PyPI - CryptoDataHub - Versions diffs - 0.12.6__py3-none-any.whl - Mend

CryptoDataHub 0.12.6__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

CryptoDataHub-0.12.6.dist-info/LICENSE.txt +373 -0
CryptoDataHub-0.12.6.dist-info/METADATA +119 -0
CryptoDataHub-0.12.6.dist-info/RECORD +70 -0
CryptoDataHub-0.12.6.dist-info/WHEEL +5 -0
CryptoDataHub-0.12.6.dist-info/top_level.txt +1 -0
cryptodatahub/__init__.py +0 -0
cryptodatahub/__setup__.py +10 -0
cryptodatahub/common/__init__.py +0 -0
cryptodatahub/common/algorithm.py +164 -0
cryptodatahub/common/attack-named.json +74 -0
cryptodatahub/common/attack-type.json +58 -0
cryptodatahub/common/authentication.json +113 -0
cryptodatahub/common/block-cipher-mode.json +75 -0
cryptodatahub/common/block-cipher.json +474 -0
cryptodatahub/common/certificate-transparency-log.json +2394 -0
cryptodatahub/common/client.json +20 -0
cryptodatahub/common/dhparam-well-known.json +1975 -0
cryptodatahub/common/ecparam-well-known.json +1868 -0
cryptodatahub/common/entity.json +269 -0
cryptodatahub/common/entity.py +110 -0
cryptodatahub/common/exception.py +28 -0
cryptodatahub/common/grade.py +200 -0
cryptodatahub/common/hash.json +273 -0
cryptodatahub/common/key-exchange.json +140 -0
cryptodatahub/common/key.py +571 -0
cryptodatahub/common/mac.json +404 -0
cryptodatahub/common/named-group.json +902 -0
cryptodatahub/common/parameter.py +149 -0
cryptodatahub/common/root-certificate.json +19240 -0
cryptodatahub/common/server.json +56 -0
cryptodatahub/common/signature.json +233 -0
cryptodatahub/common/standard.json +57 -0
cryptodatahub/common/stores.py +323 -0
cryptodatahub/common/types.py +524 -0
cryptodatahub/common/utils.py +112 -0
cryptodatahub/common/vulnerability.json +2 -0
cryptodatahub/dnsrec/__init__.py +0 -0
cryptodatahub/dnsrec/algorithm.json +114 -0
cryptodatahub/dnsrec/algorithm.py +87 -0
cryptodatahub/dnsrec/digest-type.json +26 -0
cryptodatahub/dnsrec/rr-type.json +805 -0
cryptodatahub/ssh/__init__.py +0 -0
cryptodatahub/ssh/algorithm.py +194 -0
cryptodatahub/ssh/compression-algorithm.json +24 -0
cryptodatahub/ssh/elliptic-curve-identifier.json +50 -0
cryptodatahub/ssh/encryption-algorithm.json +587 -0
cryptodatahub/ssh/host-key-algorithm.json +482 -0
cryptodatahub/ssh/kex-algorithm.json +709 -0
cryptodatahub/ssh/mac-algorithm.json +566 -0
cryptodatahub/tls/__init__.py +0 -0
cryptodatahub/tls/algorithm.py +324 -0
cryptodatahub/tls/certificate-compression-algorithm.json +14 -0
cryptodatahub/tls/cipher-kind.json +171 -0
cryptodatahub/tls/cipher-suite-extension.json +10 -0
cryptodatahub/tls/cipher-suite.json +5098 -0
cryptodatahub/tls/client.json +4757 -0
cryptodatahub/tls/client.py +220 -0
cryptodatahub/tls/compression-method.json +20 -0
cryptodatahub/tls/ec-point-format.json +20 -0
cryptodatahub/tls/extension-type.json +282 -0
cryptodatahub/tls/grease-one-byte.json +34 -0
cryptodatahub/tls/grease-two-byte.json +66 -0
cryptodatahub/tls/hash-and-signature-algorithm.json +266 -0
cryptodatahub/tls/named-curve.json +292 -0
cryptodatahub/tls/next-protocol-name.json +20 -0
cryptodatahub/tls/protocol-name.json +71 -0
cryptodatahub/tls/psk-key-exchange-mode.json +10 -0
cryptodatahub/tls/token-binding-paramater.json +14 -0
cryptodatahub/tls/version.json +154 -0
cryptodatahub/tls/version.py +17 -0

cryptodatahub/common/server.json ADDED Viewed

@@ -0,0 +1,56 @@
+{
+    "APACHE_HTTP_SERVER": {
+        "name": "Apache",
+        "long_name": "Apache HTTP Server",
+        "types": [
+            "WEB_SERVER"
