x509.py revision bac5663b0e3e29f57403989684661c0002f6461d
13e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## This file is part of Scapy 23e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## See http://www.secdev.org/projects/scapy for more informations 33e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## Copyright (C) Philippe Biondi <phil@secdev.org> 4f9968d0a8512b0e355076a0ff31de2a79677b009mtu## Enhanced by Maxence Tury <maxence.tury@ssi.gouv.fr> 53e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil## This program is published under a GPLv2 license 63e4ead4b7b6d9ae5ac4b4cf4c1333a116f8a2d15Phil 70ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss""" 80ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk LossX.509 certificates. 90ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss""" 100ce149b41a10223c75f33a135d0a7ddc6bd2e022Dirk Loss 11bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.asn1packet import * 12bb2ddd8ef0416706e645595b6b5484ee4f409ad3Philfrom scapy.asn1fields import * 13bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 14f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1P_OID(ASN1_Packet): 15f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 16f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_OID("oid", "0") 17f9968d0a8512b0e355076a0ff31de2a79677b009mtu 18f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1P_INTEGER(ASN1_Packet): 19f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 20f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("number", 0) 21f9968d0a8512b0e355076a0ff31de2a79677b009mtu 22f9968d0a8512b0e355076a0ff31de2a79677b009mtu 23f9968d0a8512b0e355076a0ff31de2a79677b009mtu####################### 24f9968d0a8512b0e355076a0ff31de2a79677b009mtu##### RSA packets ##### 25f9968d0a8512b0e355076a0ff31de2a79677b009mtu####################### 26f9968d0a8512b0e355076a0ff31de2a79677b009mtu##### based on RFC 3447 27f9968d0a8512b0e355076a0ff31de2a79677b009mtu 28f9968d0a8512b0e355076a0ff31de2a79677b009mtu# It could be interesting to use os.urandom and try to generate 29f9968d0a8512b0e355076a0ff31de2a79677b009mtu# a new modulus each time RSAPublicKey is called with default values. 30f9968d0a8512b0e355076a0ff31de2a79677b009mtu# (We might have to dig into scapy field initialization mechanisms...) 31f9968d0a8512b0e355076a0ff31de2a79677b009mtu# NEVER rely on the key below, which is provided only for debugging purposes. 32f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass RSAPublicKey(ASN1_Packet): 33f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 34f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 35f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("modulus", 10), 36f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("publicExponent", 3)) 37f9968d0a8512b0e355076a0ff31de2a79677b009mtu 38f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass RSAOtherPrimeInfo(ASN1_Packet): 39f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.DER 40f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 41f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime", 0), 42f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("exponent", 0), 43f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("coefficient", 0)) 44f9968d0a8512b0e355076a0ff31de2a79677b009mtu 45f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass RSAPrivateKey(ASN1_Packet): 46f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 47f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 48f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 0, ["two-prime", "multi"]), 49f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("modulus", 10), 50f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("publicExponent", 3), 51f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("privateExponent", 3), 52f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime1", 2), 53f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime2", 5), 54f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("exponent1", 0), 55f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("exponent2", 3), 56f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("coefficient", 1), 57f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 58f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("otherPrimeInfos", None, 59f9968d0a8512b0e355076a0ff31de2a79677b009mtu RSAOtherPrimeInfo))) 60f9968d0a8512b0e355076a0ff31de2a79677b009mtu 61f9968d0a8512b0e355076a0ff31de2a79677b009mtu#################################### 62f9968d0a8512b0e355076a0ff31de2a79677b009mtu########## ECDSA packets ########### 63f9968d0a8512b0e355076a0ff31de2a79677b009mtu#################################### 64f9968d0a8512b0e355076a0ff31de2a79677b009mtu#### based on RFC 3279 & 5480 & 5915 65f9968d0a8512b0e355076a0ff31de2a79677b009mtu 66f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECFieldID(ASN1_Packet): 67f9968d0a8512b0e355076a0ff31de2a79677b009mtu# No characteristic-two-field support for now. 68f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 69f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 70f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("fieldType", "prime-field"), 71f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("prime", 0)) 72f9968d0a8512b0e355076a0ff31de2a79677b009mtu 73f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECCurve(ASN1_Packet): 74f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 75f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 76f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("a", ""), 77f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("b", ""), 78f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 79f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("seed", None))) 80f9968d0a8512b0e355076a0ff31de2a79677b009mtu 81f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECSpecifiedDomain(ASN1_Packet): 82f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 83f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 84f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 1, {1: "ecpVer1"}), 85f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("fieldID", ECFieldID(), ECFieldID), 86f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("curve", ECCurve(), ECCurve), 87f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("base", ""), 88f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("order", 0), 89f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 90f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("cofactor", None))) 91f9968d0a8512b0e355076a0ff31de2a79677b009mtu 92f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECParameters(ASN1_Packet): 93f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 94f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("curve", ASN1_OID("ansip384r1"), 95f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID, # for named curves 96f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_NULL, # for implicit curves 97bac5663b0e3e29f57403989684661c0002f6461dmtu ECSpecifiedDomain) 98f9968d0a8512b0e355076a0ff31de2a79677b009mtu 99f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECDSAPublicKey(ASN1_Packet): 100f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 101f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_BIT_STRING("ecPoint", "") 102f9968d0a8512b0e355076a0ff31de2a79677b009mtu 103f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECDSAPrivateKey(ASN1_Packet): 104f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 105f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 106f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 1, {1: "ecPrivkeyVer1"}), 107f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("privateKey", ""), 108f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 109f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("parameters", None, ECParameters, 110f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 111f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 112f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("publicKey", None, 113f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSAPublicKey, 114f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa1))) 115f9968d0a8512b0e355076a0ff31de2a79677b009mtu 116f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ECDSASignature(ASN1_Packet): 117f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 118f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 119f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("r", 0), 120f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("s", 0)) 121f9968d0a8512b0e355076a0ff31de2a79677b009mtu 122f9968d0a8512b0e355076a0ff31de2a79677b009mtu 123f9968d0a8512b0e355076a0ff31de2a79677b009mtu###################### 124f9968d0a8512b0e355076a0ff31de2a79677b009mtu#### X509 packets #### 125f9968d0a8512b0e355076a0ff31de2a79677b009mtu###################### 126f9968d0a8512b0e355076a0ff31de2a79677b009mtu#### based on RFC 5280 127f9968d0a8512b0e355076a0ff31de2a79677b009mtu 128f9968d0a8512b0e355076a0ff31de2a79677b009mtu 129f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### Names ####### 130f9968d0a8512b0e355076a0ff31de2a79677b009mtu 131f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_DirectoryString(ASN1F_CHOICE): 132f9968d0a8512b0e355076a0ff31de2a79677b009mtu# we include ASN1 bit strings for rare instances of x500 addresses 133f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, name, default, **kwargs): 134f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE.__init__(self, name, default, 135f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING, 136f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_T61_STRING, 137f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UNIVERSAL_STRING, ASN1F_BIT_STRING, 138f9968d0a8512b0e355076a0ff31de2a79677b009mtu **kwargs) 139f9968d0a8512b0e355076a0ff31de2a79677b009mtu 140f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AttributeValue(ASN1_Packet): 141f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 142f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("value", ASN1_PRINTABLE_STRING("FR"), 143f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING, 144f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_T61_STRING, 145f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UNIVERSAL_STRING) 146f9968d0a8512b0e355076a0ff31de2a79677b009mtu 147f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Attribute(ASN1_Packet): 148f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 149f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 150f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("type", "2.5.4.6"), 151f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SET_OF("values", 152f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_AttributeValue()], 153f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AttributeValue)) 154bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 155f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AttributeTypeAndValue(ASN1_Packet): 156f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 157f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 158f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("type", "2.5.4.6"), 159f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_X509_DirectoryString("value", 160f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_PRINTABLE_STRING("FR"))) 161f9968d0a8512b0e355076a0ff31de2a79677b009mtu 162f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RDN(ASN1_Packet): 163f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 164f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SET_OF("rdn", [X509_AttributeTypeAndValue()], 165f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AttributeTypeAndValue) 166bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 167f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_OtherName(ASN1_Packet): 168f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 169f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 170f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("type-id", "0"), 171f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("value", None, 172f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 173f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING, 174f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)) 175f9968d0a8512b0e355076a0ff31de2a79677b009mtu 176f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RFC822Name(ASN1_Packet): 177f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 178f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_IA5_STRING("rfc822Name", "") 179f9968d0a8512b0e355076a0ff31de2a79677b009mtu 180f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_DNSName(ASN1_Packet): 181f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 182f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_IA5_STRING("dNSName", "") 183f9968d0a8512b0e355076a0ff31de2a79677b009mtu 184f9968d0a8512b0e355076a0ff31de2a79677b009mtu#XXX write me 185f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_X400Address(ASN1_Packet): 186f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 187f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_field("x400Address", "") 188f9968d0a8512b0e355076a0ff31de2a79677b009mtu 189f9968d0a8512b0e355076a0ff31de2a79677b009mtudefault_directoryName = [ 190f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN(), 191f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 192f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 193f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.10", 194f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), 195f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 196f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 197f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.3", 198f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy Default Name"))]) 199f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 200f9968d0a8512b0e355076a0ff31de2a79677b009mtu 201f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_DirectoryName(ASN1_Packet): 202f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 203f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("directoryName", default_directoryName, 204f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN) 205f9968d0a8512b0e355076a0ff31de2a79677b009mtu 206f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_EDIPartyName(ASN1_Packet): 207f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 208f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 209f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 210f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_X509_DirectoryString("nameAssigner", None, 211f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 212f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_X509_DirectoryString("partyName", None, 213f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa1)) 214f9968d0a8512b0e355076a0ff31de2a79677b009mtu 215f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_URI(ASN1_Packet): 216f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 217f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_IA5_STRING("uniformResourceIdentifier", "") 218f9968d0a8512b0e355076a0ff31de2a79677b009mtu 219f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_IPAddress(ASN1_Packet): 220f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 221f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_STRING("iPAddress", "") 222f9968d0a8512b0e355076a0ff31de2a79677b009mtu 223f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RegisteredID(ASN1_Packet): 224f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 225f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_OID("registeredID", "") 226f9968d0a8512b0e355076a0ff31de2a79677b009mtu 227f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_GeneralName(ASN1_Packet): 228f9968d0a8512b0e355076a0ff31de2a79677b009mtu dirName = X509_DirectoryName() 229f9968d0a8512b0e355076a0ff31de2a79677b009mtu dirName.overload_fields[hash(X509_DirectoryName)] = {"exp": 0xa4, 230f9968d0a8512b0e355076a0ff31de2a79677b009mtu "imp": None} 231f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 232f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("generalName", dirName, 233f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("otherName", None, X509_OtherName, 234f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa0), 235f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("rfc822Name", None, X509_RFC822Name, 236f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81), 237f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("dNSName", None, X509_DNSName, 238f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82), 239f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("x400Address", None, X509_X400Address, 240f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa3), 241f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("directoryName", None, X509_DirectoryName, 242f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa4), 243f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("ediPartyName", None, X509_EDIPartyName, 244f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa5), 245f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("uniformResourceIdentifier", None, X509_URI, 246f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x86), 247f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("ipAddress", None, X509_IPAddress, 248f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x87), 249f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("registeredID", None, X509_RegisteredID, 