rest_pki 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +6 -1
- data/lib/rest_pki.rb +32 -0
- data/lib/rest_pki/cades_signature.rb +52 -0
- data/lib/rest_pki/color.rb +37 -0
- data/lib/rest_pki/digest_algorithm.rb +158 -0
- data/lib/rest_pki/digest_algorithm_and_value.rb +29 -0
- data/lib/rest_pki/oids.rb +163 -0
- data/lib/rest_pki/pades_measurement_units.rb +6 -0
- data/lib/rest_pki/pades_page_orientation.rb +7 -0
- data/lib/rest_pki/pades_paper_size.rb +17 -0
- data/lib/rest_pki/pades_signature_explorer.rb +17 -0
- data/lib/rest_pki/pades_signer_info.rb +11 -0
- data/lib/rest_pki/pades_size.rb +17 -0
- data/lib/rest_pki/pades_visual_rectangle.rb +25 -0
- data/lib/rest_pki/page_optimization.rb +34 -0
- data/lib/rest_pki/pdf_container_definition.rb +266 -0
- data/lib/rest_pki/pdf_helper.rb +29 -0
- data/lib/rest_pki/pdf_mark.rb +81 -0
- data/lib/rest_pki/pdf_mark_element.rb +54 -0
- data/lib/rest_pki/pdf_mark_element_type.rb +7 -0
- data/lib/rest_pki/pdf_mark_image.rb +25 -0
- data/lib/rest_pki/pdf_mark_image_element.rb +33 -0
- data/lib/rest_pki/pdf_mark_page_options.rb +8 -0
- data/lib/rest_pki/pdf_mark_qr_code_element.rb +32 -0
- data/lib/rest_pki/pdf_mark_text_element.rb +47 -0
- data/lib/rest_pki/pdf_marker.rb +61 -0
- data/lib/rest_pki/pdf_text_section.rb +57 -0
- data/lib/rest_pki/pdf_text_style.rb +7 -0
- data/lib/rest_pki/pk_algorithms.rb +173 -0
- data/lib/rest_pki/pk_certificate.rb +99 -0
- data/lib/rest_pki/resource_content_or_reference.rb +25 -0
- data/lib/rest_pki/resources/pades_explorer_model.rb +12 -0
- data/lib/rest_pki/resources/pdf_marker_model.rb +12 -0
- data/lib/rest_pki/signature_algorithm_and_value.rb +11 -0
- data/lib/rest_pki/signature_explorer.rb +48 -0
- data/lib/rest_pki/signature_policy_identifier.rb +10 -0
- data/lib/rest_pki/validation_item.rb +2 -2
- data/lib/rest_pki/validation_results.rb +11 -11
- data/lib/rest_pki/version.rb +1 -1
- metadata +37 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: db2a9c24b735beaae22137e4310fffb7d323dad317c944dbf22177e6a2d10ae5
|
4
|
+
data.tar.gz: a12f3d0a27313c2d39ff7dd29f4ec36bb57728fe093ea9c314a3f79957740d61
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1738123814dff03a59fe192926de714019de28321c7c4658a995a963fdd6106010defabaa87cf1ee5dbd4d1106814319b6c5e12dfdb7bbaa08ab8765d7c0f94f
|
7
|
+
data.tar.gz: 68654022530960bff5ce44ccdca64bba15c0d2f8ade4f05fd12642ae7deab2e964bdb83299571daaa4557d20ab0f12f510196e4548f5fccbda4bd550ceda2c9d
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -1,17 +1,22 @@
|
|
1
1
|
REST PKI client lib for Ruby
|
2
2
|
============================
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/rest_pki.svg)](https://badge.fury.io/rb/rest_pki)
|
3
4
|
|
4
5
|
This library contains classes that encapsulate the calls to the REST PKI API.
|
5
6
|
|
6
7
|
The recommended way to install **REST PKI Client lib** is through setting in your Gemfile:
|
7
8
|
|
8
9
|
````ruby
|
9
|
-
gem 'rest_pki', '~> 1.
