rest_pki 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: efdf855b8c7a4a0f5884d7cbb7ae6237f57ef12a7b8e5fb9e3f97fd3b559cba4
-  data.tar.gz: f4ae7fd56adca41b9be2723d376a98adc4d054b6cf1a837b9c2f9dce9af65f32
+  metadata.gz: db2a9c24b735beaae22137e4310fffb7d323dad317c944dbf22177e6a2d10ae5
+  data.tar.gz: a12f3d0a27313c2d39ff7dd29f4ec36bb57728fe093ea9c314a3f79957740d61
 SHA512:
-  metadata.gz: 958e4840d4e0eaaaadf0fcc7e5eaa12bbc8c89480f9393feda3c57004617c5ce729ef8d7ded10573202946e648a91f8a887666faef8e24fdea0d7cc700c13725
-  data.tar.gz: 97e35162fe53d8b8fe4a53bcdaf1ef7ccdc418efcdf9ad8fc0dc7889601d7ae4fc3a4b7b81f83644a9661998c02ae6226349ff62df2d068a02e929c3511261a4
+  metadata.gz: 1738123814dff03a59fe192926de714019de28321c7c4658a995a963fdd6106010defabaa87cf1ee5dbd4d1106814319b6c5e12dfdb7bbaa08ab8765d7c0f94f
+  data.tar.gz: 68654022530960bff5ce44ccdca64bba15c0d2f8ade4f05fd12642ae7deab2e964bdb83299571daaa4557d20ab0f12f510196e4548f5fccbda4bd550ceda2c9d

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.1.0 (2020-04-30)
+* Added PDF marks support
+* Added PAdES signature validation support
+
 ## 1.0.0 (2018-04-11)
 * First publicly available version
 * Main features on this version:

data/README.md

@@ -1,17 +1,22 @@
 REST PKI client lib for Ruby
 ============================
+[![Gem Version](https://badge.fury.io/rb/rest_pki.svg)](https://badge.fury.io/rb/rest_pki)
 
 This library contains classes that encapsulate the calls to the REST PKI API.
 
 The recommended way to install **REST PKI Client lib** is through setting in your Gemfile:
 
 ````ruby
-gem 'rest_pki', '~> 1.0.0'
+gem 'rest_pki', '~> 1.1.0'
 ````
 
 And with installing via [Bundler](http://bundler.io/) on your project root folder:
     
     bundle install
+    
+Alternatively, You can install this gem globally by executing the following command:
+
+    gem install rest_pki 
 
 Samples
 -------

data/lib/rest_pki.rb

@@ -22,10 +22,42 @@ require_relative 'rest_pki/standard_security_contexts'
 require_relative 'rest_pki/standard_signature_policies'
 require_relative 'rest_pki/validation_item'
 require_relative 'rest_pki/validation_results'
+require_relative 'rest_pki/signature_algorithm_and_value'
+require_relative 'rest_pki/signature_explorer'
+require_relative 'rest_pki/oids'
+require_relative 'rest_pki/pades_signature_explorer'
+require_relative 'rest_pki/signature_policy_identifier'
+require_relative 'rest_pki/digest_algorithm_and_value'
+require_relative 'rest_pki/digest_algorithm'
+require_relative 'rest_pki/cades_signature'
+require_relative 'rest_pki/pades_signer_info'
+require_relative 'rest_pki/pk_algorithms'
+require_relative 'rest_pki/pk_certificate'
 require_relative 'rest_pki/xml_element_signature_starter'
 require_relative 'rest_pki/xml_id_resolution_table'
 require_relative 'rest_pki/xml_insertion_options'
 require_relative 'rest_pki/xml_signature_finisher'
+require_relative 'rest_pki/color'
+require_relative 'rest_pki/pades_measurement_units'
+require_relative 'rest_pki/pades_page_orientation'
+require_relative 'rest_pki/pades_paper_size'
+require_relative 'rest_pki/pades_size'
+require_relative 'rest_pki/page_optimization'
+require_relative 'rest_pki/pdf_mark'
+require_relative 'rest_pki/pdf_mark_element'
+require_relative 'rest_pki/pdf_mark_element_type'
+require_relative 'rest_pki/pdf_mark_image'
+require_relative 'rest_pki/pdf_mark_image_element'
+require_relative 'rest_pki/pdf_mark_page_options'
+require_relative 'rest_pki/pdf_mark_qr_code_element'
+require_relative 'rest_pki/pdf_mark_text_element'
+require_relative 'rest_pki/pdf_marker'
+require_relative 'rest_pki/pdf_text_section'
+require_relative 'rest_pki/pdf_text_style'
+require_relative 'rest_pki/resource_content_or_reference'
+require_relative 'rest_pki/pades_visual_rectangle'
+require_relative 'rest_pki/pdf_container_definition'
+require_relative 'rest_pki/pdf_helper'
 
