From ef9ffbacb9cdcbcb7da124f617c2f98257d59615 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Wed, 21 Jun 2023 12:16:53 +1200 Subject: [PATCH] tests/krb5: Add PK-INIT ASN1 definitions and include licence Reviewed-by: Andrew Bartlett Signed-off-by: Joseph Sutton --- python/samba/tests/krb5/rfc4120.asn1 | 1029 +++++++++++++++- python/samba/tests/krb5/rfc4120_pyasn1.py | 1863 ++++++++++++++++++++++++++--- 2 files changed, 2699 insertions(+), 193 deletions(-) diff --git a/python/samba/tests/krb5/rfc4120.asn1 b/python/samba/tests/krb5/rfc4120.asn1 index e2f96829370..2b63a729327 100644 --- a/python/samba/tests/krb5/rfc4120.asn1 +++ b/python/samba/tests/krb5/rfc4120.asn1 @@ -1,6 +1,23 @@ --- Portions of these ASN.1 modules are structures are from RFC6113 +-- Portions of these ASN.1 modules are structures from RFC6113 -- authored by S. Hartman (Painless Security) and L. Zhu (Microsoft) -- +-- Portions of these ASN.1 modules are structures from RFC4556 +-- authored by L. Zhu (Microsoft Corporation) and B. Tung (Aerospace +-- Corporation) +-- +-- Portions of these ASN.1 modules are structures from RFC5280 +-- authored by D. Cooper (NIST), S. Santesson (Microsoft), +-- S. Farrell (Trinity College Dublin), S. Boeyen (Entrust), +-- R. Housley (Vigil Security), W. Polk (NIST) +-- +-- Portions of these ASN.1 modules are structures from RFC0817 +-- authored by K. Moriarty, Ed. (EMC Corporation) +-- B. Kaliski (Verisign), J. Jonsson (Subset AB), A. Rusch (RSA) + +-- Portions of these ASN.1 modules are structures from RFC0818 +-- authored by K. Moriarty, Ed. (Dell EMC), B. Kaliski (Verisign) +-- A. Rusch (RSA) +-- -- Copyright (c) 2011 IETF Trust and the persons identified as authors of the -- code. All rights reserved. -- @@ -37,6 +54,82 @@ -- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -- POSSIBILITY OF SUCH DAMAGE. -- +-- +-- Portions of these ASN.1 modules are from Microsoft's MS-WCCE and MS-KILE +-- from the Microsoft Open Specifications Documentation. +-- +-- Intellectual Property Rights Notice for Open Specifications Documentation +-- +-- * Technical Documentation. Microsoft publishes Open Specifications +-- documentation (“this documentation”) for protocols, file formats, +-- data portability, computer languages, and standards +-- support. Additionally, overview documents cover inter-protocol +-- relationships and interactions. +-- +-- * Copyrights. This documentation is covered by Microsoft +-- copyrights. Regardless of any other terms that are contained in +-- the terms of use for the Microsoft website that hosts this +-- documentation, you can make copies of it in order to develop +-- implementations of the technologies that are described in this +-- documentation and can distribute portions of it in your +-- implementations that use these technologies or in your +-- documentation as necessary to properly document the +-- implementation. You can also distribute in your implementation, +-- with or without modification, any schemas, IDLs, or code samples +-- that are included in the documentation. This permission also +-- applies to any documents that are referenced in the Open +-- Specifications documentation. +-- +-- * No Trade Secrets. Microsoft does not claim any trade secret rights +-- in this documentation. +-- +-- * Patents. Microsoft has patents that might cover your +-- implementations of the technologies described in the Open +-- Specifications documentation. Neither this notice nor Microsoft's +-- delivery of this documentation grants any licenses under those +-- patents or any other Microsoft patents. However, a given Open +-- Specifications document might be covered by the Microsoft Open +-- Specifications Promise or the Microsoft Community Promise. If you +-- would prefer a written license, or if the technologies described +-- in this documentation are not covered by the Open Specifications +-- Promise or Community Promise, as applicable, patent licenses are +-- available by contacting iplg@microsoft.com. +-- +-- * License Programs. To see all of the protocols in scope under a +-- specific license program and the associated patents, visit the +-- Patent Map. +-- +-- * Trademarks. The names of companies and products contained in this +-- documentation might be covered by trademarks or similar +-- intellectual property rights. This notice does not grant any +-- licenses under those rights. For a list of Microsoft trademarks, +-- visit www.microsoft.com/trademarks. +-- +-- * Fictitious Names. The example companies, organizations, products, +-- domain names, email addresses, logos, people, places, and events +-- that are depicted in this documentation are fictitious. No +-- association with any real company, organization, product, domain +-- name, email address, logo, person, place, or event is intended or +-- should be inferred. +-- +-- Reservation of Rights. All other rights are reserved, and this notice +-- does not grant any rights other than as specifically described above, +-- whether by implication, estoppel, or otherwise. +-- +-- Tools. The Open Specifications documentation does not require the use +-- of Microsoft programming tools or programming environments in order +-- for you to develop an implementation. If you have access to Microsoft +-- programming tools and environments, you are free to take advantage of +-- them. Certain Open Specifications documents are intended for use in +-- conjunction with publicly available standards specifications and +-- network programming art and, as such, assume that the reader either +-- is familiar with the aforementioned material or has immediate access +-- to it. +-- +-- Support. For questions and support, please contact dochelp@microsoft.com + + + The above is the IPR notice from MS-KILE KerberosV5Spec2 { iso(1) identified-organization(3) dod(6) internet(1) @@ -466,6 +559,939 @@ PA-S4U2Self ::= SEQUENCE { auth [3] KerberosString } +-- PK-INIT + +-- (from RFC 1422) + +-- asn1ate doesn’t support ‘SIGNED’. +-- CertificateRevocationList ::= SIGNED SEQUENCE { +CertificateRevocationList ::= SEQUENCE { + signature AlgorithmIdentifier, + issuer Name, + lastUpdate UTCTime, + nextUpdate UTCTime, + revokedCertificates + SEQUENCE OF CRLEntry OPTIONAL +} + +CRLEntry ::= SEQUENCE{ + userCertificate SerialNumber, + revocationDate UTCTime +} + +-- Not actually defined in an RFC. +SerialNumber ::= INTEGER + +-- (from RFC 2315) + +SignedData-RFC2315 ::= SEQUENCE { + version Version-RFC2315, + digestAlgorithms DigestAlgorithmIdentifiers, + contentInfo ContentInfo, + certificates [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, + signerInfos SignerInfos +} + +Version-RFC2315 ::= INTEGER + +ContentInfo ::= SEQUENCE { + contentType ContentType, + content + [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL +} + +ExtendedCertificatesAndCertificates ::= + SET OF ExtendedCertificateOrCertificate + +ExtendedCertificateOrCertificate ::= CHOICE { + certificate Certificate, -- X.509 + extendedCertificate [0] IMPLICIT ExtendedCertificate +} + +CertificateRevocationLists ::= + SET OF CertificateRevocationList + +-- (from RFC 3279) + +DomainParameters ::= SEQUENCE { + p INTEGER, -- odd prime, p=jq +1 + g INTEGER, -- generator, g + -- Note: RFC 3279 does not mention that ‘q’ is optional. + q INTEGER OPTIONAL, -- factor of p-1 + j INTEGER OPTIONAL, -- subgroup factor + validationParms ValidationParms OPTIONAL +} + +ValidationParms ::= SEQUENCE { + seed BIT STRING, + pgenCounter INTEGER +} + +DHPublicKey ::= INTEGER -- public key, y = g^x mod p + +dhpublicnumber OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) ansi-x942(10046) number-type(2) 1 +} + +md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 2 +} + +md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 5 +} + +id-sha1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) + algorithms(2) 26 +} + +-- (from RFC 3281) + +AttributeCertificate ::= SEQUENCE { + acinfo AttributeCertificateInfo, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING +} + +AttributeCertificateInfo ::= SEQUENCE { + version AttCertVersion, -- version is v2 + holder Holder, + issuer AttCertIssuer, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attrCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL +} + +AttCertVersion ::= INTEGER { v2(1) } + +Holder ::= SEQUENCE { + baseCertificateID [0] IssuerSerial OPTIONAL, + entityName [1] GeneralNames OPTIONAL, + objectDigestInfo [2] ObjectDigestInfo OPTIONAL +} + +ObjectDigestInfo ::= SEQUENCE { + digestedObjectType ENUMERATED { + publicKey (0), + publicKeyCert (1), + otherObjectTypes (2) + }, + -- otherObjectTypes MUST NOT + -- be used in this profile + otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, + digestAlgorithm AlgorithmIdentifier, + objectDigest BIT STRING +} + +-- (from RFC 3370) + +sha1WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) + member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 +} + +-- (from RFC 4556) + +id-pkinit OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) dod(6) internet(1) + security(5) kerberosv5(2) pkinit (3) +} + +id-pkinit-authData OBJECT IDENTIFIER ::= { id-pkinit 1 } + +id-pkinit-DHKeyData OBJECT IDENTIFIER ::= { id-pkinit 2 } + +id-pkinit-rkeyData OBJECT IDENTIFIER ::= { id-pkinit 3 } + +PA-PK-AS-REQ ::= SEQUENCE { + signedAuthPack [0] IMPLICIT OCTET STRING, + trustedCertifiers [1] SEQUENCE OF + ExternalPrincipalIdentifier OPTIONAL, + kdcPkId [2] IMPLICIT OCTET STRING + OPTIONAL, + ... +} + +DHNonce ::= OCTET STRING + +ExternalPrincipalIdentifier ::= SEQUENCE { + subjectName [0] IMPLICIT OCTET STRING OPTIONAL, + issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, + subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, + ... +} + +AuthPack ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, + supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier + OPTIONAL, + clientDHNonce [3] DHNonce OPTIONAL, + ... +} + +PKAuthenticator ::= SEQUENCE { + cusec [0] INTEGER (0..999999), + ctime [1] KerberosTime, + nonce [2] INTEGER (0..4294967295), + paChecksum [3] OCTET STRING OPTIONAL, + freshnessToken [4] OCTET STRING OPTIONAL, + ... +} + +TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF