Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 65593fe8ae30faf63eea9a874732d95bbf245e3e / . / asn1crypto / ocsp.py
blob: 147cd54fd2f5f3f37f4a66185bb637bc62e25eb1 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
wbondea25fc22015-06-19 15:07:04 -0400[diff] [blame]2
3"""
4ASN.1 type classes for the online certificate status protocol (OCSP). Exports
5the following items:
6
7 - OCSPRequest()
8 - OCSPResponse()
9
10Other type classes are defined that help compose the types listed above.
11"""
12
wbond6b66ab52015-06-21 10:26:45 -0400[diff] [blame]13from __future__ import unicode_literals, division, absolute_import, print_function
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]14
15from .algos import DigestAlgorithm, SignedDigestAlgorithm
16from .core import (
17 Boolean,
18 Choice,
19 Enumerated,
20 GeneralizedTime,
21 IA5String,
22 Integer,
23 Null,
24 ObjectIdentifier,
25 OctetBitString,
26 OctetString,
27 Sequence,
28 SequenceOf,
29)
30from .crl import AuthorityInfoAccessSyntax, CRLReason
31from .keys import PublicKeyAlgorithm
32from .x509 import Certificate, GeneralName, GeneralNames, Name
33
34
35
36# The structures in this file are taken from https://tools.ietf.org/html/rfc6960
37
38
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]39class Version(Integer):
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]40 _map = {
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]41 0: 'v1'
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]42 }
43
44
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]45class CertId(Sequence):
46 _fields = [
47 ('hash_algorithm', DigestAlgorithm),
48 ('issuer_name_hash', OctetString),
49 ('issuer_key_hash', OctetString),
50 ('serial_number', Integer),
51 ]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]52
53
54class ServiceLocator(Sequence):
55 _fields = [
56 ('issuer', Name),
57 ('locator', AuthorityInfoAccessSyntax),
58 ]
59
60
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]61class RequestExtensionId(ObjectIdentifier):
62 _map = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]63 '1.3.6.1.5.5.7.48.1.7': 'service_locator',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]64 }
65
66
67class RequestExtension(Sequence):
68 _fields = [
69 ('extn_id', RequestExtensionId),
70 ('critical', Boolean, {'default': False}),
71 ('extn_value', OctetString),
72 ]
73
74 _oid_pair = ('extn_id', 'extn_value')
75 _oid_specs = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]76 'service_locator': ServiceLocator,
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]77 }
78
79
80class RequestExtensions(SequenceOf):
81 _child_spec = RequestExtension
82
83
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]84class Request(Sequence):
85 _fields = [
86 ('req_cert', CertId),
87 ('single_request_extensions', RequestExtensions, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
88 ]
89
90
91class Requests(SequenceOf):
92 _child_spec = Request
93
94
95class ResponseType(ObjectIdentifier):
96 _map = {
97 '1.3.6.1.5.5.7.48.1.1': 'basic_ocsp_response',
98 }
99
100
101class AcceptableResponses(SequenceOf):
102 _child_spec = ResponseType
103
104
105class PreferredSignatureAlgorithm(Sequence):
106 _fields = [
107 ('sig_identifier', SignedDigestAlgorithm),
108 ('cert_identifier', PublicKeyAlgorithm, {'optional': True}),
109 ]
110
111
112class PreferredSignatureAlgorithms(SequenceOf):
113 _child_spec = PreferredSignatureAlgorithm
114
115
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]116class TBSRequestExtensionId(ObjectIdentifier):
117 _map = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]118 '1.3.6.1.5.5.7.48.1.2': 'nonce',
119 '1.3.6.1.5.5.7.48.1.4': 'acceptable_responses',
120 '1.3.6.1.5.5.7.48.1.8': 'preferred_signature_algorithms',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]121 }
122
123
124class TBSRequestExtension(Sequence):
125 _fields = [
126 ('extn_id', TBSRequestExtensionId),
127 ('critical', Boolean, {'default': False}),
128 ('extn_value', OctetString),
129 ]
130
131 _oid_pair = ('extn_id', 'extn_value')
132 _oid_specs = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]133 'nonce': OctetString,
134 'acceptable_responses': AcceptableResponses,
135 'preferred_signature_algorithms': PreferredSignatureAlgorithms,
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]136 }
137
138
139class TBSRequestExtensions(SequenceOf):
140 _child_spec = TBSRequestExtension
141
142
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]143class TBSRequest(Sequence):
144 _fields = [
145 ('version', Version, {'tag_type': 'explicit', 'tag': 0, 'default': 'v1'}),
146 ('requestor_name', GeneralName, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
147 ('request_list', Requests),
148 ('request_extensions', TBSRequestExtensions, {'tag_type': 'explicit', 'tag': 2, 'optional': True}),
149 ]
150
151
152class Certificates(SequenceOf):
153 _child_spec = Certificate
154
155
156class Signature(Sequence):
157 _fields = [
158 ('signature_algorithm', SignedDigestAlgorithm),
159 ('signature', OctetBitString),
