x509.py revision 2a7ad0d13aaaa2a5358f82c67877856863a30d61
13e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## This file is part of Scapy 23e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## See http://www.secdev.org/projects/scapy for more informations 33e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## Copyright (C) Philippe Biondi <phil@secdev.org> 4f9968d0a8512b0e355076a0ff31de2a79677b009mtu## Enhanced by Maxence Tury <maxence.tury@ssi.gouv.fr> 53e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## This program is published under a GPLv2 license 63e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil 70ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss""" 80ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk LossX.509 certificates. 90ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss""" 100ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss 116057906368d55634d11e1d19a5cca1f127595b11Robin Jarryfrom scapy.asn1.asn1 import * 126057906368d55634d11e1d19a5cca1f127595b11Robin Jarryfrom scapy.asn1.ber import * 13bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.asn1packet import * 14bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.asn1fields import * 156057906368d55634d11e1d19a5cca1f127595b11Robin Jarryfrom scapy.packet import Packet 164faaaac0430b941329a2cf676452314d3d2c61c0mturyfrom scapy.fields import PacketField 176057906368d55634d11e1d19a5cca1f127595b11Robin Jarryfrom scapy.volatile import * 18bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 190900b820247db714510348875e04eb27e5f40a08mtu 20f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1P_OID(ASN1_Packet): 21f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 22f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_OID("oid", "0") 23f9968d0a8512b0e355076a0ff31de2a79677b009mtu 24f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1P_INTEGER(ASN1_Packet): 25f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 26f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("number", 0) 27f9968d0a8512b0e355076a0ff31de2a79677b009mtu 28342e68fc361fcb8e59dc903cd518f8e2896f33f4mtuclass ASN1P_PRIVSEQ(ASN1_Packet): 29342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu # This class gets used in x509.uts 30342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu # It showcases the private high-tag decoding capacities of scapy. 31342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu ASN1_codec = ASN1_Codecs.BER 32342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu ASN1_root = ASN1F_SEQUENCE( 330900b820247db714510348875e04eb27e5f40a08mtu ASN1F_IA5_STRING("str", ""), 340900b820247db714510348875e04eb27e5f40a08mtu ASN1F_STRING("int", 0), 350900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0, 360900b820247db714510348875e04eb27e5f40a08mtu flexible_tag=True) 37342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu 38f9968d0a8512b0e355076a0ff31de2a79677b009mtu 39f9968d0a8512b0e355076a0ff31de2a79677b009mtu####################### 40f9968d0a8512b0e355076a0ff31de2a79677b009mtu##### RSA packets ##### 41f9968d0a8512b0e355076a0ff31de2a79677b009mtu####################### 42f9968d0a8512b0e355076a0ff31de2a79677b009mtu##### based on RFC 3447 43f9968d0a8512b0e355076a0ff31de2a79677b009mtu 44f9968d0a8512b0e355076a0ff31de2a79677b009mtu# It could be interesting to use os.urandom and try to generate 45f9968d0a8512b0e355076a0ff31de2a79677b009mtu# a new modulus each time RSAPublicKey is called with default values. 46f9968d0a8512b0e355076a0ff31de2a79677b009mtu# (We might have to dig into scapy field initialization mechanisms...) 47f9968d0a8512b0e355076a0ff31de2a79677b009mtu# NEVER rely on the key below, which is provided only for debugging purposes. 48f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass RSAPublicKey(ASN1_Packet): 49f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 50f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 51f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("modulus", 10), 52f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("publicExponent", 3)) 53f9968d0a8512b0e355076a0ff31de2a79677b009mtu 54f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass RSAOtherPrimeInfo(ASN1_Packet): 55342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu ASN1_codec = ASN1_Codecs.BER 56f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 57f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime", 0), 58f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("exponent", 0), 59f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("coefficient", 0)) 60f9968d0a8512b0e355076a0ff31de2a79677b009mtu 61f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass RSAPrivateKey(ASN1_Packet): 62f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 63f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 64f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 0, ["two-prime", "multi"]), 65f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("modulus", 10), 66f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("publicExponent", 3), 67f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("privateExponent", 3), 68f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime1", 2), 69f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime2", 5), 70f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("exponent1", 0), 71f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("exponent2", 3), 72f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("coefficient", 1), 73f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 74f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("otherPrimeInfos", None, 75f9968d0a8512b0e355076a0ff31de2a79677b009mtu RSAOtherPrimeInfo))) 76f9968d0a8512b0e355076a0ff31de2a79677b009mtu 77f9968d0a8512b0e355076a0ff31de2a79677b009mtu#################################### 78f9968d0a8512b0e355076a0ff31de2a79677b009mtu########## ECDSA packets ########### 79f9968d0a8512b0e355076a0ff31de2a79677b009mtu#################################### 80f9968d0a8512b0e355076a0ff31de2a79677b009mtu#### based on RFC 3279 & 5480 & 5915 81f9968d0a8512b0e355076a0ff31de2a79677b009mtu 82f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECFieldID(ASN1_Packet): 83f9968d0a8512b0e355076a0ff31de2a79677b009mtu# No characteristic-two-field support for now. 84f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 85f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 86f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("fieldType", "prime-field"), 87f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime", 0)) 88f9968d0a8512b0e355076a0ff31de2a79677b009mtu 89f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECCurve(ASN1_Packet): 90f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 91f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 92f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("a", ""), 93f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("b", ""), 94f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 95f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("seed", None))) 96f9968d0a8512b0e355076a0ff31de2a79677b009mtu 97f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECSpecifiedDomain(ASN1_Packet): 98f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 99f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 100f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 1, {1: "ecpVer1"}), 101f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("fieldID", ECFieldID(), ECFieldID), 102f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("curve", ECCurve(), ECCurve), 103f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("base", ""), 104f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("order", 0), 105f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 106f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("cofactor", None))) 107f9968d0a8512b0e355076a0ff31de2a79677b009mtu 108f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECParameters(ASN1_Packet): 109f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 110f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("curve", ASN1_OID("ansip384r1"), 111f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID, # for named curves 112f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_NULL, # for implicit curves 113bac5663b0e3e29f57403989684661c0002f6461dmtu ECSpecifiedDomain) 114f9968d0a8512b0e355076a0ff31de2a79677b009mtu 115f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECDSAPublicKey(ASN1_Packet): 116f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 117f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_BIT_STRING("ecPoint", "") 118f9968d0a8512b0e355076a0ff31de2a79677b009mtu 119f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECDSAPrivateKey(ASN1_Packet): 120f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 121f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 122f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 1, {1: "ecPrivkeyVer1"}), 123f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("privateKey", ""), 124f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 125f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("parameters", None, ECParameters, 126f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 127f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 128f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("publicKey", None, 129f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSAPublicKey, 130f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa1))) 131f9968d0a8512b0e355076a0ff31de2a79677b009mtu 132f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECDSASignature(ASN1_Packet): 133f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 134f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 135f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("r", 0), 136f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("s", 0)) 137f9968d0a8512b0e355076a0ff31de2a79677b009mtu 138f9968d0a8512b0e355076a0ff31de2a79677b009mtu 139f9968d0a8512b0e355076a0ff31de2a79677b009mtu###################### 140f9968d0a8512b0e355076a0ff31de2a79677b009mtu#### X509 packets #### 141f9968d0a8512b0e355076a0ff31de2a79677b009mtu###################### 142f9968d0a8512b0e355076a0ff31de2a79677b009mtu#### based on RFC 5280 143f9968d0a8512b0e355076a0ff31de2a79677b009mtu 144f9968d0a8512b0e355076a0ff31de2a79677b009mtu 145f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### Names ####### 146f9968d0a8512b0e355076a0ff31de2a79677b009mtu 147f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_DirectoryString(ASN1F_CHOICE): 148f9968d0a8512b0e355076a0ff31de2a79677b009mtu# we include ASN1 bit strings for rare instances of x500 addresses 149f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, name, default, **kwargs): 150f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE.