;ò ¥}ZEc@ssdZdkZdkZdklZdkZdkZdkZdkZdk Z dk Z dei fd„ƒYZ de i fd„ƒYZde ifd„ƒYZd e ifd „ƒYZd eifd „ƒYZd efd„ƒYZde ifd„ƒYZdefd„ƒYZdefd„ƒYZde i fd„ƒYZdefd„ƒYZde ifd„ƒYZdeifd„ƒYZde ifd„ƒYZdeifd „ƒYZ d!eifd"„ƒYZ!d#e i fd$„ƒYZ"d%e ifd&„ƒYZ#d'ei$fd(„ƒYZ%d)e ifd*„ƒYZ&d+ei$fd,„ƒYZ'd-ei(fd.„ƒYZ)d/e ifd0„ƒYZ*d1e ifd2„ƒYZ+d3ei,fd4„ƒYZ-d5e i fd6„ƒYZ.d7e ifd8„ƒYZ/d9e ifd:„ƒYZ0d;ei,fd<„ƒYZ1d=e i fd>„ƒYZ2d?ei,fd@„ƒYZ3dAe ifdB„ƒYZ4dS(Cs7 pkix - classes for X.509v3 attributes/extensions specified in IETF-PKIX (c) by Michael Stroeder This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) $Id: pkix.py,v 1.2 2006/11/15 02:38:29 michael Exp $ N(sasn1s GeneralNamecBs‰tZdZhdd<dd<dd<dd<d d <d d <d d<dd<dd%siis!%s(sselfstagsreprsvals__html__s asn1typess url_targets url_prefix(sself((s./pylib/mspki/pkix.pys__html__7s(s__name__s __module__s__doc__stag_strs__init__s__str__s__repr__s__html__(((s./pylib/mspki/pkix.pys GeneralNames W   s GeneralNamescBstZdZd„ZRS(s< GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName cCstii||tƒdS(N(s asn1typess SequenceOfs__init__sselfsvals GeneralName(sselfsval((s./pylib/mspki/pkix.pys__init__Js(s__name__s __module__s__doc__s__init__(((s./pylib/mspki/pkix.pys GeneralNamesFs sBasicConstraintscBs#tZdZddgZd„ZRS(s– BasicConstraints ::= SEQUENCE { cA BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER (0..MAX) OPTIONAL } scAspathLenConstraintcCsktii||ƒt|iƒdjo|id|_nt|iƒdjo|id|_ndS(Niii(s asn1typessAttributeSequences__init__sselfsvalslenscAspathLenConstraint(sselfsval((s./pylib/mspki/pkix.pys__init__Us (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysBasicConstraintsNs  sAuthorityKeyIdentifiercBs&tZdZdddgZd„ZRS(sü AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] KeyIdentifier OPTIONAL, authorityCertIssuer [1] GeneralNames OPTIONAL, authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } s keyIdentifiersauthorityCertIssuersauthorityCertSerialNumbercCsætii||ƒxÌ|iD]Á}|idjot|iƒ|_q|idjo\t |it i ƒot |iƒ|_ qÞt |it iƒot|iƒ|_ qÞq|idjoti|iƒ|_qqWdS(Niii(s asn1typessAttributeSequences__init__sselfsvalsistags KeyIdentifiers keyIdentifiers isinstancesasn1s Constructeds GeneralNamesauthorityCertIssuersSequences GeneralNamessx509sCertificateSerialNumbersauthorityCertSerialNumber(sselfsvalsi((s./pylib/mspki/pkix.pys__init__es (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysAuthorityKeyIdentifier]s s KeyIdentifiercBs2tZdZd„Zd„Zd„Zd„ZRS(s$ KeyIdentifier ::= OCTET STRING cCstii||ƒdS(N(sasn1s OctetStrings__init__sselfsval(sselfsval((s./pylib/mspki/pkix.pys__init__wscCs#titit|iƒƒƒSdS(N(sstringsstripsutils HexStringsstrsselfsval(sself((s./pylib/mspki/pkix.pys__str__zscCsd|iit|ƒfSdS(Ns<%s: %s>(sselfs __class__s__name__sstr(sself((s./pylib/mspki/pkix.pys__repr__}scCst|ƒSdS(N(sstrsself(sself((s./pylib/mspki/pkix.pys__html__ƒs(s__name__s __module__s__doc__s__init__s__str__s__repr__s__html__(((s./pylib/mspki/pkix.pys KeyIdentifierss    sSubjectKeyIdentifiercBstZdZRS(s, SubjectKeyIdentifier ::= KeyIdentifier (s__name__s __module__s__doc__(((s./pylib/mspki/pkix.pysSubjectKeyIdentifier‡s sKeyUsagecBsntZdZhdd<dd<dd<dd<d d <d d <d d<dd<dd cRLDistributionPoints ::= { CRLDistPointsSyntax } (s__name__s __module__s__doc__(((s./pylib/mspki/pkix.pyscRLDistributionPoints¸s sDistributionPointcBs&tZdZdddgZd„ZRS(sé DistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, cRLIssuer [2] GeneralNames OPTIONAL } sdistributionPointsreasonss cRLIssuercCs¹tii||ƒxŸ|iD]”}|idjot|iƒ|_q|idjot |iƒ|_ q|idjot |iƒ|_ qt d|i|iif‚qWdS(NiiisInvalid tag %d for %s(s asn1typessAttributeSequences__init__sselfsvalsistagsDistributionPointNamesdistributionPoints ReasonFlagssreasonss