tbs = TBSCertificate()
tbs["serialNumber"] = CertificateSerialNumber(10143011886257155224)
- sign_algo_id = AlgorithmIdentifier()
- sign_algo_id["algorithm"] = ObjectIdentifier("1.2.840.113549.1.1.5")
- sign_algo_id["parameters"] = Any(Null())
+ sign_algo_id = AlgorithmIdentifier((
+ ("algorithm", ObjectIdentifier("1.2.840.113549.1.1.5")),
+ ("parameters", Any(Null())),
+ ))
tbs["signature"] = sign_algo_id
rdnSeq = RDNSequence()
("2.5.4.3", PrintableString, "false.example.com"),
("1.2.840.113549.1.9.1", IA5String, "false@example.com"),
):
- attr = AttributeTypeAndValue()
- attr["type"] = AttributeType(oid)
- attr["value"] = AttributeValue(klass(text))
- rdn = RelativeDistinguishedName()
- rdn.append(attr)
- rdnSeq.append(rdn)
- issuer = Name()
- issuer["rdnSequence"] = rdnSeq
+ rdnSeq.append(
+ RelativeDistinguishedName((
+ AttributeTypeAndValue((
+ ("type", AttributeType(oid)),
+ ("value", AttributeValue(klass(text))),
+ )),
+ ))
+ )
+ issuer = Name(("rdnSequence", rdnSeq))
tbs["issuer"] = issuer
tbs["subject"] = issuer
- validity = Validity()
- validity["notBefore"] = Time(("utcTime", UTCTime(datetime(2009, 10, 8, 0, 25, 53))))
- validity["notAfter"] = Time(("utcTime", UTCTime(datetime(2010, 10, 8, 0, 25, 53))))
+ validity = Validity((
+ ("notBefore", Time(
+ ("utcTime", UTCTime(datetime(2009, 10, 8, 0, 25, 53))),
+ )),
+ ("notAfter", Time(
+ ("utcTime", UTCTime(datetime(2010, 10, 8, 0, 25, 53))),
+ )),
+ ))
tbs["validity"] = validity
spki = SubjectPublicKeyInfo()
crt.encode()
And we will get the same certificate used in Go's library tests.
+
+DEFINED BY fields
+-----------------
+
+Here is only very simple example how you can define Any/OctetString
+fields automatic decoding::
+
+ class AttributeTypeAndValue(Sequence):
+ schema = (
+ ((("type",), AttributeType(defines=("value", {
+ id_at_countryName: PrintableString(),
+ id_at_stateOrProvinceName: PrintableString(),
+ id_at_localityName: PrintableString(),
+ id_at_organizationName: PrintableString(),
+ id_at_commonName: PrintableString(),
+ }))),),
+ ("value", AttributeValue()),
+ )
+
+And when you will try to decode X.509 certificate with it, your pretty
+printer will show::
+
+ 34 [0,0, 149] . . issuer: Name CHOICE rdnSequence
+ 34 [1,2, 146] . . . rdnSequence: RDNSequence SEQUENCE OF
+ 37 [1,1, 11] . . . . 0: RelativeDistinguishedName SET OF
+ 39 [1,1, 9] . . . . . 0: AttributeTypeAndValue SEQUENCE
+ 41 [1,1, 3] . . . . . . type: AttributeType OBJECT IDENTIFIER id-at-countryName (2.5.4.6)
+ 46 [0,0, 4] . . . . . . value: [UNIV 19] AttributeValue ANY
+ . . . . . . . 13:02:58:58
+ 46 [1,1, 2] . . . . . . . DEFINED BY (2.5.4.6): PrintableString PrintableString XX
+ 50 [1,1, 19] . . . . 1: RelativeDistinguishedName SET OF
+ 52 [1,1, 17] . . . . . 0: AttributeTypeAndValue SEQUENCE
+ 54 [1,1, 3] . . . . . . type: AttributeType OBJECT IDENTIFIER id-at-stateOrProvinceName (2.5.4.8)
+ 59 [0,0, 12] . . . . . . value: [UNIV 19] AttributeValue ANY
+ . . . . . . . 13:0A:53:6F:6D:65:2D:53:74:61:74:65
+ 59 [1,1, 10] . . . . . . . DEFINED BY (2.5.4.8): PrintableString PrintableString Some-State
+ 71 [1,1, 13] . . . . 2: RelativeDistinguishedName SET OF
+ 73 [1,1, 11] . . . . . 0: AttributeTypeAndValue SEQUENCE
+ 75 [1,1, 3] . . . . . . type: AttributeType OBJECT IDENTIFIER id-at-localityName (2.5.4.7)
+ 80 [0,0, 6] . . . . . . value: [UNIV 19] AttributeValue ANY
+ . . . . . . . 13:04:43:69:74:79
+ 80 [1,1, 4] . . . . . . . DEFINED BY (2.5.4.7): PrintableString PrintableString City
+ 86 [1,1, 33] . . . . 3: RelativeDistinguishedName SET OF
+ 88 [1,1, 31] . . . . . 0: AttributeTypeAndValue SEQUENCE
+ 90 [1,1, 3] . . . . . . type: AttributeType OBJECT IDENTIFIER id-at-organizationName (2.5.4.10)
+ 95 [0,0, 26] . . . . . . value: [UNIV 19] AttributeValue ANY
+ . . . . . . . 13:18:49:6E:74:65:72:6E:65:74:20:57:69:64:67:69
+ . . . . . . . 74:73:20:50:74:79:20:4C:74:64
+ 95 [1,1, 24] . . . . . . . DEFINED BY (2.5.4.10): PrintableString PrintableString Internet Widgits Pty Ltd
+
+:ref:`Read more <definedby>` about that feature.