250f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x88)) 251f9968d0a8512b0e355076a0ff31de2a79677b009mtu 252f9968d0a8512b0e355076a0ff31de2a79677b009mtu 253f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### Extensions ####### 254f9968d0a8512b0e355076a0ff31de2a79677b009mtu 255f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtAuthorityKeyIdentifier(ASN1_Packet): 256f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 257f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 258f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 259f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_STRING("keyIdentifier", "\xff"*20, 260f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x80)), 261f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 262f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("authorityCertIssuer", None, 263f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName, 264f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa1)), 265f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 266f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("authorityCertSerialNumber", None, 267f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82))) 268f9968d0a8512b0e355076a0ff31de2a79677b009mtu 269f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjectDirectoryAttributes(ASN1_Packet): 270f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 271f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("subjectDirectoryAttributes", 272f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_Attribute()], 273f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_Attribute) 274f9968d0a8512b0e355076a0ff31de2a79677b009mtu 275f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjectKeyIdentifier(ASN1_Packet): 276f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 277f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_STRING("keyIdentifier", "xff"*20) 278f9968d0a8512b0e355076a0ff31de2a79677b009mtu 279f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtFullName(ASN1_Packet): 280f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 281f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("fullName", [X509_GeneralName()], 282f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName, implicit_tag=0xa0) 283f9968d0a8512b0e355076a0ff31de2a79677b009mtu 284f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNameRelativeToCRLIssuer(ASN1_Packet): 285f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 286f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_PACKET("nameRelativeToCRLIssuer", X509_RDN(), X509_RDN, 287f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa1) 288f9968d0a8512b0e355076a0ff31de2a79677b009mtu 289f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDistributionPointName(ASN1_Packet): 290f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 291f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("distributionPointName", None, 292f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtFullName, X509_ExtNameRelativeToCRLIssuer) 293f9968d0a8512b0e355076a0ff31de2a79677b009mtu 294f9968d0a8512b0e355076a0ff31de2a79677b009mtureasons_mapping = ["unused", 295f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyCompromise", 296f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cACompromise", 297f9968d0a8512b0e355076a0ff31de2a79677b009mtu "affiliationChanged", 298f9968d0a8512b0e355076a0ff31de2a79677b009mtu "superseded", 299f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cessationOfOperation", 300f9968d0a8512b0e355076a0ff31de2a79677b009mtu "certificateHold", 301f9968d0a8512b0e355076a0ff31de2a79677b009mtu "privilegeWithdrawn", 302f9968d0a8512b0e355076a0ff31de2a79677b009mtu "aACompromise"] 303f9968d0a8512b0e355076a0ff31de2a79677b009mtu 304f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDistributionPoint(ASN1_Packet): 305f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 306f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 307f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 308f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("distributionPoint", 309f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName(), 310f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName, 311f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 312f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 313f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_FLAGS("reasons", None, reasons_mapping, 314f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81)), 315f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 316f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("cRLIssuer", None, 317f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName, 318f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa2))) 319f9968d0a8512b0e355076a0ff31de2a79677b009mtu 320f9968d0a8512b0e355076a0ff31de2a79677b009mtuku_mapping = ["digitalSignature", 321f9968d0a8512b0e355076a0ff31de2a79677b009mtu "nonRepudiation", 322f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyEncipherment", 323f9968d0a8512b0e355076a0ff31de2a79677b009mtu "dataEncipherment", 324f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyAgreement", 325f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyCertSign", 326f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cRLSign", 327f9968d0a8512b0e355076a0ff31de2a79677b009mtu "encipherOnly", 328f9968d0a8512b0e355076a0ff31de2a79677b009mtu "decipherOnly"] 329f9968d0a8512b0e355076a0ff31de2a79677b009mtu 330f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtKeyUsage(ASN1_Packet): 331f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 332f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_FLAGS("keyUsage", "101", ku_mapping) 333f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_keyUsage(self): 334f9968d0a8512b0e355076a0ff31de2a79677b009mtu return self.ASN1_root.get_flags(self) 335f9968d0a8512b0e355076a0ff31de2a79677b009mtu 336f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPrivateKeyUsagePeriod(ASN1_Packet): 337f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 338f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 339f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 340f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_GENERALIZED_TIME("notBefore", 341f9968d0a8512b0e355076a0ff31de2a79677b009mtu str(GeneralizedTime(-600)), 342f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x80)), 343f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 344f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_GENERALIZED_TIME("notAfter", 345f9968d0a8512b0e355076a0ff31de2a79677b009mtu str(GeneralizedTime(+86400)), 346f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81))) 347f9968d0a8512b0e355076a0ff31de2a79677b009mtu 348f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_PolicyMapping(ASN1_Packet): 349f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 350f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 351f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("issuerDomainPolicy", None), 352f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("subjectDomainPolicy", None)) 353f9968d0a8512b0e355076a0ff31de2a79677b009mtu 354f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyMappings(ASN1_Packet): 355f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 356f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("policyMappings", [], X509_PolicyMapping) 357f9968d0a8512b0e355076a0ff31de2a79677b009mtu 358f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtBasicConstraints(ASN1_Packet): 359f9968d0a8512b0e355076a0ff31de2a79677b009mtu# The cA field should not be optional, but some certs omit it for False. 