1# coding: utf-8 2 3""" 4ASN.1 type classes for the time stamp protocol (TSP). Exports the following 5items: 6 7 - TimeStampReq() 8 - TimeStampResp() 9 10Also adds TimeStampedData() support to asn1crypto.cms.ContentInfo(), 11TimeStampedData() and TSTInfo() support to 12asn1crypto.cms.EncapsulatedContentInfo() and some oids and value parsers to 13asn1crypto.cms.CMSAttribute(). 14 15Other type classes are defined that help compose the types listed above. 16""" 17 18from __future__ import unicode_literals, division, absolute_import, print_function 19 20from .algos import DigestAlgorithm 21from .cms import ( 22 CMSAttribute, 23 CMSAttributeType, 24 ContentInfo, 25 ContentType, 26 EncapsulatedContentInfo, 27) 28from .core import ( 29 Any, 30 BitString, 31 Boolean, 32 Choice, 33 GeneralizedTime, 34 IA5String, 35 Integer, 36 ObjectIdentifier, 37 OctetString, 38 Sequence, 39 SequenceOf, 40 SetOf, 41 UTF8String, 42) 43from .crl import CertificateList 44from .x509 import ( 45 Attributes, 46 CertificatePolicies, 47 GeneralName, 48 GeneralNames, 49) 50 51 52# The structures in this file are based on https://tools.ietf.org/html/rfc3161, 53# https://tools.ietf.org/html/rfc4998, https://tools.ietf.org/html/rfc5544, 54# https://tools.ietf.org/html/rfc5035, https://tools.ietf.org/html/rfc2634 55 56class Version(Integer): 57 _map = { 58 0: 'v0', 59 1: 'v1', 60 2: 'v2', 61 3: 'v3', 62 4: 'v4', 63 5: 'v5', 64 } 65 66 67class MessageImprint(Sequence): 68 _fields = [ 69 ('hash_algorithm', DigestAlgorithm), 70 ('hashed_message', OctetString), 71 ] 72 73 74class Accuracy(Sequence): 75 _fields = [ 76 ('seconds', Integer, {'optional': True}), 77 ('millis', Integer, {'implicit': 0, 'optional': True}), 78 ('micros', Integer, {'implicit': 1, 'optional': True}), 79 ] 80 81 82class Extension(Sequence): 83 _fields = [ 84 ('extn_id', ObjectIdentifier), 85 ('critical', Boolean, {'default': False}), 86 ('extn_value', OctetString), 87 ] 88 89 90class Extensions(SequenceOf): 91 _child_spec = Extension 92 93 94class TSTInfo(Sequence): 95 _fields = [ 96 ('version', Version), 97 ('policy', ObjectIdentifier), 98 ('message_imprint', MessageImprint), 99 ('serial_number', Integer), 100 ('gen_time', GeneralizedTime), 101 ('accuracy', Accuracy, {'optional': True}), 102 ('ordering', Boolean, {'default': False}), 103 ('nonce', Integer, {'optional': True}), 104 ('tsa', GeneralName, {'explicit': 0, 'optional': True}), 105 ('extensions', Extensions, {'implicit': 1, 'optional': True}), 106 ] 107 108 109class TimeStampReq(Sequence): 110 _fields = [ 111 ('version', Version), 112 ('message_imprint', MessageImprint), 113 ('req_policy', ObjectIdentifier, {'optional': True}), 114 ('nonce', Integer, {'optional': True}), 115 ('cert_req', Boolean, {'default': False}), 116 ('extensions', Extensions, {'implicit': 0, 'optional': True}), 117 ] 118 119 120class PKIStatus(Integer): 121 _map = { 122 0: 'granted', 123 1: 'granted_with_mods', 124 2: 'rejection', 125 3: 'waiting', 126 4: 'revocation_warning', 127 5: 'revocation_notification', 128 } 129 130 131class PKIFreeText(SequenceOf): 132 _child_spec = UTF8String 133 134 135class PKIFailureInfo(BitString): 136 _map = { 137 0: 'bad_alg', 138 2: 'bad_request', 139 5: 'bad_data_format', 140 14: 'time_not_available', 141 15: 'unaccepted_policy', 142 16: 'unaccepted_extensions', 143 17: 'add_info_not_available', 144 25: 'system_failure', 145 } 146 147 148class PKIStatusInfo(Sequence): 149 _fields = [ 150 ('status', PKIStatus), 151 ('status_string', PKIFreeText, {'optional': True}), 152 ('fail_info', PKIFailureInfo, {'optional': True}), 153 ] 154 155 156class TimeStampResp(Sequence): 157 _fields = [ 158 ('status', PKIStatusInfo), 159 ('time_stamp_token', ContentInfo), 160 ] 161 162 163class MetaData(Sequence): 164 _fields = [ 165 ('hash_protected', Boolean), 166 ('file_name', UTF8String, {'optional': True}), 167 ('media_type', IA5String, {'optional': True}), 