+        ],
+        "developers": [
+            "ASF"
+        ]
+    },
+    "HAPROXY": {
+        "name": "HAProxy",
+        "long_name": null,
+        "types": [
+            "WEB_SERVER"
+        ],
+        "developers": []
+    },
+    "NGINX": {
+        "name": "NGINX",
+        "long_name": null,
+        "types": [
+            "WEB_SERVER"
+        ],
+        "developers": [
+            "F5"
+        ]
+    },
+    "POSTFIX": {
+        "name": "Postfix",
+        "long_name": null,
+        "types": [
+            "MAIL_SERVER"
+        ],
+        "developers": [
+            "WIETSE_VENEMA"
+        ]
+    },
+    "PROFTPD": {
+        "name": "ProFTPD",
+        "long_name": "Pro FTP Daemon",
+        "types": [
+            "FTP_SERVER"
+        ],
+        "developers": []
+    },
+    "SOCAT": {
+        "name": "socat",
+        "long_name": "Socket CAT",
+        "types": [
+            "TCP_SERVER"
+        ],
+        "developers": []
+    }
+}

cryptodatahub/common/signature.json ADDED Viewed

@@ -0,0 +1,233 @@
+{
+    "RSA_WITH_MD2": {
+        "name": "MD2 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.2",
+        "key_type": "RSA",
+        "hash_algorithm": "MD2"
+    },
+    "RSA_WITH_MD4": {
+        "name": "MD4 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.3",
+        "key_type": "RSA",
+        "hash_algorithm": "MD4"
+    },
+    "RSA_WITH_MD5": {
+        "name": "MD5 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.4",
+        "key_type": "RSA",
+        "hash_algorithm": "MD5"
+    },
+    "RSA_WITH_SHA1": {
+        "name": "SHA-1 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.5",
+        "key_type": "RSA",
+        "hash_algorithm": "SHA1"
+    },
+    "RSA_WITH_SHA2_224": {
+        "name": "SHA-224 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.14",
+        "key_type": "RSA",
+        "hash_algorithm": "SHA2_224"
+    },
+    "RSA_WITH_SHA2_256": {
+        "name": "SHA-256 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.11",
+        "key_type": "RSA",
+        "hash_algorithm": "SHA2_256"
+    },
+    "RSA_WITH_SHA2_384": {
+        "name": "SHA-384 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.12",
+        "key_type": "RSA",
+        "hash_algorithm": "SHA2_384"
+    },
+    "RSA_WITH_SHA2_512": {
+        "name": "SHA-512 with RSA Encryption",
+        "long_name": null,
+        "oid": "1.2.840.113549.1.1.13",
+        "key_type": "RSA",
+        "hash_algorithm": "SHA2_512"
+    },
+    "DSA_WITH_SHA1": {
+        "name": "DSA with SHA-1",
+        "long_name": null,
+        "oid": "1.2.840.10040.4.3",
+        "key_type": "DSS",
+        "hash_algorithm": "SHA1"
+    },
+    "DSA_WITH_SHA2_224": {
+        "name": "DSA with SHA-224",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.1",
+        "key_type": "DSS",
+        "hash_algorithm": "SHA2_224"
+    },
+    "DSA_WITH_SHA2_256": {
+        "name": "DSA with SHA-256",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.2",
+        "key_type": "DSS",
+        "hash_algorithm": "SHA2_256"
+    },
+    "DSA_WITH_SHA2_384": {
+        "name": "DSA with SHA-384",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.3",
+        "key_type": "DSS",
+        "hash_algorithm": "SHA2_384"
+    },
+    "DSA_WITH_SHA2_512": {
+        "name": "DSA with SHA-512",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.4",
+        "key_type": "DSS",
+        "hash_algorithm": "SHA2_512"