GeneralNamess cRLIssuers ValueErrors __class__s__name__(sselfsvalsi((s./pylib/mspki/pkix.pys__init__Çs (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysDistributionPoint¾s sDistributionPointNamecBsJtZdZhdd<ddSss, (sstringsjoinsmapsselfsoid_strsval(sself((s./pylib/mspki/pkix.pys__str__Ps cCst|ƒSdS(N(sstrsself(sself((s./pylib/mspki/pkix.pys__repr__Ys(s__name__s __module__s__doc__soid_strs__str__s__repr__(((s./pylib/mspki/pkix.pysextendedKeyUsage%s Ÿ scertificatePoliciescBstZdZd„ZRS(sI certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation cCstii||tƒdS(N(s asn1typess SequenceOfs__init__sselfsvalsPolicyInformation(sselfsval((s./pylib/mspki/pkix.pys__init__as(s__name__s __module__s__doc__s__init__(((s./pylib/mspki/pkix.pyscertificatePolicies]s sPolicyInformationcBs#tZdZddgZd„ZRS(sÀ PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL } spolicyIdentifierspolicyQualifierscCsctii||ƒt|idiƒ|_t|ƒdjo ti|idt ƒ|_ ndS(Nii( s asn1typessAttributeSequences__init__sselfsvals CertPolicyIdspolicyIdentifierslens SequenceOfsPolicyQualifierInfospolicyQualifiers(sselfsval((s./pylib/mspki/pkix.pys__init__ns(s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysPolicyInformationes  s CertPolicyIdcBstZdZRS(s( CertPolicyId ::= OBJECT IDENTIFIER (s__name__s __module__s__doc__(((s./pylib/mspki/pkix.pys CertPolicyIdws sPolicyQualifierInfocBs#tZdZddgZd„ZRS(s’ PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } spolicyQualifierIds qualifiercCsŽ||_t|idiƒ|_t|idƒdjot|idƒ|_nt|idƒdjot|idƒ|_ndS(Nis1.3.6.1.5.5.7.2.1is1.3.6.1.5.5.7.2.2(svalsselfsPolicyQualifierIdspolicyQualifierIdsreprsCPSuris qualifiers UserNotice(sselfsval((s./pylib/mspki/pkix.pys__init__…s  (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysPolicyQualifierInfo}s  sPolicyQualifierIdcBstZdZd„ZRS(sñ id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) cCs ||_dS(N(svalsself(sselfsval((s./pylib/mspki/pkix.pys__init__—s(s__name__s __module__s__doc__s__init__(((s./pylib/mspki/pkix.pysPolicyQualifierIdŽs sCPSuricBs tZdZd„Zd„ZRS(s CPSuri ::= IA5String cCstii||ƒdS(N(sasn1s IA5Strings__init__sselfsval(sselfsval((s./pylib/mspki/pkix.pys__init__ scCs$dtiti|i|ifSdS(Ns!%s(s asn1typess url_targets url_prefixsselfsval(sself((s./pylib/mspki/pkix.pys__html__£s(s__name__s __module__s__doc__s__init__s__html__(((s./pylib/mspki/pkix.pysCPSuriœs  s UserNoticecBs#tZdZddgZd„ZRS(s UserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL} s noticeRefs explicitTextcCs`tii||ƒxF|iD];}t|tiƒot |ƒ|_ qt |ƒ|_ qWdS(N( s asn1typessAttributeSequences__init__sselfsvalsis isinstancesasn1sSequencesNoticeReferences noticeRefs DisplayTexts explicitText(sselfsvalsi((s./pylib/mspki/pkix.pys__init__²s  (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pys UserNotice«s  sNoticeReferencecBs#tZdZddgZd„ZRS(sw NoticeReference ::= SEQUENCE { organization DisplayText, noticeNumbers SEQUENCE OF INTEGER } s organizations noticeNumberscCs=tii||ƒt|idƒ|_|id|_dS(Nii(s asn1typessAttributeSequences__init__sselfsvals DisplayTexts organizations noticeNumbers(sselfsval((s./pylib/mspki/pkix.pys__init__Ãs(s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysNoticeReference»s  s DisplayTextcBstZdZRS(sÇ DisplayText ::= CHOICE { visibleString VisibleString (SIZE (1..200)), bmpString BMPString (SIZE (1..200)), utf8String UTF8String (SIZE (1..200)) } (s__name__s __module__s__doc__(((s./pylib/mspki/pkix.pys DisplayTextÉs sAuthorityInfoAccessSyntaxcBstZdZd„ZRS(sZ AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription cCstii||tƒdS(N(s asn1typess SequenceOfs__init__sselfsvalsAccessDescription(sselfsval((s./pylib/mspki/pkix.pys__init__×s(s__name__s __module__s__doc__s__init__(((s./pylib/mspki/pkix.pysAuthorityInfoAccessSyntaxÒs sAccessDescriptioncBs#tZdZddgZd„ZRS(sŠ AccessDescription ::= SEQUENCE { accessMethod OBJECT IDENTIFIER, accessLocation GeneralName } s accessMethodsaccessLocationcCs=tii||ƒ|id|_t|idƒ|_dS(Nii(s asn1typessAttributeSequences__init__sselfsvals accessMethods GeneralNamesaccessLocation(sselfsval((s./pylib/mspki/pkix.pys__init__ãs(s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysAccessDescriptionÛs  sissuingDistributionPointcBs,tZdZdddddgZd„ZRS(sX issuingDistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, onlySomeReasons [3] ReasonFlags OPTIONAL, indirectCRL [4] BOOLEAN DEFAULT FALSE } sdistributionPointsonlyContainsUserCertssonlyContainsCACertssonlySomeReasonss indirectCRLcCsòtii||ƒxØ|iD]Í}|idjot|iƒ|_q|idjot i |iƒ|_ q|idjot i |iƒ|_ q|idjot |iƒ|_q|idjot i |iƒ|_qqWdS(Niiiii(s asn1typessAttributeSequences__init__sselfsvalsistagsDistributionPointNamesdistributionPointsasn1sBooleansonlyContainsUserCertssonlyContainsCACertss ReasonFlagssonlySomeReasonss indirectCRL(sselfsvalsi((s./pylib/mspki/pkix.pys__init__÷s (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysissuingDistributionPointés s cRLNumbercBstZdZRS(s$ cRLNumber ::= INTEGER (0..MAX) (s__name__s __module__s__doc__(((s./pylib/mspki/pkix.pys cRLNumbers sSubjectDirectoryAttributescBstZdZd„ZRS(sH SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute cCstii||tiƒdS(N(s asn1typess SequenceOfs__init__sselfsvalsx500sAttributeTypeAndValue(sselfsval((s./pylib/mspki/pkix.pys__init__s(s__name__s __module__s__doc__s__init__(((s./pylib/mspki/pkix.pysSubjectDirectoryAttributes s s SkipCertscBstZdZRS(s$ SkipCerts ::= INTEGER (0..MAX) (s__name__s __module__s__doc__(((s./pylib/mspki/pkix.pys SkipCertss sPolicyConstraintscBs#tZdZddgZd„ZRS(sÇ PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } SkipCerts ::= INTEGER (0..MAX) srequireExplicitPolicysinhibitPolicyMappingcCswtii||ƒx]|iD]R}|idjot|iƒ|_q|idjot|iƒ|_ qqWdS(Nii( s asn1typessAttributeSequences__init__sselfsvalsistags SkipCertssrequireExplicitPolicysinhibitPolicyMapping(sselfsvalsi((s./pylib/mspki/pkix.pys__init__&s (s__name__s __module__s__doc__s attr_lists__init__(((s./pylib/mspki/pkix.pysPolicyConstraintss  (5s__doc__ssyssstringspiscessasn1sutilsutctimesx500sx509sx509v3s asn1typess Constructeds GeneralNames SequenceOfs GeneralNamessAttributeSequencesBasicConstraintssAuthorityKeyIdentifiers OctetStrings KeyIdentifiersSubjectKeyIdentifiers BitStringsKeyUsagesSubjectAltNames IssuerAltNamesCRLDistPointsSyntaxscRLDistributionPointssDistributionPoints ContextualsDistributionPointNames ReasonFlagssSequencesPrivateKeyUsagePeriodsextendedKeyUsagescertificatePoliciessPolicyInformationsOIDs CertPolicyIdsPolicyQualifierInfosPolicyQualifierIds IA5StringsCPSuris UserNoticesNoticeReferences ASN1Objects DisplayTextsAuthorityInfoAccessSyntaxsAccessDescriptionsissuingDistributionPoints cRLNumbersSubjectDirectoryAttributess SkipCertssPolicyConstraints()sDistributionPointNames GeneralNamesx509v3sextendedKeyUsagesSubjectAltNames cRLNumbersAccessDescriptions asn1typesssyssCRLDistPointsSyntaxsBasicConstraintssPolicyInformationsCPSurisPrivateKeyUsagePeriodsAuthorityKeyIdentifiers GeneralNamess DisplayTexts ReasonFlagssasn1sutctimescertificatePoliciessissuingDistributionPointsDistributionPointsSubjectKeyIdentifiersx500sstringsx509sutilsSubjectDirectoryAttributessKeyUsages UserNoticesPolicyQualifierIdsPolicyQualifierInfos KeyIdentifiersAuthorityInfoAccessSyntaxscRLDistributionPointss SkipCertssNoticeReferences IssuerAltNamesPolicyConstraintss CertPolicyId((s./pylib/mspki/pkix.pys? sF 62 8