__init__(self, name, default, 151f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING, 152f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_T61_STRING, 153f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UNIVERSAL_STRING, ASN1F_BIT_STRING, 154f9968d0a8512b0e355076a0ff31de2a79677b009mtu **kwargs) 155f9968d0a8512b0e355076a0ff31de2a79677b009mtu 156f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AttributeValue(ASN1_Packet): 157f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 158f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("value", ASN1_PRINTABLE_STRING("FR"), 159f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING, 160f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_T61_STRING, 161f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UNIVERSAL_STRING) 162f9968d0a8512b0e355076a0ff31de2a79677b009mtu 163f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Attribute(ASN1_Packet): 164f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 165f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 166f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("type", "2.5.4.6"), 167f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SET_OF("values", 168f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_AttributeValue()], 169f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AttributeValue)) 170bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 171f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AttributeTypeAndValue(ASN1_Packet): 172f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 173f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 174f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("type", "2.5.4.6"), 175f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_X509_DirectoryString("value", 176f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_PRINTABLE_STRING("FR"))) 177f9968d0a8512b0e355076a0ff31de2a79677b009mtu 178f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RDN(ASN1_Packet): 179f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 180f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SET_OF("rdn", [X509_AttributeTypeAndValue()], 181f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AttributeTypeAndValue) 182bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 183f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_OtherName(ASN1_Packet): 184f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 185f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 18605273b166dc9f1a12b45e91ce7727a5ce95e4d0dmtu ASN1F_OID("type_id", "0"), 187f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("value", None, 188f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 189f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING, 190f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)) 191f9968d0a8512b0e355076a0ff31de2a79677b009mtu 192f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RFC822Name(ASN1_Packet): 193f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 194f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_IA5_STRING("rfc822Name", "") 195f9968d0a8512b0e355076a0ff31de2a79677b009mtu 196f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_DNSName(ASN1_Packet): 197f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 198f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_IA5_STRING("dNSName", "") 199f9968d0a8512b0e355076a0ff31de2a79677b009mtu 200f9968d0a8512b0e355076a0ff31de2a79677b009mtu#XXX write me 201f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_X400Address(ASN1_Packet): 202f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 203f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_field("x400Address", "") 204f9968d0a8512b0e355076a0ff31de2a79677b009mtu 2050900b820247db714510348875e04eb27e5f40a08mtu_default_directoryName = [ 206f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN(), 207f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 208f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 209f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.10", 210f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), 211f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 212f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 213f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.3", 214f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy Default Name"))]) 215f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 216f9968d0a8512b0e355076a0ff31de2a79677b009mtu 217f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_DirectoryName(ASN1_Packet): 218f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 2190900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE_OF("directoryName", _default_directoryName, 220f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN) 221f9968d0a8512b0e355076a0ff31de2a79677b009mtu 222f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_EDIPartyName(ASN1_Packet): 223f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 224f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 225f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 226f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_X509_DirectoryString("nameAssigner", None, 227f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 228f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_X509_DirectoryString("partyName", None, 229f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa1)) 230f9968d0a8512b0e355076a0ff31de2a79677b009mtu 231f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_URI(ASN1_Packet): 232f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 233f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_IA5_STRING("uniformResourceIdentifier", "") 234f9968d0a8512b0e355076a0ff31de2a79677b009mtu 235f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_IPAddress(ASN1_Packet): 236f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 237f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_STRING("iPAddress", "") 238f9968d0a8512b0e355076a0ff31de2a79677b009mtu 239f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RegisteredID(ASN1_Packet): 240f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 241f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_OID("registeredID", "") 242f9968d0a8512b0e355076a0ff31de2a79677b009mtu 243f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_GeneralName(ASN1_Packet): 244f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 24505273b166dc9f1a12b45e91ce7727a5ce95e4d0dmtu ASN1_root = ASN1F_CHOICE("generalName", X509_DirectoryName(), 246f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("otherName", None, X509_OtherName, 247f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa0), 248f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("rfc822Name", None, X509_RFC822Name, 249f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81), 250f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("dNSName", None, X509_DNSName, 251f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82), 252f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("x400Address", None, X509_X400Address, 253f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa3), 254f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("directoryName", None, X509_DirectoryName, 255f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa4), 256f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("ediPartyName", None, X509_EDIPartyName, 257f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa5), 258f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("uniformResourceIdentifier", None, X509_URI, 259f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x86), 260f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("ipAddress", None, X509_IPAddress, 261f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x87), 262f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("registeredID", None, X509_RegisteredID, 263f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x88)) 264f9968d0a8512b0e355076a0ff31de2a79677b009mtu 265f9968d0a8512b0e355076a0ff31de2a79677b009mtu 266f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### Extensions ####### 267f9968d0a8512b0e355076a0ff31de2a79677b009mtu 268f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtAuthorityKeyIdentifier(ASN1_Packet): 269f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 270f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 271f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 2722a7ad0d13aaaa2a5358f82c67877856863a30d61gpotter ASN1F_STRING("keyIdentifier", b"\xff"*20, 273f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x80)), 274f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 275f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("authorityCertIssuer", None, 276f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName, 277f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa1)), 278f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 279f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("authorityCertSerialNumber", None, 280f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82))) 281f9968d0a8512b0e355076a0ff31de2a79677b009mtu 282f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjectDirectoryAttributes(ASN1_Packet): 283f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 284f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("subjectDirectoryAttributes", 285f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_Attribute()], 286f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_Attribute) 287f9968d0a8512b0e355076a0ff31de2a79677b009mtu 288f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjectKeyIdentifier(ASN1_Packet): 289f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 290f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_STRING("keyIdentifier", "xff"*20) 291f9968d0a8512b0e355076a0ff31de2a79677b009mtu 292f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtFullName(ASN1_Packet): 293f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 294f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("fullName", [X509_GeneralName()], 295f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName, implicit_tag=0xa0) 296f9968d0a8512b0e355076a0ff31de2a79677b009mtu 297f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNameRelativeToCRLIssuer(ASN1_Packet): 298f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 299f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_PACKET("nameRelativeToCRLIssuer", X509_RDN(), X509_RDN, 300f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa1) 301f9968d0a8512b0e355076a0ff31de2a79677b009mtu 302f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDistributionPointName(ASN1_Packet): 303f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 304f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("distributionPointName", None, 305f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtFullName, X509_ExtNameRelativeToCRLIssuer) 306f9968d0a8512b0e355076a0ff31de2a79677b009mtu 3070900b820247db714510348875e04eb27e5f40a08mtu_reasons_mapping = ["unused", 308f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyCompromise", 309f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cACompromise", 310f9968d0a8512b0e355076a0ff31de2a79677b009mtu "affiliationChanged", 311f9968d0a8512b0e355076a0ff31de2a79677b009mtu "superseded", 312f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cessationOfOperation", 313f9968d0a8512b0e355076a0ff31de2a79677b009mtu "certificateHold", 314f9968d0a8512b0e355076a0ff31de2a79677b009mtu "privilegeWithdrawn", 315f9968d0a8512b0e355076a0ff31de2a79677b009mtu "aACompromise"] 316f9968d0a8512b0e355076a0ff31de2a79677b009mtu 317f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDistributionPoint(ASN1_Packet): 318f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 319f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 320f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 321f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("distributionPoint", 322f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName(), 323f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName, 324f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 325f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 3260900b820247db714510348875e04eb27e5f40a08mtu ASN1F_FLAGS("reasons", None, _reasons_mapping, 327f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81)), 328f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 329f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("cRLIssuer", None, 330f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName, 331f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa2))) 332f9968d0a8512b0e355076a0ff31de2a79677b009mtu 3330900b820247db714510348875e04eb27e5f40a08mtu_ku_mapping = ["digitalSignature", 334f9968d0a8512b0e355076a0ff31de2a79677b009mtu "nonRepudiation", 335f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyEncipherment", 336f9968d0a8512b0e355076a0ff31de2a79677b009mtu "dataEncipherment", 337f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyAgreement", 338f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyCertSign", 339f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cRLSign", 340f9968d0a8512b0e355076a0ff31de2a79677b009mtu "encipherOnly", 341f9968d0a8512b0e355076a0ff31de2a79677b009mtu "decipherOnly"] 342f9968d0a8512b0e355076a0ff31de2a79677b009mtu 343f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtKeyUsage(ASN1_Packet): 344f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 3450900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_FLAGS("keyUsage", "101", _ku_mapping) 346f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_keyUsage(self): 347f9968d0a8512b0e355076a0ff31de2a79677b009mtu return self.ASN1_root.get_flags(self) 348f9968d0a8512b0e355076a0ff31de2a79677b009mtu 349f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPrivateKeyUsagePeriod(ASN1_Packet): 350f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 351f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 352f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 353f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_GENERALIZED_TIME("notBefore", 354f9968d0a8512b0e355076a0ff31de2a79677b009mtu str(GeneralizedTime(-600)), 355f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x80)), 356f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 357f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_GENERALIZED_TIME("notAfter", 358f9968d0a8512b0e355076a0ff31de2a79677b009mtu str(GeneralizedTime(+86400)), 359f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81))) 360f9968d0a8512b0e355076a0ff31de2a79677b009mtu 361f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_PolicyMapping(ASN1_Packet): 362f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 363f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 364f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("issuerDomainPolicy", None), 365f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("subjectDomainPolicy", None)) 366f9968d0a8512b0e355076a0ff31de2a79677b009mtu 367f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyMappings(ASN1_Packet): 368f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 369f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("policyMappings", [], X509_PolicyMapping) 370f9968d0a8512b0e355076a0ff31de2a79677b009mtu 371f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtBasicConstraints(ASN1_Packet): 372f9968d0a8512b0e355076a0ff31de2a79677b009mtu# The cA field should not be optional, but some certs omit it for False. 373f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 374f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 375f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 376f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("cA", False)), 377f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 378f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("pathLenConstraint", None))) 379f9968d0a8512b0e355076a0ff31de2a79677b009mtu 380f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCRLNumber(ASN1_Packet): 381f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 382f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("cRLNumber", 0) 383bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 3840900b820247db714510348875e04eb27e5f40a08mtu_cRL_reasons = ["unspecified", 385f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyCompromise", 386f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cACompromise", 387f9968d0a8512b0e355076a0ff31de2a79677b009mtu "affiliationChanged", 388f9968d0a8512b0e355076a0ff31de2a79677b009mtu "superseded", 389f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cessationOfOperation", 390f9968d0a8512b0e355076a0ff31de2a79677b009mtu "certificateHold", 391f9968d0a8512b0e355076a0ff31de2a79677b009mtu "unused_reasonCode", 392f9968d0a8512b0e355076a0ff31de2a79677b009mtu "removeFromCRL", 393f9968d0a8512b0e355076a0ff31de2a79677b009mtu "privilegeWithdrawn", 394f9968d0a8512b0e355076a0ff31de2a79677b009mtu "aACompromise"] 395f9968d0a8512b0e355076a0ff31de2a79677b009mtu 396f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtReasonCode(ASN1_Packet): 397f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 3980900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_ENUMERATED("cRLReason", 0, _cRL_reasons) 399f9968d0a8512b0e355076a0ff31de2a79677b009mtu 400f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDeltaCRLIndicator(ASN1_Packet): 401f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 402f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("deltaCRLIndicator", 0) 403f9968d0a8512b0e355076a0ff31de2a79677b009mtu 404f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtIssuingDistributionPoint(ASN1_Packet): 405f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 406f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 407f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 408f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("distributionPoint", 409f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName(), 410f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName, 411f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 412f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("onlyContainsUserCerts", False, 413f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81), 414f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("onlyContainsCACerts", False, 415f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82), 416f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 417f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_FLAGS("onlySomeReasons", None, 4180900b820247db714510348875e04eb27e5f40a08mtu _reasons_mapping, 419f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x83)), 420f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("indirectCRL", False, 421f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x84), 422f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("onlyContainsAttributeCerts", False, 423f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x85)) 424f9968d0a8512b0e355076a0ff31de2a79677b009mtu 425f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCertificateIssuer(ASN1_Packet): 426f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 427f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("certificateIssuer", [], X509_GeneralName) 428f9968d0a8512b0e355076a0ff31de2a79677b009mtu 429f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtInvalidityDate(ASN1_Packet): 430f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 431f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_GENERALIZED_TIME("invalidityDate", str(ZuluTime(+86400))) 432f9968d0a8512b0e355076a0ff31de2a79677b009mtu 433f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjectAltName(ASN1_Packet): 434f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 435f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("subjectAltName", [], X509_GeneralName) 436f9968d0a8512b0e355076a0ff31de2a79677b009mtu 437f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtIssuerAltName(ASN1_Packet): 438f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 439f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("issuerAltName", [], X509_GeneralName) 440f9968d0a8512b0e355076a0ff31de2a79677b009mtu 441f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtGeneralSubtree(ASN1_Packet): 4420900b820247db714510348875e04eb27e5f40a08mtu # 'minimum' is not optional in RFC 5280, yet it is in some implementations. 443f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 444f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 445f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("base", X509_GeneralName(), X509_GeneralName), 446f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 447f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("minimum", None, implicit_tag=0x80)), 448f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 449f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("maximum", None, implicit_tag=0x81))) 450f9968d0a8512b0e355076a0ff31de2a79677b009mtu 451f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNameConstraints(ASN1_Packet): 452f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 453f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 454f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 455f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("permittedSubtrees", None, 456f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtGeneralSubtree, 457f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa0)), 458f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 459f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("excludedSubtrees", None, 460f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtGeneralSubtree, 461f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa1))) 462f9968d0a8512b0e355076a0ff31de2a79677b009mtu 463f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyConstraints(ASN1_Packet): 464f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 465f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 466f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 467f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("requireExplicitPolicy", None, 468f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x80)), 469f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 