ExternalPrincipalIdentifier +TD-INVALID-CERTIFICATES ::= SEQUENCE OF ExternalPrincipalIdentifier + +KRB5PrincipalName ::= SEQUENCE { + realm [0] Realm, + principalName [1] PrincipalName +} + +AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier + +PA-PK-AS-REP ::= CHOICE { + dhInfo [0] DHRepInfo, + encKeyPack [1] IMPLICIT OCTET STRING, + ... +} + +DHRepInfo ::= SEQUENCE { + dhSignedData [0] IMPLICIT OCTET STRING, + serverDHNonce [1] DHNonce OPTIONAL, + ... +} + +KDCDHKeyInfo ::= SEQUENCE { + subjectPublicKey [0] BIT STRING, + nonce [1] INTEGER (0..4294967295), + dhKeyExpiration [2] KerberosTime OPTIONAL, + ... +} + +ReplyKeyPack ::= SEQUENCE { + replyKey [0] EncryptionKey, + asChecksum [1] Checksum, + ... +} + +TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier + +-- (from RFC 5755) + +Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue + -- at least one value is required +} + +AttCertIssuer ::= CHOICE { + v1Form GeneralNames, -- MUST NOT be used in this + -- profile + v2Form [0] V2Form -- v2 only +} + +V2Form ::= SEQUENCE { + issuerName GeneralNames OPTIONAL, + baseCertificateID [0] IssuerSerial OPTIONAL, + objectDigestInfo [1] ObjectDigestInfo OPTIONAL + -- issuerName MUST be present in this profile + -- baseCertificateID and objectDigestInfo MUST NOT + -- be present in this profile +} + +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL +} + +AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime +} + +-- (from RFC 5280) + +id-ce OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 29 } + +id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } + +SubjectAltName ::= GeneralNames + +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName +GeneralNames ::= SEQUENCE SIZE (1..256) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] OtherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER +} + +OtherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id +} + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString OPTIONAL, + partyName [1] DirectoryString +} + +Name ::= CHOICE { -- only one possibility for now -- + rdnSequence RDNSequence +} + +DirectoryString ::= CHOICE { +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- teletexString TeletexString (SIZE (1..MAX)), +-- printableString PrintableString (SIZE (1..MAX)), +-- universalString UniversalString (SIZE (1..MAX)), +-- utf8String UTF8String (SIZE (1..MAX)), +-- bmpString BMPString (SIZE (1..MAX)) + teletexString TeletexString (SIZE (1..256)), + printableString PrintableString (SIZE (1..256)), + universalString UniversalString (SIZE (1..256)), + utf8String UTF8String (SIZE (1..256)), + bmpString BMPString (SIZE (1..256)) +} + +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING +} + +TBSCertificate ::= SEQUENCE { +-- +-- asn1ate doesn’t support ‘v1’. +-- +-- version [0] EXPLICIT Version DEFAULT v1, + version [0] EXPLICIT Version DEFAULT 1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] EXPLICIT Extensions OPTIONAL + -- If present, version MUST be v3 +} + +Version ::= INTEGER { v1(0), v2(1), v3(2) } + +CertificateSerialNumber ::= INTEGER + +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time +} + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime +} + +UniqueIdentifier ::= BIT STRING + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL +} + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING +} + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +ORAddress ::= SEQUENCE { + built-in-standard-attributes BuiltInStandardAttributes, + built-in-domain-defined-attributes + BuiltInDomainDefinedAttributes OPTIONAL, + -- see also teletex-domain-defined-attributes + extension-attributes ExtensionAttributes OPTIONAL +} + +BuiltInStandardAttributes ::= SEQUENCE { + country-name CountryName OPTIONAL, + administration-domain-name AdministrationDomainName OPTIONAL, + network-address [0] IMPLICIT NetworkAddress OPTIONAL, + -- see also extended-network-address + terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, + private-domain-name [2] PrivateDomainName OPTIONAL, + organization-name [3] IMPLICIT OrganizationName OPTIONAL, + -- see also teletex-organization-name + numeric-user-identifier [4] IMPLICIT NumericUserIdentifier + OPTIONAL, + personal-name [5] IMPLICIT PersonalName OPTIONAL, + -- see also teletex-personal-name + organizational-unit-names [6] IMPLICIT OrganizationalUnitNames + OPTIONAL + -- see also teletex-organizational-unit-names +} + +CountryName ::= [APPLICATION 1] CHOICE { + x121-dcc-code NumericString + (SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) +} + +AdministrationDomainName ::= [APPLICATION 2] CHOICE { + numeric NumericString (SIZE (0..ub-domain-name-length)), + printable PrintableString (SIZE (0..ub-domain-name-length)) +} + +NetworkAddress ::= X121Address -- see also extended-network-address + +X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) + +TerminalIdentifier ::= PrintableString (SIZE (1..ub-terminal-id-length)) + +PrivateDomainName ::= CHOICE { + numeric NumericString (SIZE (1..ub-domain-name-length)), + printable PrintableString (SIZE (1..ub-domain-name-length)) +} + +OrganizationName ::= PrintableString + (SIZE (1..ub-organization-name-length)) + -- see also teletex-organization-name + +NumericUserIdentifier ::= NumericString + (SIZE (1..ub-numeric-user-id-length)) + +PersonalName ::= SET { + surname [0] IMPLICIT PrintableString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT PrintableString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT PrintableString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT PrintableString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL +} + -- see also teletex-personal-name + +OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) + OF OrganizationalUnitName + -- see also teletex-organizational-unit-names + +OrganizationalUnitName ::= PrintableString (SIZE + (1..ub-organizational-unit-name-length)) + +BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF + BuiltInDomainDefinedAttribute + +BuiltInDomainDefinedAttribute ::= SEQUENCE { + type PrintableString (SIZE + (1..ub-domain-defined-attribute-type-length)), + value PrintableString (SIZE + (1..ub-domain-defined-attribute-value-length)) +} + +ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF + ExtensionAttribute + +ExtensionAttribute ::= SEQUENCE { + extension-attribute-type [0] IMPLICIT INTEGER + (0..ub-extension-attributes), + extension-attribute-value [1] + ANY DEFINED BY extension-attribute-type +} + +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension +Extensions ::= SEQUENCE SIZE (1..256) OF Extension + +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING + -- contains the DER encoding of an ASN.1 value + -- corresponding to the extension type identified + -- by extnID +} + +CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING +} + +TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, MUST be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, version MUST be v2 + } OPTIONAL, + crlExtensions [0] EXPLICIT Extensions OPTIONAL + -- if present, version MUST be v2 +} + +ub-name INTEGER ::= 32768 +ub-common-name INTEGER ::= 64 +ub-locality-name INTEGER ::= 128 +ub-state-name INTEGER ::= 128 +ub-organization-name INTEGER ::= 64 +ub-organizational-unit-name INTEGER ::= 64 +ub-title INTEGER ::= 64 +ub-serial-number INTEGER ::= 64 +ub-match INTEGER ::= 128 +ub-emailaddress-length INTEGER ::= 255 +ub-common-name-length INTEGER ::= 64 +ub-country-name-alpha-length INTEGER ::= 2 +ub-country-name-numeric-length INTEGER ::= 3 +ub-domain-defined-attributes INTEGER ::= 4 +ub-domain-defined-attribute-type-length INTEGER ::= 8 +ub-domain-defined-attribute-value-length INTEGER ::= 128 +ub-domain-name-length INTEGER ::= 16 +ub-extension-attributes INTEGER ::= 256 +ub-e163-4-number-length INTEGER ::= 15 +ub-e163-4-sub-address-length INTEGER ::= 40 +ub-generation-qualifier-length INTEGER ::= 3 +ub-given-name-length INTEGER ::= 16 +ub-initials-length INTEGER ::= 5 +ub-integer-options INTEGER ::= 256 +ub-numeric-user-id-length INTEGER ::= 32 +ub-organization-name-length INTEGER ::= 64 +ub-organizational-unit-name-length INTEGER ::= 32 +ub-organizational-units INTEGER ::= 4 +ub-pds-name-length INTEGER ::= 16 +ub-pds-parameter-length INTEGER ::= 30 +ub-pds-physical-address-lines INTEGER ::= 6 +ub-postal-code-length INTEGER ::= 16 +ub-pseudonym INTEGER ::= 128 +ub-surname-length INTEGER ::= 40 +ub-terminal-id-length INTEGER ::= 24 +ub-unformatted-address-length INTEGER ::= 180 +ub-x121-address-length INTEGER ::= 16 + +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue +RelativeDistinguishedName ::= SET SIZE (1..256) OF AttributeTypeAndValue + +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue +} + +AttributeType ::= OBJECT IDENTIFIER + +AttributeValue ::= ANY -- DEFINED BY AttributeType + +-- (from RFC 5652) + +ContentType ::= OBJECT IDENTIFIER + +RevocationInfoChoices ::= SET OF RevocationInfoChoice + +RevocationInfoChoice ::= CHOICE { + crl CertificateList, + other [1] IMPLICIT OtherRevocationInfoFormat +} + +OtherRevocationInfoFormat ::= SEQUENCE { + otherRevInfoFormat OBJECT IDENTIFIER, + otherRevInfo ANY DEFINED BY otherRevInfoFormat +} + +AttributeCertificateV1 ::= SEQUENCE { + acInfo AttributeCertificateInfoV1, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING +} + +AttributeCertificateInfoV1 ::= SEQUENCE { +-- +-- asn1ate doesn’t support ‘v1’. +-- +-- version AttCertVersionV1 DEFAULT v1, + version AttCertVersionV1 DEFAULT 1, + subject CHOICE { + baseCertificateID [0] IssuerSerial, + -- associated with a Public Key Certificate + subjectName [1] GeneralNames }, + -- associated with a name + issuer GeneralNames, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL +} + +AttCertVersionV1 ::= INTEGER { v1(0) } + +ExtendedCertificate ::= SEQUENCE { + extendedCertificateInfo ExtendedCertificateInfo, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature +} + +ExtendedCertificateInfo ::= SEQUENCE { + version CMSVersion, + certificate Certificate, + attributes UnauthAttributes +} + +CertificateChoices ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete + v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete + v2AttrCert [2] IMPLICIT AttributeCertificateV2, + other [3] IMPLICIT OtherCertificateFormat +} + +AttributeCertificateV2 ::= AttributeCertificate + +OtherCertificateFormat ::= SEQUENCE { + otherCertFormat OBJECT IDENTIFIER, + otherCert ANY DEFINED BY otherCertFormat +} + +CertificateSet ::= SET OF CertificateChoices + +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber +} + +CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } + +SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL +} + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +SubjectKeyIdentifier ::= OCTET STRING + +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- SignedAttributes ::= SET SIZE (1..MAX) OF Attribute +SignedAttributes ::= SET SIZE (1..256) OF Attribute + +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute +UnsignedAttributes ::= SET SIZE (1..256) OF Attribute + +Attribute ::= SEQUENCE { + attrType OBJECT IDENTIFIER, + attrValues SET OF AttributeValue +} + +AttributeValue ::= ANY + +SignatureValue ::= OCTET STRING + +SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms DigestAlgorithmIdentifiers, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, + signerInfos SignerInfos +} + +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + +SignerInfos ::= SET OF SignerInfo + +EncapsulatedContentInfo ::= SEQUENCE { + eContentType ContentType, + eContent [0] EXPLICIT OCTET STRING OPTIONAL +} + +EnvelopedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL +} + +OriginatorInfo ::= SEQUENCE { + certs [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL +} + +-- +-- asn1ate doesn't support 'MAX' +-- +-- RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo +RecipientInfos ::= SET SIZE (1..256) OF RecipientInfo + +EncryptedContentInfo ::= SEQUENCE { + contentType ContentType, + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL +} + +EncryptedContent ::= OCTET STRING + +-- +-- asn1ate doesn't support 'MAX' +-- +-- UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute +UnprotectedAttributes ::= SET SIZE (1..256) OF Attribute + +RecipientInfo ::= CHOICE { + ktri KeyTransRecipientInfo, + kari [1] KeyAgreeRecipientInfo, + kekri [2] KEKRecipientInfo, + pwri [3] PasswordRecipientInfo, + ori [4] OtherRecipientInfo +} + +EncryptedKey ::= OCTET STRING + +KeyTransRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 or 2 + rid RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +KeyAgreeRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 3 + originator [0] EXPLICIT OriginatorIdentifierOrKey, + ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + recipientEncryptedKeys RecipientEncryptedKeys +} + +OriginatorIdentifierOrKey ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, + originatorKey [1] OriginatorPublicKey +} + +OriginatorPublicKey ::= SEQUENCE { + algorithm AlgorithmIdentifier, + publicKey BIT STRING +} + +RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + +RecipientEncryptedKey ::= SEQUENCE { + rid KeyAgreeRecipientIdentifier, + encryptedKey EncryptedKey +} + +KeyAgreeRecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + rKeyId [0] IMPLICIT RecipientKeyIdentifier +} + +RecipientKeyIdentifier ::= SEQUENCE { + subjectKeyIdentifier SubjectKeyIdentifier, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL +} + +SubjectKeyIdentifier ::= OCTET STRING + +KEKRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 4 + kekid KEKIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +KEKIdentifier ::= SEQUENCE { + keyIdentifier OCTET STRING, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL +} + +PasswordRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 + keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier + OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +OtherRecipientInfo ::= SEQUENCE { + oriType OBJECT IDENTIFIER, + oriValue ANY DEFINED BY oriType +} + +UserKeyingMaterial ::= OCTET STRING + +OtherKeyAttribute ::= SEQUENCE { + keyAttrId OBJECT IDENTIFIER, + keyAttr ANY DEFINED BY keyAttrId OPTIONAL +} + +MessageDigest ::= OCTET STRING + +id-data OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 +} + +id-signedData OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 +} + +id-envelopedData OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 +} + +id-contentType OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 +} + +id-messageDigest OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 +} + +-- +-- asn1ate doesn’t support ‘MAX’. +-- +-- UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute +UnauthAttributes ::= SET SIZE (1..256) OF Attribute + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +Signature ::= BIT STRING + +-- Other PK-INIT definitions + +id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) + label-less(1) label-less(11) +} + +MS-UPN-SAN ::= UTF8String + +CMSCBCParameter ::= OCTET STRING + +-- (from MS-WCCE) + +szOID-NTDS-CA-SECURITY-EXT OBJECT IDENTIFIER ::= { + iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) + microsoft(311) directory-service(25) 2 +} + +szOID-NTDS-OBJECTSID OBJECT IDENTIFIER ::= { + iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) + microsoft(311) directory-service(25) 2 1 +} + +-- (from RFC 8017) + +rsaEncryption OBJECT IDENTIFIER ::= { + iso(1) + member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 +} + +id-sha512 OBJECT IDENTIFIER ::= { + joint-iso-itu-t (2) country (16) us (840) organization (1) + gov (101) csor (3) nistalgorithm (4) hashalgs (2) 3 +} + +-- (from RFC 8018) + +nistAlgorithms OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) country(16) + us(840) organization(1) + gov(101) csor(3) 4} + +aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 } + +aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 } + +rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549} + +encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3} + +des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7} + +-- + +id-pkinit-ms-san OBJECT IDENTIFIER ::= { + iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) + microsoft(311) 20 2 3 +} + +kdc-authentication OBJECT IDENTIFIER ::= { id-pkinit keyPurposeKdc(5) } + +smartcard-logon OBJECT IDENTIFIER ::= { + iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) + microsoft(311) 20 2 2 +} + +CMSAttributes ::= SET OF Attribute + -- -- -- MS-KILE Start @@ -743,6 +1769,7 @@ PADataTypeValues ::= INTEGER { kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u kRB5-PADATA-REQ-ENC-PA-REP(149), -- + kRB5-PADATA-AS-FRESHNESS(150), -- RFC 8070 kRB5-PADATA-SUPPORTED-ETYPES(165), -- MS-KILE kRB5-PADATA-PAC-OPTIONS(167), -- MS-KILE kRB5-PADATA-GSS(655) -- gss-preauth diff --git a/python/samba/tests/krb5/rfc4120_pyasn1.py b/python/samba/tests/krb5/rfc4120_pyasn1.py index ef77ac19ce3..8bebba681b3 100644 --- a/python/samba/tests/krb5/rfc4120_pyasn1.py +++ b/python/samba/tests/krb5/rfc4120_pyasn1.py @@ -1,5 +1,5 @@ # Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1 -# (last modified on 2022-05-13 20:03:06.039817) +# (last modified on 2023-07-03 09:37:15.502641) # KerberosV5Spec2 from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful @@ -51,6 +51,24 @@ class AD_IF_RELEVANT(AuthorizationData): pass +class ExternalPrincipalIdentifier(univ.Sequence): + pass + + +ExternalPrincipalIdentifier.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('subjectName', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('issuerAndSerialNumber', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('subjectKeyIdentifier', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) + + +class AD_INITIAL_VERIFIED_CAS(univ.SequenceOf): + pass + + +AD_INITIAL_VERIFIED_CAS.componentType = ExternalPrincipalIdentifier() + + class ChecksumType(Int32): pass @@ -295,339 +313,1476 @@ class AS_REQ(KDC_REQ): AS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)) -class AuthDataTypeValues(univ.Integer): +ub_domain_name_length = univ.Integer(16) + + +class AdministrationDomainName(univ.Choice): pass -AuthDataTypeValues.namedValues = namedval.NamedValues( - ('kRB5-AUTHDATA-IF-RELEVANT', 1), - ('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2), - ('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3), - ('kRB5-AUTHDATA-KDC-ISSUED', 4), - ('kRB5-AUTHDATA-AND-OR', 5), - ('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6), - ('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7), - ('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8), - ('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9), - ('kRB5-AUTHDATA-OSF-DCE', 64), - ('kRB5-AUTHDATA-SESAME', 65), - ('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66), - ('kRB5-AUTHDATA-WIN2K-PAC', 128), - ('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129), - ('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17), - ('kRB5-AUTHDATA-SIGNTICKET-OLD', 142), - ('kRB5-AUTHDATA-SIGNTICKET', 512) +AdministrationDomainName.tagSet = univ.Choice.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)) +AdministrationDomainName.componentType = namedtype.NamedTypes( + namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))), + namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))) ) -class AuthDataTypeSequence(univ.Sequence): +class AlgorithmIdentifier(univ.Sequence): pass -AuthDataTypeSequence.componentType = namedtype.NamedTypes( - namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +AlgorithmIdentifier.componentType = namedtype.NamedTypes( + namedtype.NamedType('algorithm', univ.ObjectIdentifier()), + namedtype.OptionalNamedType('parameters', univ.Any()) ) -class EncryptionKey(univ.Sequence): +class DirectoryString(univ.Choice): pass -EncryptionKey.componentType = namedtype.NamedTypes( - namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +DirectoryString.componentType = namedtype.NamedTypes( + namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 256))), + namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 256))), + namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 256))), + namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 256))), + namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 256))) ) -class Microseconds(univ.Integer): +class EDIPartyName(univ.Sequence): pass -Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999) +EDIPartyName.