pyasn1-alt-modules 0.4.2__py2.py3-none-any.whl → 0.4.4__py2.py3-none-any.whl

pyasn1_alt_modules/rfc8954.py

@@ -0,0 +1,238 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Online Certificate Status Protocol (OCSP) with nonce size constraints
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6960.txt
+# https://www.rfc-editor.org/rfc/rfc8954.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_alt_modules import rfc2560
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+ocspResponseMap = opentypemap.get('ocspResponseMap')
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+AuthorityInfoAccessSyntax = rfc5280.AuthorityInfoAccessSyntax
+Certificate = rfc5280.Certificate
+CertificateSerialNumber = rfc5280.CertificateSerialNumber
+CRLReason = rfc5280.CRLReason
+Extensions = rfc5280.Extensions
+GeneralName = rfc5280.GeneralName
+Name = rfc5280.Name
+
+id_kp = rfc5280.id_kp
+
+id_ad_ocsp = rfc5280.id_ad_ocsp
+
+
+# Imports from the original OCSP module in RFC 2560
+
+AcceptableResponses = rfc2560.AcceptableResponses
+ArchiveCutoff = rfc2560.ArchiveCutoff
+CertStatus = rfc2560.CertStatus
+KeyHash = rfc2560.KeyHash
+OCSPResponse = rfc2560.OCSPResponse
+OCSPResponseStatus = rfc2560.OCSPResponseStatus
+ResponseBytes = rfc2560.ResponseBytes
+RevokedInfo = rfc2560.RevokedInfo
+UnknownInfo = rfc2560.UnknownInfo
+Version = rfc2560.Version
+
+id_kp_OCSPSigning = rfc2560.id_kp_OCSPSigning
+
+id_pkix_ocsp = rfc2560.id_pkix_ocsp
+id_pkix_ocsp_archive_cutoff = rfc2560.id_pkix_ocsp_archive_cutoff
+id_pkix_ocsp_basic = rfc2560.id_pkix_ocsp_basic
+id_pkix_ocsp_crl = rfc2560.id_pkix_ocsp_crl
+id_pkix_ocsp_nocheck = rfc2560.id_pkix_ocsp_nocheck
+id_pkix_ocsp_nonce = rfc2560.id_pkix_ocsp_nonce
+id_pkix_ocsp_response = rfc2560.id_pkix_ocsp_response
+id_pkix_ocsp_service_locator = rfc2560.id_pkix_ocsp_service_locator
+
+
+# Additional object identifiers
+
+id_pkix_ocsp_pref_sig_algs = id_pkix_ocsp + (8, )
+id_pkix_ocsp_extended_revoke = id_pkix_ocsp + (9, )
+
+
+# Updated structures (mostly to improve openTypes support)
+
+class CertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('issuerNameHash', univ.OctetString()),
+        namedtype.NamedType('issuerKeyHash', univ.OctetString()),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber())
+    )
+
+
+class SingleResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certID', CertID()),
+        namedtype.NamedType('certStatus', CertStatus()),
+        namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('singleExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class ResponderID(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('byName', Name().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('byKey', KeyHash().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class ResponseData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('responderID', ResponderID()),
+        namedtype.NamedType('producedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('responses', univ.SequenceOf(
+            componentType=SingleResponse())),
+        namedtype.OptionalNamedType('responseExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class BasicOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsResponseData', ResponseData()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(
+            componentType=Certificate()).subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class Request(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('reqCert', CertID()),
+        namedtype.OptionalNamedType('singleRequestExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class Signature(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(
+            componentType=Certificate()).subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class TBSRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('requestList', univ.SequenceOf(
+            componentType=Request())),
+        namedtype.OptionalNamedType('requestExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class OCSPRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsRequest', TBSRequest()),
+        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+# Previously omitted structure
+
+class ServiceLocator(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('locator', AuthorityInfoAccessSyntax())
+    )
+
+
+# Additional structures
+
+class CrlID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('crlUrl', char.IA5String().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('crlNum', univ.Integer().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('crlTime', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class PreferredSignatureAlgorithm(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sigIdentifier', AlgorithmIdentifier()),
+        namedtype.OptionalNamedType('certIdentifier', AlgorithmIdentifier())
+    )
+
+
+class PreferredSignatureAlgorithms(univ.SequenceOf):
+    componentType = PreferredSignatureAlgorithm()
+
+
+class Nonce(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(1, 32)
+
+
+# Update the OCSP Response Map
+
+_ocspResponseMapUpdate = {
+    id_pkix_ocsp_basic: BasicOCSPResponse(),
+}
+
+ocspResponseMap.update(_ocspResponseMapUpdate)
+
+
+# Update the Certificate Extension Extensions Map
+
+_certificateExtensionsMapUpdate = {
+    # Certificate Extension
+    id_pkix_ocsp_nocheck: univ.Null(""),
+    # OCSP Request Extensions
+    id_pkix_ocsp_nonce: Nonce(),
+    id_pkix_ocsp_response: AcceptableResponses(),
+    id_pkix_ocsp_service_locator: ServiceLocator(),
+    id_pkix_ocsp_pref_sig_algs: PreferredSignatureAlgorithms(),
+    # OCSP Response Extensions
+    id_pkix_ocsp_crl: CrlID(),
+    id_pkix_ocsp_archive_cutoff: ArchiveCutoff(),
+    id_pkix_ocsp_extended_revoke: univ.Null(""),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

