aboutsummaryrefslogtreecommitdiff
path: root/.venv/lib/python3.12/site-packages/pyasn1_modules/rfc3125.py
diff options
context:
space:
mode:
Diffstat (limited to '.venv/lib/python3.12/site-packages/pyasn1_modules/rfc3125.py')
-rw-r--r--.venv/lib/python3.12/site-packages/pyasn1_modules/rfc3125.py469
1 files changed, 469 insertions, 0 deletions
diff --git a/.venv/lib/python3.12/site-packages/pyasn1_modules/rfc3125.py b/.venv/lib/python3.12/site-packages/pyasn1_modules/rfc3125.py
new file mode 100644
index 00000000..00ff9bff
--- /dev/null
+++ b/.venv/lib/python3.12/site-packages/pyasn1_modules/rfc3125.py
@@ -0,0 +1,469 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Electronic Signature Policies
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3125.txt
+# https://www.rfc-editor.org/errata/eid5901
+# https://www.rfc-editor.org/errata/eid5902
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import useful
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+Attribute = rfc5280.Attribute
+
+AttributeType = rfc5280.AttributeType
+
+AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
+
+AttributeValue = rfc5280.AttributeValue
+
+Certificate = rfc5280.Certificate
+
+CertificateList = rfc5280.CertificateList
+
+DirectoryString = rfc5280.DirectoryString
+
+GeneralName = rfc5280.GeneralName
+
+GeneralNames = rfc5280.GeneralNames
+
+Name = rfc5280.Name
+
+PolicyInformation = rfc5280.PolicyInformation
+
+
+# Electronic Signature Policies
+
+class CertPolicyId(univ.ObjectIdentifier):
+ pass
+
+
+class AcceptablePolicySet(univ.SequenceOf):
+ componentType = CertPolicyId()
+
+
+class SignPolExtn(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+ namedtype.NamedType('extnValue', univ.OctetString())
+ )
+
+
+class SignPolExtensions(univ.SequenceOf):
+ componentType = SignPolExtn()
+
+
+class AlgAndLength(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('algID', univ.ObjectIdentifier()),
+ namedtype.OptionalNamedType('minKeyLength', univ.Integer()),
+ namedtype.OptionalNamedType('other', SignPolExtensions())
+ )
+
+
+class AlgorithmConstraints(univ.SequenceOf):
+ componentType = AlgAndLength()
+
+
+class AlgorithmConstraintSet(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('signerAlgorithmConstraints',
+ AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('eeCertAlgorithmConstraints',
+ AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('caCertAlgorithmConstraints',
+ AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('aaCertAlgorithmConstraints',
+ AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.OptionalNamedType('tsaCertAlgorithmConstraints',
+ AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 4)))
+ )
+
+
+class AttributeValueConstraints(univ.SequenceOf):
+ componentType = AttributeTypeAndValue()
+
+
+class AttributeTypeConstraints(univ.SequenceOf):
+ componentType = AttributeType()
+
+
+class AttributeConstraints(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('attributeTypeConstarints',
+ AttributeTypeConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('attributeValueConstarints',
+ AttributeValueConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1)))
+ )
+
+
+class HowCertAttribute(univ.Enumerated):
+ namedValues = namedval.NamedValues(
+ ('claimedAttribute', 0),
+ ('certifiedAttribtes', 1),
+ ('either', 2)
+ )
+
+
+class SkipCerts(univ.Integer):
+ subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class PolicyConstraints(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('requireExplicitPolicy',
+ SkipCerts().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('inhibitPolicyMapping',
+ SkipCerts().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1)))
+ )
+
+
+class BaseDistance(univ.Integer):
+ subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class GeneralSubtree(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('base', GeneralName()),
+ namedtype.DefaultedNamedType('minimum',
+ BaseDistance().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
+ value=0)),
+ namedtype.OptionalNamedType('maximum',
+ BaseDistance().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1)))
+ )
+
+
+class GeneralSubtrees(univ.SequenceOf):
+ componentType = GeneralSubtree()
+ subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class NameConstraints(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('permittedSubtrees',
+ GeneralSubtrees().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('excludedSubtrees',
+ GeneralSubtrees().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1)))
+ )
+
+
+class PathLenConstraint(univ.Integer):
+ subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class CertificateTrustPoint(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('trustpoint', Certificate()),
+ namedtype.OptionalNamedType('pathLenConstraint',
+ PathLenConstraint().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('acceptablePolicySet',
+ AcceptablePolicySet().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('nameConstraints',
+ NameConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('policyConstraints',
+ PolicyConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 3)))
+ )
+
+
+class CertificateTrustTrees(univ.SequenceOf):
+ componentType = CertificateTrustPoint()
+
+
+class EnuRevReq(univ.Enumerated):
+ namedValues = namedval.NamedValues(
+ ('clrCheck', 0),
+ ('ocspCheck', 1),
+ ('bothCheck', 2),
+ ('eitherCheck', 3),
+ ('noCheck', 4),
+ ('other', 5)
+ )
+
+
+class RevReq(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('enuRevReq', EnuRevReq()),
+ namedtype.OptionalNamedType('exRevReq', SignPolExtensions())
+ )
+
+
+class CertRevReq(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('endCertRevReq', RevReq()),
+ namedtype.NamedType('caCerts',
+ RevReq().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 0)))
+ )
+
+
+class AttributeTrustCondition(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('attributeMandated', univ.Boolean()),
+ namedtype.NamedType('howCertAttribute', HowCertAttribute()),
+ namedtype.OptionalNamedType('attrCertificateTrustTrees',
+ CertificateTrustTrees().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('attrRevReq',
+ CertRevReq().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 1))),
+ namedtype.OptionalNamedType('attributeConstraints',
+ AttributeConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 2)))
+ )
+
+
+class CMSAttrs(univ.SequenceOf):
+ componentType = univ.ObjectIdentifier()
+
+
+class CertInfoReq(univ.Enumerated):
+ namedValues = namedval.NamedValues(
+ ('none', 0),
+ ('signerOnly', 1),
+ ('fullPath', 2)
+ )
+
+
+class CertRefReq(univ.Enumerated):
+ namedValues = namedval.NamedValues(
+ ('signerOnly', 1),
+ ('fullPath', 2)
+ )
+
+
+class DeltaTime(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('deltaSeconds', univ.Integer()),
+ namedtype.NamedType('deltaMinutes', univ.Integer()),
+ namedtype.NamedType('deltaHours', univ.Integer()),
+ namedtype.NamedType('deltaDays', univ.Integer())
+ )
+
+
+class TimestampTrustCondition(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('ttsCertificateTrustTrees',
+ CertificateTrustTrees().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('ttsRevReq',
+ CertRevReq().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 1))),
+ namedtype.OptionalNamedType('ttsNameConstraints',
+ NameConstraints().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('cautionPeriod',
+ DeltaTime().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 3))),
+ namedtype.OptionalNamedType('signatureTimestampDelay',
+ DeltaTime().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 4)))
+ )
+
+
+class SignerRules(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('externalSignedData', univ.Boolean()),
+ namedtype.NamedType('mandatedSignedAttr', CMSAttrs()),
+ namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()),
+ namedtype.DefaultedNamedType('mandatedCertificateRef',
+ CertRefReq().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
+ value='signerOnly')),
+ namedtype.DefaultedNamedType('mandatedCertificateInfo',
+ CertInfoReq().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
+ value='none')),
+ namedtype.OptionalNamedType('signPolExtensions',
+ SignPolExtensions().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 2)))
+ )
+
+
+class MandatedUnsignedAttr(CMSAttrs):
+ pass
+
+
+class VerifierRules(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()),
+ namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
+ )
+
+
+class SignerAndVerifierRules(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('signerRules', SignerRules()),
+ namedtype.NamedType('verifierRules', VerifierRules())
+ )
+
+
+class SigningCertTrustCondition(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()),
+ namedtype.NamedType('signerRevReq', CertRevReq())
+ )
+
+
+class CommitmentTypeIdentifier(univ.ObjectIdentifier):
+ pass
+
+
+class FieldOfApplication(DirectoryString):
+ pass
+
+
+class CommitmentType(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('identifier', CommitmentTypeIdentifier()),
+ namedtype.OptionalNamedType('fieldOfApplication',
+ FieldOfApplication().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('semantics',
+ DirectoryString().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 1)))
+ )
+
+
+class SelectedCommitmentTypes(univ.SequenceOf):
+ componentType = univ.Choice(componentType=namedtype.NamedTypes(
+ namedtype.NamedType('empty', univ.Null()),
+ namedtype.NamedType('recognizedCommitmentType', CommitmentType())
+ ))
+
+
+class CommitmentRule(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()),
+ namedtype.OptionalNamedType('signerAndVeriferRules',
+ SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 0))),
+ namedtype.OptionalNamedType('signingCertTrustCondition',
+ SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 1))),
+ namedtype.OptionalNamedType('timeStampTrustCondition',
+ TimestampTrustCondition().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('attributeTrustCondition',
+ AttributeTrustCondition().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 3))),
+ namedtype.OptionalNamedType('algorithmConstraintSet',
+ AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.OptionalNamedType('signPolExtensions',
+ SignPolExtensions().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 5)))
+ )
+
+
+class CommitmentRules(univ.SequenceOf):
+ componentType = CommitmentRule()
+
+
+class CommonRules(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('signerAndVeriferRules',
+ SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 0))),
+ namedtype.OptionalNamedType('signingCertTrustCondition',
+ SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 1))),
+ namedtype.OptionalNamedType('timeStampTrustCondition',
+ TimestampTrustCondition().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('attributeTrustCondition',
+ AttributeTrustCondition().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 3))),
+ namedtype.OptionalNamedType('algorithmConstraintSet',
+ AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.OptionalNamedType('signPolExtensions',
+ SignPolExtensions().subtype(explicitTag=tag.Tag(
+ tag.tagClassContext, tag.tagFormatSimple, 5)))
+ )
+
+
+class PolicyIssuerName(GeneralNames):
+ pass
+
+
+class SignPolicyHash(univ.OctetString):
+ pass
+
+
+class SignPolicyId(univ.ObjectIdentifier):
+ pass
+
+
+class SigningPeriod(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('notBefore', useful.GeneralizedTime()),
+ namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime())
+ )
+
+
+class SignatureValidationPolicy(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('signingPeriod', SigningPeriod()),
+ namedtype.NamedType('commonRules', CommonRules()),
+ namedtype.NamedType('commitmentRules', CommitmentRules()),
+ namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
+ )
+
+
+class SignPolicyInfo(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('signPolicyIdentifier', SignPolicyId()),
+ namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()),
+ namedtype.NamedType('policyIssuerName', PolicyIssuerName()),
+ namedtype.NamedType('fieldOfApplication', FieldOfApplication()),
+ namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()),
+ namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
+ )
+
+
+class SignaturePolicy(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()),
+ namedtype.NamedType('signPolicyInfo', SignPolicyInfo()),
+ namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash())
+ )
+
+
generated by cgit v1.2.3 (git 2.47.1) at 2025-06-08 02:45:02 +0000