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('partyName', DirectoryString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) +) -class Authenticator(univ.Sequence): +class AttributeType(univ.ObjectIdentifier): pass -Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)) -Authenticator.componentType = namedtype.NamedTypes( - namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), - namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), - namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), - namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), - namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), - namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), - namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) +class AttributeValue(univ.Any): + pass + + +class AttributeTypeAndValue(univ.Sequence): + pass + + +AttributeTypeAndValue.componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeType()), + namedtype.NamedType('value', AttributeValue()) ) -class ChangePasswdDataMS(univ.Sequence): +class RelativeDistinguishedName(univ.SetOf): pass -ChangePasswdDataMS.componentType = namedtype.NamedTypes( - namedtype.NamedType('newpasswd', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.OptionalNamedType('targname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), - namedtype.OptionalNamedType('targrealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +RelativeDistinguishedName.componentType = AttributeTypeAndValue() +RelativeDistinguishedName.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class RDNSequence(univ.SequenceOf): + pass + + +RDNSequence.componentType = RelativeDistinguishedName() + + +class Name(univ.Choice): + pass + + +Name.componentType = namedtype.NamedTypes( + namedtype.NamedType('rdnSequence', RDNSequence()) ) -class ChecksumTypeValues(univ.Integer): +ub_domain_defined_attribute_type_length = univ.Integer(8) + + +ub_domain_defined_attribute_value_length = univ.Integer(128) + + +class BuiltInDomainDefinedAttribute(univ.Sequence): pass -ChecksumTypeValues.namedValues = namedval.NamedValues( - ('kRB5-CKSUMTYPE-NONE', 0), - ('kRB5-CKSUMTYPE-CRC32', 1), - ('kRB5-CKSUMTYPE-RSA-MD4', 2), - ('kRB5-CKSUMTYPE-RSA-MD4-DES', 3), - ('kRB5-CKSUMTYPE-DES-MAC', 4), - ('kRB5-CKSUMTYPE-DES-MAC-K', 5), - ('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6), - ('kRB5-CKSUMTYPE-RSA-MD5', 7), - ('kRB5-CKSUMTYPE-RSA-MD5-DES', 8), - ('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9), - ('kRB5-CKSUMTYPE-SHA1-OTHER', 10), - ('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12), - ('kRB5-CKSUMTYPE-SHA1', 14), - ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15), - ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16), - ('kRB5-CKSUMTYPE-GSSAPI', 32771), - ('kRB5-CKSUMTYPE-HMAC-MD5', -138), - ('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138) +BuiltInDomainDefinedAttribute.componentType = namedtype.NamedTypes( + namedtype.NamedType('type', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))), + namedtype.NamedType('value', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length))) ) -class ChecksumTypeSequence(univ.Sequence): +ub_domain_defined_attributes = univ.Integer(4) + + +class BuiltInDomainDefinedAttributes(univ.SequenceOf): pass -ChecksumTypeSequence.componentType = namedtype.NamedTypes( - namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +BuiltInDomainDefinedAttributes.componentType = BuiltInDomainDefinedAttribute() +BuiltInDomainDefinedAttributes.subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attributes) + + +ub_country_name_alpha_length = univ.Integer(2) + + +ub_country_name_numeric_length = univ.Integer(3) + + +class CountryName(univ.Choice): + pass + + +CountryName.tagSet = univ.Choice.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)) +CountryName.componentType = namedtype.NamedTypes( + namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))), + namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length))) ) -class ETYPE_INFO_ENTRY(univ.Sequence): +ub_x121_address_length = univ.Integer(16) + + +class X121Address(char.NumericString): pass -ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes( - namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +X121Address.subtypeSpec = constraint.ValueSizeConstraint(1, ub_x121_address_length) + + +class NetworkAddress(X121Address): + pass + + +ub_numeric_user_id_length = univ.Integer(32) + + +class NumericUserIdentifier(char.NumericString): + pass + + +NumericUserIdentifier.subtypeSpec = constraint.ValueSizeConstraint(1, ub_numeric_user_id_length) + + +ub_organization_name_length = univ.Integer(64) + + +class OrganizationName(char.PrintableString): + pass + + +OrganizationName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organization_name_length) + + +ub_organizational_unit_name_length = univ.Integer(32) + + +class OrganizationalUnitName(char.PrintableString): + pass + + +OrganizationalUnitName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length) + + +ub_organizational_units = univ.Integer(4) + + +class OrganizationalUnitNames(univ.SequenceOf): + pass + + +OrganizationalUnitNames.componentType = OrganizationalUnitName() +OrganizationalUnitNames.subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_units) + + +ub_generation_qualifier_length = univ.Integer(3) + + +ub_given_name_length = univ.Integer(16) + + +ub_initials_length = univ.Integer(5) + + +ub_surname_length = univ.Integer(40) + + +class PersonalName(univ.Set): + pass + + +PersonalName.componentType = namedtype.NamedTypes( + namedtype.NamedType('surname', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('initials', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) ) -class ETYPE_INFO(univ.SequenceOf): +class PrivateDomainName(univ.Choice): pass -ETYPE_INFO.componentType = ETYPE_INFO_ENTRY() +PrivateDomainName.componentType = namedtype.NamedTypes( + namedtype.NamedType('numeric', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))), + namedtype.NamedType('printable', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))) +) -class ETYPE_INFO2_ENTRY(univ.Sequence): +ub_terminal_id_length = univ.Integer(24) + + +class TerminalIdentifier(char.PrintableString): pass -ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes( - namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +TerminalIdentifier.subtypeSpec = constraint.ValueSizeConstraint(1, ub_terminal_id_length) + + +class BuiltInStandardAttributes(univ.Sequence): + pass + + +BuiltInStandardAttributes.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('country-name', CountryName()), + namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()), + namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), + namedtype.OptionalNamedType('personal-name', PersonalName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), + namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))) ) -class ETYPE_INFO2(univ.SequenceOf): +ub_extension_attributes = univ.Integer(256) + + +class ExtensionAttribute(univ.Sequence): pass -ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY() -ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256) +ExtensionAttribute.componentType = namedtype.NamedTypes( + namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, ub_extension_attributes)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('extension-attribute-value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) -class EncAPRepPart(univ.Sequence): +class ExtensionAttributes(univ.SetOf): pass -EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27)) -EncAPRepPart.componentType = namedtype.NamedTypes( - namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), - namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) +ExtensionAttributes.componentType = ExtensionAttribute() +ExtensionAttributes.subtypeSpec=constraint.ValueSizeConstraint(1, ub_extension_attributes) + + +class ORAddress(univ.Sequence): + pass + + +ORAddress.componentType = namedtype.NamedTypes( + namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()), + namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()), + namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes()) ) -class LastReq(univ.SequenceOf): +class OtherName(univ.Sequence): pass -LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes( - namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) -)) +OtherName.componentType = namedtype.NamedTypes( + namedtype.NamedType('type-id', univ.ObjectIdentifier()), + namedtype.NamedType('value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) -class METHOD_DATA(univ.SequenceOf): +class GeneralName(univ.Choice): pass -METHOD_DATA.componentType = PA_DATA() +GeneralName.componentType = namedtype.NamedTypes( + namedtype.NamedType('otherName', OtherName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('rfc822Name', char.IA5String().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('dNSName', char.IA5String().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.NamedType('x400Address', ORAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.NamedType('directoryName', Name().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), + namedtype.NamedType('ediPartyName', EDIPartyName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))), + namedtype.NamedType('uniformResourceIdentifier', char.IA5String().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), + namedtype.NamedType('iPAddress', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), + namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) +) -class TicketFlags(KerberosFlags): +class GeneralNames(univ.SequenceOf): pass -class EncKDCRepPart(univ.Sequence): +GeneralNames.componentType = GeneralName() +GeneralNames.