|
10
|
+
gem 'rest_pki', '~> 1.1.0'
|
10
11
|
````
|
11
12
|
|
12
13
|
And with installing via [Bundler](http://bundler.io/) on your project root folder:
|
13
14
|
|
14
15
|
bundle install
|
16
|
+
|
17
|
+
Alternatively, You can install this gem globally by executing the following command:
|
18
|
+
|
19
|
+
gem install rest_pki
|
15
20
|
|
16
21
|
Samples
|
17
22
|
-------
|
data/lib/rest_pki.rb
CHANGED
@@ -22,10 +22,42 @@ require_relative 'rest_pki/standard_security_contexts'
|
|
22
22
|
require_relative 'rest_pki/standard_signature_policies'
|
23
23
|
require_relative 'rest_pki/validation_item'
|
24
24
|
require_relative 'rest_pki/validation_results'
|
25
|
+
require_relative 'rest_pki/signature_algorithm_and_value'
|
26
|
+
require_relative 'rest_pki/signature_explorer'
|
27
|
+
require_relative 'rest_pki/oids'
|
28
|
+
require_relative 'rest_pki/pades_signature_explorer'
|
29
|
+
require_relative 'rest_pki/signature_policy_identifier'
|
30
|
+
require_relative 'rest_pki/digest_algorithm_and_value'
|
31
|
+
require_relative 'rest_pki/digest_algorithm'
|
32
|
+
require_relative 'rest_pki/cades_signature'
|
33
|
+
require_relative 'rest_pki/pades_signer_info'
|
34
|
+
require_relative 'rest_pki/pk_algorithms'
|
35
|
+
require_relative 'rest_pki/pk_certificate'
|
25
36
|
require_relative 'rest_pki/xml_element_signature_starter'
|
26
37
|
require_relative 'rest_pki/xml_id_resolution_table'
|
27
38
|
require_relative 'rest_pki/xml_insertion_options'
|
28
39
|
require_relative 'rest_pki/xml_signature_finisher'
|
40
|
+
require_relative 'rest_pki/color'
|
41
|
+
require_relative 'rest_pki/pades_measurement_units'
|
42
|
+
require_relative 'rest_pki/pades_page_orientation'
|
43
|
+
require_relative 'rest_pki/pades_paper_size'
|
44
|
+
require_relative 'rest_pki/pades_size'
|
45
|
+
require_relative 'rest_pki/page_optimization'
|
46
|
+
require_relative 'rest_pki/pdf_mark'
|
47
|
+
require_relative 'rest_pki/pdf_mark_element'
|
48
|
+
require_relative 'rest_pki/pdf_mark_element_type'
|
49
|
+
require_relative 'rest_pki/pdf_mark_image'
|
50
|
+
require_relative 'rest_pki/pdf_mark_image_element'
|
51
|
+
require_relative 'rest_pki/pdf_mark_page_options'
|
52
|
+
require_relative 'rest_pki/pdf_mark_qr_code_element'
|
53
|
+
require_relative 'rest_pki/pdf_mark_text_element'
|
54
|
+
require_relative 'rest_pki/pdf_marker'
|
55
|
+
require_relative 'rest_pki/pdf_text_section'
|
56
|
+
require_relative 'rest_pki/pdf_text_style'
|
57
|
+
require_relative 'rest_pki/resource_content_or_reference'
|
58
|
+
require_relative 'rest_pki/pades_visual_rectangle'
|
59
|
+
require_relative 'rest_pki/pdf_container_definition'
|
60
|
+
require_relative 'rest_pki/pdf_helper'
|
29
61
|
|
30
62
|
Dir[File.expand_path('../rest_pki/resources/*.rb', __FILE__)].map do |path|
|
31
63
|
require path
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module RestPki
|
2
|
+
class CadesSignature
|
3
|
+
attr_reader :encapsulated_content_type, :has_encapsulated_content, :signers
|
4
|
+
def initialize(model)
|
5
|
+
@encapsulated_content_type = model['encapsulatedContentType']
|
6
|
+
@has_encapsulated_content = model['hasEncapsulatedContent']
|
7
|
+
@signers = []
|
8
|
+
unless model['signers'].nil?
|
9
|
+
model['signers'].each { |signer|
|
10
|
+
@signers.push(CadesSignerInfo.new(signer))
|
11
|
+
}
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
class CadesTimestamp < CadesSignature
|
17
|
+
attr_reader :gen_time, :serial_number, :message_imprint
|
18
|
+
def initialize(model)
|
19
|
+
super(model)
|
20
|
+
@gen_time = model['genTime']
|
21
|
+
@serial_number = model['serialNumber']
|
22
|
+
@message_imprint = DigestAlgorithmAndValue.new(model['messageImprint'])
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
class CadesSignerInfo
|
27
|
+
attr_reader :message_digest, :signature, :certificate, :signing_time, :certified_date_reference, :signature_policy, :timestamps, :validation_results
|
28
|
+
|
29
|
+
def initialize(model)
|
30
|
+
@message_digest = DigestAlgorithmAndValue.new(model['messageDigest'])
|
31
|
+
@signature = SignatureAlgorithmAndValue.new(model['signature'])
|
32
|
+
@certificate = PKCertificate.new(model['certificate'])
|
33
|
+
@signing_time = model['signingTime']
|
34
|
+
@certified_date_reference = model['certifiedDateReference']
|
35
|
+
|
36
|
+
unless model['signaturePolicy'].nil?
|
37
|
+
@signature_policy = SignaturePolicyIdentifier.new(model['signaturePolicy'])
|
38
|
+
end
|
39
|
+
|
40
|
+
@timestamps = []
|
41
|
+
unless model['timestamps'].nil?