 Dir[File.expand_path('../rest_pki/resources/*.rb', __FILE__)].map do |path|
   require path

data/lib/rest_pki/cades_signature.rb

@@ -0,0 +1,52 @@
+module RestPki
+    class CadesSignature
+        attr_reader :encapsulated_content_type, :has_encapsulated_content, :signers
+        def initialize(model)
+            @encapsulated_content_type = model['encapsulatedContentType']
+            @has_encapsulated_content = model['hasEncapsulatedContent']
+            @signers = []
+            unless model['signers'].nil?
+                model['signers'].each { |signer|
+                    @signers.push(CadesSignerInfo.new(signer))
+                }
+            end
+        end
+    end
+
+    class CadesTimestamp < CadesSignature
+        attr_reader :gen_time, :serial_number, :message_imprint
+        def initialize(model)
+            super(model)
+            @gen_time = model['genTime']
+            @serial_number = model['serialNumber']
+            @message_imprint = DigestAlgorithmAndValue.new(model['messageImprint'])
+        end
+    end
+
+    class CadesSignerInfo
+        attr_reader :message_digest, :signature, :certificate, :signing_time, :certified_date_reference, :signature_policy, :timestamps, :validation_results
+
+        def initialize(model)
+            @message_digest = DigestAlgorithmAndValue.new(model['messageDigest'])
+            @signature = SignatureAlgorithmAndValue.new(model['signature'])
+            @certificate = PKCertificate.new(model['certificate'])
+            @signing_time = model['signingTime']
+            @certified_date_reference = model['certifiedDateReference']
+
+            unless model['signaturePolicy'].nil?
+                @signature_policy = SignaturePolicyIdentifier.new(model['signaturePolicy'])
+            end
+
+            @timestamps = []
+            unless model['timestamps'].nil?
+                model['timestamps'].each { |timestamp|
+                    @timestamps.push(CadesTimestamp.new(timestamp))
+                }
+            end
+
+            unless model['validationResults'].nil?
+                @validation_results = ValidationResults.new(model['validationResults'])
+            end
+        end
+    end
+end

data/lib/rest_pki/color.rb

@@ -0,0 +1,37 @@
+module RestPki
+  class Color
+    attr_reader :alpha, :red, :green, :blue
+
+    def initialize(red, green, blue, alpha = 100)
+      @alpha = alpha
+      @red = red
+      @green = green
+      @blue = blue
+    end
+
+    def self.from_rgb_string(rgb_string, alpha = 100)
+      if rgb_string.length < 6 or rgb_string.length > 7
+        raise 'Invalid argument'
+      end
+      
+      index = 0
+      if rgb_string[0] == '#'
+        index += 1
+      end
+
+      red = "0x0000#{rgb_string[index..index+1]}".to_i(16)
+      green = "0x0000#{rgb_string[index+2..index+3]}".to_i(16)
+      blue = "0x0000#{rgb_string[index+4..index+5]}".to_i(16)
+      Color.new(red, green, blue, alpha)
+    end
+
+    def to_model
+      {
+          alpha: @alpha,
+          red: @blue,
+          green: @green,
+          blue: @blue,
+      }
+    end
+  end
+end