360f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 361f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 362f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 363f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("cA", False)), 364f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 365f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("pathLenConstraint", None))) 366f9968d0a8512b0e355076a0ff31de2a79677b009mtu 367f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCRLNumber(ASN1_Packet): 368f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 369f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("cRLNumber", 0) 370bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 371f9968d0a8512b0e355076a0ff31de2a79677b009mtucRL_reasons = ["unspecified", 372f9968d0a8512b0e355076a0ff31de2a79677b009mtu "keyCompromise", 373f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cACompromise", 374f9968d0a8512b0e355076a0ff31de2a79677b009mtu "affiliationChanged", 375f9968d0a8512b0e355076a0ff31de2a79677b009mtu "superseded", 376f9968d0a8512b0e355076a0ff31de2a79677b009mtu "cessationOfOperation", 377f9968d0a8512b0e355076a0ff31de2a79677b009mtu "certificateHold", 378f9968d0a8512b0e355076a0ff31de2a79677b009mtu "unused_reasonCode", 379f9968d0a8512b0e355076a0ff31de2a79677b009mtu "removeFromCRL", 380f9968d0a8512b0e355076a0ff31de2a79677b009mtu "privilegeWithdrawn", 381f9968d0a8512b0e355076a0ff31de2a79677b009mtu "aACompromise"] 382f9968d0a8512b0e355076a0ff31de2a79677b009mtu 383f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtReasonCode(ASN1_Packet): 384f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 385f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_ENUMERATED("cRLReason", 0, cRL_reasons) 386f9968d0a8512b0e355076a0ff31de2a79677b009mtu 387f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDeltaCRLIndicator(ASN1_Packet): 388f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 389f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("deltaCRLIndicator", 0) 390f9968d0a8512b0e355076a0ff31de2a79677b009mtu 391f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtIssuingDistributionPoint(ASN1_Packet): 392f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 393f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 394f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 395f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("distributionPoint", 396f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName(), 397f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPointName, 398f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 399f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("onlyContainsUserCerts", False, 400f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81), 401f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("onlyContainsCACerts", False, 402f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82), 403f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 404f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_FLAGS("onlySomeReasons", None, 405f9968d0a8512b0e355076a0ff31de2a79677b009mtu reasons_mapping, 406f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x83)), 407f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("indirectCRL", False, 408f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x84), 409f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("onlyContainsAttributeCerts", False, 410f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x85)) 411f9968d0a8512b0e355076a0ff31de2a79677b009mtu 412f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCertificateIssuer(ASN1_Packet): 413f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 414f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("certificateIssuer", [], X509_GeneralName) 415f9968d0a8512b0e355076a0ff31de2a79677b009mtu 416f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtInvalidityDate(ASN1_Packet): 417f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 418f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_GENERALIZED_TIME("invalidityDate", str(ZuluTime(+86400))) 419f9968d0a8512b0e355076a0ff31de2a79677b009mtu 420f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjectAltName(ASN1_Packet): 421f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 422f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("subjectAltName", [], X509_GeneralName) 423f9968d0a8512b0e355076a0ff31de2a79677b009mtu 424f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtIssuerAltName(ASN1_Packet): 425f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 426f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("issuerAltName", [], X509_GeneralName) 427f9968d0a8512b0e355076a0ff31de2a79677b009mtu 428f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtGeneralSubtree(ASN1_Packet): 429f9968d0a8512b0e355076a0ff31de2a79677b009mtu# 'minimum' is not optional in RFC 5280, yet it is in some implementations. 430f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 431f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 432f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("base", X509_GeneralName(), X509_GeneralName), 433f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 434f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("minimum", None, implicit_tag=0x80)), 435f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 436f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("maximum", None, implicit_tag=0x81))) 437f9968d0a8512b0e355076a0ff31de2a79677b009mtu 438f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNameConstraints(ASN1_Packet): 439f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 440f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 441f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 442f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("permittedSubtrees", None, 443f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtGeneralSubtree, 444f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa0)), 445f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 446f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("excludedSubtrees", None, 447f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtGeneralSubtree, 448f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0xa1))) 449f9968d0a8512b0e355076a0ff31de2a79677b009mtu 450f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyConstraints(ASN1_Packet): 451f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 452f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 453f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 454f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("requireExplicitPolicy", None, 455f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x80)), 456f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 457f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("inhibitPolicyMapping", None, 458f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81))) 459f9968d0a8512b0e355076a0ff31de2a79677b009mtu 460f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtExtendedKeyUsage(ASN1_Packet): 461f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 462f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("extendedKeyUsage", [], ASN1P_OID) 463f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_extendedKeyUsage(self): 464f9968d0a8512b0e355076a0ff31de2a79677b009mtu eku_array = self.extendedKeyUsage 465f9968d0a8512b0e355076a0ff31de2a79677b009mtu return [eku.oid.oidname for eku in eku_array] 466f9968d0a8512b0e355076a0ff31de2a79677b009mtu 467f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNoticeReference(ASN1_Packet): 468f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 469f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 470f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("organization", 471f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTF8_STRING("Dummy Organization"), 472f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 473f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING), 474f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("noticeNumbers", [], ASN1P_INTEGER)) 475f9968d0a8512b0e355076a0ff31de2a79677b009mtu 476f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtUserNotice(ASN1_Packet): 477f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 478f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 479f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 480f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("noticeRef", None, 481f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtNoticeReference)), 482f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 483f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("explicitText", 484f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTF8_STRING("Dummy ExplicitText"), 485f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 486f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING))) 487f9968d0a8512b0e355076a0ff31de2a79677b009mtu 488f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyQualifierInfo(ASN1_Packet): 489f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 490f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 491f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("policyQualifierId", "1.3.6.1.5.5.7.2.1"), 492f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("qualifier", ASN1_IA5_STRING("cps_str"), 493f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, X509_ExtUserNotice)) 494f9968d0a8512b0e355076a0ff31de2a79677b009mtu 495f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtPolicyInformation(ASN1_Packet): 496f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 497f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 498f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("policyIdentifier", "2.5.29.32.0"), 499f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 500f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("policyQualifiers", None, 