|
42
|
+
model['timestamps'].each { |timestamp|
|
43
|
+
@timestamps.push(CadesTimestamp.new(timestamp))
|
44
|
+
}
|
45
|
+
end
|
46
|
+
|
47
|
+
unless model['validationResults'].nil?
|
48
|
+
@validation_results = ValidationResults.new(model['validationResults'])
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
module RestPki
|
2
|
+
class Color
|
3
|
+
attr_reader :alpha, :red, :green, :blue
|
4
|
+
|
5
|
+
def initialize(red, green, blue, alpha = 100)
|
6
|
+
@alpha = alpha
|
7
|
+
@red = red
|
8
|
+
@green = green
|
9
|
+
@blue = blue
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.from_rgb_string(rgb_string, alpha = 100)
|
13
|
+
if rgb_string.length < 6 or rgb_string.length > 7
|
14
|
+
raise 'Invalid argument'
|
15
|
+
end
|
16
|
+
|
17
|
+
index = 0
|
18
|
+
if rgb_string[0] == '#'
|
19
|
+
index += 1
|
20
|
+
end
|
21
|
+
|
22
|
+
red = "0x0000#{rgb_string[index..index+1]}".to_i(16)
|
23
|
+
green = "0x0000#{rgb_string[index+2..index+3]}".to_i(16)
|
24
|
+
blue = "0x0000#{rgb_string[index+4..index+5]}".to_i(16)
|
25
|
+
Color.new(red, green, blue, alpha)
|
26
|
+
end
|
27
|
+
|
28
|
+
def to_model
|
29
|
+
{
|
30
|
+
alpha: @alpha,
|
31
|
+
red: @blue,
|
32
|
+
green: @green,
|
33
|
+
blue: @blue,
|
34
|
+
}
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,158 @@
|
|
1
|
+
require 'digest'
|
2
|
+
|
3
|
+
module RestPki
|
4
|
+
class DigestAlgorithm
|
5
|
+
attr_reader :name, :oid, :byte_length, :api_model, :xml_uri, :crypto_digest
|
6
|
+
|
7
|
+
def initialize(name, oid, byte_length, api_model, xml_uri, crypto_digest)
|
8
|
+
@name = name
|
9
|
+
@oid = oid
|
10
|
+
@byte_length = byte_length
|
11
|
+
@api_model = api_model
|
12
|
+
@xml_uri = xml_uri
|
13
|
+
@crypto_digest = crypto_digest
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.MD5; MD5DigestAlgorithm.new end
|
17
|
+
def self.SHA1; SHA1DigestAlgorithm.new end
|
18
|
+
def self.SHA256; SHA256DigestAlgorithm.new end
|
19
|
+
def self.SHA384; SHA384DigestAlgorithm.new end
|
20
|
+
def self.SHA512; SHA512DigestAlgorithm.new end
|
21
|
+
|
22
|
+
def ==(comparison_object)
|
23
|
+
if comparison_object.equal?(self)
|
24
|
+
return true
|
25
|
+
end
|
26
|
+
unless comparison_object.instance_of?(self.class)
|
27
|
+
return false
|
28
|
+
end
|
29
|
+
self.oid == comparison_object.oid
|
30
|
+
end
|
31
|
+
|
32
|
+
def check_length(digest_value)
|
33
|
+
unless digest_value.length == @byte_length
|
34
|
+
raise "A #{@name} digest should contain #{@byte_length} bytes, but a value with #{digest_value.length} bytes was given"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def self.algorithms
|
39
|
+
[
|
40
|
+
DigestAlgorithm.MD5,
|
41
|
+
DigestAlgorithm.SHA1,
|
42
|
+
DigestAlgorithm.SHA256,
|
43
|
+
DigestAlgorithm.SHA384,
|
44
|
+
DigestAlgorithm.SHA512
|
45
|
+
]
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.get_instance_by_name(name)
|
49
|
+
begin
|
50
|
+
alg = DigestAlgorithm.algorithms.find{|a| a.name == name}
|
51
|
+
rescue
|
52
|
+
raise "Unrecognized digest algorithm name: #{name}"
|
53
|
+
end
|
54
|
+
alg
|
55
|
+
end
|
56
|
+
|
57
|
+
def self.get_instance_by_oid(oid)
|
58
|
+
begin
|
59
|
+