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class CertificateSerialNumber(univ.Integer): pass -EncKDCRepPart.componentType = namedtype.NamedTypes( - namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), - namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), - namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), - namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), - namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), - namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), - namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), - namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), - namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))), - namedtype.OptionalNamedType('encrypted-pa-data', METHOD_DATA().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12))) +class UniqueIdentifier(univ.BitString): + pass + + +class IssuerSerial(univ.Sequence): + pass + + +IssuerSerial.componentType = namedtype.NamedTypes( + namedtype.NamedType('issuer', GeneralNames()), + namedtype.NamedType('serial', CertificateSerialNumber()), + namedtype.OptionalNamedType('issuerUID', UniqueIdentifier()) ) -class EncASRepPart(EncKDCRepPart): +class ObjectDigestInfo(univ.Sequence): pass -EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25)) +ObjectDigestInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('digestedObjectType', univ.Enumerated(namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))), + namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()), + namedtype.NamedType('digestAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('objectDigest', univ.BitString()) +) -class KrbCredInfo(univ.Sequence): +class V2Form(univ.Sequence): pass -KrbCredInfo.componentType = namedtype.NamedTypes( - namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), - namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), - namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), - namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), - namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), - namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), - namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), - namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), - namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))), - namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))) +V2Form.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('issuerName', GeneralNames()), + namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) ) -class EncKrbCredPart(univ.Sequence): +class AttCertIssuer(univ.Choice): pass -EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29)) -EncKrbCredPart.componentType = namedtype.NamedTypes( - namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), - namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), - namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) +AttCertIssuer.componentType = namedtype.NamedTypes( + namedtype.NamedType('v1Form', GeneralNames()), + namedtype.NamedType('v2Form', V2Form().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) -class EncKrbPrivPart(univ.Sequence): +class AttCertValidityPeriod(univ.Sequence): + pass + + +AttCertValidityPeriod.componentType = namedtype.NamedTypes( + namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()), + namedtype.NamedType('notAfterTime', useful.GeneralizedTime()) +) + + +class AttCertVersion(univ.Integer): + pass + + +AttCertVersion.namedValues = namedval.NamedValues( + ('v2', 1) +) + + +class AttCertVersionV1(univ.Integer): + pass + + +AttCertVersionV1.namedValues = namedval.NamedValues( + ('v1', 0) +) + + +class Attribute(univ.Sequence): + pass + + +Attribute.componentType = namedtype.NamedTypes( + namedtype.NamedType('type', AttributeType()), + namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue())) +) + + +class Attribute(univ.Sequence): + pass + + +Attribute.componentType = namedtype.NamedTypes( + namedtype.NamedType('attrType', univ.ObjectIdentifier()), + namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue())) +) + + +class Extension(univ.Sequence): + pass + + +Extension.componentType = namedtype.NamedTypes( + namedtype.NamedType('extnID', univ.ObjectIdentifier()), + namedtype.DefaultedNamedType('critical', univ.Boolean().subtype(value=0)), + namedtype.NamedType('extnValue', univ.OctetString()) +) + + +class Extensions(univ.SequenceOf): + pass + + +Extensions.componentType = Extension() +Extensions.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class Holder(univ.Sequence): + pass + + +Holder.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('entityName', GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) +) + + +class AttributeCertificateInfo(univ.Sequence): + pass + + +AttributeCertificateInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', AttCertVersion()), + namedtype.NamedType('holder', Holder()), + namedtype.NamedType('issuer', AttCertIssuer()), + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('serialNumber', CertificateSerialNumber()), + namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()), + namedtype.NamedType('attributes', univ.SequenceOf(componentType=Attribute())), + namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier()), + namedtype.OptionalNamedType('extensions', Extensions()) +) + + +class AttributeCertificate(univ.Sequence): + pass + + +AttributeCertificate.componentType = namedtype.NamedTypes( + namedtype.NamedType('acinfo', AttributeCertificateInfo()), + namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('signatureValue', univ.BitString()) +) + + +class AttributeCertificateInfoV1(univ.Sequence): + pass + + +AttributeCertificateInfoV1.componentType = namedtype.NamedTypes( + namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value=1)), + namedtype.NamedType('subject', univ.Choice(componentType=namedtype.NamedTypes( + namedtype.NamedType('baseCertificateID', IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('subjectName', GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) + )) + ), + namedtype.NamedType('issuer', GeneralNames()), + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('serialNumber', CertificateSerialNumber()), + namedtype.NamedType('attCertValidityPeriod', AttCertValidityPeriod()), + namedtype.NamedType('attributes', univ.SequenceOf(componentType=Attribute())), + namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier()), + namedtype.OptionalNamedType('extensions', Extensions()) +) + + +class AttributeCertificateV1(univ.Sequence): + pass + + +AttributeCertificateV1.componentType = namedtype.NamedTypes( + namedtype.NamedType('acInfo', AttributeCertificateInfoV1()), + namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('signature', univ.BitString()) +) + + +class AttributeCertificateV2(AttributeCertificate): + pass + + +class AttributeValue(univ.Any): + pass + + +class AuthDataTypeValues(univ.Integer): + pass + + +AuthDataTypeValues.namedValues = namedval.NamedValues( + ('kRB5-AUTHDATA-IF-RELEVANT', 1), + ('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2), + ('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3), + ('kRB5-AUTHDATA-KDC-ISSUED', 4), + ('kRB5-AUTHDATA-AND-OR', 5), + ('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6), + ('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7), + ('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8), + ('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9), + ('kRB5-AUTHDATA-OSF-DCE', 64), + ('kRB5-AUTHDATA-SESAME', 65), + ('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66), + ('kRB5-AUTHDATA-WIN2K-PAC', 128), + ('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129), + ('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17), + ('kRB5-AUTHDATA-SIGNTICKET-OLD', 142), + ('kRB5-AUTHDATA-SIGNTICKET', 512) +) + + +class AuthDataTypeSequence(univ.Sequence): + pass + + +AuthDataTypeSequence.componentType = namedtype.NamedTypes( + namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class DHNonce(univ.OctetString): + pass + + +class PKAuthenticator(univ.Sequence): + pass + + +PKAuthenticator.componentType = namedtype.NamedTypes( + namedtype.NamedType('cusec', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 999999)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('nonce', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 4294967295)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('paChecksum', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.OptionalNamedType('freshnessToken', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))) +) + + +class SubjectPublicKeyInfo(univ.Sequence): + pass + + +SubjectPublicKeyInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('algorithm', AlgorithmIdentifier()), + namedtype.NamedType('subjectPublicKey', univ.BitString()) +) + + +class AuthPack(univ.Sequence): + pass + + +AuthPack.componentType = namedtype.NamedTypes( + namedtype.NamedType('pkAuthenticator', PKAuthenticator().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('clientPublicValue', SubjectPublicKeyInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('supportedCMSTypes', univ.SequenceOf(componentType=AlgorithmIdentifier()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('clientDHNonce', DHNonce().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) +) + + +class EncryptionKey(univ.Sequence): + pass + + +EncryptionKey.componentType = namedtype.NamedTypes( + namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class Microseconds(univ.Integer): + pass + + +Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999) + + +class Authenticator(univ.Sequence): + pass + + +Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)) +Authenticator.componentType = namedtype.NamedTypes( + namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), + namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), + namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))), + namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), + namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))) +) + + +class CMSAttributes(univ.SetOf): + pass + + +CMSAttributes.componentType = Attribute() + + +class CMSCBCParameter(univ.OctetString): + pass + + +class CMSVersion(univ.Integer): + pass + + +CMSVersion.namedValues = namedval.NamedValues( + ('v0', 0), + ('v1', 1), + ('v2', 2), + ('v3', 3), + ('v4', 4), + ('v5', 5) +) + + +class SerialNumber(univ.Integer): + pass + + +class CRLEntry(univ.Sequence): + pass + + +CRLEntry.componentType = namedtype.NamedTypes( + namedtype.NamedType('userCertificate', SerialNumber()), + namedtype.NamedType('revocationDate', useful.UTCTime()) +) + + +class Time(univ.Choice): + pass + + +Time.componentType = namedtype.NamedTypes( + namedtype.NamedType('utcTime', useful.UTCTime()), + namedtype.NamedType('generalTime', useful.GeneralizedTime()) +) + + +class Validity(univ.Sequence): + pass + + +Validity.componentType = namedtype.NamedTypes( + namedtype.NamedType('notBefore', Time()), + namedtype.NamedType('notAfter', Time()) +) + + +class Version(univ.Integer): + pass + + +Version.namedValues = namedval.NamedValues( + ('v1', 0), + ('v2', 1), + ('v3', 2) +) + + +class TBSCertificate(univ.Sequence): + pass + + +TBSCertificate.componentType = namedtype.NamedTypes( + namedtype.DefaultedNamedType('version', Version().