501f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtPolicyQualifierInfo))) 502f9968d0a8512b0e355076a0ff31de2a79677b009mtu 503f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCertificatePolicies(ASN1_Packet): 504f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 505f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("certificatePolicies", 506f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtPolicyInformation()], 507f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtPolicyInformation) 508f9968d0a8512b0e355076a0ff31de2a79677b009mtu 509f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtCRLDistributionPoints(ASN1_Packet): 510f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 511f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints", 512f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtDistributionPoint()], 513f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPoint) 514f9968d0a8512b0e355076a0ff31de2a79677b009mtu 515f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtInhibitAnyPolicy(ASN1_Packet): 516f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 517f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_INTEGER("skipCerts", 0) 518f9968d0a8512b0e355076a0ff31de2a79677b009mtu 519f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtFreshestCRL(ASN1_Packet): 520f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 521f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("cRLDistributionPoints", 522f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtDistributionPoint()], 523f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtDistributionPoint) 524f9968d0a8512b0e355076a0ff31de2a79677b009mtu 525f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AccessDescription(ASN1_Packet): 526f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 527f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 528f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("accessMethod", "0"), 529f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("accessLocation", X509_GeneralName(), 530f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_GeneralName)) 531f9968d0a8512b0e355076a0ff31de2a79677b009mtu 532f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtAuthInfoAccess(ASN1_Packet): 533f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 534f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("authorityInfoAccess", 535f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_AccessDescription()], 536f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AccessDescription) 537f9968d0a8512b0e355076a0ff31de2a79677b009mtu 538f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtQcStatement(ASN1_Packet): 539f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 540f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 541f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("statementId", "0.4.0.1862.1.1"), 542f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 543f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_field("statementInfo", None))) 544f9968d0a8512b0e355076a0ff31de2a79677b009mtu 545f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtQcStatements(ASN1_Packet): 546f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 547f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("qcStatements", 548f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_ExtQcStatement()], 549f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtQcStatement) 550f9968d0a8512b0e355076a0ff31de2a79677b009mtu 551f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtSubjInfoAccess(ASN1_Packet): 552f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 553f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE_OF("subjectInfoAccess", 554f9968d0a8512b0e355076a0ff31de2a79677b009mtu [X509_AccessDescription()], 555f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AccessDescription) 556f9968d0a8512b0e355076a0ff31de2a79677b009mtu 557f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtNetscapeCertType(ASN1_Packet): 558f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 559f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_BIT_STRING("netscapeCertType", "") 560f9968d0a8512b0e355076a0ff31de2a79677b009mtu 561f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtComment(ASN1_Packet): 562f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 563f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_CHOICE("comment", 564f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTF8_STRING("Dummy comment."), 565f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_IA5_STRING, ASN1F_ISO646_STRING, 566f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BMP_STRING, ASN1F_UTF8_STRING) 567f9968d0a8512b0e355076a0ff31de2a79677b009mtu 568f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_ExtDefault(ASN1_Packet): 569f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 570f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_field("value", None) 571f9968d0a8512b0e355076a0ff31de2a79677b009mtu 572f9968d0a8512b0e355076a0ff31de2a79677b009mtu# oid-info.com shows that some extensions share multiple OIDs. 573f9968d0a8512b0e355076a0ff31de2a79677b009mtu# Here we only reproduce those written in RFC5280. 574f9968d0a8512b0e355076a0ff31de2a79677b009mtuext_mapping = { 575f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.9" : X509_ExtSubjectDirectoryAttributes, 576f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.14" : X509_ExtSubjectKeyIdentifier, 577f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.15" : X509_ExtKeyUsage, 578f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.16" : X509_ExtPrivateKeyUsagePeriod, 579f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.17" : X509_ExtSubjectAltName, 580f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.18" : X509_ExtIssuerAltName, 581f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.19" : X509_ExtBasicConstraints, 582f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.20" : X509_ExtCRLNumber, 583f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.21" : X509_ExtReasonCode, 584f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.24" : X509_ExtInvalidityDate, 585f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.27" : X509_ExtDeltaCRLIndicator, 586f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.28" : X509_ExtIssuingDistributionPoint, 587f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.29" : X509_ExtCertificateIssuer, 588f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.30" : X509_ExtNameConstraints, 589f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.31" : X509_ExtCRLDistributionPoints, 590f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.32" : X509_ExtCertificatePolicies, 591f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.33" : X509_ExtPolicyMappings, 592f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.35" : X509_ExtAuthorityKeyIdentifier, 593f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.36" : X509_ExtPolicyConstraints, 594f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.37" : X509_ExtExtendedKeyUsage, 595f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.46" : X509_ExtFreshestCRL, 596f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.5.29.54" : X509_ExtInhibitAnyPolicy, 597f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.16.840.1.113730.1.1" : X509_ExtNetscapeCertType, 598f9968d0a8512b0e355076a0ff31de2a79677b009mtu "2.16.840.1.113730.1.13" : X509_ExtComment, 599f9968d0a8512b0e355076a0ff31de2a79677b009mtu "1.3.6.1.5.5.7.1.1" : X509_ExtAuthInfoAccess, 600f9968d0a8512b0e355076a0ff31de2a79677b009mtu "1.3.6.1.5.5.7.1.3" : X509_ExtQcStatements, 601f9968d0a8512b0e355076a0ff31de2a79677b009mtu "1.3.6.1.5.5.7.1.11" : X509_ExtSubjInfoAccess 602f9968d0a8512b0e355076a0ff31de2a79677b009mtu } 603f9968d0a8512b0e355076a0ff31de2a79677b009mtu 604f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_EXT_SEQUENCE(ASN1F_SEQUENCE): 605f9968d0a8512b0e355076a0ff31de2a79677b009mtu# We use explicit_tag=0x04 with extnValue as STRING encapsulation. 