+    },
+    "ECDSA_WITH_SHA1": {
+        "name": "ECDSA with SHA-1",
+        "long_name": null,
+        "oid": "1.2.840.10045.4.1",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA1"
+    },
+    "ECDSA_WITH_SHA2_224": {
+        "name": "ECDSA with SHA-224",
+        "long_name": null,
+        "oid": "1.2.840.10045.4.3.1",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA2_224"
+    },
+    "ECDSA_WITH_SHA2_256": {
+        "name": "ECDSA with SHA-256",
+        "long_name": null,
+        "oid": "1.2.840.10045.4.3.2",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA2_256"
+    },
+    "ECDSA_WITH_SHA2_384": {
+        "name": "ECDSA with SHA-384",
+        "long_name": null,
+        "oid": "1.2.840.10045.4.3.3",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA2_384"
+    },
+    "ECDSA_WITH_SHA2_512": {
+        "name": "ECDSA with SHA-512",
+        "long_name": null,
+        "oid": "1.2.840.10045.4.3.4",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA2_512"
+    },
+    "ECDSA_WITH_SHA3_224": {
+        "name": "ECDSA with SHA3-224",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.9",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA3_224"
+    },
+    "ECDSA_WITH_SHA3_256": {
+        "name": "ECDSA with SHA3-256",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.10",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA3_256"
+    },
+    "ECDSA_WITH_SHA3_384": {
+        "name": "ECDSA with SHA3-384",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.11",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA3_384"
+    },
+    "ECDSA_WITH_SHA3_512": {
+        "name": "ECDSA with SHA3-512",
+        "long_name": null,
+        "oid": "2.16.840.1.101.3.4.3.12",
+        "key_type": "ECDSA",
+        "hash_algorithm": "SHA3_512"
+    },
+    "GOST_R3410_01": {
+        "name": "GOST R 34.10-2001 with GOST R 34.11-94",
+        "long_name": null,
+        "oid": "1.2.643.2.2.3",
+        "key_type": "GOST_R3410_01",
+        "hash_algorithm": "GOST_R3411_94"
+    },
+    "GOST_R3410_12_94_R3410": {
+        "name": "GOST R 34.10-2012 with GOST R 34.11-2012 (94)",
+        "long_name": null,
+        "oid": "1.2.643.7.1.1.3.1",
+        "key_type": "GOST_R3410_12_256",
+        "hash_algorithm": "GOST_R3411_12_256"
+    },
+    "GOST_R3411_12_256_R3410": {
+        "name": "GOST R 34.10-2012 with GOST R 34.11-2012 (256)",
+        "long_name": null,
+        "oid": "1.2.643.7.1.1.3.2",
+        "key_type": "GOST_R3410_12_256",
+        "hash_algorithm": "GOST_R3411_12_256"
+    },
+    "GOST_R3411_12_512_R3410": {
+        "name": "GOST R 34.10-2012 with GOST R 34.11-2012 (512)",
+        "long_name": null,
+        "oid": "1.2.643.7.1.1.3.3",
+        "key_type": "GOST_R3410_12_512",
+        "hash_algorithm": "GOST_R3411_12_512"
+    },
+    "ED25519": {
+        "name": "Ed25519",
+        "long_name": "Edwards-curve Digital Signature Algorithm Ed25519",
+        "oid": "1.3.101.112",
+        "key_type": "EDDSA",
+        "hash_algorithm": "SHA2_512"
+    },
+    "ED25519PH": {
+        "name": "Ed25519ph",
+        "long_name": "Edwards-curve Digital Signature Algorithm Ed25519 with pre-hashing",
+        "oid": "1.3.101.114",
+        "key_type": "EDDSA",
+        "hash_algorithm": "SHA2_512"
+    },
+    "ED448": {
+        "name": "Ed448",
+        "long_name": "Edwards-curve Digital Signature Algorithm Ed448",
+        "oid": "1.3.101.113",
+        "key_type": "EDDSA",
