1# 2# This file is part of pyasn1-modules software. 3# 4# Created by Russ Housley. 5# 6# Copyright (c) 2019, Vigil Security, LLC 7# License: http://snmplabs.com/pyasn1/license.html 8# 9# Alternative Challenge Password Attributes for EST 10# 11# ASN.1 source from: 12# https://www.rfc-editor.org/rfc/rfc7894.txt 13# 14 15from pyasn1.type import char 16from pyasn1.type import constraint 17from pyasn1.type import namedtype 18from pyasn1.type import univ 19 20from pyasn1_modules import rfc5652 21from pyasn1_modules import rfc6402 22from pyasn1_modules import rfc7191 23 24 25# SingleAttribute is the same as Attribute in RFC 5652, except that the 26# attrValues SET must have one and only one member 27 28Attribute = rfc7191.SingleAttribute 29 30 31# DirectoryString is the same as RFC 5280, except the length is limited to 255 32 33class DirectoryString(univ.Choice): 34 pass 35 36DirectoryString.componentType = namedtype.NamedTypes( 37 namedtype.NamedType('teletexString', char.TeletexString().subtype( 38 subtypeSpec=constraint.ValueSizeConstraint(1, 255))), 39 namedtype.NamedType('printableString', char.PrintableString().subtype( 40 subtypeSpec=constraint.ValueSizeConstraint(1, 255))), 41 namedtype.NamedType('universalString', char.UniversalString().subtype( 42 subtypeSpec=constraint.ValueSizeConstraint(1, 255))), 43 namedtype.NamedType('utf8String', char.UTF8String().subtype( 44 subtypeSpec=constraint.ValueSizeConstraint(1, 255))), 45 namedtype.NamedType('bmpString', char.BMPString().subtype( 46 subtypeSpec=constraint.ValueSizeConstraint(1, 255))) 47) 48 49 50# OTP Challenge Attribute 51 52id_aa_otpChallenge = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.56') 53 54ub_aa_otpChallenge = univ.Integer(255) 55 56otpChallenge = Attribute() 57otpChallenge['attrType'] = id_aa_otpChallenge 58otpChallenge['attrValues'][0] = DirectoryString() 59 60 61# Revocation Challenge Attribute 62 63id_aa_revocationChallenge = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.57') 64 65ub_aa_revocationChallenge = univ.Integer(255) 66 67revocationChallenge = Attribute() 68revocationChallenge['attrType'] = id_aa_revocationChallenge 69revocationChallenge['attrValues'][0] = DirectoryString() 70 71 72# EST Identity Linking Attribute 73 74id_aa_estIdentityLinking = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.58') 75 76ub_aa_est_identity_linking = univ.Integer(255) 77 78estIdentityLinking = Attribute() 79estIdentityLinking['attrType'] = id_aa_estIdentityLinking 80estIdentityLinking['attrValues'][0] = DirectoryString() 81 82 83# Map of Attribute Type OIDs to Attributes added to the 84# ones that are in rfc6402.py 85 86_cmcControlAttributesMapUpdate = { 87 id_aa_otpChallenge: DirectoryString(), 88 id_aa_revocationChallenge: DirectoryString(), 89 id_aa_estIdentityLinking: DirectoryString(), 90} 91 92rfc6402.cmcControlAttributesMap.update(_cmcControlAttributesMapUpdate) 93