606f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 607f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_OID("extnID", "2.5.29.19"), 608f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 609f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BOOLEAN("critical", False)), 610f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("extnValue", 611f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtBasicConstraints(), 612f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_ExtBasicConstraints, 613f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0x04)] 614f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 615f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 616f9968d0a8512b0e355076a0ff31de2a79677b009mtu s = BER_tagging_dec(s, implicit_tag=self.implicit_tag, 617f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=self.explicit_tag, 618f9968d0a8512b0e355076a0ff31de2a79677b009mtu safe=self.flexible_tag) 619f9968d0a8512b0e355076a0ff31de2a79677b009mtu codec = self.ASN1_tag.get_codec(pkt.ASN1_codec) 620f9968d0a8512b0e355076a0ff31de2a79677b009mtu i,s,remain = codec.check_type_check_len(s) 621f9968d0a8512b0e355076a0ff31de2a79677b009mtu extnID = self.seq[0] 622f9968d0a8512b0e355076a0ff31de2a79677b009mtu critical = self.seq[1] 623f9968d0a8512b0e355076a0ff31de2a79677b009mtu try: 624f9968d0a8512b0e355076a0ff31de2a79677b009mtu oid,s = extnID.m2i(pkt, s) 625f9968d0a8512b0e355076a0ff31de2a79677b009mtu extnID.set_val(pkt, oid) 626f9968d0a8512b0e355076a0ff31de2a79677b009mtu s = critical.dissect(pkt, s) 627f9968d0a8512b0e355076a0ff31de2a79677b009mtu encapsed = X509_ExtDefault 628f9968d0a8512b0e355076a0ff31de2a79677b009mtu if oid.val in ext_mapping.keys(): 629f9968d0a8512b0e355076a0ff31de2a79677b009mtu encapsed = ext_mapping[oid.val] 630f9968d0a8512b0e355076a0ff31de2a79677b009mtu self.seq[2].cls = encapsed 631f9968d0a8512b0e355076a0ff31de2a79677b009mtu self.seq[2].cls.ASN1_root.flexible_tag = True 632f9968d0a8512b0e355076a0ff31de2a79677b009mtu # there are too many private extensions not to be flexible here 633f9968d0a8512b0e355076a0ff31de2a79677b009mtu self.seq[2].default = encapsed() 634f9968d0a8512b0e355076a0ff31de2a79677b009mtu s = self.seq[2].dissect(pkt, s) 635f9968d0a8512b0e355076a0ff31de2a79677b009mtu if not self.flexible_tag and len(s) > 0: 636f9968d0a8512b0e355076a0ff31de2a79677b009mtu err_msg = "extension sequence length issue" 637f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise BER_Decoding_Error(err_msg, remaining=s) 638f9968d0a8512b0e355076a0ff31de2a79677b009mtu except ASN1F_badsequence,e: 639f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse extensions") 640f9968d0a8512b0e355076a0ff31de2a79677b009mtu return remain 641f9968d0a8512b0e355076a0ff31de2a79677b009mtu 642f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Extension(ASN1_Packet): 643f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 644f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_EXT_SEQUENCE() 645f9968d0a8512b0e355076a0ff31de2a79677b009mtu 646f9968d0a8512b0e355076a0ff31de2a79677b009mtu 647f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### Public key wrapper ####### 648f9968d0a8512b0e355076a0ff31de2a79677b009mtu 649f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_AlgorithmIdentifier(ASN1_Packet): 650f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 651f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 652f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"), 653f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 654f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("parameters", ASN1_NULL(0), 655f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_NULL, ECParameters))) 656f9968d0a8512b0e355076a0ff31de2a79677b009mtu 657f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_SubjectPublicKeyInfoRSA(ASN1F_SEQUENCE): 658f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 659f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("signatureAlgorithm", 660f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 661f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 662f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING_ENCAPS("subjectPublicKey", 663f9968d0a8512b0e355076a0ff31de2a79677b009mtu RSAPublicKey(), 664f9968d0a8512b0e355076a0ff31de2a79677b009mtu RSAPublicKey)] 665f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 666f9968d0a8512b0e355076a0ff31de2a79677b009mtu 667f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_SubjectPublicKeyInfo(ASN1F_SEQUENCE): 668f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 669f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("signatureAlgorithm", 670f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 671f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 672f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("subjectPublicKey", None)] 673f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 674f9968d0a8512b0e355076a0ff31de2a79677b009mtu def m2i(self, pkt, x): 675f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 676f9968d0a8512b0e355076a0ff31de2a79677b009mtu keytype = pkt.fields["signatureAlgorithm"].algorithm.oidname 677f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in keytype.lower(): 678f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_SubjectPublicKeyInfoRSA().m2i(pkt, x) 679f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif keytype == "ecPublicKey": 680f9968d0a8512b0e355076a0ff31de2a79677b009mtu return c,s 681f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 682f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse subjectPublicKeyInfo") 683f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 684f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,x = self.m2i(pkt, s) 685f9968d0a8512b0e355076a0ff31de2a79677b009mtu return x 686f9968d0a8512b0e355076a0ff31de2a79677b009mtu def build(self, pkt): 687f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "signatureAlgorithm" in pkt.fields: 688f9968d0a8512b0e355076a0ff31de2a79677b009mtu ktype = pkt.fields['signatureAlgorithm'].algorithm.oidname 689f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 690f9968d0a8512b0e355076a0ff31de2a79677b009mtu ktype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 691f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in ktype.lower(): 692f9968d0a8512b0e355076a0ff31de2a79677b009mtu pkt.default_fields["subjectPublicKey"] = RSAPublicKey() 693f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_SubjectPublicKeyInfoRSA().build(pkt) 694f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif ktype == "ecPublicKey": 695f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_SEQUENCE.build(self, pkt) 696f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 697f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not build subjectPublicKeyInfo") 698f9968d0a8512b0e355076a0ff31de2a79677b009mtu 699f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_SubjectPublicKeyInfo(ASN1_Packet): 700f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 701f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_X509_SubjectPublicKeyInfo() 702f9968d0a8512b0e355076a0ff31de2a79677b009mtu 703f9968d0a8512b0e355076a0ff31de2a79677b009mtu 704f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### TBSCertificate & Certificate ####### 705f9968d0a8512b0e355076a0ff31de2a79677b009mtu 706f9968d0a8512b0e355076a0ff31de2a79677b009mtudefault_issuer = [ 707f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN(), 708f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 709f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 710f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.10", 711f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), 712f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 713f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 714f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.3", 715f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy Default Issuer"))]) 716f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 717f9968d0a8512b0e355076a0ff31de2a79677b009mtu 718f9968d0a8512b0e355076a0ff31de2a79677b009mtudefault_subject = [ 719f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN(), 720f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 721f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 722f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.10", 723f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), 724f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RDN( 725f9968d0a8512b0e355076a0ff31de2a79677b009mtu rdn=[X509_AttributeTypeAndValue( 726f9968d0a8512b0e355076a0ff31de2a79677b009mtu type="2.5.4.3", 727f9968d0a8512b0e355076a0ff31de2a79677b009mtu value=ASN1_PRINTABLE_STRING("Scapy Default Subject"))]) 728f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 729f9968d0a8512b0e355076a0ff31de2a79677b009mtu 730f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Validity(ASN1_Packet): 731f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 732f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 733f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("not_before", 734f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTC_TIME(str(ZuluTime(-600))), 735f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME), 736f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_CHOICE("not_after", 737f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_UTC_TIME(str(ZuluTime(+86400))), 738f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME, ASN1F_GENERALIZED_TIME)) 