+        "hash_algorithm": "SHAKE_256"
+    },
+    "ED448PH": {
+        "name": "Ed448ph",
+        "long_name": "Edwards-curve Digital Signature Algorithm Ed448 with pre-hashing",
+        "oid": "1.3.101.115",
+        "key_type": "EDDSA",
+        "hash_algorithm": "SHAKE_256"
+    },
+    "E382": {
+        "name": "E382",
+        "long_name": null,
+        "oid": null,
+        "key_type": "EDDSA",
+        "hash_algorithm": "SHAKE_256"
+    },
+    "E521": {
+        "name": "E521",
+        "long_name": null,
+        "oid": null,
+        "key_type": "EDDSA",
+        "hash_algorithm": "SHAKE_256"
+    },
+    "XMSS": {
+        "name": "XMSS",
+        "long_name": null,
+        "oid": null,
+        "key_type": "XMSS",
+        "hash_algorithm": "SHA2_256"
+    }
+}

cryptodatahub/common/standard.json ADDED Viewed

@@ -0,0 +1,57 @@
+{
+    "RFC_2409": {
+        "name": "RFC 2409",
+        "long_name": "The Internet Key Exchange (IKE)",
+        "publisher": "IETF"
+    },
+    "RFC_2539": {
+        "name": "RFC 2539",
+        "long_name": "Storage of Diffie-Hellman Keys in the Domain Name System (DNS)",
+        "publisher": "IETF"
+    },
+    "RFC_3526": {
+        "name": "RFC 3526",
+        "long_name": "More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)",
+        "publisher": "IETF"
+    },
+    "RFC_5114": {
+        "name": "RFC 5114",
+        "long_name": "Additional Diffie-Hellman Groups for Use with IETF Standards",
+        "publisher": "IETF"
+    },
+    "RFC_5639": {
+        "name": "RFC 5639",
+        "long_name": "Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation",
+        "publisher": "IETF"
+    },
+    "RFC_7919": {
+        "name": "RFC 7919",
+        "long_name": "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)",
+        "publisher": "IETF"
+    },
+    "SEC_2": {
+        "name": "SEC2",
+        "long_name": "SEC 2: Recommended Elliptic Curve Domain Parameters",
+        "publisher": "CERTICOM"
+    },
+    "SP_800_186": {
+        "name": "NIST SP 800-186",
+        "long_name": "NIST Special Publication NIST SP 800-186 Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters",
+        "publisher": "NIST"
+    },
+    "WTLS": {
+        "name": "WTLS",
+        "long_name": "Wireless Application Protocol Wireless Transport Layer Security Specification",
+        "publisher": "WAP_FORUM"
+    },
+    "X9_62": {
+        "name": "X9.62",
+        "long_name": "Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA)",
+        "publisher": "ANSI"
+    },
+    "X9_63": {
+        "name": "X9.63",
+        "long_name": "Public Key Cryptography For The Financial Services Industry - Key Agreement And Key Transport Using Elliptic Curve Cryptography",
+        "publisher": "ANSI"
+    }
+}

cryptodatahub/common/stores.py ADDED Viewed

@@ -0,0 +1,323 @@
+# -*- coding: utf-8 -*-
+import collections
+import datetime
+import enum
+import re
+import six
+import attr
+from cryptodatahub.common.algorithm import Hash
+from cryptodatahub.common.entity import Entity, EntityRole
+from cryptodatahub.common.exception import InvalidValue
+from cryptodatahub.common.key import PublicKeyX509Base
+from cryptodatahub.common.types import (
+    Base64Data,
+    CryptoDataEnumBase,
+    CryptoDataParamsBase,
+    CryptoDataParamsFetchedBase,
+    convert_base64_data,
+    convert_datetime,
+    convert_dict_to_object,
+    convert_enum,
+    convert_iterable,
+)
