = list(unresolved) 104 i = 0 105 while i < len(keys): 106 k = keys[i] 107 if mib_register(k,unresolved[k], the_mib, {}): 108 del(unresolved[k]) 109 del(keys[i]) 110 i = 0 111 else: 112 i += 1 113 114 return True 115 116 117 def load_mib(filenames): 118 the_mib = {'iso': ['1']} 119 unresolved = {} 120 for k in six.iterkeys(conf.mib): 121 mib_register(k, conf.mib[k].split("."), the_mib, unresolved) 122 123 if isinstance(filenames, (str, bytes)): 124 filenames = [filenames] 125 for fnames in filenames: 126 for fname in glob(fnames): 127 f = open(fname) 128 text = f.read() 129 cleantext = " ".join(_mib_re_strings.split(" ".join(_mib_re_comments.split(text)))) 130 for m in _mib_re_oiddecl.finditer(cleantext): 131 gr = m.groups() 132 ident,oid = gr[0],gr[-1] 133 ident=fixname(ident) 134 oid = oid.split() 135 for i, elt in enumerate(oid): 136 m = _mib_re_both.match(elt) 137 if m: 138 oid[i] = m.groups()[1] 139 mib_register(ident, oid, the_mib, unresolved) 140 141 newmib = MIBDict(_name="MIB") 142 for k,o in six.iteritems(the_mib): 143 newmib[k]=".".join(o) 144 for k,o in six.iteritems(unresolved): 145 newmib[k]=".".join(o) 146 147 conf.mib=newmib 148 149 150 #################### 151 ## OID references ## 152 #################### 153 154 ####### pkcs1 ####### 155 156 pkcs1_oids = { 157 "rsaEncryption" : "1.2.840.113549.1.1.1", 158 "md2WithRSAEncryption" : "1.2.840.113549.1.1.2", 159 "md4WithRSAEncryption" : "1.2.840.113549.1.1.3", 160 "md5WithRSAEncryption" : "1.2.840.113549.1.1.4", 161 "sha1-with-rsa-signature" : "1.2.840.113549.1.1.5", 162 "rsaOAEPEncryptionSET" : "1.2.840.113549.1.1.6", 163 "id-RSAES-OAEP" : "1.2.840.113549.1.1.7", 164 "id-mgf1" : "1.2.840.113549.1.1.8", 165 "id-pSpecified" : "1.2.840.113549.1.1.9", 166 "rsassa-pss" : "1.2.840.113549.1.1.10", 167 "sha256WithRSAEncryption" : "1.2.840.113549.1.1.11", 168 "sha384WithRSAEncryption" : "1.2.840.113549.1.1.12", 169 "sha512WithRSAEncryption" : "1.2.840.113549.1.1.13", 170 "sha224WithRSAEncryption" : "1.2.840.113549.1.1.14" 171 } 172 173 ####### secsig oiw ####### 174 175 secsig_oids = { 176 "sha1" : "1.3.14.3.2.26" 177 } 178 179 ####### pkcs9 ####### 180 181 pkcs9_oids = { 182 "modules" : "1.2.840.113549.1.9.0", 183 "emailAddress" : "1.2.840.113549.1.9.1", 184 "unstructuredName" : "1.2.840.113549.1.9.2", 185 "contentType" : "1.2.840.113549.1.9.3", 186 "messageDigest" : "1.2.840.113549.1.9.4", 187 "signing-time" : "1.2.840.113549.1.9.5", 188 "countersignature" : "1.2.840.113549.1.9.6", 189 "challengePassword" : "1.2.840.113549.1.9.7", 190 "unstructuredAddress" : "1.2.840.113549.1.9.8", 191 "extendedCertificateAttributes" : "1.2.840.113549.1.9.9", 192 "signingDescription" : "1.2.840.113549.1.9.13", 193 "extensionRequest" : "1.2.840.113549.1.9.14", 194 "smimeCapabilities" : "1.2.840.113549.1.9.15", 195 "smime" : "1.2.840.113549.1.9.16", 196 "pgpKeyID" : "1.2.840.113549.1.9.17", 197 "friendlyName" : "1.2.840.113549.1.9.20", 198 "localKeyID" : "1.2.840.113549.1.9.21", 199 "certTypes" : "1.2.840.113549.1.9.22", 200 "crlTypes" : "1.2.840.113549.1.9.23", 201 "pkcs-9-oc" : "1.2.840.113549.1.9.24", 202 "pkcs-9-at" : "1.2.840.113549.1.9.25", 203 "pkcs-9-sx" : "1.2.840.113549.1.9.26", 204 "pkcs-9-mr" : "1.2.840.113549.1.9.27", 205 "id-aa-CMSAlgorithmProtection" : "1.2.840.113549.1.9.52" 206 } 207 208 ####### x509 ####### 209 210 attributeType_oids = { 211 "objectClass" : "2.5.4.0", 212 "aliasedEntryName" : "2.5.4.1", 213 "knowledgeInformation" : "2.5.4.2", 214 "commonName" : "2.5.4.3", 215 "surname" : "2.5.4.4", 216 "serialNumber" : "2.5.4.5", 217 "countryName" : "2.5.4.6", 218 "localityName" : "2.5.4.7", 219 "stateOrProvinceName" : "2.5.4.8", 220 "streetAddress" : "2.5.4.9", 221 "organizationName" : "2.5.4.10", 222 "organizationUnitName" : "2.5.4.11", 223 "title" : "2.5.4.12", 224 "description" : "2.5.4.13", 225 "searchGuide" : "2.5.4.14", 226 "businessCategory" : "2.5.4.15", 227 "postalAddress" : "2.5.4.16", 228 "postalCode" : "2.5.4.17", 229 "postOfficeBox" : "2.5.4.18", 230 "physicalDeliveryOfficeName" : "2.5.4.19", 231 "telephoneNumber" : "2.5.4.20", 232 "telexNumber" : "2.5.4.21", 233 "teletexTerminalIdentifier" : "2.5.4.22", 234 "facsimileTelephoneNumber" : "2.5.4.23", 235 "x121Address" : "2.5.4.24", 236 "internationalISDNNumber" : "2.5.4.25", 237 "registeredAddress" : "2.5.4.26", 238 "destinationIndicator" : "2.5.4.27", 239 "preferredDeliveryMethod" : "2.5.4.28", 240 "presentationAddress" : "2.5.4.29", 241 "supportedApplicationContext" : "2.5.4.30", 242 "member" : "2.5.4.31", 243 "owner" : "2.5.4.32", 244 "roleOccupant" : "2.5.4.33", 245 "seeAlso" : "2.5.4.34", 246 "userPassword" : "2.5.4.35", 247 "userCertificate" : "2.5.4.36", 248 "cACertificate" : "2.5.4.37", 249 "authorityRevocationList" : "2.5.4.38", 250 "certificateRevocationList" : "2.5.4.39", 251 "crossCertificatePair" : "2.5.4.40", 252 "name" : "2.5.4.41", 253 "givenName" : "2.5.4.42", 254 "initials" : "2.5.4.43", 255 "generationQualifier" : "2.5.4.44", 256 "uniqueIdentifier" : "2.5.4.45", 257 "dnQualifier" : "2.5.4.46", 258 "enhancedSearchGuide" : "2.5.4.47", 259 "protocolInformation" : "2.5.4.48", 260 "distinguishedName" : "2.5.4.49", 261 "uniqueMember" : "2.5.4.50", 262 "houseIdentifier" : "2.5.4.51", 263 "supportedAlgorithms" : "2.5.4.52", 264 "deltaRevocationList" : "2.5.4.53", 265 "dmdName" : "2.5.4.54", 266 "clearance" : "2.5.4.55", 