1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
|
# This file is being contributed to pyasn1-modules software.
#
# Created by Russ Housley with assistance from the asn1ate tool, with manual
# changes to implement appropriate constraints and added comments.
# Modified by Russ Housley to add maps for use with opentypes.
#
# Copyright (c) 2019, Vigil Security, LLC
# License: http://snmplabs.com/pyasn1/license.html
#
# JWT Claim Constraints and TN Authorization List for certificate extensions.
#
# ASN.1 source from:
# https://www.rfc-editor.org/rfc/rfc8226.txt (with errata corrected)
from pyasn1.type import char
from pyasn1.type import constraint
from pyasn1.type import namedtype
from pyasn1.type import tag
from pyasn1.type import univ
from pyasn1_modules import rfc5280
MAX = float('inf')
def _OID(*components):
output = []
for x in tuple(components):
if isinstance(x, univ.ObjectIdentifier):
output.extend(list(x))
else:
output.append(int(x))
return univ.ObjectIdentifier(output)
class JWTClaimName(char.IA5String):
pass
class JWTClaimNames(univ.SequenceOf):
pass
JWTClaimNames.componentType = JWTClaimName()
JWTClaimNames.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
class JWTClaimPermittedValues(univ.Sequence):
pass
JWTClaimPermittedValues.componentType = namedtype.NamedTypes(
namedtype.NamedType('claim', JWTClaimName()),
namedtype.NamedType('permitted', univ.SequenceOf(
componentType=char.UTF8String()).subtype(
sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
)
class JWTClaimPermittedValuesList(univ.SequenceOf):
pass
JWTClaimPermittedValuesList.componentType = JWTClaimPermittedValues()
JWTClaimPermittedValuesList.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
class JWTClaimConstraints(univ.Sequence):
pass
JWTClaimConstraints.componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('mustInclude',
JWTClaimNames().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('permittedValues',
JWTClaimPermittedValuesList().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 1)))
)
JWTClaimConstraints.subtypeSpec = constraint.ConstraintsUnion(
constraint.WithComponentsConstraint(
('mustInclude', constraint.ComponentPresentConstraint())),
constraint.WithComponentsConstraint(
('permittedValues', constraint.ComponentPresentConstraint()))
)
id_pe_JWTClaimConstraints = _OID(1, 3, 6, 1, 5, 5, 7, 1, 27)
class ServiceProviderCode(char.IA5String):
pass
class TelephoneNumber(char.IA5String):
pass
TelephoneNumber.subtypeSpec = constraint.ConstraintsIntersection(
constraint.ValueSizeConstraint(1, 15),
constraint.PermittedAlphabetConstraint(
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*')
)
class TelephoneNumberRange(univ.Sequence):
pass
TelephoneNumberRange.componentType = namedtype.NamedTypes(
namedtype.NamedType('start', TelephoneNumber()),
namedtype.NamedType('count',
univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(2, MAX)))
)
class TNEntry(univ.Choice):
pass
TNEntry.componentType = namedtype.NamedTypes(
namedtype.NamedType('spc',
ServiceProviderCode().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))),
namedtype.NamedType('range',
TelephoneNumberRange().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 1))),
namedtype.NamedType('one',
TelephoneNumber().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 2)))
)
class TNAuthorizationList(univ.SequenceOf):
pass
TNAuthorizationList.componentType = TNEntry()
TNAuthorizationList.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
id_pe_TNAuthList = _OID(1, 3, 6, 1, 5, 5, 7, 1, 26)
id_ad_stirTNList = _OID(1, 3, 6, 1, 5, 5, 7, 48, 14)
# Map of Certificate Extension OIDs to Extensions added to the
# ones that are in rfc5280.py
_certificateExtensionsMapUpdate = {
id_pe_TNAuthList: TNAuthorizationList(),
id_pe_JWTClaimConstraints: JWTClaimConstraints(),
}
rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)
|