pyasn1_alt_modules/rfc8994.py

@@ -4,7 +4,7 @@
 # Created by Russ Housley with some assistance from asn1ate v.0.6.0.
 # Modified by Russ Housley to include the opentypemap manager.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Autonomic Control Plane (ACP) Node Name in X.509 Certificates

pyasn1_alt_modules/rfc8995.py

@@ -4,7 +4,7 @@
 # Created by Russ Housley.
 # Modified by Russ Housley to include the opentypemap manager.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # BRSKI MASA Certificate Extension

pyasn1_alt_modules/rfc9044.py

@@ -4,7 +4,7 @@
 # Created by Russ Housley.
 # Modified by Russ Housley to include the opentypemap manager.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Algorithm Identifiers for AES-GMAC

pyasn1_alt_modules/rfc9092.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Digital Signatures on geofeed data

pyasn1_alt_modules/rfc9118.py

@@ -2,7 +2,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Enhanced JWT Claim Constraints certificate extensions

pyasn1_alt_modules/rfc9174.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2021-2022, Vigil Security, LLC
+# Copyright (c) 2021-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Delay-Tolerant Networking TCP Convergence Layer Version 4

pyasn1_alt_modules/rfc9189.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # GOST Cipher Suites for TLS 1.2

pyasn1_alt_modules/rfc9215.py

@@ -2,8 +2,10 @@
 # This file is part of pyasn1-alt-modules software.
 #
 # Created by Russ Housley.
+# Modified by Russ Housley to add synonyms with two digit years for
+#   some of the OIDs to align with the ASN.1 module in RFC 9215.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms
@@ -43,8 +45,12 @@ id_tc26_gost_3410_2012_512_constants = id_tc26_sign_constants + (2,)
 
 id_tc26_gost3410_2012_256 = id_tc26_sign + (1,)
 
+id_tc26_gost3410_12_256 = id_tc26_gost3410_2012_256
+
 id_tc26_gost3410_2012_512 = id_tc26_sign + (2,)
 
+id_tc26_gost3410_12_512 = id_tc26_gost3410_2012_512
+
 id_tc26_gost3411_12_256 = id_tc26_digest + (2,)
 
 id_tc26_gost3411_12_512 = id_tc26_digest + (3,)
@@ -53,8 +59,12 @@ id_tc26_signwithdigest = id_tc26 + (1, 3)
 
 id_tc26_signwithdigest_gost3410_2012_256 = id_tc26_signwithdigest + (2,)
 
+id_tc26_signwithdigest_gost3410_12_256 = id_tc26_signwithdigest_gost3410_2012_256
+
 id_tc26_signwithdigest_gost3410_2012_512 = id_tc26_signwithdigest + (3,)
 