alg = DigestAlgorithm.algorithms.find{|a| a.oid == oid}
|
60
|
+
rescue
|
61
|
+
raise "Unrecognized digest algorithm oid: #{oid}"
|
62
|
+
end
|
63
|
+
alg
|
64
|
+
end
|
65
|
+
|
66
|
+
def self.get_instance_by_xml_uri(xml_uri)
|
67
|
+
begin
|
68
|
+
alg = DigestAlgorithm.algorithms.find{|a| a.xml_uri == xml_uri}
|
69
|
+
rescue
|
70
|
+
raise "Unrecognized digest algorithm xml_uri: #{xml_uri}"
|
71
|
+
end
|
72
|
+
alg
|
73
|
+
end
|
74
|
+
|
75
|
+
def self.get_instance_by_api_model(algorithm)
|
76
|
+
case algorithm.upcase
|
77
|
+
when 'MD5'
|
78
|
+
DigestAlgorithm.MD5
|
79
|
+
when 'SHA1'
|
80
|
+
DigestAlgorithm.SHA1
|
81
|
+
when 'SHA256'
|
82
|
+
DigestAlgorithm.SHA256
|
83
|
+
when 'SHA384'
|
84
|
+
DigestAlgorithm.SHA384
|
85
|
+
when 'SHA512'
|
86
|
+
DigestAlgorithm.SHA512
|
87
|
+
else
|
88
|
+
raise "Unsupported digest algorithm: #{algorithm}"
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
end
|
93
|
+
|
94
|
+
class MD5DigestAlgorithm < DigestAlgorithm
|
95
|
+
|
96
|
+
def initialize
|
97
|
+
@name = 'MD5'
|
98
|
+
@oid = Oids.oids["MD5"]
|
99
|
+
@byte_length = 16
|
100
|
+
@api_model = 'md5'
|
101
|
+
@xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#md5'
|
102
|
+
@crypto_digest = Digest::MD5.new
|
103
|
+
super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
class SHA1DigestAlgorithm < DigestAlgorithm
|
108
|
+
|
109
|
+
def initialize
|
110
|
+
@name = 'SHA1'
|
111
|
+
@oid = Oids.oids["SHA1"]
|
112
|
+
@byte_length = 20
|
113
|
+
@api_model = 'sha1'
|
114
|
+
@xml_uri = 'http://www.w3.org/2000/09/xmldsig#sha1'
|
115
|
+
@crypto_digest = Digest::SHA1.new
|
116
|
+
super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
class SHA256DigestAlgorithm < DigestAlgorithm
|
121
|
+
|
122
|
+
def initialize
|
123
|
+
@name = 'SHA256'
|
124
|
+
@oid = Oids.oids["SHA256"]
|
125
|
+
@byte_length = 32
|
126
|
+
@api_model = 'sha256'
|
127
|
+
@xml_uri = 'http://www.w3.org/2001/04/xmlenc#sha256'
|
128
|
+
@crypto_digest = Digest::SHA2.new(256)
|
129
|
+
super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
class SHA384DigestAlgorithm < DigestAlgorithm
|
134
|
+
|
135
|
+
def initialize
|
136
|
+
@name = 'SHA384'
|
137
|
+
@oid = Oids.oids["SHA384"]
|
138
|
+
@byte_length = 48
|
139
|
+
@api_model = 'sha384'
|
140
|
+
@xml_uri = 'http://www.w3.org/2001/04/xmldsig-more#sha384'
|
141
|
+
@crypto_digest = Digest::SHA2.new(384)
|
142
|
+
super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
class SHA512DigestAlgorithm < DigestAlgorithm
|
147
|
+
|
148
|
+
def initialize
|
149
|
+
@name = 'SHA512'
|
150
|
+
@oid = Oids.oids["SHA512"]
|
151
|
+
@byte_length = 64
|
152
|
+
@api_model = 'sha512'
|
153
|
+
@xml_uri = 'http://www.w3.org/2001/04/xmlenc#sha512'
|
154
|
+
@crypto_digest = Digest::SHA2.new(512)
|
155
|
+
super(name, oid, byte_length, api_model, xml_uri, crypto_digest)
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'base64'
|
2
|
+
|
3
|
+
module RestPki
|
4
|
+
class DigestAlgorithmAndValue
|
5
|
+
attr_reader :algorithm, :value
|
6
|
+
|
7
|
+
def initialize(model)
|
8
|
+
if model['algorithm'].to_s.blank?
|
9
|
+
raise 'The algorithm was not set'
|
10
|
+
end
|
11
|
+
if model['value'].to_s.blank?