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=1)), + namedtype.NamedType('serialNumber', CertificateSerialNumber()), + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('issuer', Name()), + namedtype.NamedType('validity', Validity()), + namedtype.NamedType('subject', Name()), + namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), + namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('extensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) +) + + +class Certificate(univ.Sequence): + pass + + +Certificate.componentType = namedtype.NamedTypes( + namedtype.NamedType('tbsCertificate', TBSCertificate()), + namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('signatureValue', univ.BitString()) +) + + +class UnauthAttributes(univ.SetOf): + pass + + +UnauthAttributes.componentType = Attribute() +UnauthAttributes.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class ExtendedCertificateInfo(univ.Sequence): + pass + + +ExtendedCertificateInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.NamedType('certificate', Certificate()), + namedtype.NamedType('attributes', UnauthAttributes()) +) + + +class Signature(univ.BitString): + pass + + +class SignatureAlgorithmIdentifier(AlgorithmIdentifier): + pass + + +class ExtendedCertificate(univ.Sequence): + pass + + +ExtendedCertificate.componentType = namedtype.NamedTypes( + namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()), + namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()), + namedtype.NamedType('signature', Signature()) +) + + +class OtherCertificateFormat(univ.Sequence): + pass + + +OtherCertificateFormat.componentType = namedtype.NamedTypes( + namedtype.NamedType('otherCertFormat', univ.ObjectIdentifier()), + namedtype.NamedType('otherCert', univ.Any()) +) + + +class CertificateChoices(univ.Choice): + pass + + +CertificateChoices.componentType = namedtype.NamedTypes( + namedtype.NamedType('certificate', Certificate()), + namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('v1AttrCert', AttributeCertificateV1().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.NamedType('v2AttrCert', AttributeCertificateV2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.NamedType('other', OtherCertificateFormat().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) +) + + +class TBSCertList(univ.Sequence): + pass + + +TBSCertList.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('version', Version()), + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('issuer', Name()), + namedtype.NamedType('thisUpdate', Time()), + namedtype.OptionalNamedType('nextUpdate', Time()), + namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes( + namedtype.NamedType('userCertificate', CertificateSerialNumber()), + namedtype.NamedType('revocationDate', Time()), + namedtype.OptionalNamedType('crlEntryExtensions', Extensions()) + )) + )), + namedtype.OptionalNamedType('crlExtensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class CertificateList(univ.Sequence): + pass + + +CertificateList.componentType = namedtype.NamedTypes( + namedtype.NamedType('tbsCertList', TBSCertList()), + namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), + namedtype.NamedType('signatureValue', univ.BitString()) +) + + +class CertificateRevocationList(univ.Sequence): + pass + + +CertificateRevocationList.componentType = namedtype.NamedTypes( + namedtype.NamedType('signature', AlgorithmIdentifier()), + namedtype.NamedType('issuer', Name()), + namedtype.NamedType('lastUpdate', useful.UTCTime()), + namedtype.NamedType('nextUpdate', useful.UTCTime()), + namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry())) +) + + +class CertificateRevocationLists(univ.SetOf): + pass + + +CertificateRevocationLists.componentType = CertificateRevocationList() + + +class CertificateSet(univ.SetOf): + pass + + +CertificateSet.componentType = CertificateChoices() + + +class ChangePasswdDataMS(univ.Sequence): + pass + + +ChangePasswdDataMS.componentType = namedtype.NamedTypes( + namedtype.NamedType('newpasswd', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('targname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.OptionalNamedType('targrealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) + + +class ChecksumTypeValues(univ.Integer): + pass + + +ChecksumTypeValues.namedValues = namedval.NamedValues( + ('kRB5-CKSUMTYPE-NONE', 0), + ('kRB5-CKSUMTYPE-CRC32', 1), + ('kRB5-CKSUMTYPE-RSA-MD4', 2), + ('kRB5-CKSUMTYPE-RSA-MD4-DES', 3), + ('kRB5-CKSUMTYPE-DES-MAC', 4), + ('kRB5-CKSUMTYPE-DES-MAC-K', 5), + ('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6), + ('kRB5-CKSUMTYPE-RSA-MD5', 7), + ('kRB5-CKSUMTYPE-RSA-MD5-DES', 8), + ('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9), + ('kRB5-CKSUMTYPE-SHA1-OTHER', 10), + ('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12), + ('kRB5-CKSUMTYPE-SHA1', 14), + ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15), + ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16), + ('kRB5-CKSUMTYPE-GSSAPI', 32771), + ('kRB5-CKSUMTYPE-HMAC-MD5', -138), + ('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138) +) + + +class ChecksumTypeSequence(univ.Sequence): + pass + + +ChecksumTypeSequence.componentType = namedtype.NamedTypes( + namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): + pass + + +class ContentType(univ.ObjectIdentifier): + pass + + +class ContentInfo(univ.Sequence): + pass + + +ContentInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('contentType', ContentType()), + namedtype.OptionalNamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class DHPublicKey(univ.Integer): + pass + + +class DHRepInfo(univ.Sequence): + pass + + +DHRepInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('dhSignedData', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('serverDHNonce', DHNonce().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class DigestAlgorithmIdentifier(AlgorithmIdentifier): + pass + + +class DigestAlgorithmIdentifiers(univ.SetOf): + pass + + +DigestAlgorithmIdentifiers.componentType = DigestAlgorithmIdentifier() + + +class ValidationParms(univ.Sequence): + pass + + +ValidationParms.componentType = namedtype.NamedTypes( + namedtype.NamedType('seed', univ.BitString()), + namedtype.NamedType('pgenCounter', univ.Integer()) +) + + +class DomainParameters(univ.Sequence): + pass + + +DomainParameters.componentType = namedtype.NamedTypes( + namedtype.NamedType('p', univ.Integer()), + namedtype.NamedType('g', univ.Integer()), + namedtype.OptionalNamedType('q', univ.Integer()), + namedtype.OptionalNamedType('j', univ.Integer()), + namedtype.OptionalNamedType('validationParms', ValidationParms()) +) + + +class ETYPE_INFO_ENTRY(univ.Sequence): + pass + + +ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes( + namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class ETYPE_INFO(univ.SequenceOf): + pass + + +ETYPE_INFO.componentType = ETYPE_INFO_ENTRY() + + +class ETYPE_INFO2_ENTRY(univ.Sequence): + pass + + +ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes( + namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) + + +class ETYPE_INFO2(univ.SequenceOf): + pass + + +ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY() +ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class EncAPRepPart(univ.Sequence): + pass + + +EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27)) +EncAPRepPart.componentType = namedtype.NamedTypes( + namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) +) + + +class LastReq(univ.SequenceOf): + pass + + +LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes( + namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +)) + + +class METHOD_DATA(univ.SequenceOf): + pass + + +METHOD_DATA.componentType = PA_DATA() + + +class TicketFlags(KerberosFlags): + pass + + +class EncKDCRepPart(univ.Sequence): + pass + + +EncKDCRepPart.componentType = namedtype.NamedTypes( + namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), + namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), + namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), + namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), + namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), + namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), + namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))), + namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))), + namedtype.OptionalNamedType('encrypted-pa-data', METHOD_DATA().