+id_tc26_signwithdigest_gost3410_12_512 = id_tc26_signwithdigest_gost3410_2012_512
+
 id_tc26_gost_3410_2012_256_paramSetA = id_tc26_gost_3410_2012_256_constants + (1,)
 
 id_tc26_gost_3410_2012_256_paramSetB = id_tc26_gost_3410_2012_256_constants + (2,)

pyasn1_alt_modules/rfc9286.py

@@ -5,7 +5,7 @@
 #   constraint to the file name.  Note that RFC 9286 obsoletes RFC 6486.
 # Modified by Russ Housley to apply eid7118.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # RPKI Manifests

pyasn1_alt_modules/rfc9289.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Extended Key Usage values for RPC over TLS

pyasn1_alt_modules/rfc9310.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Certificate Extension for 5G Network Function Types

pyasn1_alt_modules/rfc9323.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley with assistance from asn1ate v.0.6.0.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # RPKI Signed Checklist (RSC)

pyasn1_alt_modules/rfc9336.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # Extended Key Usage (EKU) for Document Signing in X.509 Certificates

pyasn1_alt_modules/rfc9337.py

@@ -3,7 +3,7 @@
 #
 # Created by Russ Housley.
 #
-# Copyright (c) 2022, Vigil Security, LLC
+# Copyright (c) 2022-2024, Vigil Security, LLC
 # License: http://vigilsec.com/pyasn1-alt-modules-license.txt
 #
 # GOST Algorithms with PKCS#5

pyasn1_alt_modules/rfc9345.py

@@ -0,0 +1,36 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2023-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Delegated Credentials for TLS and DTLS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9345.txt
+
+from pyasn1.type import univ
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+
+# DelegatedCredentialExtn
+
+class DelegationUsage(univ.Null):
+    pass
+
+
+id_cloudflare = univ.ObjectIdentifier((1, 3, 6, 1, 4, 1, 44363,))
+
+id_pe_delegationUsage = id_cloudflare + (44,)
+
+
+# Update the Certificate Extension Map
+
+_certificateExtensionsMapUpdate = {
+    id_pe_delegationUsage: DelegationUsage(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

pyasn1_alt_modules/rfc9385.py

@@ -0,0 +1,22 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2023-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# GOST R 34.10-2012 Algorithm for IKEv2
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9385.txt
+#
+
+from pyasn1_alt_modules import rfc9215
+
+
+# Imports from RFC 9215
+
+id_tc26_signwithdigest_gost3410_12_256 = rfc9215.id_tc26_signwithdigest_gost3410_2012_256
+
+id_tc26_signwithdigest_gost3410_12_512 = rfc9215.id_tc26_signwithdigest_gost3410_2012_512

pyasn1_alt_modules/rfc9399.py

@@ -0,0 +1,59 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley from rfc3709.py and rfc6710.py.
+#
+# Copyright (c) 2023-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Logotypes in X.509 Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc9399.txt
+#
+
+from pyasn1_alt_modules import rfc3709
+from pyasn1_alt_modules import rfc6170
+
+
+# Types defined in RFC 3709
+
+HashAlgAndValue = rfc3709.HashAlgAndValue
+
+LogotypeDetails = rfc3709.LogotypeDetails
+
+LogotypeAudioInfo = rfc3709.LogotypeAudioInfo
+
+LogotypeAudio = rfc3709.LogotypeAudio
+
+LogotypeImageType = rfc3709.LogotypeImageType
+
+LogotypeImageResolution = rfc3709.LogotypeImageResolution
+
+LogotypeImageInfo = rfc3709.LogotypeImageInfo
+
+LogotypeImage = rfc3709.LogotypeImage
+
+LogotypeData = rfc3709.LogotypeData
+
+LogotypeReference = rfc3709.LogotypeReference
+
+LogotypeInfo = rfc3709.LogotypeInfo
+
+OtherLogotypeInfo = rfc3709.OtherLogotypeInfo
+
+LogotypeExtn = rfc3709.LogotypeExtn
+
+
+# Object identifiers from RFC 3709 and RFC 6170
+
+id_pe_logotype = rfc3709.id_pe_logotype
+
+id_logo_background = rfc3709.id_logo_background
+
+id_logo_loyalty = rfc3709.id_logo_loyalty
+
+id_logo_certImage = rfc6170.id_logo_certImage
+
+
+# The Certificate Extensions Map is updated by importing rfc3709