|
12
|
+
raise 'The value was not set'
|
13
|
+
end
|
14
|
+
@algorithm = DigestAlgorithm.get_instance_by_api_model(model['algorithm'])
|
15
|
+
@value = Base64.decode64(model['value'])
|
16
|
+
end
|
17
|
+
|
18
|
+
def hex_value
|
19
|
+
@value.each_byte.map { |b| b.to_s(16) }.join
|
20
|
+
end
|
21
|
+
|
22
|
+
def to_model
|
23
|
+
{
|
24
|
+
algorithm: @algorithm.api_model,
|
25
|
+
value: @value
|
26
|
+
}
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,163 @@
|
|
1
|
+
module RestPki
|
2
|
+
class Oids
|
3
|
+
def self.oids
|
4
|
+
@oids
|
5
|
+
end
|
6
|
+
@oids = {
|
7
|
+
#region Digest Algorithms
|
8
|
+
"MD5" => '1.2.840.113549.2.5',
|
9
|
+
"SHA1" => '1.3.14.3.2.26',
|
10
|
+
# sha224" => '2.16.840.1.101.3.4.2.4', # RFC 3874 section 4
|
11
|
+
"SHA256" => '2.16.840.1.101.3.4.2.1',
|
12
|
+
"SHA384" => '2.16.840.1.101.3.4.2.2',
|
13
|
+
"SHA512" => '2.16.840.1.101.3.4.2.3',
|
14
|
+
#endregion
|
15
|
+
|
16
|
+
#region Signature Algorithms
|
17
|
+
"MD2_WITH_RSA" => '1.2.840.113549.1.1.2',
|
18
|
+
"MD5_WITH_RSA" => '1.2.840.113549.1.1.4',
|
19
|
+
"SHA1_WITH_RSA" => '1.2.840.113549.1.1.5',
|
20
|
+
"SHA256_WITH_RSA" => '1.2.840.113549.1.1.11',
|
21
|
+
"SHA384_WITH_RSA" => '1.2.840.113549.1.1.12',
|
22
|
+
"SHA512_WITH_RSA" => '1.2.840.113549.1.1.13',
|
23
|
+
|
24
|
+
"SHA1_WITH_DSA" => '1.2.840.10040.4.3', # RFC 3279 section 2.2.2
|
25
|
+
# dsaWithSHA224" => '2.16.840.1.101.3.4.3.1', # RFC 5758 section 3.1
|
26
|
+
"SHA256_WITH_DSA" => '2.16.840.1.101.3.4.3.2', # RFC 5758 section 3.1
|
27
|
+
#endregion
|
28
|
+
|
29
|
+
#region Asymmetric Algorithms
|
30
|
+
"RSA" => '1.2.840.113549.1.1.1', # RFC 3279 section 2.3.1
|
31
|
+
"DSA" => '1.2.840.10040.4.1', # RFC 3279 section 2.3.2
|
32
|
+
#endregion
|
33
|
+
|
34
|
+
#region X509
|
35
|
+
"X509_EXTENSION_SUBJECT_ALTERNATIVE_NAME" => '2.5.29.17', # RFC 5280 section 4.2.1.6
|
36
|
+
"X509_EXTENSION_BASIC_CONSTRAINTS" => '2.5.29.19', # RFC 5280 section 4.2.1.9
|
37
|
+
"X509_EXTENSION_AUTHORITY_KEY_IDENTIFIER" => '2.5.29.35', # RFC 5280 section 4.2.1.1
|
38
|
+
"X509_EXTENSION_SUBJECT_KEY_IDENTIFIER" => '2.5.29.14', # RFC 5280 section 4.2.1.2
|
39
|
+
"X509_EXTENSION_CRL_NUMBER" => '2.5.29.20', # RFC 5280 section 5.2.3
|
40
|
+
"X509_EXTENSION_CRL_REASONS" => '2.5.29.21', # RFC 5280 section 5.3.1
|
41
|
+
"X509_EXTENSION_ISSUING_DISTRIBUTION_POINT" => '2.5.29.28', # RFC 5280 section 5.2.5
|
42
|
+
"X509_EXTENSION_CERTIFICATE_ISSUER" => '2.5.29.29', # RFC 5280 section 5.3.3
|
43
|
+
"X509_EXTENSION_CRL_DISTRIBUTION_POINTS" => '2.5.29.31', # RFC 5280 section 4.2.1.13
|
44
|
+
"X509_EXTENSION_NO_REVOCATION_AVAILABLE" => '2.5.29.56', # RFC 5755 section 4.3.6
|
45
|
+
"X509_EXTENSION_CERTIFICATE_POLICIES" => '2.5.29.32', # RFC 5280 section 4.2.1.4
|
46
|
+
"X509_CERTIFICATE_POLICY_ANY" => '2.5.29.32.0', # RFC 5280 section 4.2.1.4
|
47
|
+