470f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("inhibitPolicyMapping", None, 471f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81))) 472f9968d0a8512b0e355076a0ff31de2a79677b009mtu 473f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtExtendedKeyUsage(ASN1_Packet): 474f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 475f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("extendedKeyUsage", [], ASN1P_OID) 476f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_extendedKeyUsage(self): 477f9968d0a8512b0e355076a0ff31de2a79677b009mtu eku_array = self.extendedKeyUsage 478f9968d0a8512b0e355076a0ff31de2a79677b009mtu return [eku.oid.oidname for eku in eku_array] 479f9968d0a8512b0e355076a0ff31de2a79677b009mtu 480f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNoticeReference(ASN1_Packet): 481f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 482f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 483f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("organization", 484f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTF8_STRING("Dummy Organization"), 485f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 486f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING), 487f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("noticeNumbers", [], ASN1P_INTEGER)) 488f9968d0a8512b0e355076a0ff31de2a79677b009mtu 489f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtUserNotice(ASN1_Packet): 490f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 491f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 492f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 493f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("noticeRef", None, 494f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtNoticeReference)), 495f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 496f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("explicitText", 497f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTF8_STRING("Dummy ExplicitText"), 498f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 499f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING))) 500f9968d0a8512b0e355076a0ff31de2a79677b009mtu 501f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyQualifierInfo(ASN1_Packet): 502f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 503f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 504f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("policyQualifierId", "1.3.6.1.5.5.7.2.1"), 505f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("qualifier", ASN1_IA5_STRING("cps_str"), 506f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, X509_ExtUserNotice)) 507f9968d0a8512b0e355076a0ff31de2a79677b009mtu 508f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyInformation(ASN1_Packet): 509f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 510f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 511f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("policyIdentifier", "2.5.29.32.0"), 512f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 513f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("policyQualifiers", None, 514f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtPolicyQualifierInfo))) 515f9968d0a8512b0e355076a0ff31de2a79677b009mtu 516f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCertificatePolicies(ASN1_Packet): 517f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 518f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("certificatePolicies", 519f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtPolicyInformation()], 520f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtPolicyInformation) 521f9968d0a8512b0e355076a0ff31de2a79677b009mtu 522f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCRLDistributionPoints(ASN1_Packet): 523f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 524f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints", 525f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtDistributionPoint()], 526f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPoint) 527f9968d0a8512b0e355076a0ff31de2a79677b009mtu 528f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtInhibitAnyPolicy(ASN1_Packet): 529f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 530f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("skipCerts", 0) 531f9968d0a8512b0e355076a0ff31de2a79677b009mtu 532f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtFreshestCRL(ASN1_Packet): 533f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 534f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints", 535f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtDistributionPoint()], 536f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPoint) 537f9968d0a8512b0e355076a0ff31de2a79677b009mtu 538f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AccessDescription(ASN1_Packet): 539f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 540f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 541f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("accessMethod", "0"), 542f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("accessLocation", X509_GeneralName(), 543f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName)) 544f9968d0a8512b0e355076a0ff31de2a79677b009mtu 545f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtAuthInfoAccess(ASN1_Packet): 546f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 547f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("authorityInfoAccess", 548f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_AccessDescription()], 549f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AccessDescription) 550f9968d0a8512b0e355076a0ff31de2a79677b009mtu 551f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtQcStatement(ASN1_Packet): 552f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 553f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 554f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("statementId", "0.4.0.1862.1.1"), 555f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 556f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_field("statementInfo", None))) 557f9968d0a8512b0e355076a0ff31de2a79677b009mtu 558f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtQcStatements(ASN1_Packet): 559f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 560f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("qcStatements", 561f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtQcStatement()], 562f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtQcStatement) 563f9968d0a8512b0e355076a0ff31de2a79677b009mtu 564f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjInfoAccess(ASN1_Packet): 565f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 566f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("subjectInfoAccess", 567f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_AccessDescription()], 568f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AccessDescription) 569f9968d0a8512b0e355076a0ff31de2a79677b009mtu 570f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNetscapeCertType(ASN1_Packet): 571f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 572f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_BIT_STRING("netscapeCertType", "") 573f9968d0a8512b0e355076a0ff31de2a79677b009mtu 574f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtComment(ASN1_Packet): 575f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 576f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("comment", 577f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTF8_STRING("Dummy comment."), 578f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 579f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING) 580f9968d0a8512b0e355076a0ff31de2a79677b009mtu 581f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDefault(ASN1_Packet): 582f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 583f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_field("value", None) 584f9968d0a8512b0e355076a0ff31de2a79677b009mtu 585f9968d0a8512b0e355076a0ff31de2a79677b009mtu# oid-info.com shows that some extensions share multiple OIDs. 586f9968d0a8512b0e355076a0ff31de2a79677b009mtu# Here we only reproduce those written in RFC5280. 5870900b820247db714510348875e04eb27e5f40a08mtu_ext_mapping = { 588f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.9" : X509_ExtSubjectDirectoryAttributes, 589f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.14" : X509_ExtSubjectKeyIdentifier, 590f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.15" : X509_ExtKeyUsage, 591f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.16" : X509_ExtPrivateKeyUsagePeriod, 592f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.17" : X509_ExtSubjectAltName, 593f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.18" : X509_ExtIssuerAltName, 594f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.19" : X509_ExtBasicConstraints, 595f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.20" : X509_ExtCRLNumber, 596f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.21" : X509_ExtReasonCode, 597f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.24" : X509_ExtInvalidityDate, 598f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.27" : X509_ExtDeltaCRLIndicator, 599f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.28" : X509_ExtIssuingDistributionPoint, 600f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.29" : X509_ExtCertificateIssuer, 601f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.30" : X509_ExtNameConstraints, 602f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.31" : X509_ExtCRLDistributionPoints, 603f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.32" : X509_ExtCertificatePolicies, 604f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.33" : X509_ExtPolicyMappings, 605f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.35" : X509_ExtAuthorityKeyIdentifier, 606f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.36" : X509_ExtPolicyConstraints, 607f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.37" : X509_ExtExtendedKeyUsage, 608f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.46" : X509_ExtFreshestCRL, 609f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.54" : X509_ExtInhibitAnyPolicy, 610f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.16.840.1.113730.1.1" : X509_ExtNetscapeCertType, 611f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.16.840.1.113730.1.13" : X509_ExtComment, 612f9968d0a8512b0e355076a0ff31de2a79677b009mtu "1.3.6.1.5.5.7.1.1" : X509_ExtAuthInfoAccess, 613f9968d0a8512b0e355076a0ff31de2a79677b009mtu "1.3.6.1.5.5.7.1.3" : X509_ExtQcStatements, 614f9968d0a8512b0e355076a0ff31de2a79677b009mtu "1.3.6.1.5.5.7.1.11" : X509_ExtSubjInfoAccess 615f9968d0a8512b0e355076a0ff31de2a79677b009mtu } 616f9968d0a8512b0e355076a0ff31de2a79677b009mtu 617f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_EXT_SEQUENCE(ASN1F_SEQUENCE): 6180900b820247db714510348875e04eb27e5f40a08mtu # We use explicit_tag=0x04 with extnValue as STRING encapsulation. 