Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / asn1crypto / 90ec130d2e74486370de62372e02d2425e1fc8e6 / . / asn1crypto / ocsp.py
blob: 846f40a209fcbf98eff3c3ead8f925d852df2284 [file] [log] [blame]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]1# coding: utf-8
wbondea25fc22015-06-19 15:07:04 -0400[diff] [blame]2
3"""
4ASN.1 type classes for the online certificate status protocol (OCSP). Exports
5the following items:
6
7 - OCSPRequest()
8 - OCSPResponse()
9
10Other type classes are defined that help compose the types listed above.
11"""
12
wbond6b66ab52015-06-21 10:26:45 -0400[diff] [blame]13from __future__ import unicode_literals, division, absolute_import, print_function
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]14
15from .algos import DigestAlgorithm, SignedDigestAlgorithm
16from .core import (
17 Boolean,
18 Choice,
19 Enumerated,
20 GeneralizedTime,
21 IA5String,
22 Integer,
23 Null,
24 ObjectIdentifier,
25 OctetBitString,
26 OctetString,
27 Sequence,
28 SequenceOf,
29)
30from .crl import AuthorityInfoAccessSyntax, CRLReason
31from .keys import PublicKeyAlgorithm
32from .x509 import Certificate, GeneralName, GeneralNames, Name
33
34
35
36# The structures in this file are taken from https://tools.ietf.org/html/rfc6960
37
38
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame^]39class Version(Integer):
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]40 _map = {
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame^]41 0: 'v1'
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]42 }
43
44
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame^]45class CertId(Sequence):
46 _fields = [
47 ('hash_algorithm', DigestAlgorithm),
48 ('issuer_name_hash', OctetString),
49 ('issuer_key_hash', OctetString),
50 ('serial_number', Integer),
51 ]
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]52
53
54class ServiceLocator(Sequence):
55 _fields = [
56 ('issuer', Name),
57 ('locator', AuthorityInfoAccessSyntax),
58 ]
59
60
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]61class RequestExtensionId(ObjectIdentifier):
62 _map = {
63 '1.3.6.1.5.5.7.48.1.7': 'ocsp_service_locator',
64 }
65
66
67class RequestExtension(Sequence):
68 _fields = [
69 ('extn_id', RequestExtensionId),
70 ('critical', Boolean, {'default': False}),
71 ('extn_value', OctetString),
72 ]
73
74 _oid_pair = ('extn_id', 'extn_value')
75 _oid_specs = {
76 'ocsp_service_locator': ServiceLocator,
77 }
78
79
80class RequestExtensions(SequenceOf):
81 _child_spec = RequestExtension
82
83
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame^]84class Request(Sequence):
85 _fields = [
86 ('req_cert', CertId),
87 ('single_request_extensions', RequestExtensions, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
88 ]
89
90
91class Requests(SequenceOf):
92 _child_spec = Request
93
94
95class ResponseType(ObjectIdentifier):
96 _map = {
97 '1.3.6.1.5.5.7.48.1.1': 'basic_ocsp_response',
98 }
99
100
101class AcceptableResponses(SequenceOf):
102 _child_spec = ResponseType
103
104
105class PreferredSignatureAlgorithm(Sequence):
106 _fields = [
107 ('sig_identifier', SignedDigestAlgorithm),
108 ('cert_identifier', PublicKeyAlgorithm, {'optional': True}),
109 ]
110
111
112class PreferredSignatureAlgorithms(SequenceOf):
113 _child_spec = PreferredSignatureAlgorithm
114
115
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]116class TBSRequestExtensionId(ObjectIdentifier):
117 _map = {
wbond77b0ccd2015-07-17 11:17:02 -0400[diff] [blame]118 '1.3.6.1.5.5.7.48.1.2': 'ocsp_nonce',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]119 '1.3.6.1.5.5.7.48.1.4': 'ocsp_response',
120 '1.3.6.1.5.5.7.48.1.8': 'ocsp_preferred_signature_algorithms',
121 }
122
123
124class TBSRequestExtension(Sequence):
125 _fields = [
126 ('extn_id', TBSRequestExtensionId),
127 ('critical', Boolean, {'default': False}),
128 ('extn_value', OctetString),
129 ]
130
131 _oid_pair = ('extn_id', 'extn_value')
132 _oid_specs = {
wbond77b0ccd2015-07-17 11:17:02 -0400[diff] [blame]133 'ocsp_nonce': OctetString,
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]134 'ocsp_response': AcceptableResponses,
135 'ocsp_preferred_signature_algorithms': PreferredSignatureAlgorithms,
136 }
137
138
139class TBSRequestExtensions(SequenceOf):
140 _child_spec = TBSRequestExtension
141
142
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]143class TBSRequest(Sequence):
144 _fields = [
145 ('version', Version, {'tag_type': 'explicit', 'tag': 0, 'default': 'v1'}),
146 ('requestor_name', GeneralName, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
147 ('request_list', Requests),
148 ('request_extensions', TBSRequestExtensions, {'tag_type': 'explicit', 'tag': 2, 'optional': True}),
149 ]
150
151
152class Certificates(SequenceOf):
153 _child_spec = Certificate
154
155
156class Signature(Sequence):