267 "defaultDirQop" : "2.5.4.56", 268 "attributeIntegrityInfo" : "2.5.4.57", 269 "attributeCertificate" : "2.5.4.58", 270 "attributeCertificateRevocationList": "2.5.4.59", 271 "confKeyInfo" : "2.5.4.60", 272 "aACertificate" : "2.5.4.61", 273 "attributeDescriptorCertificate" : "2.5.4.62", 274 "attributeAuthorityRevocationList" : "2.5.4.63", 275 "family-information" : "2.5.4.64", 276 "pseudonym" : "2.5.4.65", 277 "communicationsService" : "2.5.4.66", 278 "communicationsNetwork" : "2.5.4.67", 279 "certificationPracticeStmt" : "2.5.4.68", 280 "certificatePolicy" : "2.5.4.69", 281 "pkiPath" : "2.5.4.70", 282 "privPolicy" : "2.5.4.71", 283 "role" : "2.5.4.72", 284 "delegationPath" : "2.5.4.73", 285 "protPrivPolicy" : "2.5.4.74", 286 "xMLPrivilegeInfo" : "2.5.4.75", 287 "xmlPrivPolicy" : "2.5.4.76", 288 "uuidpair" : "2.5.4.77", 289 "tagOid" : "2.5.4.78", 290 "uiiFormat" : "2.5.4.79", 291 "uiiInUrh" : "2.5.4.80", 292 "contentUrl" : "2.5.4.81", 293 "permission" : "2.5.4.82", 294 "uri" : "2.5.4.83", 295 "pwdAttribute" : "2.5.4.84", 296 "userPwd" : "2.5.4.85", 297 "urn" : "2.5.4.86", 298 "url" : "2.5.4.87", 299 "utmCoordinates" : "2.5.4.88", 300 "urnC" : "2.5.4.89", 301 "uii" : "2.5.4.90", 302 "epc" : "2.5.4.91", 303 "tagAfi" : "2.5.4.92", 304 "epcFormat" : "2.5.4.93", 305 "epcInUrn" : "2.5.4.94", 306 "ldapUrl" : "2.5.4.95", 307 "ldapUrl" : "2.5.4.96", 308 "organizationIdentifier" : "2.5.4.97" 309 } 310 311 certificateExtension_oids = { 312 "authorityKeyIdentifier" : "2.5.29.1", 313 "keyAttributes" : "2.5.29.2", 314 "certificatePolicies" : "2.5.29.3", 315 "keyUsageRestriction" : "2.5.29.4", 316 "policyMapping" : "2.5.29.5", 317 "subtreesConstraint" : "2.5.29.6", 318 "subjectAltName" : "2.5.29.7", 319 "issuerAltName" : "2.5.29.8", 320 "subjectDirectoryAttributes" : "2.5.29.9", 321 "basicConstraints" : "2.5.29.10", 322 "subjectKeyIdentifier" : "2.5.29.14", 323 "keyUsage" : "2.5.29.15", 324 "privateKeyUsagePeriod" : "2.5.29.16", 325 "subjectAltName" : "2.5.29.17", 326 "issuerAltName" : "2.5.29.18", 327 "basicConstraints" : "2.5.29.19", 328 "cRLNumber" : "2.5.29.20", 329 "reasonCode" : "2.5.29.21", 330 "expirationDate" : "2.5.29.22", 331 "instructionCode" : "2.5.29.23", 332 "invalidityDate" : "2.5.29.24", 333 "cRLDistributionPoints" : "2.5.29.25", 334 "issuingDistributionPoint" : "2.5.29.26", 335 "deltaCRLIndicator" : "2.5.29.27", 336 "issuingDistributionPoint" : "2.5.29.28", 337 "certificateIssuer" : "2.5.29.29", 338 "nameConstraints" : "2.5.29.30", 339 "cRLDistributionPoints" : "2.5.29.31", 340 "certificatePolicies" : "2.5.29.32", 341 "policyMappings" : "2.5.29.33", 342 "policyConstraints" : "2.5.29.34", 343 "authorityKeyIdentifier" : "2.5.29.35", 