+from cryptodatahub.common.utils import bytes_to_hex_string, name_to_enum_item_name
+@attr.s(frozen=True)
+class CertificateTransparencyOperator(CryptoDataParamsBase):
+    name = attr.ib(validator=attr.validators.instance_of(six.string_types))
+    email = attr.ib(
+        default=(),
+        validator=attr.validators.deep_iterable(attr.validators.instance_of(six.string_types))
+    )
+CertificateTransparencyLogType = enum.Enum('CertificateTransparencyLogType', 'TEST PROD')
+CertificateTransparencyLogStateType = enum.Enum(
+    'CertificateTransparencyLogStateType', 'PENDING QUALIFIED USABLE READONLY RETIRED REJECTED'
+)
+class CertificateTransparencyLogDateTimeBase(CryptoDataParamsBase):
+    def _asdict_serializer(self, _, __, value):
+        if isinstance(value, datetime.datetime):
+            return value.strftime("%Y-%m-%dT%H:%M:%SZ")
+        return super(CertificateTransparencyLogDateTimeBase, self)._asdict_serializer(_, __, value)
+@attr.s(frozen=True)
+class CertificateTransparencyLogState(CertificateTransparencyLogDateTimeBase):
+    state_type = attr.ib(
+        converter=convert_enum(CertificateTransparencyLogStateType),
+        validator=attr.validators.optional(attr.validators.instance_of(CertificateTransparencyLogStateType))
+    )
+    timestamp = attr.ib(
+        converter=convert_datetime(),
+        validator=attr.validators.instance_of(datetime.datetime),
+    )
+@attr.s(frozen=True)
+class CertificateTransparencyLogTemporalInterval(CertificateTransparencyLogDateTimeBase):
+    start_inclusive = attr.ib(
+        converter=convert_datetime(),
+        validator=attr.validators.instance_of(datetime.datetime),
+    )
+    end_exclusive = attr.ib(
+        converter=convert_datetime(),
+        validator=attr.validators.instance_of(datetime.datetime),
+    )
+@attr.s(frozen=True)
+class CertificateTransparencyLogParamsBase(CryptoDataParamsBase):
+    log_id = attr.ib(
+        converter=convert_base64_data(),
+        validator=attr.validators.instance_of(Base64Data),
+        metadata={'human_readable_name': 'ID'},
+    )
+class CertificateTransparencyLogUnknown(CertificateTransparencyLogParamsBase):
+    def __str__(self):
+        return str(self.log_id)
+@attr.s(frozen=True)
+class CertificateTransparencyLogParams(  # pylint: disable=too-many-instance-attributes
+        CertificateTransparencyLogParamsBase
+):
+    operator = attr.ib(
+        converter=convert_enum(Entity),
+        validator=attr.validators.instance_of(Entity),
+        metadata={'human_friendly': False},
+    )
+    key = attr.ib(
+        converter=convert_base64_data(),
+        validator=attr.validators.instance_of(Base64Data),
+        metadata={'human_friendly': False},
+    )
+    url = attr.ib(
+        validator=attr.validators.instance_of(six.string_types),
+        metadata={'human_readable_name': 'URL', 'human_friendly': False},
+    )
+    mmd = attr.ib(
+        validator=attr.validators.instance_of(int),
+        metadata={'human_readable_name': 'Maximum Merge Delay', 'human_friendly': False},
+    )
+    description = attr.ib(
+        default=None,
+        validator=attr.validators.optional(attr.validators.instance_of(six.string_types)),
+    )
+    dns = attr.ib(
+        default=None,
+        validator=attr.validators.optional(attr.validators.instance_of(six.string_types)),
+        metadata={'human_friendly': False},
+    )
+    temporal_interval = attr.ib(
+        default=None,
