1# coding: utf-8 2 3""" 4ASN.1 type classes for certificate signing requests (CSR). Exports the 5following items: 6 7 - CertificationRequest() 8 9Other type classes are defined that help compose the types listed above. 10""" 11 12from __future__ import unicode_literals, division, absolute_import, print_function 13 14from .algos import SignedDigestAlgorithm 15from .core import ( 16 Any, 17 BitString, 18 BMPString, 19 Integer, 20 ObjectIdentifier, 21 OctetBitString, 22 Sequence, 23 SetOf, 24 UTF8String 25) 26from .keys import PublicKeyInfo 27from .x509 import DirectoryString, Extensions, Name 28 29 30# The structures in this file are taken from https://tools.ietf.org/html/rfc2986 31# and https://tools.ietf.org/html/rfc2985 32 33 34class Version(Integer): 35 _map = { 36 0: 'v1', 37 } 38 39 40class CSRAttributeType(ObjectIdentifier): 41 _map = { 42 '1.2.840.113549.1.9.7': 'challenge_password', 43 '1.2.840.113549.1.9.9': 'extended_certificate_attributes', 44 '1.2.840.113549.1.9.14': 'extension_request', 45 # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/a5eaae36-e9f3-4dc5-a687-bfa7115954f1 46 '1.3.6.1.4.1.311.13.2.2': 'microsoft_enrollment_csp_provider', 47 # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/7c677cba-030d-48be-ba2b-01e407705f34 48 '1.3.6.1.4.1.311.13.2.3': 'microsoft_os_version', 49 # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/64e5ff6d-c6dd-4578-92f7-b3d895f9b9c7 50 '1.3.6.1.4.1.311.21.20': 'microsoft_request_client_info', 51 } 52 53 54class SetOfDirectoryString(SetOf): 55 _child_spec = DirectoryString 56 57 58class Attribute(Sequence): 59 _fields = [ 60 ('type', ObjectIdentifier), 61 ('values', SetOf, {'spec': Any}), 62 ] 63 64 65class SetOfAttributes(SetOf): 66 _child_spec = Attribute 67 68 69class SetOfExtensions(SetOf): 70 _child_spec = Extensions 71 72 73class MicrosoftEnrollmentCSProvider(Sequence): 74 _fields = [ 75 ('keyspec', Integer), 76 ('cspname', BMPString), # cryptographic service provider name 77 ('signature', BitString), 78 ] 79 80 81class SetOfMicrosoftEnrollmentCSProvider(SetOf): 82 _child_spec = MicrosoftEnrollmentCSProvider 83 84 85class MicrosoftRequestClientInfo(Sequence): 86 _fields = [ 87 ('clientid', Integer), 88 ('machinename', UTF8String), 89 ('username', UTF8String), 90 ('processname', UTF8String), 91 ] 92 93 94class SetOfMicrosoftRequestClientInfo(SetOf): 95 _child_spec = MicrosoftRequestClientInfo 96 97 98class CRIAttribute(Sequence): 99 _fields = [ 100 ('type', CSRAttributeType), 101 ('values', Any), 102 ] 103 104 _oid_pair = ('type', 'values') 105 _oid_specs = { 106 'challenge_password': SetOfDirectoryString, 107 'extended_certificate_attributes': SetOfAttributes, 108 'extension_request': SetOfExtensions, 109 'microsoft_enrollment_csp_provider': SetOfMicrosoftEnrollmentCSProvider, 110 'microsoft_os_version': SetOfDirectoryString, 111 'microsoft_request_client_info': SetOfMicrosoftRequestClientInfo, 112 } 113 114 115class CRIAttributes(SetOf): 116 _child_spec = CRIAttribute 117 118 119class CertificationRequestInfo(Sequence): 120 _fields = [ 121 ('version', Version), 122 ('subject', Name), 123 ('subject_pk_info', PublicKeyInfo), 124 ('attributes', CRIAttributes, {'implicit': 0, 'optional': True}), 125 ] 126 127 128class CertificationRequest(Sequence): 129 _fields = [ 130 ('certification_request_info', CertificationRequestInfo), 131 ('signature_algorithm', SignedDigestAlgorithm), 132 ('signature', OctetBitString), 133 ] 134