data/lib/rest_pki/digest_algorithm.rb

@@ -0,0 +1,158 @@
+require 'digest'
+
+module RestPki
+    class DigestAlgorithm
+        attr_reader :name, :oid, :byte_length, :api_model, :xml_uri, :crypto_digest
+
+        def initialize(name, oid, byte_length, api_model, xml_uri, crypto_digest)
+            @name = name
+            @oid = oid
+            @byte_length = byte_length
+            @api_model = api_model
+            @xml_uri = xml_uri
+            @crypto_digest = crypto_digest
+        end
+
+        def self.MD5; MD5DigestAlgorithm.new end
+        def self.SHA1; SHA1DigestAlgorithm.new end
+        def self.SHA256; SHA256DigestAlgorithm.new end
+        def self.SHA384; SHA384DigestAlgorithm.new end
+        def self.SHA512; SHA512DigestAlgorithm.new end
+
+        def ==(comparison_object)
+            if comparison_object.equal?(self)
+                return true
+            end
+            unless comparison_object.instance_of?(self.class)
+                return false
+            end
+            self.oid == comparison_object.oid
+        end
+
+        def check_length(digest_value)
+            unless digest_value.length == @byte_length
+                raise "A #{@name} digest should contain #{@byte_length} bytes, but a value with #{digest_value.length} bytes was given"
+            end
+        end
+
+        def self.algorithms
+            [
+                DigestAlgorithm.MD5,
+                DigestAlgorithm.SHA1,
+                DigestAlgorithm.SHA256,
+                DigestAlgorithm.SHA384,
+                DigestAlgorithm.SHA512
+            ]
+        end
+        
+        def self.get_instance_by_name(name)
+            begin
+                alg = DigestAlgorithm.algorithms.find{|a| a.name == name}
+            rescue
+                raise "Unrecognized digest algorithm name: #{name}"
+            end
+            alg
+        end
+        
+        def self.get_instance_by_oid(oid)
+            begin
+                alg = DigestAlgorithm.algorithms.find{|a| a.oid == oid}
+            rescue
+                raise "Unrecognized digest algorithm oid: #{oid}"
+            end
+            alg
+        end
+        
+        def self.get_instance_by_xml_uri(xml_uri)
+            begin
+                alg = DigestAlgorithm.algorithms.find{|a| a.xml_uri == xml_uri}
+            rescue
+                raise "Unrecognized digest algorithm xml_uri: #{xml_uri}"
+            end
+            alg
+        end
+      
+        def self.get_instance_by_api_model(algorithm)
+            case algorithm.upcase
+            when 'MD5'
+                DigestAlgorithm.MD5
+            when 'SHA1'
+                DigestAlgorithm.SHA1
+            when 'SHA256'
+                DigestAlgorithm.SHA256
+            when 'SHA384'
+                DigestAlgorithm.SHA384
+            when 'SHA512'
+                DigestAlgorithm.SHA512
+            else
+                raise "Unsupported digest algorithm: #{algorithm}"
+            end
+        end
+
+    end
+
+    class MD5DigestAlgorithm < DigestAlgorithm
+
+        def initialize
+            @name = 'MD5'
+            @oid = Oids.oids["MD5"]
+            @byte_length = 16
+            @api_model = 'md5'
+            @xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#md5'
+            @crypto_digest = Digest::MD5.new
+            super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
+        end
+    end
+
+    class SHA1DigestAlgorithm < DigestAlgorithm
+
+        def initialize
+            @name = 'SHA1'
+            @oid = Oids.oids["SHA1"]
+            @byte_length = 20
+            @api_model = 'sha1'
+            @xml_uri = 'http://www.w3.org/2000/09/xmldsig#sha1'
+            @crypto_digest = Digest::SHA1.new
+            super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
+        end
+    end
+
+    class SHA256DigestAlgorithm < DigestAlgorithm
+
+        def initialize
+            @name = 'SHA256'
+            @oid = Oids.oids["SHA256"]
+            @byte_length = 32
+            @api_model = 'sha256'
+            @xml_uri = 'http://www.w3.org/2001/04/xmlenc#sha256'
+            @crypto_digest = Digest::SHA2.new(256)
+            super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
+        end
+    end
+
+    class SHA384DigestAlgorithm < DigestAlgorithm
+
+        def initialize
+            @name = 'SHA384'
+            @oid = Oids.oids["SHA384"]
+            @byte_length = 48
+            @api_model = 'sha384'
+            @xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#sha384'
+            @crypto_digest = Digest::SHA2.new(384)
+        super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
+        end
+    end
+
+    class SHA512DigestAlgorithm < DigestAlgorithm
+
+        def initialize
+            @name = 'SHA512'
+            @oid = Oids.oids["SHA512"]
+            @byte_length = 64
+            @api_model = 'sha512'
+            @xml_uri = 'http://www.w3.org/2001/04/xmlenc#sha512'
+            @crypto_digest = Digest::SHA2.new(512)
+            super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
+        end
+    end
+end