168 ('other_meta_data', Attributes, {'optional': True}), 169 ] 170 171 172class TimeStampAndCRL(SequenceOf): 173 _fields = [ 174 ('time_stamp', EncapsulatedContentInfo), 175 ('crl', CertificateList, {'optional': True}), 176 ] 177 178 179class TimeStampTokenEvidence(SequenceOf): 180 _child_spec = TimeStampAndCRL 181 182 183class DigestAlgorithms(SequenceOf): 184 _child_spec = DigestAlgorithm 185 186 187class EncryptionInfo(Sequence): 188 _fields = [ 189 ('encryption_info_type', ObjectIdentifier), 190 ('encryption_info_value', Any), 191 ] 192 193 194class PartialHashtree(SequenceOf): 195 _child_spec = OctetString 196 197 198class PartialHashtrees(SequenceOf): 199 _child_spec = PartialHashtree 200 201 202class ArchiveTimeStamp(Sequence): 203 _fields = [ 204 ('digest_algorithm', DigestAlgorithm, {'implicit': 0, 'optional': True}), 205 ('attributes', Attributes, {'implicit': 1, 'optional': True}), 206 ('reduced_hashtree', PartialHashtrees, {'implicit': 2, 'optional': True}), 207 ('time_stamp', ContentInfo), 208 ] 209 210 211class ArchiveTimeStampSequence(SequenceOf): 212 _child_spec = ArchiveTimeStamp 213 214 215class EvidenceRecord(Sequence): 216 _fields = [ 217 ('version', Version), 218 ('digest_algorithms', DigestAlgorithms), 219 ('crypto_infos', Attributes, {'implicit': 0, 'optional': True}), 220 ('encryption_info', EncryptionInfo, {'implicit': 1, 'optional': True}), 221 ('archive_time_stamp_sequence', ArchiveTimeStampSequence), 222 ] 223 224 225class OtherEvidence(Sequence): 226 _fields = [ 227 ('oe_type', ObjectIdentifier), 228 ('oe_value', Any), 229 ] 230 231 232class Evidence(Choice): 233 _alternatives = [ 234 ('tst_evidence', TimeStampTokenEvidence, {'implicit': 0}), 235 ('ers_evidence', EvidenceRecord, {'implicit': 1}), 236 ('other_evidence', OtherEvidence, {'implicit': 2}), 237 ] 238 239 240class TimeStampedData(Sequence): 241 _fields = [ 242 ('version', Version), 243 ('data_uri', IA5String, {'optional': True}), 244 ('meta_data', MetaData, {'optional': True}), 245 ('content', OctetString, {'optional': True}), 246 ('temporal_evidence', Evidence), 247 ] 248 249 250class IssuerSerial(Sequence): 251 _fields = [ 252 ('issuer', GeneralNames), 253 ('serial_number', Integer), 254 ] 255 256 257class ESSCertID(Sequence): 258 _fields = [ 259 ('cert_hash', OctetString), 260 ('issuer_serial', IssuerSerial, {'optional': True}), 261 ] 262 263 264class ESSCertIDs(SequenceOf): 265 _child_spec = ESSCertID 266 267 268class SigningCertificate(Sequence): 269 _fields = [ 270 ('certs', ESSCertIDs), 271 ('policies', CertificatePolicies, {'optional': True}), 272 ] 273 274 275class SetOfSigningCertificates(SetOf): 276 _child_spec = SigningCertificate 277 278 279class ESSCertIDv2(Sequence): 280 _fields = [ 281 ('hash_algorithm', DigestAlgorithm, {'default': {'algorithm': 'sha256'}}), 282 ('cert_hash', OctetString), 283 ('issuer_serial', IssuerSerial, {'optional': True}), 284 ] 285 286 287class ESSCertIDv2s(SequenceOf): 288 _child_spec = ESSCertIDv2 289 290 291class SigningCertificateV2(Sequence): 292 _fields = [ 293 ('certs', ESSCertIDv2s), 294 ('policies', CertificatePolicies, {'optional': True}), 295 ] 296 297 298class SetOfSigningCertificatesV2(SetOf): 299 _child_spec = SigningCertificateV2 300 301 302EncapsulatedContentInfo._oid_specs['tst_info'] = TSTInfo 303EncapsulatedContentInfo._oid_specs['timestamped_data'] = TimeStampedData 304ContentInfo._oid_specs['timestamped_data'] = TimeStampedData 305ContentType._map['1.2.840.113549.1.9.16.1.4'] = 'tst_info' 306ContentType._map['1.2.840.113549.1.9.16.1.31'] = 'timestamped_data' 307CMSAttributeType._map['1.2.840.113549.1.9.16.2.12'] = 'signing_certificate' 308CMSAttribute._oid_specs['signing_certificate'] = SetOfSigningCertificates 309CMSAttributeType._map['1.2.840.113549.1.9.16.2.47'] = 'signing_certificate_v2' 310CMSAttribute._oid_specs['signing_certificate_v2'] = SetOfSigningCertificatesV2 311