619f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 620f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_OID("extnID", "2.5.29.19"), 621f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 622f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("critical", False)), 623f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("extnValue", 624f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtBasicConstraints(), 625f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtBasicConstraints, 626f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0x04)] 627f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 628f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 629342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu _,s = BER_tagging_dec(s, implicit_tag=self.implicit_tag, 630342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu explicit_tag=self.explicit_tag, 631342e68fc361fcb8e59dc903cd518f8e2896f33f4mtu safe=self.flexible_tag) 632f9968d0a8512b0e355076a0ff31de2a79677b009mtu codec = self.ASN1_tag.get_codec(pkt.ASN1_codec) 633f9968d0a8512b0e355076a0ff31de2a79677b009mtu i,s,remain = codec.check_type_check_len(s) 634f9968d0a8512b0e355076a0ff31de2a79677b009mtu extnID = self.seq[0] 635f9968d0a8512b0e355076a0ff31de2a79677b009mtu critical = self.seq[1] 636f9968d0a8512b0e355076a0ff31de2a79677b009mtu try: 637f9968d0a8512b0e355076a0ff31de2a79677b009mtu oid,s = extnID.m2i(pkt, s) 638f9968d0a8512b0e355076a0ff31de2a79677b009mtu extnID.set_val(pkt, oid) 639f9968d0a8512b0e355076a0ff31de2a79677b009mtu s = critical.dissect(pkt, s) 640f9968d0a8512b0e355076a0ff31de2a79677b009mtu encapsed = X509_ExtDefault 6410900b820247db714510348875e04eb27e5f40a08mtu if oid.val in _ext_mapping: 6420900b820247db714510348875e04eb27e5f40a08mtu encapsed = _ext_mapping[oid.val] 643f9968d0a8512b0e355076a0ff31de2a79677b009mtu self.seq[2].cls = encapsed 644f9968d0a8512b0e355076a0ff31de2a79677b009mtu self.seq[2].cls.ASN1_root.flexible_tag = True 645f9968d0a8512b0e355076a0ff31de2a79677b009mtu # there are too many private extensions not to be flexible here 646f9968d0a8512b0e355076a0ff31de2a79677b009mtu self.seq[2].default = encapsed() 647f9968d0a8512b0e355076a0ff31de2a79677b009mtu s = self.seq[2].dissect(pkt, s) 648f9968d0a8512b0e355076a0ff31de2a79677b009mtu if not self.flexible_tag and len(s) > 0: 649f9968d0a8512b0e355076a0ff31de2a79677b009mtu err_msg = "extension sequence length issue" 650f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise BER_Decoding_Error(err_msg, remaining=s) 651f9968d0a8512b0e355076a0ff31de2a79677b009mtu except ASN1F_badsequence,e: 652f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse extensions") 653f9968d0a8512b0e355076a0ff31de2a79677b009mtu return remain 654f9968d0a8512b0e355076a0ff31de2a79677b009mtu 655f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Extension(ASN1_Packet): 656f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 657f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_EXT_SEQUENCE() 658f9968d0a8512b0e355076a0ff31de2a79677b009mtu 6590900b820247db714510348875e04eb27e5f40a08mtuclass X509_Extensions(ASN1_Packet): 6600900b820247db714510348875e04eb27e5f40a08mtu # we use this in OCSP status requests, in tls/handshake.py 6610900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 6620900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_optional( 6630900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("extensions", 6640900b820247db714510348875e04eb27e5f40a08mtu None, X509_Extension)) 6650900b820247db714510348875e04eb27e5f40a08mtu 666f9968d0a8512b0e355076a0ff31de2a79677b009mtu 667f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### Public key wrapper ####### 668f9968d0a8512b0e355076a0ff31de2a79677b009mtu 669f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AlgorithmIdentifier(ASN1_Packet): 670f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 671f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 672f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"), 673f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 674f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("parameters", ASN1_NULL(0), 675f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_NULL, ECParameters))) 676f9968d0a8512b0e355076a0ff31de2a79677b009mtu 677f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_SubjectPublicKeyInfoRSA(ASN1F_SEQUENCE): 678f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 679f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("signatureAlgorithm", 680f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 681f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 682f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING_ENCAPS("subjectPublicKey", 683f9968d0a8512b0e355076a0ff31de2a79677b009mtu RSAPublicKey(), 684f9968d0a8512b0e355076a0ff31de2a79677b009mtu RSAPublicKey)] 685f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 686f9968d0a8512b0e355076a0ff31de2a79677b009mtu 6874faaaac0430b941329a2cf676452314d3d2c61c0mturyclass ASN1F_X509_SubjectPublicKeyInfoECDSA(ASN1F_SEQUENCE): 6884faaaac0430b941329a2cf676452314d3d2c61c0mtury def __init__(self, **kargs): 6894faaaac0430b941329a2cf676452314d3d2c61c0mtury seq = [ASN1F_PACKET("signatureAlgorithm", 6904faaaac0430b941329a2cf676452314d3d2c61c0mtury X509_AlgorithmIdentifier(), 6914faaaac0430b941329a2cf676452314d3d2c61c0mtury X509_AlgorithmIdentifier), 6924faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_PACKET("subjectPublicKey", ECDSAPublicKey(), 6934faaaac0430b941329a2cf676452314d3d2c61c0mtury ECDSAPublicKey)] 6944faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 6954faaaac0430b941329a2cf676452314d3d2c61c0mtury 696f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_SubjectPublicKeyInfo(ASN1F_SEQUENCE): 697f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 698f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("signatureAlgorithm", 699f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 700f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 701f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("subjectPublicKey", None)] 702f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 703f9968d0a8512b0e355076a0ff31de2a79677b009mtu def m2i(self, pkt, x): 704f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 705f9968d0a8512b0e355076a0ff31de2a79677b009mtu keytype = pkt.fields["signatureAlgorithm"].algorithm.oidname 706f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in keytype.lower(): 707f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_SubjectPublicKeyInfoRSA().m2i(pkt, x) 708f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif keytype == "ecPublicKey": 7094faaaac0430b941329a2cf676452314d3d2c61c0mtury return ASN1F_X509_SubjectPublicKeyInfoECDSA().m2i(pkt, x) 710f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 711f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse subjectPublicKeyInfo") 712f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 713f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,x = self.m2i(pkt, s) 714f9968d0a8512b0e355076a0ff31de2a79677b009mtu return x 715f9968d0a8512b0e355076a0ff31de2a79677b009mtu def build(self, pkt): 716f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "signatureAlgorithm" in pkt.fields: 717f9968d0a8512b0e355076a0ff31de2a79677b009mtu ktype = pkt.fields['signatureAlgorithm'].algorithm.oidname 718f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 719f9968d0a8512b0e355076a0ff31de2a79677b009mtu ktype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 720f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in ktype.lower(): 721f9968d0a8512b0e355076a0ff31de2a79677b009mtu pkt.default_fields["subjectPublicKey"] = RSAPublicKey() 722f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_SubjectPublicKeyInfoRSA().build(pkt) 723f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif ktype == "ecPublicKey": 7244faaaac0430b941329a2cf676452314d3d2c61c0mtury pkt.default_fields["subjectPublicKey"] = ECDSAPublicKey() 7254faaaac0430b941329a2cf676452314d3d2c61c0mtury return ASN1F_X509_SubjectPublicKeyInfoECDSA().build(pkt) 726f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 727f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not build subjectPublicKeyInfo") 728f9968d0a8512b0e355076a0ff31de2a79677b009mtu 729f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_SubjectPublicKeyInfo(ASN1_Packet): 730f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 731f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_X509_SubjectPublicKeyInfo() 732f9968d0a8512b0e355076a0ff31de2a79677b009mtu 733f9968d0a8512b0e355076a0ff31de2a79677b009mtu 7344faaaac0430b941329a2cf676452314d3d2c61c0mtury###### OpenSSL compatibility wrappers ###### 7354faaaac0430b941329a2cf676452314d3d2c61c0mtury 7364faaaac0430b941329a2cf676452314d3d2c61c0mtury#XXX As ECDSAPrivateKey already uses the structure from RFC 5958, 7374faaaac0430b941329a2cf676452314d3d2c61c0mtury# and as we would prefer encapsulated RSA private keys to be parsed, 7384faaaac0430b941329a2cf676452314d3d2c61c0mtury# this lazy implementation actually supports RSA encoding only. 7394faaaac0430b941329a2cf676452314d3d2c61c0mtury# We'd rather call it RSAPrivateKey_OpenSSL than X509_PrivateKeyInfo. 7404faaaac0430b941329a2cf676452314d3d2c61c0mturyclass RSAPrivateKey_OpenSSL(ASN1_Packet): 7414faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1_codec = ASN1_Codecs.BER 7424faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1_root = ASN1F_SEQUENCE( 7434faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_enum_INTEGER("version", 0, ["v1", "v2"]), 7444faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_PACKET("privateKeyAlgorithm", 7454faaaac0430b941329a2cf676452314d3d2c61c0mtury X509_AlgorithmIdentifier(), 7464faaaac0430b941329a2cf676452314d3d2c61c0mtury X509_AlgorithmIdentifier), 7474faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_PACKET("privateKey", 7484faaaac0430b941329a2cf676452314d3d2c61c0mtury RSAPrivateKey(), 7494faaaac0430b941329a2cf676452314d3d2c61c0mtury RSAPrivateKey, 7504faaaac0430b941329a2cf676452314d3d2c61c0mtury explicit_tag=0x04), 7514faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_optional( 7524faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_PACKET("parameters", None, ECParameters, 7534faaaac0430b941329a2cf676452314d3d2c61c0mtury explicit_tag=0xa0)), 7544faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_optional( 7554faaaac0430b941329a2cf676452314d3d2c61c0mtury ASN1F_PACKET("publicKey", None, 7564faaaac0430b941329a2cf676452314d3d2c61c0mtury ECDSAPublicKey, 7574faaaac0430b941329a2cf676452314d3d2c61c0mtury explicit_tag=0xa1))) 7584faaaac0430b941329a2cf676452314d3d2c61c0mtury 7594faaaac0430b941329a2cf676452314d3d2c61c0mtury# We need this hack because ECParameters parsing below must return 7604faaaac0430b941329a2cf676452314d3d2c61c0mtury# a Padding payload, and making the ASN1_Packet class have Padding 7614faaaac0430b941329a2cf676452314d3d2c61c0mtury# instead of Raw payload would break things... 