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12))) +) + + +class EncASRepPart(EncKDCRepPart): + pass + + +EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25)) + + +class KrbCredInfo(univ.Sequence): + pass + + +KrbCredInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), + namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), + namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), + namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), + namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), + namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))), + namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))) +) + + +class EncKrbCredPart(univ.Sequence): + pass + + +EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29)) +EncKrbCredPart.componentType = namedtype.NamedTypes( + namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), + namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) +) + + +class EncKrbPrivPart(univ.Sequence): + pass + + +EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28)) +EncKrbPrivPart.componentType = namedtype.NamedTypes( + namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), + namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), + namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) +) + + +class EncTGSRepPart(EncKDCRepPart): + pass + + +EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26)) + + +class TransitedEncoding(univ.Sequence): + pass + + +TransitedEncoding.componentType = namedtype.NamedTypes( + namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class EncTicketPart(univ.Sequence): + pass + + +EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)) +EncTicketPart.componentType = namedtype.NamedTypes( + namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), + namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), + namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), + namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), + namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), + namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), + namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))) +) + + +class EncapsulatedContentInfo(univ.Sequence): + pass + + +EncapsulatedContentInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('eContentType', ContentType()), + namedtype.OptionalNamedType('eContent', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class EncryptedContent(univ.OctetString): + pass + + +class EncryptedContentInfo(univ.Sequence): + pass + + +EncryptedContentInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('contentType', ContentType()), + namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()), + namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class EncryptedKey(univ.OctetString): + pass + + +class EncryptionTypeValues(univ.Integer): + pass + + +EncryptionTypeValues.namedValues = namedval.NamedValues( + ('kRB5-ENCTYPE-NULL', 0), + ('kRB5-ENCTYPE-DES-CBC-CRC', 1), + ('kRB5-ENCTYPE-DES-CBC-MD4', 2), + ('kRB5-ENCTYPE-DES-CBC-MD5', 3), + ('kRB5-ENCTYPE-DES3-CBC-MD5', 5), + ('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7), + ('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8), + ('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9), + ('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10), + ('kRB5-ENCTYPE-DES3-CBC-SHA1', 16), + ('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17), + ('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18), + ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23), + ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24), + ('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48), + ('kRB5-ENCTYPE-ARCFOUR-MD4', -128), + ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133), + ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135), + ('kRB5-ENCTYPE-DUMMY', -1111) +) + + +class EncryptionTypeSequence(univ.Sequence): + pass + + +EncryptionTypeSequence.componentType = namedtype.NamedTypes( + namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class OtherRevocationInfoFormat(univ.Sequence): + pass + + +OtherRevocationInfoFormat.componentType = namedtype.NamedTypes( + namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()), + namedtype.NamedType('otherRevInfo', univ.Any()) +) + + +class RevocationInfoChoice(univ.Choice): + pass + + +RevocationInfoChoice.componentType = namedtype.NamedTypes( + namedtype.NamedType('crl', CertificateList()), + namedtype.NamedType('other', OtherRevocationInfoFormat().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) +) + + +class RevocationInfoChoices(univ.SetOf): + pass + + +RevocationInfoChoices.componentType = RevocationInfoChoice() + + +class OriginatorInfo(univ.Sequence): + pass + + +OriginatorInfo.componentType = namedtype.NamedTypes( + namedtype.OptionalNamedType('certs', CertificateSet().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class OtherKeyAttribute(univ.Sequence): + pass + + +OtherKeyAttribute.componentType = namedtype.NamedTypes( + namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()), + namedtype.OptionalNamedType('keyAttr', univ.Any()) +) + + +class KEKIdentifier(univ.Sequence): + pass + + +KEKIdentifier.componentType = namedtype.NamedTypes( + namedtype.NamedType('keyIdentifier', univ.OctetString()), + namedtype.OptionalNamedType('date', useful.GeneralizedTime()), + namedtype.OptionalNamedType('other', OtherKeyAttribute()) +) + + +class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): + pass + + +class KEKRecipientInfo(univ.Sequence): + pass + + +KEKRecipientInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.NamedType('kekid', KEKIdentifier()), + namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()), + namedtype.NamedType('encryptedKey', EncryptedKey()) +) + + +class IssuerAndSerialNumber(univ.Sequence): + pass + + +IssuerAndSerialNumber.componentType = namedtype.NamedTypes( + namedtype.NamedType('issuer', Name()), + namedtype.NamedType('serialNumber', CertificateSerialNumber()) +) + + +class OriginatorPublicKey(univ.Sequence): + pass + + +OriginatorPublicKey.componentType = namedtype.NamedTypes( + namedtype.NamedType('algorithm', AlgorithmIdentifier()), + namedtype.NamedType('publicKey', univ.BitString()) +) + + +class SubjectKeyIdentifier(univ.OctetString): + pass + + +class OriginatorIdentifierOrKey(univ.Choice): + pass + + +OriginatorIdentifierOrKey.componentType = namedtype.NamedTypes( + namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), + namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('originatorKey', OriginatorPublicKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) +) + + +class RecipientKeyIdentifier(univ.Sequence): + pass + + +RecipientKeyIdentifier.componentType = namedtype.NamedTypes( + namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()), + namedtype.OptionalNamedType('date', useful.GeneralizedTime()), + namedtype.OptionalNamedType('other', OtherKeyAttribute()) +) + + +class KeyAgreeRecipientIdentifier(univ.Choice): + pass + + +KeyAgreeRecipientIdentifier.componentType = namedtype.NamedTypes( + namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), + namedtype.NamedType('rKeyId', RecipientKeyIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) +) + + +class RecipientEncryptedKey(univ.Sequence): + pass + + +RecipientEncryptedKey.componentType = namedtype.NamedTypes( + namedtype.NamedType('rid', KeyAgreeRecipientIdentifier()), + namedtype.NamedType('encryptedKey', EncryptedKey()) +) + + +class RecipientEncryptedKeys(univ.SequenceOf): + pass + + +RecipientEncryptedKeys.componentType = RecipientEncryptedKey() + + +class UserKeyingMaterial(univ.OctetString): + pass + + +class KeyAgreeRecipientInfo(univ.Sequence): + pass + + +KeyAgreeRecipientInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.NamedType('originator', OriginatorIdentifierOrKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.OptionalNamedType('ukm', UserKeyingMaterial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()), + namedtype.NamedType('recipientEncryptedKeys', RecipientEncryptedKeys()) +) + + +class RecipientIdentifier(univ.Choice): + pass + + +RecipientIdentifier.componentType = namedtype.NamedTypes( + namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), + namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class KeyTransRecipientInfo(univ.Sequence): + pass + + +KeyTransRecipientInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.NamedType('rid', RecipientIdentifier()), + namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()), + namedtype.NamedType('encryptedKey', EncryptedKey()) +) + + +class OtherRecipientInfo(univ.Sequence): + pass + + +OtherRecipientInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('oriType', univ.ObjectIdentifier()), + namedtype.NamedType('oriValue', univ.Any()) +) + + +class KeyDerivationAlgorithmIdentifier(AlgorithmIdentifier): + pass + + +class PasswordRecipientInfo(univ.Sequence): + pass + + +PasswordRecipientInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.OptionalNamedType('keyDerivationAlgorithm', KeyDerivationAlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()), + namedtype.NamedType('encryptedKey', EncryptedKey()) +) + + +class RecipientInfo(univ.Choice): pass -EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28)) -EncKrbPrivPart.componentType = namedtype.NamedTypes( - namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), - namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), - namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), - namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))) +RecipientInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('ktri', KeyTransRecipientInfo()), + namedtype.NamedType('kari', KeyAgreeRecipientInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), + namedtype.NamedType('kekri', KEKRecipientInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))), + namedtype.NamedType('pwri', PasswordRecipientInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), + namedtype.NamedType('ori', OtherRecipientInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))) ) -class EncTGSRepPart(EncKDCRepPart): +class RecipientInfos(univ.SetOf): pass -EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26)) +RecipientInfos.componentType = RecipientInfo() +RecipientInfos.subtypeSpec=constraint.ValueSizeConstraint(1, 256) -class TransitedEncoding(univ.Sequence): +class UnprotectedAttributes(univ.SetOf): pass -TransitedEncoding.componentType = namedtype.NamedTypes( - namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) -) +UnprotectedAttributes.componentType = Attribute() +UnprotectedAttributes.subtypeSpec=constraint.ValueSizeConstraint(1, 256) -class EncTicketPart(univ.Sequence): +class EnvelopedData(univ.Sequence): pass -EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)) -EncTicketPart.componentType = namedtype.NamedTypes( - namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), - namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), - namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), - namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))), - namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))), - namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), - namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), - namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))), - namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))), - namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))), - namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))) +EnvelopedData.