157 _fields = [
158 ('signature_algorithm', SignedDigestAlgorithm),
159 ('signature', OctetBitString),
160 ('certs', Certificates, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
161 ]
162
163
164class OCSPRequest(Sequence):
165 _fields = [
166 ('tbs_request', TBSRequest),
167 ('optional_signature', Signature, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
168 ]
169
170
171class OCSPResponseStatus(Enumerated):
172 _map = {
173 0: 'successful',
174 1: 'malformed_request',
175 2: 'internal_error',
176 3: 'try_later',
177 5: 'sign_required',
wbond77b0ccd2015-07-17 11:17:02 -0400[diff] [blame]178 6: 'unauthorized',
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]179 }
180
181
182class ResponderId(Choice):
183 _alternatives = [
184 ('by_name', Name, {'tag_type': 'explicit', 'tag': 1}),
185 ('by_key', OctetString, {'tag_type': 'explicit', 'tag': 2}),
186 ]
187
188
189class RevokedInfo(Sequence):
190 _fields = [
191 ('revocation_time', GeneralizedTime),
192 ('revocation_reason', CRLReason, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
193 ]
194
195
196class CertStatus(Choice):
197 _alternatives = [
198 ('good', Null, {'tag_type': 'implicit', 'tag': 0}),
199 ('revoked', RevokedInfo, {'tag_type': 'implicit', 'tag': 1}),
200 ('unknown', Null, {'tag_type': 'implicit', 'tag': 2}),
201 ]
202
203
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame^]204class CrlId(Sequence):
205 _fields = [
206 ('crl_url', IA5String, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
207 ('crl_num', Integer, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
208 ('crl_time', GeneralizedTime, {'tag_type': 'explicit', 'tag': 2, 'optional': True}),
209 ]
210
211
212class SingleResponseExtensionId(ObjectIdentifier):
213 _map = {
214 '1.3.6.1.5.5.7.48.1.3': 'ocsp_crl',
215 '1.3.6.1.5.5.7.48.1.6': 'ocsp_archive_cutoff',
216 # These are CRLEntryExtension values from https://tools.ietf.org/html/rfc5280
217 '2.5.29.21': 'crl_reason',
218 '2.5.29.24': 'invalidity_date',
219 '2.5.29.29': 'certificate_issuer',
220 }
221
222
223class SingleResponseExtension(Sequence):
224 _fields = [
225 ('extn_id', SingleResponseExtensionId),
226 ('critical', Boolean, {'default': False}),
227 ('extn_value', OctetString),
228 ]
229
230 _oid_pair = ('extn_id', 'extn_value')
231 _oid_specs = {
232 'ocsp_crl': CrlId,
233 'ocsp_archive_cutoff': GeneralizedTime,
234 'crl_reason': CRLReason,
235 'invalidity_date': GeneralizedTime,
236 'certificate_issuer': GeneralNames,
237 }
238
239
240class SingleResponseExtensions(SequenceOf):
241 _child_spec = SingleResponseExtension
242
243
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]244class SingleResponse(Sequence):
245 _fields = [
246 ('cert_id', CertId),
247 ('cert_status', CertStatus),
248 ('this_update', GeneralizedTime),
249 ('next_update', GeneralizedTime, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
250 ('single_extensions', SingleResponseExtensions, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
251 ]
252
253
254class Responses(SequenceOf):
255 _child_spec = SingleResponse
256
257
wbond90ec1302015-07-20 09:10:50 -0400[diff] [blame^]258class ResponseDataExtensionId(ObjectIdentifier):
259 _map = {
260 '1.3.6.1.5.5.7.48.1.2': 'ocsp_nonce',
261 '1.3.6.1.5.5.7.48.1.9': 'ocsp_extended_revoke',
262 }
263
264
265class ResponseDataExtension(Sequence):
266 _fields = [
267 ('extn_id', ResponseDataExtensionId),
268 ('critical', Boolean, {'default': False}),
269 ('extn_value', OctetString),
270 ]
271
272 _oid_pair = ('extn_id', 'extn_value')
273 _oid_specs = {
274 'ocsp_nonce': OctetString,
275 'ocsp_extended_revoke': Null,
276 }
277
278
279class ResponseDataExtensions(SequenceOf):
280 _child_spec = ResponseDataExtension
281
282
wbonde91513e2015-06-03 14:52:18 -0400[diff] [blame]283class ResponseData(Sequence):
284 _fields = [
285 ('version', Version, {'tag_type': 'explicit', 'tag': 0, 'default': 'v1'}),
286 ('responder_id', ResponderId),
287 ('produced_at', GeneralizedTime),
288 ('responses', Responses),
289 ('response_extensions', ResponseDataExtensions, {'tag_type': 'explicit', 'tag': 1, 'optional': True}),
290 ]
291
292
293class BasicOCSPResponse(Sequence):
294 _fields = [
295 ('tbs_response_data', ResponseData),
296 ('signature_algorithm', SignedDigestAlgorithm),
297 ('signature', OctetBitString),
298 ('certs', Certificates, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
299 ]
300
301
302class ResponseBytes(Sequence):
303 _fields = [
304 ('response_type', ResponseType),
305 ('response', OctetString),
306 ]
307
308 _oid_pair = ('response_type', 'response')
309 _oid_specs = {
310 'basic_ocsp_response': BasicOCSPResponse,
311 }
312
313
314class OCSPResponse(Sequence):
315 _fields = [
316 ('response_status', OCSPResponseStatus),
317 ('response_bytes', ResponseBytes, {'tag_type': 'explicit', 'tag': 0, 'optional': True}),
318 ]