739f9968d0a8512b0e355076a0ff31de2a79677b009mtu 740f9968d0a8512b0e355076a0ff31de2a79677b009mtuattrName_mapping = [ 741f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("countryName" , "C"), 742f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("stateOrProvinceName" , "ST"), 743f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("localityName" , "L"), 744f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("organizationName" , "O"), 745f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("organizationUnitName" , "OU"), 746f9968d0a8512b0e355076a0ff31de2a79677b009mtu ("commonName" , "CN") 747f9968d0a8512b0e355076a0ff31de2a79677b009mtu ] 748f9968d0a8512b0e355076a0ff31de2a79677b009mtuattrName_specials = [name for name, symbol in attrName_mapping] 749f9968d0a8512b0e355076a0ff31de2a79677b009mtu 750f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_TBSCertificate(ASN1_Packet): 751f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 752f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 753f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 754f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 0x2, ["v1", "v2", "v3"], 755f9968d0a8512b0e355076a0ff31de2a79677b009mtu explicit_tag=0xa0)), 756f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_INTEGER("serialNumber", 1), 757f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signature", 758f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 759f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 760f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("issuer", default_issuer, X509_RDN), 761f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("validity", 762f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_Validity(), 763f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_Validity), 764f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("subject", default_subject, X509_RDN), 765f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("subjectPublicKeyInfo", 766f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_SubjectPublicKeyInfo(), 767f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_SubjectPublicKeyInfo), 768f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 769f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("issuerUniqueID", None, 770f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x81)), 771f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 772f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("subjectUniqueID", None, 773f9968d0a8512b0e355076a0ff31de2a79677b009mtu implicit_tag=0x82)), 7749d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_optional( 7759d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_SEQUENCE_OF("extensions", 7769d192c96b9b49efe98563530289c4ae5599482d2mtu [X509_Extension()], 7779d192c96b9b49efe98563530289c4ae5599482d2mtu X509_Extension, 7789d192c96b9b49efe98563530289c4ae5599482d2mtu explicit_tag=0xa3))) 779f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer(self): 780f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrs = self.issuer 781f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = {} 782f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attr in attrs: 783f9968d0a8512b0e355076a0ff31de2a79677b009mtu # we assume there is only one name in each rdn ASN1_SET 784f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict[attr.rdn[0].type.oidname] = attr.rdn[0].value.val 785f9968d0a8512b0e355076a0ff31de2a79677b009mtu return attrsDict 786f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer_str(self): 787f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 788f9968d0a8512b0e355076a0ff31de2a79677b009mtu Returns a one-line string containing every type/value 789f9968d0a8512b0e355076a0ff31de2a79677b009mtu in a rather specific order. sorted() built-in ensures unicity. 790f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 791f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str = "" 792f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = self.get_issuer() 793f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attrType, attrSymbol in attrName_mapping: 794f9968d0a8512b0e355076a0ff31de2a79677b009mtu if attrType in attrsDict.keys(): 795f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrSymbol + "=" 796f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 797f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attrType in sorted(attrsDict.keys()): 798f9968d0a8512b0e355076a0ff31de2a79677b009mtu if attrType not in attrName_specials: 799f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrType + "=" 800f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 801f9968d0a8512b0e355076a0ff31de2a79677b009mtu return name_str 802f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_subject(self): 803f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrs = self.subject 804f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = {} 805f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attr in attrs: 806f9968d0a8512b0e355076a0ff31de2a79677b009mtu # we assume there is only one name in each rdn ASN1_SET 807f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict[attr.rdn[0].type.oidname] = attr.rdn[0].value.val 808f9968d0a8512b0e355076a0ff31de2a79677b009mtu return attrsDict 809f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_subject_str(self): 810f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str = "" 811f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = self.get_subject() 812f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attrType, attrSymbol in attrName_mapping: 813f9968d0a8512b0e355076a0ff31de2a79677b009mtu if attrType in attrsDict.keys(): 814f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrSymbol + "=" 815f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 816f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attrType in sorted(attrsDict.keys()): 817f9968d0a8512b0e355076a0ff31de2a79677b009mtu if attrType not in attrName_specials: 818f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrType + "=" 819f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 820f9968d0a8512b0e355076a0ff31de2a79677b009mtu return name_str 821f9968d0a8512b0e355076a0ff31de2a79677b009mtu 822f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_CertECDSA(ASN1F_SEQUENCE): 823f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 824f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertificate", 825f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate(), 826f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate), 827f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 828f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 829f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 830f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING_ENCAPS("signatureValue", 831f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature(), 832f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature)] 833f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 834f9968d0a8512b0e355076a0ff31de2a79677b009mtu 835f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_Cert(ASN1F_SEQUENCE): 836f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 837f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertificate", 838f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate(), 839f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertificate), 840f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 841f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 842f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 843f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("signatureValue", 844f9968d0a8512b0e355076a0ff31de2a79677b009mtu "defaultsignature"*2)] 845f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 846f9968d0a8512b0e355076a0ff31de2a79677b009mtu def m2i(self, pkt, x): 847f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 848f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname 849f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 850f9968d0a8512b0e355076a0ff31de2a79677b009mtu return c,s 851f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 852f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CertECDSA().m2i(pkt, x) 853f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 854f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse certificate") 855f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 856f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,x = self.m2i(pkt, s) 857f9968d0a8512b0e355076a0ff31de2a79677b009mtu return x 858f9968d0a8512b0e355076a0ff31de2a79677b009mtu def build(self, pkt): 859f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "signatureAlgorithm" in pkt.fields: 860f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname 861f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 