data/lib/rest_pki/digest_algorithm_and_value.rb

@@ -0,0 +1,29 @@
+require 'base64'
+
+module RestPki
+    class DigestAlgorithmAndValue
+        attr_reader :algorithm, :value
+
+        def initialize(model)
+            if model['algorithm'].to_s.blank?
+                raise 'The algorithm was not set'
+            end
+            if model['value'].to_s.blank?
+                raise 'The value was not set'
+            end
+            @algorithm = DigestAlgorithm.get_instance_by_api_model(model['algorithm'])
+            @value = Base64.decode64(model['value'])
+        end
+
+        def hex_value
+            @value.each_byte.map { |b| b.to_s(16) }.join
+        end
+      
+        def to_model
+            {
+               algorithm: @algorithm.api_model,
+               value: @value
+            }
+        end
+    end
+end

data/lib/rest_pki/oids.rb

@@ -0,0 +1,163 @@
+module RestPki
+    class Oids
+        def self.oids
+            @oids
+        end
+        @oids = {
+            #region Digest Algorithms
+            "MD5" => '1.2.840.113549.2.5',
+            "SHA1" => '1.3.14.3.2.26',
+            # sha224" => '2.16.840.1.101.3.4.2.4', # RFC 3874 section 4
+            "SHA256" => '2.16.840.1.101.3.4.2.1',
+            "SHA384" => '2.16.840.1.101.3.4.2.2',
+            "SHA512" => '2.16.840.1.101.3.4.2.3',
+            #endregion
+
+            #region Signature Algorithms
+            "MD2_WITH_RSA" => '1.2.840.113549.1.1.2',
+            "MD5_WITH_RSA" => '1.2.840.113549.1.1.4',
+            "SHA1_WITH_RSA" => '1.2.840.113549.1.1.5',
+            "SHA256_WITH_RSA" => '1.2.840.113549.1.1.11',
+            "SHA384_WITH_RSA" => '1.2.840.113549.1.1.12',
+            "SHA512_WITH_RSA" => '1.2.840.113549.1.1.13',
+
+            "SHA1_WITH_DSA" => '1.2.840.10040.4.3',   # RFC 3279 section 2.2.2
+            # dsaWithSHA224" => '2.16.840.1.101.3.4.3.1',    # RFC 5758 section 3.1
+            "SHA256_WITH_DSA" => '2.16.840.1.101.3.4.3.2',    # RFC 5758 section 3.1
+            #endregion
+
+            #region Asymmetric Algorithms
+            "RSA" => '1.2.840.113549.1.1.1', # RFC 3279 section 2.3.1
+            "DSA" => '1.2.840.10040.4.1',    # RFC 3279 section 2.3.2
+            #endregion
+
+            #region X509
+            "X509_EXTENSION_SUBJECT_ALTERNATIVE_NAME" => '2.5.29.17', # RFC 5280 section 4.2.1.6
+            "X509_EXTENSION_BASIC_CONSTRAINTS" => '2.5.29.19', # RFC 5280 section 4.2.1.9
+            "X509_EXTENSION_AUTHORITY_KEY_IDENTIFIER" => '2.5.29.35', # RFC 5280 section 4.2.1.1
+            "X509_EXTENSION_SUBJECT_KEY_IDENTIFIER" => '2.5.29.14', # RFC 5280 section 4.2.1.2
+            "X509_EXTENSION_CRL_NUMBER" => '2.5.29.20', # RFC 5280 section 5.2.3
+            "X509_EXTENSION_CRL_REASONS" => '2.5.29.21', # RFC 5280 section 5.3.1
+            "X509_EXTENSION_ISSUING_DISTRIBUTION_POINT" => '2.5.29.28', # RFC 5280 section 5.2.5
+            "X509_EXTENSION_CERTIFICATE_ISSUER" => '2.5.29.29', # RFC 5280 section 5.3.3
+            "X509_EXTENSION_CRL_DISTRIBUTION_POINTS" => '2.5.29.31', # RFC 5280 section 4.2.1.13