344 "policyConstraints" : "2.5.29.36", 345 "extKeyUsage" : "2.5.29.37", 346 "authorityAttributeIdentifier" : "2.5.29.38", 347 "roleSpecCertIdentifier" : "2.5.29.39", 348 "cRLStreamIdentifier" : "2.5.29.40", 349 "basicAttConstraints" : "2.5.29.41", 350 "delegatedNameConstraints" : "2.5.29.42", 351 "timeSpecification" : "2.5.29.43", 352 "cRLScope" : "2.5.29.44", 353 "statusReferrals" : "2.5.29.45", 354 "freshestCRL" : "2.5.29.46", 355 "orderedList" : "2.5.29.47", 356 "attributeDescriptor" : "2.5.29.48", 357 "userNotice" : "2.5.29.49", 358 "sOAIdentifier" : "2.5.29.50", 359 "baseUpdateTime" : "2.5.29.51", 360 "acceptableCertPolicies" : "2.5.29.52", 361 "deltaInfo" : "2.5.29.53", 362 "inhibitAnyPolicy" : "2.5.29.54", 363 "targetInformation" : "2.5.29.55", 364 "noRevAvail" : "2.5.29.56", 365 "acceptablePrivilegePolicies" : "2.5.29.57", 366 "id-ce-toBeRevoked" : "2.5.29.58", 367 "id-ce-RevokedGroups" : "2.5.29.59", 368 "id-ce-expiredCertsOnCRL" : "2.5.29.60", 369 "indirectIssuer" : "2.5.29.61", 370 "id-ce-noAssertion" : "2.5.29.62", 371 "id-ce-aAissuingDistributionPoint" : "2.5.29.63", 372 "id-ce-issuedOnBehaIFOF" : "2.5.29.64", 373 "id-ce-singleUse" : "2.5.29.65", 374 "id-ce-groupAC" : "2.5.29.66", 375 "id-ce-allowedAttAss" : "2.5.29.67", 376 "id-ce-attributeMappings" : "2.5.29.68", 377 "id-ce-holderNameConstraints" : "2.5.29.69" 378 } 379 380 certExt_oids = { 381 "cert-type" : "2.16.840.1.113730.1.1", 382 "base-url" : "2.16.840.1.113730.1.2", 383 "revocation-url" : "2.16.840.1.113730.1.3", 384 "ca-revocation-url" : "2.16.840.1.113730.1.4", 385 "ca-crl-url" : "2.16.840.1.113730.1.5", 386 "ca-cert-url" : "2.16.840.1.113730.1.6", 387 "renewal-url" : "2.16.840.1.113730.1.7", 388 "ca-policy-url" : "2.16.840.1.113730.1.8", 389 "homepage-url" : "2.16.840.1.113730.1.9", 390 "entity-logo" : "2.16.840.1.113730.1.10", 391 "user-picture" : "2.16.840.1.113730.1.11", 392 "ssl-server-name" : "2.16.840.1.113730.1.12", 393 "comment" : "2.16.840.1.113730.1.13", 394 "lost-password-url" : "2.16.840.1.113730.1.14", 395 "cert-renewal-time" : "2.16.840.1.113730.1.15", 396 "aia" : "2.16.840.1.113730.1.16", 397 "cert-scope-of-use" : "2.16.840.1.113730.1.17", 398 } 399 400 certPkixPe_oids = { 401 "authorityInfoAccess" : "1.3.6.1.5.5.7.1.1", 402 "biometricInfo" : "1.3.6.1.5.5.7.1.2", 403 "qcStatements" : "1.3.6.1.5.5.7.1.3", 404 "auditIdentity" : "1.3.6.1.5.5.7.1.4", 405 "aaControls" : "1.3.6.1.5.5.7.1.6", 406 "proxying" : "1.3.6.1.5.5.7.1.10", 407 "subjectInfoAccess" : "1.3.6.1.5.5.7.1.11" 408 } 409 410 certPkixQt_oids = { 411 "cps" : "1.3.6.1.5.5.7.2.1", 412 "unotice" : "1.3.6.1.5.5.7.2.2" 413 } 414 415 certPkixKp_oids = { 416 "serverAuth" : "1.3.6.1.5.5.7.3.1", 417 "clientAuth" : "1.3.6.1.5.5.7.3.2", 418 "codeSigning" : "1.3.6.1.5.5.7.3.3", 419 "emailProtection" : "1.3.6.1.5.5.7.3.4", 420 "ipsecEndSystem" : "1.3.6.1.5.5.7.3.5", 421 "ipsecTunnel" : "1.3.6.1.5.5.7.3.6", 422 "ipsecUser" : "1.3.6.1.5.5.7.3.7", 423 "timeStamping" : "1.3.6.1.5.5.7.3.8", 424 "ocspSigning" : "1.3.6.1.5.5.7.3.9", 425 "dvcs" : "1.3.6.1.5.5.7.3.10", 426 "secureShellClient" : "1.3.6.1.5.5.7.3.21", 427 "secureShellServer" : "1.3.6.1.5.5.7.3.22" 428 } 429 430 certPkixAd_oids = { 431 "ocsp" : "1.3.6.1.5.5.7.48.1", 432 "caIssuers" : "1.3.6.1.5.5.7.48.2", 433 "timestamping" : "1.3.6.1.5.5.7.48.3", 434 "id-ad-dvcs" : "1.3.6.1.5.5.7.48.4", 435 "id-ad-caRepository" : "1.3.6.1.5.5.7.48.5", 436 "id-pkix-ocsp-archive-cutoff" : "1.3.6.1.5.5.7.48.6", 437 "id-pkix-ocsp-service-locator" : "1.3.6.1.5.5.7.48.7", 438 "id-ad-cmc" : "1.3.6.1.5.5.7.48.12", 439 "basic-response" : "1.3.6.1.5.5.7.48.1.1" 440 } 441 442 ####### ansi-x962 ####### 443 444 x962KeyType_oids = { 445 "prime-field" : "1.2.840.10045.1.1", 446 "characteristic-two-field" : "1.2.840.10045.1.2", 447 "ecPublicKey" : "1.2.840.10045.2.1", 448 } 449 450 x962Signature_oids = { 451 "ecdsa-with-SHA1" : "1.2.840.10045.4.1", 452 "ecdsa-with-Recommended" : "1.2.840.10045.4.2", 453 "ecdsa-with-SHA224" : "1.2.840.10045.4.3.1", 454 "ecdsa-with-SHA256" : "1.2.840.10045.4.3.2", 455 "ecdsa-with-SHA384" : "1.2.840.10045.4.3.3", 456 "ecdsa-with-SHA512" : "1.2.840.10045.4.3.4" 457 } 458 459 ####### elliptic curves ####### 460 461 ansiX962Curve_oids = { 462 "prime192v1" : "1.2.840.10045.3.1.1", 463 "prime192v2" : "1.2.840.10045.3.1.2", 464 "prime192v3" : "1.2.840.10045.3.1.3", 465 "prime239v1" : "1.2.840.10045.3.1.4", 466 "prime239v2" : "1.2.840.10045.3.1.5", 467 "prime239v3" : "1.2.840.10045.3.1.6", 468 "prime256v1" : "1.2.840.10045.3.1.7" 469 } 470 471 certicomCurve_oids = { 472 "ansit163k1" : "1.3.132.0.1", 473 "ansit163r1" : "1.3.132.0.2", 474 "ansit239k1" : "1.3.132.0.3", 475 "sect113r1" : "1.3.132.0.4", 476 "sect113r2" : "1.3.132.0.5", 477 "secp112r1" : "1.3.132.0.6", 478 "secp112r2" : "1.3.132.0.7", 479 "ansip160r1" : "1.3.132.0.8", 480 "ansip160k1" : "1.3.132.0.9", 481 "ansip256k1" : "1.3.132.0.10", 482 "ansit163r2" : "1.3.132.0.15", 483 "ansit283k1" : "1.3.132.0.16", 484 "ansit283r1" : "1.3.132.0.17", 485 "sect131r1" : "1.3.132.0.22", 486 "ansit193r1" : "1.3.132.0.24", 487 "ansit193r2" : "1.3.132.0.25", 488 "ansit233k1" : "1.3.132.0.26", 489 "ansit233r1" : "1.3.132.0.27", 490 "secp128r1" : "1.3.132.0.28", 491 "secp128r2" : "1.3.132.0.29", 492 "ansip160r2" : "1.3.132.0.30", 493 "ansip192k1" : "1.3.132.0.31", 494 "ansip224k1" : "1.3.132.0.32", 495 "ansip224r1" : "1.3.132.0.33", 496 "ansip384r1" : "1.3.132.0.34", 497 "ansip521r1" : "1.3.132.0.35", 498 "ansit409k1" : "1.3.132.0.36", 499 "ansit409r1" : "1.3.132.0.37", 500 "ansit571k1" : "1.3.132.0.38", 501 "ansit571r1" : "1.3.132.0.39" 502 } 503 504 ####### policies ####### 505 506 certPolicy_oids = { 507 "anyPolicy" : "2.5.29.32.0" 508 } 509 510 # from Chromium source code (ev_root_ca_metadata.cc) 511 evPolicy_oids = { 512 "EV AC Camerfirma S.A. Chambers of Commerce Root - 2008" : "1.3.6.1.4.1.17326.10.14.2.1.2", 513 "EV AC Camerfirma S.A. Chambers of Commerce Root - 2008" : "1.3.6.1.4.1.17326.10.14.2.2.2", 514 "EV AC Camerfirma S.A. Global Chambersign Root - 2008" : "1.3.6.1.4.1.17326.10.8.12.1.2", 515 "EV AC Camerfirma S.A. Global Chambersign Root - 2008" : "1.3.6.1.4.1.17326.10.8.12.2.2", 516 "EV AddTrust/Comodo/USERTrust" : "1.3.6.1.4.1.6449.1.2.1.5.1", 517 "EV AddTrust External CA Root" : "1.3.6.1.4.1.782.1.2.1.8.1", 518 "EV Actualis Authentication Root CA" : "1.3.159.1.17.1", 519 "EV AffirmTrust Commercial" : "1.3.6.1.4.1.34697.2.1", 520 "EV AffirmTrust Networking" : "1.3.6.1.4.1.34697.2.2", 521 "EV AffirmTrust Premium" : "1.3.6.1.4.1.34697.2.3", 522 "EV AffirmTrust Premium ECC" : "1.3.6.1.4.1.34697.2.4", 523 "EV Autoridad de Certificacion Firmaprofesional CIF A62634068" : "1.3.6.1.4.1.13177.10.1.3.10", 524 "EV Baltimore CyberTrust Root" : "1.3.6.1.4.1.6334.1.100.1", 525 "EV Buypass Class 3" : "2.16.578.1.26.1.3.3", 526 "EV Certificate Authority of WoSign" : "1.3.6.1.4.1.36305.2", 527 "EV CertPlus Class 2 Primary CA (KEYNECTIS)" : "1.3.6.1.4.1.22234.2.5.2.3.1", 528 "EV Certum Trusted Network CA" : "1.2.616.1.113527.2.5.1.1", 529 "EV China Internet Network Information Center EV Certificates Root" : "1.3.6.1.4.1.29836.1.10", 530 "EV Cybertrust Global Root" : "1.3.6.1.4.1.6334.1.100.1", 531 "EV DigiCert High Assurance EV Root CA" : "2.16.840.1.114412.2.1", 532 "EV D-TRUST Root Class 3 CA 2 EV 2009" : "1.3.6.1.4.1.4788.2.202.1", 533 "EV Entrust Certification Authority" : "2.16.840.1.114028.10.1.2", 534 "EV Equifax Secure Certificate Authority (GeoTrust)" : "1.3.6.1.4.1.14370.1.6", 535 "EV E-Tugra Certification Authority" : "2.16.792.3.0.4.1.1.4", 536 "EV GeoTrust Primary Certification Authority" : "1.3.6.1.4.1.14370.1.6", 537 "EV GlobalSign Root CAs" : "1.3.6.1.4.1.4146.1.1", 538 "EV Go Daddy Certification Authority" : "2.16.840.1.114413.1.7.23.3", 539 "EV Izenpe.com roots Business" : "1.3.6.1.4.1.14777.6.1.1", 540 "EV Izenpe.com roots Government" : "1.3.6.1.4.1.14777.6.1.2", 541 "EV Network Solutions Certificate Authority" : "1.3.6.1.4.1.781.1.2.1.8.1", 542 "EV QuoVadis Roots" : "1.3.6.1.4.1.8024.0.2.100.1.2", 543 "EV SecureTrust Corporation Roots" : "2.16.840.1.114404.1.1.2.4.1", 544 "EV Security Communication RootCA1" : "1.2.392.200091.100.721.1", 545 "EV Staat der Nederlanden EV Root CA" : "2.16.528.1.1003.1.2.7", 546 "EV StartCom Certification Authority" : "1.3.6.1.4.1.23223.1.1.1", 547 "EV Starfield Certificate Authority" : "2.16.840.1.114414.1.7.23.3", 548 "EV Starfield Service Certificate Authority" : "2.16.840.1.114414.1.7.24.3", 549 "EV SwissSign Gold CA - G2" : "2.16.756.1.89.1.2.1.1", 550 "EV Swisscom Root EV CA 2" : "2.16.756.1.83.21.0", 551 "EV thawte CAs" : "2.16.840.1.113733.1.7.48.1", 552 "EV TWCA Roots" : "1.3.6.1.4.1.40869.1.1.22.3", 553 "EV T-Telessec GlobalRoot Class 3" : "1.3.6.1.4.1.7879.13.24.1", 554 "EV USERTrust Certification Authorities" : "1.3.6.1.4.1.6449.1.2.1.5.1", 555 "EV ValiCert Class 2 Policy Validation Authority" : "2.16.840.1.114413.1.7.23.3", 556 "EV VeriSign Certification Authorities" : "2.16.840.1.113733.1.7.23.6", 557 "EV Wells Fargo WellsSecure Public Root Certification Authority" : "2.16.840.1.114171.500.9", 558 "EV XRamp Global Certification Authority" : "2.16.840.1.114404.1.1.2.4.1", 559 "jurisdictionOfIncorporationLocalityName" : "1.3.6.1.4.1.311.60.2.1.1", 560 "jurisdictionOfIncorporationStateOrProvinceName" : "1.3.6.1.4.1.311.60.2.1.2", 561 "jurisdictionOfIncorporationCountryName" : "1.3.6.1.4.1.311.60.2.1.3" 562 } 563 564 565 x509_oids_sets = [ 566 pkcs1_oids, 567 secsig_oids, 568 pkcs9_oids, 569 attributeType_oids, 570 certificateExtension_oids, 571 certExt_oids, 572 certPkixPe_oids, 573 certPkixQt_oids, 574 certPkixKp_oids, 575 certPkixAd_oids, 576 certPolicy_oids, 577 evPolicy_oids, 578 x962KeyType_oids, 579 x962Signature_oids, 580 ansiX962Curve_oids, 581 certicomCurve_oids 582 ] 583 584 x509_oids = {} 585 586 for oids_set in x509_oids_sets: 587 x509_oids.update(oids_set) 588 589 conf.mib = MIBDict(_name="MIB", **x509_oids) 590 591 592 ######################### 593 ## Hash mapping helper ## 594 ######################### 595 596 # This dict enables static access to string references to the hash functions 597 # of some algorithms from pkcs1_oids and x962Signature_oids. 598 599 hash_by_oid = { 600 "1.2.840.113549.1.1.2" : "md2", 601 "1.2.840.113549.1.1.3" : "md4", 602 "1.2.840.113549.1.1.4" : "md5", 603 "1.2.840.113549.1.1.5" : "sha1", 604 "1.2.840.113549.1.1.11" : "sha256", 605 "1.2.840.113549.1.1.12" : "sha384", 606 "1.2.840.113549.1.1.13" : "sha512", 607 "1.2.840.113549.1.1.14" : "sha224", 608 "1.2.840.10045.4.1" : "sha1", 609 "1.2.840.10045.4.3.1" : "sha224", 610 "1.2.840.10045.4.3.2" : "sha256", 611 "1.2.840.10045.4.3.3" : "sha384", 612 "1.2.840.10045.4.3.4" : "sha512" 613 } 614 615