7620900b820247db714510348875e04eb27e5f40a08mtuclass _PacketFieldRaw(PacketField): 7634faaaac0430b941329a2cf676452314d3d2c61c0mtury def getfield(self, pkt, s): 7644faaaac0430b941329a2cf676452314d3d2c61c0mtury i = self.m2i(pkt, s) 7654faaaac0430b941329a2cf676452314d3d2c61c0mtury remain = "" 7664faaaac0430b941329a2cf676452314d3d2c61c0mtury if conf.raw_layer in i: 7674faaaac0430b941329a2cf676452314d3d2c61c0mtury r = i[conf.raw_layer] 7684faaaac0430b941329a2cf676452314d3d2c61c0mtury del(r.underlayer.payload) 7694faaaac0430b941329a2cf676452314d3d2c61c0mtury remain = r.load 7704faaaac0430b941329a2cf676452314d3d2c61c0mtury return remain,i 7714faaaac0430b941329a2cf676452314d3d2c61c0mtury 7724faaaac0430b941329a2cf676452314d3d2c61c0mturyclass ECDSAPrivateKey_OpenSSL(Packet): 7734faaaac0430b941329a2cf676452314d3d2c61c0mtury name = "ECDSA Params + Private Key" 7744faaaac0430b941329a2cf676452314d3d2c61c0mtury fields_desc = [ _PacketFieldRaw("ecparam", 7754faaaac0430b941329a2cf676452314d3d2c61c0mtury ECParameters(), 7764faaaac0430b941329a2cf676452314d3d2c61c0mtury ECParameters), 7774faaaac0430b941329a2cf676452314d3d2c61c0mtury PacketField("privateKey", 7784faaaac0430b941329a2cf676452314d3d2c61c0mtury ECDSAPrivateKey(), 7794faaaac0430b941329a2cf676452314d3d2c61c0mtury ECDSAPrivateKey) ] 7804faaaac0430b941329a2cf676452314d3d2c61c0mtury 7814faaaac0430b941329a2cf676452314d3d2c61c0mtury 782f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### TBSCertificate & Certificate ####### 783f9968d0a8512b0e355076a0ff31de2a79677b009mtu 7840900b820247db714510348875e04eb27e5f40a08mtu_default_issuer = [ 785f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN(), 786f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 787f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 788f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.10", 789f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), 790f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 791f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 792f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.3", 793f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy Default Issuer"))]) 794f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 795f9968d0a8512b0e355076a0ff31de2a79677b009mtu 7960900b820247db714510348875e04eb27e5f40a08mtu_default_subject = [ 797f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN(), 798f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 799f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 800f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.10", 801f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), 802f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 803f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 804f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.3", 805f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy Default Subject"))]) 806f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 807f9968d0a8512b0e355076a0ff31de2a79677b009mtu 808f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Validity(ASN1_Packet): 809f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 810f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 811f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("not_before", 812f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTC_TIME(str(ZuluTime(-600))), 813f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME), 814f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("not_after", 815f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTC_TIME(str(ZuluTime(+86400))), 816f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME)) 817f9968d0a8512b0e355076a0ff31de2a79677b009mtu 8180900b820247db714510348875e04eb27e5f40a08mtu_attrName_mapping = [ 819f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("countryName" , "C"), 820f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("stateOrProvinceName" , "ST"), 821f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("localityName" , "L"), 822f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("organizationName" , "O"), 823f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("organizationUnitName" , "OU"), 824f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("commonName" , "CN") 825f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 8260900b820247db714510348875e04eb27e5f40a08mtu_attrName_specials = [name for name, symbol in _attrName_mapping] 827f9968d0a8512b0e355076a0ff31de2a79677b009mtu 828f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_TBSCertificate(ASN1_Packet): 829f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 830f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 831f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 832f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 0x2, ["v1", "v2", "v3"], 833f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 834f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("serialNumber", 1), 835f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signature", 836f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 837f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 8380900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN), 839f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("validity", 840f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_Validity(), 841f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_Validity), 8420900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("subject", _default_subject, X509_RDN), 843f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("subjectPublicKeyInfo", 844f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_SubjectPublicKeyInfo(), 845f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_SubjectPublicKeyInfo), 846f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 847f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("issuerUniqueID", None, 848f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81)), 849f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 850f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("subjectUniqueID", None, 851f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82)), 8529d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_optional( 8539d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_SEQUENCE_OF("extensions", 8549d192c96b9b49efe98563530289c4ae5599482d2mtu [X509_Extension()], 8559d192c96b9b49efe98563530289c4ae5599482d2mtu X509_Extension, 8569d192c96b9b49efe98563530289c4ae5599482d2mtu explicit_tag=0xa3))) 857f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer(self): 858f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrs = self.issuer 859f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = {} 860f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attr in attrs: 861f9968d0a8512b0e355076a0ff31de2a79677b009mtu # we assume there is only one name in each rdn ASN1_SET 862f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict[attr.rdn[0].type.oidname] = attr.rdn[0].value.val 863f9968d0a8512b0e355076a0ff31de2a79677b009mtu return attrsDict 864f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer_str(self): 865f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 866f9968d0a8512b0e355076a0ff31de2a79677b009mtu Returns a one-line string containing every type/value 867f9968d0a8512b0e355076a0ff31de2a79677b009mtu in a rather specific order. sorted() built-in ensures unicity. 868f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 869f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str = "" 870f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = self.get_issuer() 8710900b820247db714510348875e04eb27e5f40a08mtu for attrType, attrSymbol in _attrName_mapping: 87286cbabb3e314ac905dc35a560daf8c4aeaf6e6ffmtu if attrType in attrsDict: 873f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrSymbol + "=" 874f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 87586cbabb3e314ac905dc35a560daf8c4aeaf6e6ffmtu for attrType in sorted(attrsDict): 8760900b820247db714510348875e04eb27e5f40a08mtu if attrType not in _attrName_specials: 877f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrType + "=" 878f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 879f9968d0a8512b0e355076a0ff31de2a79677b009mtu return name_str 880f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_subject(self): 881f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrs = self.subject 882f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = {} 883f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attr in attrs: 884f9968d0a8512b0e355076a0ff31de2a79677b009mtu # we assume there is only one name in each rdn ASN1_SET 885f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict[attr.rdn[0].type.oidname] = attr.rdn[0].value.val 886f9968d0a8512b0e355076a0ff31de2a79677b009mtu return attrsDict 887f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_subject_str(self): 888f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str = "" 889f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = self.get_subject() 8900900b820247db714510348875e04eb27e5f40a08mtu for attrType, attrSymbol in _attrName_mapping: 89186cbabb3e314ac905dc35a560daf8c4aeaf6e6ffmtu if attrType in attrsDict: 892f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrSymbol + "=" 893f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 89486cbabb3e314ac905dc35a560daf8c4aeaf6e6ffmtu for attrType in sorted(attrsDict): 8950900b820247db714510348875e04eb27e5f40a08mtu if attrType not in _attrName_specials: 896f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrType + "=" 897f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 898f9968d0a8512b0e355076a0ff31de2a79677b009mtu return name_str 899f9968d0a8512b0e355076a0ff31de2a79677b009mtu 900f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_CertECDSA(ASN1F_SEQUENCE): 901f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 902f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertificate", 903f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate(), 904f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate), 905f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 906f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 907f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 908f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING_ENCAPS("signatureValue", 909f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature(), 910f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature)] 911f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 912f9968d0a8512b0e355076a0ff31de2a79677b009mtu 913f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_Cert(ASN1F_SEQUENCE): 914f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 915f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertificate", 916f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate(), 917f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate), 918f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 919f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 920f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 921f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("signatureValue", 922f9968d0a8512b0e355076a0ff31de2a79677b009mtu "defaultsignature"*2)] 923f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 924f9968d0a8512b0e355076a0ff31de2a79677b009mtu def m2i(self, pkt, x): 925f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 926f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname 927f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 928f9968d0a8512b0e355076a0ff31de2a79677b009mtu return c,s 929f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 930f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CertECDSA().m2i(pkt, x) 931f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 932f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse certificate") 933f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 934f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,x = self.m2i(pkt, s) 935f9968d0a8512b0e355076a0ff31de2a79677b009mtu return x 936f9968d0a8512b0e355076a0ff31de2a79677b009mtu def build(self, pkt): 937f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "signatureAlgorithm" in pkt.fields: 938f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname 939f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 940f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 941f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 942f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_SEQUENCE.build(self, pkt) 943f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 944f9968d0a8512b0e355076a0ff31de2a79677b009mtu pkt.default_fields["signatureValue"] = ECDSASignature() 945f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CertECDSA().build(pkt) 946f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 947f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not build certificate") 948f9968d0a8512b0e355076a0ff31de2a79677b009mtu 949f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Cert(ASN1_Packet): 950f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 951f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_X509_Cert() 952f9968d0a8512b0e355076a0ff31de2a79677b009mtu 9536c89cce6fb9bf374eb85c422a338c11ac7801fb1mtu 954f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### TBSCertList & CRL ####### 955f9968d0a8512b0e355076a0ff31de2a79677b009mtu 956f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RevokedCertificate(ASN1_Packet): 957f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 958f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE(ASN1F_INTEGER("serialNumber", 1), 959f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME("revocationDate", 960f9968d0a8512b0e355076a0ff31de2a79677b009mtu str(ZuluTime(+86400))), 961f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 962f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("crlEntryExtensions", 963f9968d0a8512b0e355076a0ff31de2a79677b009mtu None, X509_Extension))) 964f9968d0a8512b0e355076a0ff31de2a79677b009mtu 965f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_TBSCertList(ASN1_Packet): 966f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 967f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 968f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 969f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 1, ["v1", "v2"])), 970f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signature", 971f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 972f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 9730900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN), 974f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME("this_update", str(ZuluTime(-1))), 975f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 976f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME("next_update", None)), 977f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 978f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("revokedCertificates", None, 979f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RevokedCertificate)), 9809d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_optional( 9819d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_SEQUENCE_OF("crlExtensions", None, 9829d192c96b9b49efe98563530289c4ae5599482d2mtu X509_Extension, 9839d192c96b9b49efe98563530289c4ae5599482d2mtu explicit_tag=0xa0))) 984f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer(self): 985f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrs = self.issuer 986f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = {} 987f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attr in attrs: 988f9968d0a8512b0e355076a0ff31de2a79677b009mtu # we assume there is only one name in each rdn ASN1_SET 989f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict[attr.rdn[0].type.oidname] = attr.rdn[0].value.val 990f9968d0a8512b0e355076a0ff31de2a79677b009mtu return attrsDict 991f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer_str(self): 992f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 993f9968d0a8512b0e355076a0ff31de2a79677b009mtu Returns a one-line string containing every type/value 994f9968d0a8512b0e355076a0ff31de2a79677b009mtu in a rather specific order. sorted() built-in ensures unicity. 995f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 996f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str = "" 997f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = self.get_issuer() 9980900b820247db714510348875e04eb27e5f40a08mtu for attrType, attrSymbol in _attrName_mapping: 99986cbabb3e314ac905dc35a560daf8c4aeaf6e6ffmtu if attrType in attrsDict: 1000f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrSymbol + "=" 1001f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 100286cbabb3e314ac905dc35a560daf8c4aeaf6e6ffmtu for attrType in sorted(attrsDict): 10030900b820247db714510348875e04eb27e5f40a08mtu if attrType not in _attrName_specials: 1004f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrType + "=" 1005f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 1006f9968d0a8512b0e355076a0ff31de2a79677b009mtu return name_str 1007f9968d0a8512b0e355076a0ff31de2a79677b009mtu 1008f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_CRLECDSA(ASN1F_SEQUENCE): 1009f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 1010f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertList", 1011f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList(), 1012f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList), 1013f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 1014f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 1015f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 1016f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING_ENCAPS("signatureValue", 1017f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature(), 1018f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature)] 1019f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 1020f9968d0a8512b0e355076a0ff31de2a79677b009mtu 1021f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_CRL(ASN1F_SEQUENCE): 1022f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 1023f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertList", 1024f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList(), 1025f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList), 1026f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 1027f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 1028f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 1029f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("signatureValue", 1030f9968d0a8512b0e355076a0ff31de2a79677b009mtu "defaultsignature"*2)] 1031f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 1032f9968d0a8512b0e355076a0ff31de2a79677b009mtu def m2i(self, pkt, x): 1033f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 1034f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname 1035f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 1036f9968d0a8512b0e355076a0ff31de2a79677b009mtu return c,s 1037f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 1038f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CRLECDSA().m2i(pkt, x) 1039f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 1040f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse certificate") 1041f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 1042f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,x = self.m2i(pkt, s) 1043f9968d0a8512b0e355076a0ff31de2a79677b009mtu return x 1044f9968d0a8512b0e355076a0ff31de2a79677b009mtu def build(self, pkt): 1045f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "signatureAlgorithm" in pkt.fields: 1046f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname 1047f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 1048f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 1049f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 1050f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_SEQUENCE.build(self, pkt) 1051f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 1052f9968d0a8512b0e355076a0ff31de2a79677b009mtu pkt.default_fields["signatureValue"] = ECDSASignature() 1053f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CRLECDSA().build(pkt) 1054f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 1055f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not build certificate") 1056f9968d0a8512b0e355076a0ff31de2a79677b009mtu 1057f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_CRL(ASN1_Packet): 1058f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 1059f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_X509_CRL() 1060bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 10610900b820247db714510348875e04eb27e5f40a08mtu 10620900b820247db714510348875e04eb27e5f40a08mtu############################# 10630900b820247db714510348875e04eb27e5f40a08mtu#### OCSP Status packets #### 10640900b820247db714510348875e04eb27e5f40a08mtu############################# 10650900b820247db714510348875e04eb27e5f40a08mtu########### based on RFC 6960 10660900b820247db714510348875e04eb27e5f40a08mtu 10670900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_CertID(ASN1_Packet): 10680900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 10690900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE( 10700900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("hashAlgorithm", 10710900b820247db714510348875e04eb27e5f40a08mtu X509_AlgorithmIdentifier(), 10720900b820247db714510348875e04eb27e5f40a08mtu X509_AlgorithmIdentifier), 10730900b820247db714510348875e04eb27e5f40a08mtu ASN1F_STRING("issuerNameHash", ""), 10740900b820247db714510348875e04eb27e5f40a08mtu ASN1F_STRING("issuerKeyHash", ""), 10750900b820247db714510348875e04eb27e5f40a08mtu ASN1F_INTEGER("serialNumber", 0)) 10760900b820247db714510348875e04eb27e5f40a08mtu 10770900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_GoodInfo(ASN1_Packet): 10780900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 10790900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_NULL("info", 0) 10800900b820247db714510348875e04eb27e5f40a08mtu 10810900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_RevokedInfo(ASN1_Packet): 10820900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 