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('recipientInfos', RecipientInfos()), + namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()), + namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) ) -class EncryptionTypeValues(univ.Integer): +class ExtendedCertificateOrCertificate(univ.Choice): pass -EncryptionTypeValues.namedValues = namedval.NamedValues( - ('kRB5-ENCTYPE-NULL', 0), - ('kRB5-ENCTYPE-DES-CBC-CRC', 1), - ('kRB5-ENCTYPE-DES-CBC-MD4', 2), - ('kRB5-ENCTYPE-DES-CBC-MD5', 3), - ('kRB5-ENCTYPE-DES3-CBC-MD5', 5), - ('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7), - ('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8), - ('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9), - ('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10), - ('kRB5-ENCTYPE-DES3-CBC-SHA1', 16), - ('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17), - ('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18), - ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23), - ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24), - ('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48), - ('kRB5-ENCTYPE-ARCFOUR-MD4', -128), - ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133), - ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135), - ('kRB5-ENCTYPE-DUMMY', -1111) +ExtendedCertificateOrCertificate.componentType = namedtype.NamedTypes( + namedtype.NamedType('certificate', Certificate()), + namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))) ) -class EncryptionTypeSequence(univ.Sequence): +class ExtendedCertificatesAndCertificates(univ.SetOf): pass -EncryptionTypeSequence.componentType = namedtype.NamedTypes( - namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) -) +ExtendedCertificatesAndCertificates.componentType = ExtendedCertificateOrCertificate() class FastOptions(univ.BitString): @@ -641,6 +1796,17 @@ FastOptions.namedValues = namedval.NamedValues( ) +class KDCDHKeyInfo(univ.Sequence): + pass + + +KDCDHKeyInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('subjectPublicKey', univ.BitString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('nonce', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 4294967295)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('dhKeyExpiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) + + class KDCOptionsValues(univ.BitString): pass @@ -804,6 +1970,16 @@ KRB_SAFE.componentType = namedtype.NamedTypes( ) +class KRB5PrincipalName(univ.Sequence): + pass + + +KRB5PrincipalName.componentType = namedtype.NamedTypes( + namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('principalName', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) +) + + class KerbErrorDataTypeValues(univ.Integer): pass @@ -889,6 +2065,14 @@ KrbFastResponse.componentType = namedtype.NamedTypes( ) +class MS_UPN_SAN(char.UTF8String): + pass + + +class MessageDigest(univ.OctetString): + pass + + class MessageTypeValues(univ.Integer): pass @@ -991,6 +2175,27 @@ PA_PAC_OPTIONS.componentType = namedtype.NamedTypes( ) +class PA_PK_AS_REP(univ.Choice): + pass + + +PA_PK_AS_REP.componentType = namedtype.NamedTypes( + namedtype.NamedType('dhInfo', DHRepInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('encKeyPack', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class PA_PK_AS_REQ(univ.Sequence): + pass + + +PA_PK_AS_REQ.componentType = namedtype.NamedTypes( + namedtype.NamedType('signedAuthPack', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('trustedCertifiers', univ.SequenceOf(componentType=ExternalPrincipalIdentifier()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType('kdcPkId', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) +) + + class PA_S4U2Self(univ.Sequence): pass @@ -1087,6 +2292,7 @@ PADataTypeValues.namedValues = namedval.NamedValues( ('kRB5-PADATA-PKINIT-KX', 147), ('kRB5-PADATA-PKU2U-NAME', 148), ('kRB5-PADATA-REQ-ENC-PA-REP', 149), + ('kRB5-PADATA-AS-FRESHNESS', 150), ('kRB5-PADATA-SUPPORTED-ETYPES', 165), ('kRB5-PADATA-PAC-OPTIONS', 167), ('kRB5-PADATA-GSS', 655) @@ -1102,6 +2308,129 @@ PADataTypeSequence.componentType = namedtype.NamedTypes( ) +class ReplyKeyPack(univ.Sequence): + pass + + +ReplyKeyPack.componentType = namedtype.NamedTypes( + namedtype.NamedType('replyKey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), + namedtype.NamedType('asChecksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) +) + + +class SignatureValue(univ.OctetString): + pass + + +class SignedAttributes(univ.SetOf): + pass + + +SignedAttributes.componentType = Attribute() +SignedAttributes.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class SignerIdentifier(univ.Choice): + pass + + +SignerIdentifier.componentType = namedtype.NamedTypes( + namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()), + namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))) +) + + +class UnsignedAttributes(univ.SetOf): + pass + + +UnsignedAttributes.componentType = Attribute() +UnsignedAttributes.subtypeSpec=constraint.ValueSizeConstraint(1, 256) + + +class SignerInfo(univ.Sequence): + pass + + +SignerInfo.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.NamedType('sid', SignerIdentifier()), + namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()), + namedtype.OptionalNamedType('signedAttrs', SignedAttributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()), + namedtype.NamedType('signature', SignatureValue()), + namedtype.OptionalNamedType('unsignedAttrs', UnsignedAttributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) +) + + +class SignerInfos(univ.SetOf): + pass + + +SignerInfos.componentType = SignerInfo() + + +class SignedData(univ.Sequence): + pass + + +SignedData.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', CMSVersion()), + namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()), + namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()), + namedtype.OptionalNamedType('certificates', CertificateSet().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('signerInfos', SignerInfos()) +) + + +class Version_RFC2315(univ.Integer): + pass + + +class SignedData_RFC2315(univ.Sequence): + pass + + +SignedData_RFC2315.componentType = namedtype.NamedTypes( + namedtype.NamedType('version', Version_RFC2315()), + namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()), + namedtype.NamedType('contentInfo', ContentInfo()), + namedtype.OptionalNamedType('certificates', CertificateSet().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.NamedType('signerInfos', SignerInfos()) +) + + +class SubjectAltName(GeneralNames): + pass + + +class SubjectKeyIdentifier(univ.OctetString): + pass + + +class TD_DH_PARAMETERS(univ.SequenceOf): + pass + + +TD_DH_PARAMETERS.componentType = AlgorithmIdentifier() + + +class TD_INVALID_CERTIFICATES(univ.SequenceOf): + pass + + +TD_INVALID_CERTIFICATES.componentType = ExternalPrincipalIdentifier() + + +class TD_TRUSTED_CERTIFIERS(univ.SequenceOf): + pass + + +TD_TRUSTED_CERTIFIERS.componentType = ExternalPrincipalIdentifier() + + class TGS_REP(KDC_REP): pass @@ -1160,6 +2489,156 @@ TicketFlagsSequence.componentType = namedtype.NamedTypes( ) +nistAlgorithms = _OID(2, 16, 840, 1, 101, 3, 4) + + +aes = _OID(nistAlgorithms, 1) + + +aes256_CBC_PAD = _OID(aes, 42) + + +rsadsi = _OID(1, 2, 840, 113549) + + +encryptionAlgorithm = _OID(rsadsi, 3) + + +des_EDE3_CBC = _OID(encryptionAlgorithm, 7) + + +dhpublicnumber = _OID(1, 2, 840, 10046, 2, 1) + + +id_ce = _OID(2, 5, 29) + + +id_ce_subjectAltName = _OID(id_ce, 17) + + +id_contentType = _OID(1, 2, 840, 113549, 1, 9, 3) + + +id_data = _OID(1, 2, 840, 113549, 1, 7, 1) + + +id_envelopedData = _OID(1, 2, 840, 113549, 1, 7, 3) + + id_krb5 = _OID(1, 3, 6, 1, 5, 2) +id_messageDigest = _OID(1, 2, 840, 113549, 1, 9, 4) + + +id_pkcs1_sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11) + + +id_pkinit = _OID(1, 3, 6, 1, 5, 2, 3) + + +id_pkinit_DHKeyData = _OID(id_pkinit, 2) + + +id_pkinit_authData = _OID(id_pkinit, 1) + + +id_pkinit_ms_san = _OID(1, 3, 6, 1, 4, 1, 311, 20, 2, 3) + + +id_pkinit_rkeyData = _OID(id_pkinit, 3) + + +id_sha1 = _OID(1, 3, 14, 3, 2, 26) + + +id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3) + + +id_signedData = _OID(1, 2, 840, 113549, 1, 7, 2) + + +kdc_authentication = _OID(id_pkinit, 5) + + +md2 = _OID(1, 2, 840, 113549, 2, 2) + + +md5 = _OID(1, 2, 840, 113549, 2, 5) + + +rsaEncryption = _OID(1, 2, 840, 113549, 1, 1, 1) + + +sha1WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 5) + + +smartcard_logon = _OID(1, 3, 6, 1, 4, 1, 311, 20, 2, 2) + + +szOID_NTDS_CA_SECURITY_EXT = _OID(1, 3, 6, 1, 4, 1, 311, 25, 2) + + +szOID_NTDS_OBJECTSID = _OID(1, 3, 6, 1, 4, 1, 311, 25, 2, 1) + + +ub_common_name = univ.Integer(64) + + +ub_common_name_length = univ.Integer(64) + + +ub_e163_4_number_length = univ.Integer(15) + + +ub_e163_4_sub_address_length = univ.Integer(40) + + +ub_emailaddress_length = univ.Integer(255) + + +ub_integer_options = univ.Integer(256) + + +ub_locality_name = univ.Integer(128) + + +ub_match = univ.Integer(128) + + +ub_name = univ.Integer(32768) + + +ub_organization_name = univ.Integer(64) + + +ub_organizational_unit_name = univ.Integer(64) + + +ub_pds_name_length = univ.Integer(16) + + +ub_pds_parameter_length = univ.Integer(30) + + +ub_pds_physical_address_lines = univ.Integer(6) + + +ub_postal_code_length = univ.Integer(16) + + +ub_pseudonym = univ.Integer(128) + + +ub_serial_number = univ.Integer(64) + + +ub_state_name = univ.Integer(128) + + +ub_title = univ.Integer(64) + + +ub_unformatted_address_length = univ.Integer(180) + + -- 2.11.4.GIT