# coding: utf-8
# PyGOST -- Pure Python GOST cryptographic functions library
-# Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2015-2024 Sergey Matveev <stargrave@stargrave.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# along with this program. If not, see <http://www.gnu.org/licenses/>.
""":rfc:`5280` related structures (**NOT COMPLETE**)
-They are taken from `PyDERASN <http://pyderasn.cypherpunks.ru/`__ tests.
+They are taken from `PyDERASN <http://www.pyderasn.cypherpunks.ru/`__ tests.
"""
from pyderasn import Any
from pyderasn import Boolean
from pyderasn import Choice
from pyderasn import GeneralizedTime
+from pyderasn import IA5String
from pyderasn import Integer
from pyderasn import ObjectIdentifier
from pyderasn import OctetString
from pyderasn import TeletexString
from pyderasn import UTCTime
+from pygost.asn1schemas.oids import id_at_commonName
+from pygost.asn1schemas.oids import id_at_countryName
+from pygost.asn1schemas.oids import id_at_localityName
+from pygost.asn1schemas.oids import id_at_organizationName
+from pygost.asn1schemas.oids import id_at_stateOrProvinceName
+
class Version(Integer):
schema = (
class AttributeTypeAndValue(Sequence):
schema = (
("type", AttributeType(defines=(((".", "value"), {
- ObjectIdentifier("2.5.4.6"): PrintableString(),
- ObjectIdentifier("2.5.4.8"): PrintableString(),
- ObjectIdentifier("2.5.4.7"): PrintableString(),
- ObjectIdentifier("2.5.4.10"): OrganizationName(),
- ObjectIdentifier("2.5.4.3"): PrintableString(),
+ id_at_countryName: PrintableString(),
+ id_at_stateOrProvinceName: PrintableString(),
+ id_at_localityName: PrintableString(),
+ id_at_organizationName: OrganizationName(),
+ id_at_commonName: PrintableString(),
}),))),
("value", AttributeValue()),
)
)
+class GostR34102012PublicKeyParameters(Sequence):
+ schema = (
+ ("publicKeyParamSet", ObjectIdentifier()),
+ ("digestParamSet", ObjectIdentifier(optional=True)),
+ )
+
+
class SubjectPublicKeyInfo(Sequence):
schema = (
("algorithm", AlgorithmIdentifier()),
pass
+class KeyIdentifier(OctetString):
+ pass
+
+
+class SubjectKeyIdentifier(KeyIdentifier):
+ pass
+
+
+class BasicConstraints(Sequence):
+ schema = (
+ ("cA", Boolean(default=False)),
+ # ("pathLenConstraint", PathLenConstraint(optional=True)),
+ )
+
+
class Extension(Sequence):
schema = (
("extnID", ObjectIdentifier()),
("signatureAlgorithm", AlgorithmIdentifier()),
("signatureValue", BitString()),
)
+
+
+class RevokedCertificates(SequenceOf):
+ # schema = RevokedCertificate()
+ schema = OctetString() # dummy
+
+
+class TBSCertList(Sequence):
+ schema = (
+ ("version", Version(optional=True)),
+ ("signature", AlgorithmIdentifier()),
+ ("issuer", Name()),
+ ("thisUpdate", Time()),
+ ("nextUpdate", Time(optional=True)),
+ ("revokedCertificates", RevokedCertificates(optional=True)),
+ ("crlExtensions", Extensions(expl=tag_ctxc(0), optional=True)),
+ )
+
+
+class CertificateList(Sequence):
+ schema = (
+ ("tbsCertList", TBSCertList()),
+ ("signatureAlgorithm", AlgorithmIdentifier()),
+ ("signatureValue", BitString()),
+ )
+
+
+class GeneralName(Choice):
+ schema = (
+ # ("otherName", AnotherName(impl=tag_ctxc(0))),
+ # ("rfc822Name", IA5String(impl=tag_ctxp(1))),
+ ("dNSName", IA5String(impl=tag_ctxp(2))),
+ # ("x400Address", ORAddress(impl=tag_ctxp(3))),
+ # ("x400Address", OctetString(impl=tag_ctxp(3))),
+ # ("directoryName", Name(expl=tag_ctxc(4))),
+ # ("ediPartyName", EDIPartyName(impl=tag_ctxc(5))),
+ # ("uniformResourceIdentifier", IA5String(impl=tag_ctxp(6))),
+ # ("iPAddress", OctetString(impl=tag_ctxp(7))),
+ # ("registeredID", ObjectIdentifier(impl=tag_ctxp(8))),
+ )
+
+
+class GeneralNames(SequenceOf):
+ schema = GeneralName()
+ bounds = (1, float("+inf"))
+
+
+class SubjectAltName(GeneralNames):
+ pass
+
+
+class AuthorityKeyIdentifier(Sequence):
+ schema = (
+ ("keyIdentifier", KeyIdentifier(impl=tag_ctxp(0), optional=True)),
+ # ("authorityCertIssuer", GeneralNames(impl=tag_ctxc(1), optional=True)),
+ # (
+ # "authorityCertSerialNumber",
+ # CertificateSerialNumber(impl=tag_ctxp(2), optional=True),
+ # ),
+ )
+
+
+class KeyUsage(BitString):
+ schema = (
+ ("digitalSignature", 0),
+ ("nonRepudiation", 1),
+ ("keyEncipherment", 2),
+ ("dataEncipherment", 3),
+ ("keyAgreement", 4),
+ ("keyCertSign", 5),
+ ("cRLSign", 6),
+ ("encipherOnly", 7),
+ ("decipherOnly", 8),
+ )