"X509_CERTIFICATE_POLICY_QUALIFIER_TYPE_CPS" => '1.3.6.1.5.5.7.2.1', # RFC 5280 section 4.2.1.4
|
48
|
+
"X509_CERTIFICATE_POLICY_QUALIFIER_TYPE_USER_NOTICE" => '1.3.6.1.5.5.7.2.2', # RFC 5280 section 4.2.1.4
|
49
|
+
"X509_EXTENSION_AUTHORITY_INFORMATION_ACCESS" => '1.3.6.1.5.5.7.1.1', # RFC 5280 section 4.2.2.1
|
50
|
+
"ACCESS_DESCRIPTION_CA_ISSUERS" => '1.3.6.1.5.5.7.48.2', # RFC 5280 section 4.2.2.1
|
51
|
+
"ACCESS_DESCRIPTION_OCSP" => '1.3.6.1.5.5.7.48.1', # RFC 5280 section 4.2.2.1
|
52
|
+
|
53
|
+
"KEY_USAGE" => '2.5.29.15',
|
54
|
+
"EXTENDED_KEY_USAGE" => '2.5.29.37',
|
55
|
+
|
56
|
+
# RFC 5280 section 4.2.1.12
|
57
|
+
"EXTENDED_KEY_USAGE_ANY" => '2.5.29.37.0',
|
58
|
+
"EXTENDED_KEY_USAGE_SERVER_AUTH" => '1.3.6.1.5.5.7.3.1',
|
59
|
+
"EXTENDED_KEY_USAGE_CLIENT_AUTH" => '1.3.6.1.5.5.7.3.2',
|
60
|
+
"EXTENDED_KEY_USAGE_CODE_SIGNING" => '1.3.6.1.5.5.7.3.3',
|
61
|
+
"EXTENDED_KEY_USAGE_EMAIL_PROTECTION" => '1.3.6.1.5.5.7.3.4',
|
62
|
+
"EXTENDED_KEY_USAGE_IPSEC_END_SYSTEM" => '1.3.6.1.5.5.7.3.5',
|
63
|
+
"EXTENDED_KEY_USAGE_IPSEC_TUNNEL" => '1.3.6.1.5.5.7.3.6',
|
64
|
+
"EXTENDED_KEY_USAGE_IPSEC_USER" => '1.3.6.1.5.5.7.3.7',
|
65
|
+
"EXTENDED_KEY_USAGE_TIME_STAMPING" => '1.3.6.1.5.5.7.3.8',
|
66
|
+
"EXTENDED_KEY_USAGE_OCSP_SIGNING" => '1.3.6.1.5.5.7.3.9',
|
67
|
+
#endregion
|
68
|
+
|
69
|
+
#region ICP-Brasil
|
70
|
+
"icpBrasil" => {
|
71
|
+
# CAdES
|
72
|
+
"CADES_ADR_BASICA_V10" => '2.16.76.1.7.1.1.1', # DOC-ICP 15.03 v6.1 pag 31
|
73
|
+
"CADES_ADR_BASICA_V11" => '2.16.76.1.7.1.1.1.1', # DOC-ICP 15.03 v6.1 pag 31
|
74
|
+
"CADES_ADR_BASICA_V20" => '2.16.76.1.7.1.1.2', # DOC-ICP 15.03 v6.1 pag 31
|
75
|
+
"CADES_ADR_BASICA_V21" => '2.16.76.1.7.1.1.2.1', # DOC-ICP 15.03 v6.1 pag 31
|
76
|
+
"CADES_ADR_TEMPO_V10" => '2.16.76.1.7.1.2.1', # DOC-ICP 15.03 v6.1 pag 35
|
77
|
+
"CADES_ADR_TEMPO_V11" => '2.16.76.1.7.1.2.1.1', # DOC-ICP 15.03 v6.1 pag 35
|
78
|
+
"CADES_ADR_TEMPO_V20" => '2.16.76.1.7.1.2.2', # DOC-ICP 15.03 v6.1 pag 35
|
79
|
+
"CADES_ADR_TEMPO_V21" => '2.16.76.1.7.1.2.2.1', # DOC-ICP 15.03 v6.1 pag 35
|
80
|
+
"CADES_ADR_VALIDACAO_V10" => '2.16.76.1.7.1.3.1', # DOC-ICP 15.03 v6.1 pag 40
|
81
|
+
"CADES_ADR_VALIDACAO_V11" => '2.16.76.1.7.1.3.1.1', # DOC-ICP 15.03 v6.1 pag 40
|
82
|
+
"CADES_ADR_VALIDACAO_V20" => '2.16.76.1.7.1.3.2', # DOC-ICP 15.03 v6.1 pag 40
|
83
|
+
"CADES_ADR_VALIDACAO_V21" => '2.16.76.1.7.1.3.2.1', # DOC-ICP 15.03 v6.1 pag 40
|
84
|
+
"CADES_ADR_COMPLETA_V10" => '2.16.76.1.7.1.4.1', # DOC-ICP 15.03 v6.1 pag 45
|
85
|
+
"CADES_ADR_COMPLETA_V11" => '2.16.76.1.7.1.4.1.1', # DOC-ICP 15.03 v6.1 pag 45
|
86
|
+
"CADES_ADR_COMPLETA_V20" => '2.16.76.1.7.1.4.2', # DOC-ICP 15.03 v6.1 pag 45
|
87
|
+
"CADES_ADR_COMPLETA_V21" => '2.16.76.1.7.1.4.2.1', # DOC-ICP 15.03 v6.1 pag 45
|
88
|
+
"CADES_ADR_ARQUIVAMENTO_V20" => '2.16.76.1.7.1.5.2', # DOC-ICP 15.03 v6.1 pag 50
|
89
|
+
"CADES_ADR_ARQUIVAMENTO_V21" => '2.16.76.1.7.1.5.2.1', # DOC-ICP 15.03 v6.1 pag 50
