cert-selfsigned-example.py creates more correct CA

[pygost.git] / pygost / asn1schemas / x509.py

diff --git a/pygost/asn1schemas/x509.py b/pygost/asn1schemas/x509.py
index a934a58d52413cafd51834ed6088e02dabd757e1..f434fbb84d61e4f77b513119ed10f095c13a43f2 100644 (file)
--- a/pygost/asn1schemas/x509.py
+++ b/pygost/asn1schemas/x509.py
@@ -23,6 +23,7 @@ from pyderasn import BitString
 from pyderasn import Boolean
 from pyderasn import Choice
 from pyderasn import GeneralizedTime
+from pyderasn import IA5String
 from pyderasn import Integer
 from pyderasn import ObjectIdentifier
 from pyderasn import OctetString
@@ -35,6 +36,12 @@ from pyderasn import tag_ctxp
 from pyderasn import TeletexString
 from pyderasn import UTCTime
 
+from pygost.asn1schemas.oids import id_at_commonName
+from pygost.asn1schemas.oids import id_at_countryName
+from pygost.asn1schemas.oids import id_at_localityName
+from pygost.asn1schemas.oids import id_at_organizationName
+from pygost.asn1schemas.oids import id_at_stateOrProvinceName
+
 
 class Version(Integer):
     schema = (
@@ -73,11 +80,11 @@ class OrganizationName(Choice):
 class AttributeTypeAndValue(Sequence):
     schema = (
         ("type", AttributeType(defines=(((".", "value"), {
-            ObjectIdentifier("2.5.4.6"): PrintableString(),
-            ObjectIdentifier("2.5.4.8"): PrintableString(),
-            ObjectIdentifier("2.5.4.7"): PrintableString(),
-            ObjectIdentifier("2.5.4.10"): OrganizationName(),
-            ObjectIdentifier("2.5.4.3"): PrintableString(),
+            id_at_countryName: PrintableString(),
+            id_at_stateOrProvinceName: PrintableString(),
+            id_at_localityName: PrintableString(),
+            id_at_organizationName: OrganizationName(),
+            id_at_commonName: PrintableString(),
         }),))),
         ("value", AttributeValue()),
     )
@@ -204,3 +211,52 @@ class CertificateList(Sequence):
         ("signatureAlgorithm", AlgorithmIdentifier()),
         ("signatureValue", BitString()),
     )
+
+
+class GeneralName(Choice):
+    schema = (
+        # ("otherName", AnotherName(impl=tag_ctxc(0))),
+        # ("rfc822Name", IA5String(impl=tag_ctxp(1))),
+        ("dNSName", IA5String(impl=tag_ctxp(2))),
+        # ("x400Address", ORAddress(impl=tag_ctxp(3))),
+        # ("x400Address", OctetString(impl=tag_ctxp(3))),
+        # ("directoryName", Name(expl=tag_ctxc(4))),
+        # ("ediPartyName", EDIPartyName(impl=tag_ctxc(5))),
+        # ("uniformResourceIdentifier", IA5String(impl=tag_ctxp(6))),
+        # ("iPAddress", OctetString(impl=tag_ctxp(7))),
+        # ("registeredID", ObjectIdentifier(impl=tag_ctxp(8))),
+    )
+
+
+class GeneralNames(SequenceOf):
+    schema = GeneralName()
+    bounds = (1, float("+inf"))
+
+
+class SubjectAltName(GeneralNames):
+    pass
+
+
+class AuthorityKeyIdentifier(Sequence):
+    schema = (
+        ("keyIdentifier", KeyIdentifier(impl=tag_ctxp(0), optional=True)),
+        # ("authorityCertIssuer", GeneralNames(impl=tag_ctxc(1), optional=True)),
+        # (
+        #     "authorityCertSerialNumber",
+        #     CertificateSerialNumber(impl=tag_ctxp(2), optional=True),
+        # ),
+    )
+
+
+class KeyUsage(BitString):
+    schema = (
+        ("digitalSignature", 0),
+        ("nonRepudiation", 1),
+        ("keyEncipherment", 2),
+        ("dataEncipherment", 3),
+        ("keyAgreement", 4),
+        ("keyCertSign", 5),
+        ("cRLSign", 6),
+        ("encipherOnly", 7),
+        ("decipherOnly", 8),
+    )