| wbond | 3855a15 | 2015-07-13 10:47:32 -0400 | [diff] [blame] | 1 | # coding: utf-8 |
| 2 | |
| 3 | """ |
| 4 | ASN.1 type classes for certificate signing requests (CSR). Exports the |
| 5 | following items: |
| 6 | |
| 7 | - CertificatationRequest() |
| 8 | |
| 9 | Other type classes are defined that help compose the types listed above. |
| 10 | """ |
| 11 | |
| 12 | from __future__ import unicode_literals, division, absolute_import, print_function |
| 13 | |
| 14 | from .algos import SignedDigestAlgorithm |
| wbond | 5cf77ba | 2015-10-08 09:47:34 -0400 | [diff] [blame] | 15 | from .core import ( |
| 16 | Any, |
| 17 | Integer, |
| 18 | ObjectIdentifier, |
| 19 | OctetBitString, |
| 20 | Sequence, |
| 21 | SetOf, |
| 22 | ) |
| wbond | 3855a15 | 2015-07-13 10:47:32 -0400 | [diff] [blame] | 23 | from .keys import PublicKeyInfo |
| 24 | from .x509 import DirectoryString, Extensions, Name |
| 25 | |
| 26 | |
| wbond | 3855a15 | 2015-07-13 10:47:32 -0400 | [diff] [blame] | 27 | # The structures in this file are taken from https://tools.ietf.org/html/rfc2986 |
| wbond | f2a7615 | 2015-07-27 16:49:17 -0400 | [diff] [blame] | 28 | # and https://tools.ietf.org/html/rfc2985 |
| wbond | 3855a15 | 2015-07-13 10:47:32 -0400 | [diff] [blame] | 29 | |
| 30 | |
| 31 | class Version(Integer): |
| 32 | _map = { |
| 33 | 0: 'v1', |
| 34 | } |
| 35 | |
| 36 | |
| 37 | class CSRAttributeType(ObjectIdentifier): |
| 38 | _map = { |
| 39 | '1.2.840.113549.1.9.7': 'challenge_password', |
| 40 | '1.2.840.113549.1.9.9': 'extended_certificate_attributes', |
| 41 | '1.2.840.113549.1.9.14': 'extension_request', |
| 42 | } |
| 43 | |
| 44 | |
| 45 | class SetOfDirectoryString(SetOf): |
| 46 | _child_spec = DirectoryString |
| 47 | |
| 48 | |
| 49 | class Attribute(Sequence): |
| 50 | _fields = [ |
| 51 | ('type', ObjectIdentifier), |
| 52 | ('values', SetOf, {'spec': Any}), |
| 53 | ] |
| 54 | |
| 55 | |
| 56 | class SetOfAttributes(SetOf): |
| 57 | _child_spec = Attribute |
| 58 | |
| 59 | |
| 60 | class SetOfExtensions(SetOf): |
| 61 | _child_spec = Extensions |
| 62 | |
| 63 | |
| 64 | class CRIAttribute(Sequence): |
| 65 | _fields = [ |
| 66 | ('type', CSRAttributeType), |
| 67 | ('values', Any), |
| 68 | ] |
| 69 | |
| 70 | _oid_pair = ('type', 'values') |
| 71 | _oid_specs = { |
| 72 | 'challenge_password': SetOfDirectoryString, |
| 73 | 'extended_certificate_attributes': SetOfAttributes, |
| 74 | 'extension_request': SetOfExtensions, |
| 75 | } |
| 76 | |
| 77 | |
| 78 | class CRIAttributes(SetOf): |
| 79 | _child_spec = CRIAttribute |
| 80 | |
| 81 | |
| 82 | class CertificationRequestInfo(Sequence): |
| 83 | _fields = [ |
| 84 | ('version', Version), |
| 85 | ('subject', Name), |
| 86 | ('subject_pk_info', PublicKeyInfo), |
| wbond | d62ed9a | 2017-09-15 07:13:52 -0400 | [diff] [blame] | 87 | ('attributes', CRIAttributes, {'implicit': 0, 'optional': True}), |
| wbond | 3855a15 | 2015-07-13 10:47:32 -0400 | [diff] [blame] | 88 | ] |
| 89 | |
| 90 | |
| 91 | class CertificationRequest(Sequence): |
| 92 | _fields = [ |
| 93 | ('certification_request_info', CertificationRequestInfo), |
| 94 | ('signature_algorithm', SignedDigestAlgorithm), |
| 95 | ('signature', OctetBitString), |
| 96 | ] |