|
90
|
+
"CADES_ADR_ARQUIVAMENTO_V22" => '2.16.76.1.7.1.4.2.2', # DOC-ICP 15.03 v6.1 pag 50
|
91
|
+
|
92
|
+
# XAdES
|
93
|
+
"XADES_ADR_BASICA_V10" => '2.16.76.1.7.1.6.1', # DOC-ICP 15.03 v6.1 pág 56
|
94
|
+
"XADES_ADR_BASICA_V11" => '2.16.76.1.7.1.6.1.1', # DOC-ICP 15.03 v6.1 pág 56
|
95
|
+
"XADES_ADR_BASICA_V12" => '2.16.76.1.7.1.6.1.2', # DOC-ICP 15.03 v6.1 pág 56
|
96
|
+
"XADES_ADR_BASICA_V20" => '2.16.76.1.7.1.6.2', # DOC-ICP 15.03 v6.1 pág 56
|
97
|
+
"XADES_ADR_BASICA_V21" => '2.16.76.1.7.1.6.2.1', # DOC-ICP 15.03 v6.1 pág 56
|
98
|
+
"XADES_ADR_BASICA_V22" => '2.16.76.1.7.1.6.2.2', # DOC-ICP 15.03 v6.1 pág 56
|
99
|
+
"XADES_ADR_TEMPO_V10" => '2.16.76.1.7.1.7.1', # DOC-ICP 15.03 v6.1 pág 60
|
100
|
+
"XADES_ADR_TEMPO_V11" => '2.16.76.1.7.1.7.1.1', # DOC-ICP 15.03 v6.1 pág 60
|
101
|
+
"XADES_ADR_TEMPO_V12" => '2.16.76.1.7.1.7.1.2', # DOC-ICP 15.03 v6.1 pág 60
|
102
|
+
"XADES_ADR_TEMPO_V20" => '2.16.76.1.7.1.7.2', # DOC-ICP 15.03 v6.1 pág 60
|
103
|
+
"XADES_ADR_TEMPO_V21" => '2.16.76.1.7.1.7.2.1', # DOC-ICP 15.03 v6.1 pág 60
|
104
|
+
"XADES_ADR_TEMPO_V22" => '2.16.76.1.7.1.7.2.2', # DOC-ICP 15.03 v6.1 pág 60
|
105
|
+
|
106
|
+
# Subject alternative names
|
107
|
+
"SAN_CERTIFICADO_PESSOA_FISICA_DADOS_BASICOS" => '2.16.76.1.3.1', # DOC-ICP 04.01 v2.3 section 2.5
|
108
|
+
"SAN_CERTIFICADO_PESSOA_JURIDICA_NOME_RESPONSAVEL" => '2.16.76.1.3.2', # DOC-ICP 04.01 v2.3 section 2.5
|
109
|
+
"SAN_CERTIFICADO_PESSOA_JURIDICA_NUMERO_CNPJ" => '2.16.76.1.3.3', # DOC-ICP 04.01 v2.3 section 2.5
|
110
|
+
"SAN_CERTIFICADO_PESSOA_JURIDICA_DADOS_RESPONSAVEL" => '2.16.76.1.3.4', # DOC-ICP 04.01 v2.3 section 2.5
|
111
|
+
"SAN_CERTIFICADO_PESSOA_FISICA_DADOS_ELEITORAIS" => '2.16.76.1.3.5', # DOC-ICP 04.01 v2.3 section 2.5
|
112
|
+
"SAN_CERTIFICADO_PESSOA_FISICA_NUMERO_INSS" => '2.16.76.1.3.6', # DOC-ICP 04.01 v2.3 section 2.5
|
113
|
+
"SAN_CERTIFICADO_PESSOA_JURIDICA_NUMERO_INSS" => '2.16.76.1.3.7', # DOC-ICP 04.01 v2.3 section 2.5
|
114
|
+
"SAN_CERTIFICADO_PESSOA_JURIDICA_NOME_EMPRESARIAL" => '2.16.76.1.3.8', # DOC-ICP 04.01 v2.3 section 2.5
|
115
|
+
"ROOT_CERTIFICATE_DECLARATION_PRACTICES" => '2.16.76.1.1.0',
|
116
|
+
"SAN_INSCRICAO_OAB" => '2.16.76.1.4.2.1.1', # Política de Certificado de Assinatura Digital Tipo A3 da Autoridade Certificadora da Ordem dos Advogados do Brasil - OAB -- ver 5.0 de 30/11/2014 -- section 7.1.2.3 item a.2 -- http =#icp-brasil.certisign.com.br/repositorio/pc/AC_OAB/PC_A3_AC_OAB_v5.0.pdf
|
117
|
+
|
118
|
+
# Prefixes
|
119
|
+
"PREFIX" => '2.16.76.1.',
|
120
|
+
"PREFIX_CERTIFICATE_DECLARATION_PRACTICES" => '2.16.76.1.1.',
|
121
|
+
"PREFIX_CERTIFICATE_POLICIES" => '2.16.76.1.2.',
|
122
|
+
"PREFIX_CERTIFICATE_A1" => '2.16.76.1.2.1.',
|
123
|
+
"PREFIX_CERTIFICATE_A2" => '2.16.76.1.2.2.',
|
124
|
+
"PREFIX_CERTIFICATE_A3" => '2.16.76.1.2.3.',
|
125
|
+
"PREFIX_CERTIFICATE_A4" => '2.16.76.1.2.4.',