+            "X509_EXTENSION_NO_REVOCATION_AVAILABLE" => '2.5.29.56', # RFC 5755 section 4.3.6
+            "X509_EXTENSION_CERTIFICATE_POLICIES" => '2.5.29.32', # RFC 5280 section 4.2.1.4
+            "X509_CERTIFICATE_POLICY_ANY" => '2.5.29.32.0', # RFC 5280 section 4.2.1.4
+            "X509_CERTIFICATE_POLICY_QUALIFIER_TYPE_CPS" => '1.3.6.1.5.5.7.2.1', # RFC 5280 section 4.2.1.4
+            "X509_CERTIFICATE_POLICY_QUALIFIER_TYPE_USER_NOTICE" => '1.3.6.1.5.5.7.2.2', # RFC 5280 section 4.2.1.4
+            "X509_EXTENSION_AUTHORITY_INFORMATION_ACCESS" => '1.3.6.1.5.5.7.1.1', # RFC 5280 section 4.2.2.1
+            "ACCESS_DESCRIPTION_CA_ISSUERS" => '1.3.6.1.5.5.7.48.2', # RFC 5280 section 4.2.2.1
+            "ACCESS_DESCRIPTION_OCSP" => '1.3.6.1.5.5.7.48.1', # RFC 5280 section 4.2.2.1
+
+            "KEY_USAGE" => '2.5.29.15',
+            "EXTENDED_KEY_USAGE" => '2.5.29.37',
+
+            # RFC 5280 section 4.2.1.12
+            "EXTENDED_KEY_USAGE_ANY" => '2.5.29.37.0',
+            "EXTENDED_KEY_USAGE_SERVER_AUTH" => '1.3.6.1.5.5.7.3.1',
+            "EXTENDED_KEY_USAGE_CLIENT_AUTH" => '1.3.6.1.5.5.7.3.2',
+            "EXTENDED_KEY_USAGE_CODE_SIGNING" => '1.3.6.1.5.5.7.3.3',
+            "EXTENDED_KEY_USAGE_EMAIL_PROTECTION" => '1.3.6.1.5.5.7.3.4',
+            "EXTENDED_KEY_USAGE_IPSEC_END_SYSTEM" => '1.3.6.1.5.5.7.3.5',
+            "EXTENDED_KEY_USAGE_IPSEC_TUNNEL" => '1.3.6.1.5.5.7.3.6',
+            "EXTENDED_KEY_USAGE_IPSEC_USER" => '1.3.6.1.5.5.7.3.7',
+            "EXTENDED_KEY_USAGE_TIME_STAMPING" => '1.3.6.1.5.5.7.3.8',
+            "EXTENDED_KEY_USAGE_OCSP_SIGNING" => '1.3.6.1.5.5.7.3.9',
+            #endregion
+
+            #region ICP-Brasil
+            "icpBrasil" => {
+                # CAdES
+                "CADES_ADR_BASICA_V10" => '2.16.76.1.7.1.1.1',   # DOC-ICP 15.03 v6.1 pag 31
+                "CADES_ADR_BASICA_V11" => '2.16.76.1.7.1.1.1.1', # DOC-ICP 15.03 v6.1 pag 31
+                "CADES_ADR_BASICA_V20" => '2.16.76.1.7.1.1.2',   # DOC-ICP 15.03 v6.1 pag 31
+                "CADES_ADR_BASICA_V21" => '2.16.76.1.7.1.1.2.1', # DOC-ICP 15.03 v6.1 pag 31
+                "CADES_ADR_TEMPO_V10" => '2.16.76.1.7.1.2.1',   # DOC-ICP 15.03 v6.1 pag 35
+                "CADES_ADR_TEMPO_V11" => '2.16.76.1.7.1.2.1.1', # DOC-ICP 15.03 v6.1 pag 35
+                "CADES_ADR_TEMPO_V20" => '2.16.76.1.7.1.2.2',   # DOC-ICP 15.03 v6.1 pag 35
+                "CADES_ADR_TEMPO_V21" => '2.16.76.1.7.1.2.2.1', # DOC-ICP 15.03 v6.1 pag 35
+                "CADES_ADR_VALIDACAO_V10" => '2.16.76.1.7.1.3.1',   # DOC-ICP 15.03 v6.1 pag 40
+                "CADES_ADR_VALIDACAO_V11" => '2.16.76.1.7.1.3.1.1', # DOC-ICP 15.03 v6.1 pag 40
+                "CADES_ADR_VALIDACAO_V20" => '2.16.76.1.7.1.3.2',   # DOC-ICP 15.03 v6.1 pag 40
+                "CADES_ADR_VALIDACAO_V21" => '2.16.76.1.7.1.3.2.1', # DOC-ICP 15.03 v6.1 pag 40
+                "CADES_ADR_COMPLETA_V10" => '2.16.76.1.7.1.4.1',   # DOC-ICP 15.03 v6.1 pag 45
+                "CADES_ADR_COMPLETA_V11" => '2.16.76.1.7.1.4.1.1', # DOC-ICP 15.03 v6.1 pag 45
+                "CADES_ADR_COMPLETA_V20" => '2.16.76.1.7.1.4.2',   # DOC-ICP 15.03 v6.1 pag 45