160 ('certs', Certificates, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
161 ]
162
163
164class OCSPRequest(Sequence):
165 _fields = [
166 ('tbs_request', TBSRequest),
167 ('optional_signature', Signature, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
168 ]
169
170
171class OCSPResponseStatus(Enumerated):
172 _map = {
173 0: 'successful',
174 1: 'malformed_request',
175 2: 'internal_error',
176 3: 'try_later',
177 5: 'sign_required',
wbond77b0ccd2015-07-17 11:17:02 -0400[diff] [blame]178 6: 'unauthorized',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]179 }
180
181
182class ResponderId(Choice):
183 _alternatives = [
184 ('by_name', Name, {'tag_type': 'explicit', 'tag': 1}),
185 ('by_key', OctetString, {'tag_type': 'explicit', 'tag': 2}),
186 ]
187
188
189class RevokedInfo(Sequence):
190 _fields = [
191 ('revocation_time', GeneralizedTime),
192 ('revocation_reason', CRLReason, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
193 ]
194
195
196class CertStatus(Choice):
197 _alternatives = [
198 ('good', Null, {'tag_type': 'implicit', 'tag': 0}),
199 ('revoked', RevokedInfo, {'tag_type': 'implicit', 'tag': 1}),
200 ('unknown', Null, {'tag_type': 'implicit', 'tag': 2}),
201 ]
202
203
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]204class CrlId(Sequence):
205 _fields = [
206 ('crl_url', IA5String, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
207 ('crl_num', Integer, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
208 ('crl_time', GeneralizedTime, {'tag_type': 'explicit', 'tag': 2, 'optional': True}),
209 ]
210
211
212class SingleResponseExtensionId(ObjectIdentifier):
213 _map = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]214 '1.3.6.1.5.5.7.48.1.3': 'crl',
215 '1.3.6.1.5.5.7.48.1.6': 'archive_cutoff',
216 # These are CRLEntryExtension values from
217 # https://tools.ietf.org/html/rfc5280
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]218 '2.5.29.21': 'crl_reason',
219 '2.5.29.24': 'invalidity_date',
220 '2.5.29.29': 'certificate_issuer',
221 }
222
223
224class SingleResponseExtension(Sequence):
225 _fields = [
226 ('extn_id', SingleResponseExtensionId),
227 ('critical', Boolean, {'default': False}),
228 ('extn_value', OctetString),
229 ]
230
231 _oid_pair = ('extn_id', 'extn_value')
232 _oid_specs = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]233 'crl': CrlId,
234 'archive_cutoff': GeneralizedTime,
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]235 'crl_reason': CRLReason,
236 'invalidity_date': GeneralizedTime,
237 'certificate_issuer': GeneralNames,
238 }
239
240
241class SingleResponseExtensions(SequenceOf):
242 _child_spec = SingleResponseExtension
243
244
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]245class SingleResponse(Sequence):
246 _fields = [
247 ('cert_id', CertId),
248 ('cert_status', CertStatus),
249 ('this_update', GeneralizedTime),
250 ('next_update', GeneralizedTime, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
251 ('single_extensions', SingleResponseExtensions, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
252 ]
253
254
255class Responses(SequenceOf):
256 _child_spec = SingleResponse
257
258
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]259class ResponseDataExtensionId(ObjectIdentifier):
260 _map = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]261 '1.3.6.1.5.5.7.48.1.2': 'nonce',
262 '1.3.6.1.5.5.7.48.1.9': 'extended_revoke',
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]263 }
264
265
266class ResponseDataExtension(Sequence):
267 _fields = [
268 ('extn_id', ResponseDataExtensionId),
269 ('critical', Boolean, {'default': False}),
270 ('extn_value', OctetString),
271 ]
272
273 _oid_pair = ('extn_id', 'extn_value')
274 _oid_specs = {
wbond65593fe2015-07-20 10:14:50 -0400[diff] [blame^]275 'nonce': OctetString,
276 'extended_revoke': Null,
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame]277 }
278
279
280class ResponseDataExtensions(SequenceOf):
281 _child_spec = ResponseDataExtension
282
283
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]284class ResponseData(Sequence):
285 _fields = [
286 ('version', Version, {'tag_type': 'explicit', 'tag': 0, 'default': 'v1'}),
287 ('responder_id', ResponderId),
288 ('produced_at', GeneralizedTime),
289 ('responses', Responses),
290 ('response_extensions', ResponseDataExtensions, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
291 ]
292
293
294class BasicOCSPResponse(Sequence):
295 _fields = [
296 ('tbs_response_data', ResponseData),
297 ('signature_algorithm', SignedDigestAlgorithm),
298 ('signature', OctetBitString),
299 ('certs', Certificates, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
300 ]
301
302
303class ResponseBytes(Sequence):
304 _fields = [
305 ('response_type', ResponseType),
306 ('response', OctetString),
307 ]
308
309 _oid_pair = ('response_type', 'response')
310 _oid_specs = {
311 'basic_ocsp_response': BasicOCSPResponse,
312 }
313
314
315class OCSPResponse(Sequence):
316 _fields = [
317 ('response_status', OCSPResponseStatus),
318 ('response_bytes', ResponseBytes, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
319 ]