862f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 863f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 864f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_SEQUENCE.build(self, pkt) 865f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 866f9968d0a8512b0e355076a0ff31de2a79677b009mtu pkt.default_fields["signatureValue"] = ECDSASignature() 867f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CertECDSA().build(pkt) 868f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 869f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not build certificate") 870f9968d0a8512b0e355076a0ff31de2a79677b009mtu 871f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_Cert(ASN1_Packet): 872f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 873f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_X509_Cert() 874f9968d0a8512b0e355076a0ff31de2a79677b009mtu 8756c89cce6fb9bf374eb85c422a338c11ac7801fb1mtu 876f9968d0a8512b0e355076a0ff31de2a79677b009mtu####### TBSCertList & CRL ####### 877f9968d0a8512b0e355076a0ff31de2a79677b009mtu 878f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_RevokedCertificate(ASN1_Packet): 879f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 880f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE(ASN1F_INTEGER("serialNumber", 1), 881f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME("revocationDate", 882f9968d0a8512b0e355076a0ff31de2a79677b009mtu str(ZuluTime(+86400))), 883f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 884f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("crlEntryExtensions", 885f9968d0a8512b0e355076a0ff31de2a79677b009mtu None, X509_Extension))) 886f9968d0a8512b0e355076a0ff31de2a79677b009mtu 887f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_TBSCertList(ASN1_Packet): 888f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 889f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_SEQUENCE( 890f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 891f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_enum_INTEGER("version", 1, ["v1", "v2"])), 892f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signature", 893f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 894f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 895f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("issuer", default_issuer, X509_RDN), 896f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME("this_update", str(ZuluTime(-1))), 897f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 898f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_UTC_TIME("next_update", None)), 899f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_optional( 900f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE_OF("revokedCertificates", None, 901f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_RevokedCertificate)), 9029d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_optional( 9039d192c96b9b49efe98563530289c4ae5599482d2mtu ASN1F_SEQUENCE_OF("crlExtensions", None, 9049d192c96b9b49efe98563530289c4ae5599482d2mtu X509_Extension, 9059d192c96b9b49efe98563530289c4ae5599482d2mtu explicit_tag=0xa0))) 906f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer(self): 907f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrs = self.issuer 908f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = {} 909f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attr in attrs: 910f9968d0a8512b0e355076a0ff31de2a79677b009mtu # we assume there is only one name in each rdn ASN1_SET 911f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict[attr.rdn[0].type.oidname] = attr.rdn[0].value.val 912f9968d0a8512b0e355076a0ff31de2a79677b009mtu return attrsDict 913f9968d0a8512b0e355076a0ff31de2a79677b009mtu def get_issuer_str(self): 914f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 915f9968d0a8512b0e355076a0ff31de2a79677b009mtu Returns a one-line string containing every type/value 916f9968d0a8512b0e355076a0ff31de2a79677b009mtu in a rather specific order. sorted() built-in ensures unicity. 917f9968d0a8512b0e355076a0ff31de2a79677b009mtu """ 918f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str = "" 919f9968d0a8512b0e355076a0ff31de2a79677b009mtu attrsDict = self.get_issuer() 920f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attrType, attrSymbol in attrName_mapping: 921f9968d0a8512b0e355076a0ff31de2a79677b009mtu if attrType in attrsDict.keys(): 922f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrSymbol + "=" 923f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 924f9968d0a8512b0e355076a0ff31de2a79677b009mtu for attrType in sorted(attrsDict.keys()): 925f9968d0a8512b0e355076a0ff31de2a79677b009mtu if attrType not in attrName_specials: 926f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += "/" + attrType + "=" 927f9968d0a8512b0e355076a0ff31de2a79677b009mtu name_str += attrsDict[attrType] 928f9968d0a8512b0e355076a0ff31de2a79677b009mtu return name_str 929f9968d0a8512b0e355076a0ff31de2a79677b009mtu 930f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_CRLECDSA(ASN1F_SEQUENCE): 931f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 932f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertList", 933f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList(), 934f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList), 935f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 936f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 937f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 938f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING_ENCAPS("signatureValue", 939f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature(), 940f9968d0a8512b0e355076a0ff31de2a79677b009mtu ECDSASignature)] 941f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 942f9968d0a8512b0e355076a0ff31de2a79677b009mtu 943f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass ASN1F_X509_CRL(ASN1F_SEQUENCE): 944f9968d0a8512b0e355076a0ff31de2a79677b009mtu def __init__(self, **kargs): 945f9968d0a8512b0e355076a0ff31de2a79677b009mtu seq = [ASN1F_PACKET("tbsCertList", 946f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList(), 947f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_TBSCertList), 948f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_PACKET("signatureAlgorithm", 949f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier(), 950f9968d0a8512b0e355076a0ff31de2a79677b009mtu X509_AlgorithmIdentifier), 951f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_BIT_STRING("signatureValue", 952f9968d0a8512b0e355076a0ff31de2a79677b009mtu "defaultsignature"*2)] 953f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1F_SEQUENCE.__init__(self, *seq, **kargs) 954f9968d0a8512b0e355076a0ff31de2a79677b009mtu def m2i(self, pkt, x): 955f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,s = ASN1F_SEQUENCE.m2i(self, pkt, x) 956f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname 957f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 958f9968d0a8512b0e355076a0ff31de2a79677b009mtu return c,s 959f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 960f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CRLECDSA().m2i(pkt, x) 961f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 962f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not parse certificate") 963f9968d0a8512b0e355076a0ff31de2a79677b009mtu def dissect(self, pkt, s): 964f9968d0a8512b0e355076a0ff31de2a79677b009mtu c,x = self.m2i(pkt, s) 965f9968d0a8512b0e355076a0ff31de2a79677b009mtu return x 966f9968d0a8512b0e355076a0ff31de2a79677b009mtu def build(self, pkt): 967f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "signatureAlgorithm" in pkt.fields: 968f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname 969f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 970f9968d0a8512b0e355076a0ff31de2a79677b009mtu sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname 971f9968d0a8512b0e355076a0ff31de2a79677b009mtu if "rsa" in sigtype.lower(): 972f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_SEQUENCE.build(self, pkt) 973f9968d0a8512b0e355076a0ff31de2a79677b009mtu elif "ecdsa" in sigtype.lower(): 974f9968d0a8512b0e355076a0ff31de2a79677b009mtu pkt.default_fields["signatureValue"] = ECDSASignature() 975f9968d0a8512b0e355076a0ff31de2a79677b009mtu return ASN1F_X509_CRLECDSA().build(pkt) 976f9968d0a8512b0e355076a0ff31de2a79677b009mtu else: 977f9968d0a8512b0e355076a0ff31de2a79677b009mtu raise Exception("could not build certificate") 978f9968d0a8512b0e355076a0ff31de2a79677b009mtu 979f9968d0a8512b0e355076a0ff31de2a79677b009mtuclass X509_CRL(ASN1_Packet): 980f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_codec = ASN1_Codecs.BER 981f9968d0a8512b0e355076a0ff31de2a79677b009mtu ASN1_root = ASN1F_X509_CRL() 982bb2ddd8ef0416706e645595b6b5484ee4f409ad3Phil 983