+                "CADES_ADR_COMPLETA_V21" => '2.16.76.1.7.1.4.2.1', # DOC-ICP 15.03 v6.1 pag 45
+                "CADES_ADR_ARQUIVAMENTO_V20" => '2.16.76.1.7.1.5.2',   # DOC-ICP 15.03 v6.1 pag 50
+                "CADES_ADR_ARQUIVAMENTO_V21" => '2.16.76.1.7.1.5.2.1', # DOC-ICP 15.03 v6.1 pag 50
+                "CADES_ADR_ARQUIVAMENTO_V22" => '2.16.76.1.7.1.4.2.2', # DOC-ICP 15.03 v6.1 pag 50
+
+                # XAdES
+                "XADES_ADR_BASICA_V10" => '2.16.76.1.7.1.6.1',   # DOC-ICP 15.03 v6.1 pág 56
+                "XADES_ADR_BASICA_V11" => '2.16.76.1.7.1.6.1.1', # DOC-ICP 15.03 v6.1 pág 56
+                "XADES_ADR_BASICA_V12" => '2.16.76.1.7.1.6.1.2', # DOC-ICP 15.03 v6.1 pág 56
+                "XADES_ADR_BASICA_V20" => '2.16.76.1.7.1.6.2',   # DOC-ICP 15.03 v6.1 pág 56
+                "XADES_ADR_BASICA_V21" => '2.16.76.1.7.1.6.2.1', # DOC-ICP 15.03 v6.1 pág 56
+                "XADES_ADR_BASICA_V22" => '2.16.76.1.7.1.6.2.2', # DOC-ICP 15.03 v6.1 pág 56
+                "XADES_ADR_TEMPO_V10" => '2.16.76.1.7.1.7.1',   # DOC-ICP 15.03 v6.1 pág 60
+                "XADES_ADR_TEMPO_V11" => '2.16.76.1.7.1.7.1.1', # DOC-ICP 15.03 v6.1 pág 60
+                "XADES_ADR_TEMPO_V12" => '2.16.76.1.7.1.7.1.2', # DOC-ICP 15.03 v6.1 pág 60
+                "XADES_ADR_TEMPO_V20" => '2.16.76.1.7.1.7.2',   # DOC-ICP 15.03 v6.1 pág 60
+                "XADES_ADR_TEMPO_V21" => '2.16.76.1.7.1.7.2.1', # DOC-ICP 15.03 v6.1 pág 60
+                "XADES_ADR_TEMPO_V22" => '2.16.76.1.7.1.7.2.2', # DOC-ICP 15.03 v6.1 pág 60
+
+                # Subject alternative names
+                "SAN_CERTIFICADO_PESSOA_FISICA_DADOS_BASICOS" => '2.16.76.1.3.1', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_JURIDICA_NOME_RESPONSAVEL" => '2.16.76.1.3.2', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_JURIDICA_NUMERO_CNPJ" => '2.16.76.1.3.3', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_JURIDICA_DADOS_RESPONSAVEL" => '2.16.76.1.3.4', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_FISICA_DADOS_ELEITORAIS" => '2.16.76.1.3.5', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_FISICA_NUMERO_INSS" => '2.16.76.1.3.6', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_JURIDICA_NUMERO_INSS" => '2.16.76.1.3.7', # DOC-ICP 04.01 v2.3 section 2.5
+                "SAN_CERTIFICADO_PESSOA_JURIDICA_NOME_EMPRESARIAL" => '2.16.76.1.3.8', # DOC-ICP 04.01 v2.3 section 2.5
+                "ROOT_CERTIFICATE_DECLARATION_PRACTICES" => '2.16.76.1.1.0',
+                "SAN_INSCRICAO_OAB" => '2.16.76.1.4.2.1.1', # Política de Certificado de Assinatura Digital Tipo A3 da Autoridade Certificadora da Ordem dos Advogados do Brasil - OAB -- ver 5.0 de 30/11/2014 -- section 7.1.2.3 item a.2 -- http =#icp-brasil.certisign.com.br/repositorio/pc/AC_OAB/PC_A3_AC_OAB_v5.0.pdf
+
+                # Prefixes
+                "PREFIX" => '2.16.76.1.',
+                "PREFIX_CERTIFICATE_DECLARATION_PRACTICES" => '2.16.76.1.1.',
+                "PREFIX_CERTIFICATE_POLICIES" => '2.16.76.1.2.',
+                "PREFIX_CERTIFICATE_A1" => '2.16.76.1.2.1.',
+                "PREFIX_CERTIFICATE_A2" => '2.16.76.1.2.2.',