+        converter=convert_dict_to_object(CertificateTransparencyLogTemporalInterval),
+        validator=attr.validators.optional(attr.validators.instance_of(CertificateTransparencyLogTemporalInterval)),
+        metadata={'human_readable_name': 'DNS', 'human_friendly': False},
+    )
+    log_type = attr.ib(
+        default=None,
+        converter=convert_enum(CertificateTransparencyLogType),
+        validator=attr.validators.optional(attr.validators.instance_of(CertificateTransparencyLogType)),
+        metadata={'human_friendly': False},
+    )
+    log_state = attr.ib(
+        default=None,
+        converter=convert_dict_to_object(CertificateTransparencyLogState),
+        validator=attr.validators.optional(attr.validators.instance_of(CertificateTransparencyLogState))
+    )
+    def __attrs_post_init__(self):
+        if self.mmd < 1:
+            raise ValueError(self.mmd)
+    def __str__(self):
+        return '{} ({})'.format(
+            self.description, self.log_id
+        )
+    @classmethod
+    def description_to_enum_item_name(cls, description):
+        name = name_to_enum_item_name(description)
+        name = re.sub('([^_])(20[12][0-9][_0-9]*)(H[1-2])?(_LOG)?$', '\\1_\\2\\3\\4', name)
+        return name
+    @property
+    def identifier(self):
+        return self.description_to_enum_item_name(self.description)
+class CertificateTransparencyLogBase(CryptoDataEnumBase):
+    @classmethod
+    def from_log_id(cls, log_id):
+        log_id = convert_base64_data()(log_id)
+        try:
+            log = cls._from_attr('log_id', log_id).value
+        except InvalidValue:
+            log = CertificateTransparencyLogUnknown(log_id)
+        return log
+CertificateTransparencyLog = CertificateTransparencyLogBase(
+    'CertificateTransparencyLog', CryptoDataEnumBase.get_json_records(CertificateTransparencyLogParams)
+)
+RootCertificateTrustConstraintAction = enum.Enum('RootCertificateTrustConstraintAction', 'DISTRUST DISTURB')
+@attr.s(frozen=True)
+class CertificateTrustConstraint(object):
+    action = attr.ib(
+        converter=convert_enum(RootCertificateTrustConstraintAction),
+        validator=attr.validators.instance_of(RootCertificateTrustConstraintAction),
+    )
+    domains = attr.ib(
+        default=(),
+        validator=attr.validators.deep_iterable(attr.validators.instance_of(six.string_types))
+    )
+    date = attr.ib(
+        default=None,
+        converter=convert_datetime('%Y-%m-%dT%H:%M:%S'),
+        validator=attr.validators.optional(attr.validators.instance_of(datetime.datetime))
+    )
+@attr.s(repr=False, slots=True, hash=True)
+class _RootCertificateParamCertificateConverter(object):
+    def __call__(self, value):
+        if value is None:
+            return None
+        if isinstance(value, PublicKeyX509Base):
+            return value
+        if not isinstance(value, (list, tuple)):
+            return value
+        try:
+            return PublicKeyX509Base.from_pem_lines(value)
+        except ValueError:
+            pass
+        return value
+    def __repr__(self):
+        return '<root certificate parameter converter>'
+def convert_root_certificate_params():
+    return _RootCertificateParamCertificateConverter()
+@attr.s(frozen=True)
+class RootCertificateTrustStoreConstraint(CryptoDataParamsBase):
+    owner = attr.ib(
+        converter=convert_enum(Entity),
+        validator=attr.validators.instance_of(Entity)
+    )
+    constraints = attr.ib(
+        default=(),