|
126
|
+
"PREFIX_CERTIFICATE_S1" => '2.16.76.1.2.101.',
|
127
|
+
"PREFIX_CERTIFICATE_S2" => '2.16.76.1.2.102.',
|
128
|
+
"PREFIX_CERTIFICATE_S3" => '2.16.76.1.2.103.',
|
129
|
+
"PREFIX_CERTIFICATE_S4" => '2.16.76.1.2.104.',
|
130
|
+
"PREFIX_CERTIFICATE_AC" => '2.16.76.1.2.201.',
|
131
|
+
"PREFIX_CERTIFICATE_T3" => '2.16.76.1.2.303.',
|
132
|
+
"PREFIX_CERTIFICATE_T4" => '2.16.76.1.2.304.',
|
133
|
+
},
|
134
|
+
#endregion
|
135
|
+
|
136
|
+
#region CMS
|
137
|
+
"DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.1', # RFC 5652 item 4
|
138
|
+
"SIGNED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.2', # RFC 5652 item 5.1
|
139
|
+
"ENVELOPED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.3', # RFC 5652 item 6.1
|
140
|
+
"DIGESTED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.5', # RFC 5652 item 7
|
141
|
+
"ENCRYPTED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.7.6', # RFC 5652 item 8
|
142
|
+
"AUTHENTICATED_DATA_CONTENT_TYPE" => '1.2.840.113549.1.9.16.1.2', # RFC 5652 item 9.1
|
143
|
+
"TST_INFO_CONTENT_TYPE" => '1.2.840.113549.1.9.16.1.4', # RFC 3161 item 2.4.2
|
144
|
+
"CONTENT_TYPE_ATTRIBUTE" => '1.2.840.113549.1.9.3', # RFC 5652 item 11.1
|
145
|
+
"MESSAGE_DIGEST_ATTRIBUTE" => '1.2.840.113549.1.9.4', # RFC 5652 item 11.2
|
146
|
+
"SIGNING_TIME_ATTRIBUTE" => '1.2.840.113549.1.9.5', # RFC 5652 item 11.3
|
147
|
+
"SIGNING_CERTIFICATE_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.12', # RFC 2634 item 5.4
|
148
|
+
"SIGNING_CERTIFICATE_V2_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.47', # RFC 5035 item 3 ('Insert New Section 5.4.1...')
|
149
|
+
"SIGNATURE_TIMESTAMP_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.14', # CAdES v2.2.1 item 6.1.1
|
150
|
+
"SIGNER_ATTRIBUTE_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.18', # CAdES v2.2.1 item 6.1.1
|
151
|
+
"SIGNATURE_POLICY_IDENTIFIER_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.15', # CAdES v2.2.1 item 5.8.1
|
152
|
+
"COMPLETE_CERTIFICATE_REFS_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.21', # CAdES v2.2.1 item 6.2.1
|
153
|
+
"COMPLETE_REVOCATION_REFS_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.22', # CAdES v2.2.1 item 6.2.2
|
154
|
+
"CERTIFICATE_VALUES_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.23', # CAdES v2.2.1 item 6.3.3
|
155
|
+
"REVOCATION_VALUES_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.24', # CAdES v2.2.1 item 6.3.4
|
156
|
+
"CADES_C_TIMESTAMP_ATTRIBUTE" => '1.2.840.113549.1.9.16.2.25', # CAdES v2.2.1 item 6.3.5
|
157
|
+
"SIGNATURE_POLICY_URI" => '1.2.840.113549.1.9.16.5.1', # CAdES v2.2.1 item 5.8.1
|
158
|
+
"CERT_CRL_TIMESTAMP" => '1.2.840.113549.1.9.16.2.26', # CAdES v2.2.1 item 6.3.6
|
159
|
+
"ARCHIEVE_TIMESTAMP" => '1.2.840.113549.1.9.16.2.48', # CAdES v2.2.1 item 6.4.1
|
160
|
+
#endregion
|
161
|
+
}
|
162
|
+
end
|
163
|
+
end
|