10830900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE( 10840900b820247db714510348875e04eb27e5f40a08mtu ASN1F_GENERALIZED_TIME("revocationTime", ""), 10850900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 10860900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("revocationReason", None, 10870900b820247db714510348875e04eb27e5f40a08mtu X509_ExtReasonCode, 10880900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0x80))) 10890900b820247db714510348875e04eb27e5f40a08mtu 10900900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_UnknownInfo(ASN1_Packet): 10910900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 10920900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_NULL("info", 0) 10930900b820247db714510348875e04eb27e5f40a08mtu 10940900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_CertStatus(ASN1_Packet): 10950900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 10960900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_CHOICE("certStatus", None, 10970900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("good", OCSP_GoodInfo(), 10980900b820247db714510348875e04eb27e5f40a08mtu OCSP_GoodInfo, implicit_tag=0x80), 10990900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("revoked", OCSP_RevokedInfo(), 11000900b820247db714510348875e04eb27e5f40a08mtu OCSP_RevokedInfo, implicit_tag=0xa1), 11010900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("unknown", OCSP_UnknownInfo(), 11020900b820247db714510348875e04eb27e5f40a08mtu OCSP_UnknownInfo, implicit_tag=0x82)) 11030900b820247db714510348875e04eb27e5f40a08mtu 11040900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_SingleResponse(ASN1_Packet): 11050900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 11060900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE( 11070900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("certID", OCSP_CertID(), OCSP_CertID), 11080900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("certStatus", OCSP_CertStatus(), 11090900b820247db714510348875e04eb27e5f40a08mtu OCSP_CertStatus), 11100900b820247db714510348875e04eb27e5f40a08mtu ASN1F_GENERALIZED_TIME("thisUpdate", ""), 11110900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 11120900b820247db714510348875e04eb27e5f40a08mtu ASN1F_GENERALIZED_TIME("nextUpdate", "", 11130900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa0)), 11140900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 11150900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("singleExtensions", None, 11160900b820247db714510348875e04eb27e5f40a08mtu X509_Extension, 11170900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa1))) 11180900b820247db714510348875e04eb27e5f40a08mtu 11190900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_ByName(ASN1_Packet): 11200900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 11210900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE_OF("byName", [], X509_RDN) 11220900b820247db714510348875e04eb27e5f40a08mtu 11230900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_ByKey(ASN1_Packet): 11240900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 11250900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_STRING("byKey", "") 11260900b820247db714510348875e04eb27e5f40a08mtu 11270900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_ResponderID(ASN1_Packet): 11280900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 11290900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_CHOICE("responderID", None, 11300900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("byName", OCSP_ByName(), OCSP_ByName, 11310900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa1), 11320900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("byKey", OCSP_ByKey(), OCSP_ByKey, 11330900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa2)) 11340900b820247db714510348875e04eb27e5f40a08mtu 11350900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_ResponseData(ASN1_Packet): 11360900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 11370900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE( 11380900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 11390900b820247db714510348875e04eb27e5f40a08mtu ASN1F_enum_INTEGER("version", 0, {0: "v1"}, 11400900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0x80)), 11410900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("responderID", OCSP_ResponderID(), 11420900b820247db714510348875e04eb27e5f40a08mtu OCSP_ResponderID), 11430900b820247db714510348875e04eb27e5f40a08mtu ASN1F_GENERALIZED_TIME("producedAt", 11440900b820247db714510348875e04eb27e5f40a08mtu str(GeneralizedTime())), 11450900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("responses", [], OCSP_SingleResponse), 11460900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 11470900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("responseExtensions", None, 11480900b820247db714510348875e04eb27e5f40a08mtu X509_Extension, 11490900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa1))) 11500900b820247db714510348875e04eb27e5f40a08mtu 11510900b820247db714510348875e04eb27e5f40a08mtuclass ASN1F_OCSP_BasicResponseECDSA(ASN1F_SEQUENCE): 11520900b820247db714510348875e04eb27e5f40a08mtu def __init__(self, **kargs): 11530900b820247db714510348875e04eb27e5f40a08mtu seq = [ASN1F_PACKET("tbsResponseData", 11540900b820247db714510348875e04eb27e5f40a08mtu OCSP_ResponseData(), 11550900b820247db714510348875e04eb27e5f40a08mtu OCSP_ResponseData), 11560900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("signatureAlgorithm", 11570900b820247db714510348875e04eb27e5f40a08mtu X509_AlgorithmIdentifier(), 11580900b820247db714510348875e04eb27e5f40a08mtu X509_AlgorithmIdentifier), 11590900b820247db714510348875e04eb27e5f40a08mtu ASN1F_BIT_STRING_ENCAPS("signature", 11600900b820247db714510348875e04eb27e5f40a08mtu ECDSASignature(), 11610900b820247db714510348875e04eb27e5f40a08mtu ECDSASignature), 11620900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 11630900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("certs", None, X509_Cert, 11640900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa0))] 11650900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 11660900b820247db714510348875e04eb27e5f40a08mtu 11670900b820247db714510348875e04eb27e5f40a08mtuclass ASN1F_OCSP_BasicResponse(ASN1F_SEQUENCE): 11680900b820247db714510348875e04eb27e5f40a08mtu def __init__(self, **kargs): 11690900b820247db714510348875e04eb27e5f40a08mtu seq = [ASN1F_PACKET("tbsResponseData", 11700900b820247db714510348875e04eb27e5f40a08mtu OCSP_ResponseData(), 11710900b820247db714510348875e04eb27e5f40a08mtu OCSP_ResponseData), 11720900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("signatureAlgorithm", 11730900b820247db714510348875e04eb27e5f40a08mtu X509_AlgorithmIdentifier(), 11740900b820247db714510348875e04eb27e5f40a08mtu X509_AlgorithmIdentifier), 11750900b820247db714510348875e04eb27e5f40a08mtu ASN1F_BIT_STRING("signature", 11760900b820247db714510348875e04eb27e5f40a08mtu "defaultsignature"*2), 11770900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 11780900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE_OF("certs", None, X509_Cert, 11790900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa0))] 11800900b820247db714510348875e04eb27e5f40a08mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 11810900b820247db714510348875e04eb27e5f40a08mtu def m2i(self, pkt, x): 11820900b820247db714510348875e04eb27e5f40a08mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 11830900b820247db714510348875e04eb27e5f40a08mtu sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname 11840900b820247db714510348875e04eb27e5f40a08mtu if "rsa" in sigtype.lower(): 11850900b820247db714510348875e04eb27e5f40a08mtu return c,s 11860900b820247db714510348875e04eb27e5f40a08mtu elif "ecdsa" in sigtype.lower(): 11870900b820247db714510348875e04eb27e5f40a08mtu return ASN1F_OCSP_BasicResponseECDSA().m2i(pkt, x) 11880900b820247db714510348875e04eb27e5f40a08mtu else: 11890900b820247db714510348875e04eb27e5f40a08mtu raise Exception("could not parse OCSP basic response") 11900900b820247db714510348875e04eb27e5f40a08mtu def dissect(self, pkt, s): 11910900b820247db714510348875e04eb27e5f40a08mtu c,x = self.m2i(pkt, s) 11920900b820247db714510348875e04eb27e5f40a08mtu return x 11930900b820247db714510348875e04eb27e5f40a08mtu def build(self, pkt): 11940900b820247db714510348875e04eb27e5f40a08mtu if "signatureAlgorithm" in pkt.fields: 11950900b820247db714510348875e04eb27e5f40a08mtu sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname 11960900b820247db714510348875e04eb27e5f40a08mtu else: 11970900b820247db714510348875e04eb27e5f40a08mtu sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 11980900b820247db714510348875e04eb27e5f40a08mtu if "rsa" in sigtype.lower(): 11990900b820247db714510348875e04eb27e5f40a08mtu return ASN1F_SEQUENCE.build(self, pkt) 12000900b820247db714510348875e04eb27e5f40a08mtu elif "ecdsa" in sigtype.lower(): 12010900b820247db714510348875e04eb27e5f40a08mtu pkt.default_fields["signatureValue"] = ECDSASignature() 12020900b820247db714510348875e04eb27e5f40a08mtu return ASN1F_OCSP_BasicResponseECDSA().build(pkt) 12030900b820247db714510348875e04eb27e5f40a08mtu else: 12040900b820247db714510348875e04eb27e5f40a08mtu raise Exception("could not build OCSP basic response") 12050900b820247db714510348875e04eb27e5f40a08mtu 12060900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_ResponseBytes(ASN1_Packet): 12070900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 12080900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE( 12090900b820247db714510348875e04eb27e5f40a08mtu ASN1F_OID("responseType", "1.3.6.1.5.5.7.48.1.1"), 12100900b820247db714510348875e04eb27e5f40a08mtu ASN1F_OCSP_BasicResponse(explicit_tag=0x04)) 12110900b820247db714510348875e04eb27e5f40a08mtu 12120900b820247db714510348875e04eb27e5f40a08mtu_responseStatus_mapping = ["successful", 12130900b820247db714510348875e04eb27e5f40a08mtu "malformedRequest", 12140900b820247db714510348875e04eb27e5f40a08mtu "internalError", 12150900b820247db714510348875e04eb27e5f40a08mtu "tryLater", 12160900b820247db714510348875e04eb27e5f40a08mtu "notUsed", 12170900b820247db714510348875e04eb27e5f40a08mtu "sigRequired", 12180900b820247db714510348875e04eb27e5f40a08mtu "unauthorized"] 12190900b820247db714510348875e04eb27e5f40a08mtu 12200900b820247db714510348875e04eb27e5f40a08mtuclass OCSP_Response(ASN1_Packet): 12210900b820247db714510348875e04eb27e5f40a08mtu ASN1_codec = ASN1_Codecs.BER 12220900b820247db714510348875e04eb27e5f40a08mtu ASN1_root = ASN1F_SEQUENCE( 12230900b820247db714510348875e04eb27e5f40a08mtu ASN1F_ENUMERATED("responseStatus", 0, 12240900b820247db714510348875e04eb27e5f40a08mtu _responseStatus_mapping), 12250900b820247db714510348875e04eb27e5f40a08mtu ASN1F_optional( 12260900b820247db714510348875e04eb27e5f40a08mtu ASN1F_PACKET("responseBytes", None, 12270900b820247db714510348875e04eb27e5f40a08mtu OCSP_ResponseBytes, 12280900b820247db714510348875e04eb27e5f40a08mtu explicit_tag=0xa0))) 12290900b820247db714510348875e04eb27e5f40a08mtu 1230