+                "PREFIX_CERTIFICATE_A3" => '2.16.76.1.2.3.',
+                "PREFIX_CERTIFICATE_A4" => '2.16.76.1.2.4.',
+                "PREFIX_CERTIFICATE_S1" => '2.16.76.1.2.101.',
+                "PREFIX_CERTIFICATE_S2" => '2.16.76.1.2.102.',
+                "PREFIX_CERTIFICATE_S3" => '2.16.76.1.2.103.',
+                "PREFIX_CERTIFICATE_S4" => '2.16.76.1.2.104.',
+                "PREFIX_CERTIFICATE_AC" => '2.16.76.1.2.201.',
+                "PREFIX_CERTIFICATE_T3" => '2.16.76.1.2.303.',
+                "PREFIX_CERTIFICATE_T4" => '2.16.76.1.2.304.',
+            },
+            #endregion
+
+            #region CMS
+            "DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.1', # RFC 5652 item 4
+            "SIGNED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.2', # RFC 5652 item 5.1
+            "ENVELOPED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.3', # RFC 5652 item 6.1
+            "DIGESTED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.5', # RFC 5652 item 7
+            "ENCRYPTED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.6', # RFC 5652 item 8
+            "AUTHENTICATED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.9.16.1.2', # RFC 5652 item 9.1
+            "TST_INFO_CONTENT_TYPE" => '1.2.840.113549.1.9.16.1.4', # RFC 3161 item 2.4.2
+            "CONTENT_TYPE_ATTRIBUTE" => '1.2.840.113549.1.9.3', # RFC 5652 item 11.1
+            "MESSAGE_DIGEST_ATTRIBUTE" => '1.2.840.113549.1.9.4', # RFC 5652 item 11.2
+            "SIGNING_TIME_ATTRIBUTE" => '1.2.840.113549.1.9.5', # RFC 5652 item 11.3
+            "SIGNING_CERTIFICATE_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.12', # RFC 2634 item 5.4
+            "SIGNING_CERTIFICATE_V2_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.47', # RFC 5035 item 3 ('Insert New Section 5.4.1...')
+            "SIGNATURE_TIMESTAMP_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.14', # CAdES v2.2.1 item 6.1.1
+            "SIGNER_ATTRIBUTE_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.18', # CAdES v2.2.1 item 6.1.1
+            "SIGNATURE_POLICY_IDENTIFIER_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.15', # CAdES v2.2.1 item 5.8.1
+            "COMPLETE_CERTIFICATE_REFS_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.21', # CAdES v2.2.1 item 6.2.1
+            "COMPLETE_REVOCATION_REFS_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.22', # CAdES v2.2.1 item 6.2.2
+            "CERTIFICATE_VALUES_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.23', # CAdES v2.2.1 item 6.3.3
+            "REVOCATION_VALUES_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.24', # CAdES v2.2.1 item 6.3.4
+            "CADES_C_TIMESTAMP_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.25', # CAdES v2.2.1 item 6.3.5
+            "SIGNATURE_POLICY_URI" => '1.2.840.113549.1.9.16.5.1', # CAdES v2.2.1 item 5.8.1
+            "CERT_CRL_TIMESTAMP" => '1.2.840.113549.1.9.16.2.26', # CAdES v2.2.1 item 6.3.6
+            "ARCHIEVE_TIMESTAMP" => '1.2.840.113549.1.9.16.2.48', # CAdES v2.2.1 item 6.4.1
+            #endregion
+        }
+    end
+end