+        converter=convert_iterable(convert_dict_to_object(CertificateTrustConstraint)),
+        validator=attr.validators.deep_iterable(attr.validators.instance_of(CertificateTrustConstraint))
+    )
+@attr.s(frozen=True)
+class RootCertificateParams(CryptoDataParamsFetchedBase):
+    certificate = attr.ib(
+        converter=convert_root_certificate_params(),
+        validator=attr.validators.instance_of(PublicKeyX509Base)
+    )
+    trust_stores = attr.ib(
+        default=(),
+        converter=convert_iterable(convert_dict_to_object(RootCertificateTrustStoreConstraint)),
+        validator=attr.validators.deep_iterable(attr.validators.instance_of(RootCertificateTrustStoreConstraint))
+    )
+    @classmethod
+    def subject_to_enum_item_name(cls, subject, serial_number):
+        if 'common_name' in subject:
+            name = subject['common_name']
+        elif 'organizational_unit_name' in subject:
+            name = subject['organizational_unit_name']
+        else:
+            name = subject['organization_name']
+        if not isinstance(name, six.string_types):
+            name = ' '.join(name)
+        return '{}_{}'.format(name_to_enum_item_name(name), serial_number)
+    @property
+    def identifier(self):
+        return self.subject_to_enum_item_name(self.certificate.subject, self.certificate.serial_number)
+    def _asdict(self):
+        dict_value = super(RootCertificateParams, self)._asdict()
+        dict_value['certificate'] = self.certificate.pem.splitlines()
+        meta = collections.OrderedDict([
+            ('_subject', self.certificate.subject),
+            ('_fingerprints', collections.OrderedDict([
+                (hash_algorithm.name, fingerprint)
+                for hash_algorithm, fingerprint in self.certificate.fingerprints.items()
+            ])),
+        ])
+        return collections.OrderedDict([('_meta', meta)] + list(dict_value.items()))
+    def get_constraints_by_owner(self, owner):
+        for trust_store_constraint in self.trust_stores:
+            if trust_store_constraint.owner == owner:
+                return trust_store_constraint.constraints
+        raise KeyError(owner)
+class RootCertificateBase(CryptoDataEnumBase):
+    @classmethod
+    def get_json_encoding(cls):
+        return 'utf-8'
+    @classmethod
+    def get_item_by_sha2_256_fingerprint(cls, fingerprint_value):
+        if not hasattr(cls, '_ITEMS_BY_SHA2_256_HASH'):
+            cls._ITEMS_BY_SHA2_256_HASH = {
+                bytes_to_hex_string(item.value.certificate.get_digest(Hash.SHA2_256)): item
+                for item in cls
+            }
+        return cls._ITEMS_BY_SHA2_256_HASH[fingerprint_value.upper().replace(':', '')]
+    @classmethod
+    def get_items_by_trust_owner(cls, trust_owner):
+        if not hasattr(cls, '_ITEMS_BY_TRUST_OWNER'):
+            cls._ITEMS_BY_TRUST_OWNER = {
+                _trust_owner: []
+                for _trust_owner in Entity.get_items_by_role(EntityRole.CA_TRUST_STORE_OWNER)
+            }
+            for root_certificate in cls:
+                for _trust_owner in map(lambda trust_store: trust_store.owner, root_certificate.value.trust_stores):
+                    cls._ITEMS_BY_TRUST_OWNER[_trust_owner].append(root_certificate)
+            cls._ITEMS_BY_TRUST_OWNER = cls._ITEMS_BY_TRUST_OWNER
+        return cls._ITEMS_BY_TRUST_OWNER[trust_owner]
+RootCertificate = RootCertificateBase(
+    'RootCertificate', RootCertificateBase.get_json_records(RootCertificateParams)
+)