request.message_parser.cmpΒΆ

Provides classes for parsing CMP PKI messages.

ClassesΒΆ

CmpPkiMessageParsing

Component for parsing CMP-specific PKI messages.

CmpHeaderValidation

Component for validating CMP message headers.

CmpCertificateBodyValidation

Sub-component for validating CMP certificate body for IR and CR message types.

CmpBodyValidation

Component for validating CMP body based on operation context.

CmpMessageParser

Parser for CMP-specific HTTP requests.

Module ContentsΒΆ

class request.message_parser.cmp.CmpPkiMessageParsing[source]ΒΆ

Bases: request.message_parser.base.ParsingComponent, trustpoint.logger.LoggerMixin

Component for parsing CMP-specific PKI messages.

parse(context)[source]ΒΆ

Parse a CMP PKI message.

Parameters:

context (request.request_context.BaseRequestContext)

Return type:

None

_extract_signer_certificate(context)[source]ΒΆ

Extract the CMP signer certificate from extraCerts if available (optional).

Parameters:

context (request.request_context.CmpBaseRequestContext)

Return type:

None

class request.message_parser.cmp.CmpHeaderValidation(cmp_message_version=2, transaction_id_length=16, sender_nonce_length=16, implicit_confirm_oid='1.3.6.1.5.5.7.4.13', implicit_confirm_str_value='0x0500')[source]ΒΆ

Bases: request.message_parser.base.ParsingComponent, trustpoint.logger.LoggerMixin

Component for validating CMP message headers.

Parameters:

  • cmp_message_version (int)

  • transaction_id_length (int)

  • sender_nonce_length (int)

  • implicit_confirm_oid (str)

  • implicit_confirm_str_value (str)

cmp_message_version = 2[source]ΒΆ
transaction_id_length = 16[source]ΒΆ
sender_nonce_length = 16[source]ΒΆ
implicit_confirm_oid = '1.3.6.1.5.5.7.4.13'[source]ΒΆ
implicit_confirm_str_value = '0x0500'[source]ΒΆ
parse(context)[source]ΒΆ

Validate the CMP message header.

Parameters:

context (request.request_context.BaseRequestContext)

Return type:

None

_raise_validation_error(message)[source]ΒΆ

Helper function to raise a ValueError with the given message.

Parameters:

message (str)

Return type:

None

_check_header(serialized_pyasn1_message)[source]ΒΆ

Checks some parts of the header.

Parameters:

serialized_pyasn1_message (pyasn1_modules.rfc4210.PKIMessage)

Return type:

None

class request.message_parser.cmp.CmpCertificateBodyValidation(cert_template_version=2)[source]ΒΆ

Bases: trustpoint.logger.LoggerMixin

Sub-component for validating CMP certificate body for IR and CR message types.

Parameters:

cert_template_version (int)

cert_template_version = 2[source]ΒΆ
_validate_cert_req_messages(cert_req_messages)[source]ΒΆ

Validate the certificate request messages structure.

Parameters:

cert_req_messages (list[pyasn1_modules.rfc2511.CertReqMsg])

Return type:

None

_validate_cert_request(cert_req_msg)[source]ΒΆ

Validate the certificate request message details.

Parameters:

cert_req_msg (pyasn1_modules.rfc2511.CertReqMsg)

Return type:

cryptography.x509.CertificateBuilder

_cert_template_to_builder(cert_template)[source]ΒΆ
Parameters:

cert_template (pyasn1_modules.rfc2511.CertTemplate)

Return type:

cryptography.x509.CertificateBuilder

_raise_validation_error(message)[source]ΒΆ

Helper function to raise a ValueError with the given message.

Parameters:

message (str)

Return type:

Never

_parse_cert_template_extensions(extensions_asn1)[source]ΒΆ

Parse ASN.1 extensions from certTemplate into cryptography extension objects using fallback approach.

Parameters:

extensions_asn1 (pyasn1_modules.rfc2459.Extensions)

Return type:

list[cryptography.x509.Extension[Any]]

_parse_subject_alternative_name(value, *, critical)[source]ΒΆ

Parse Subject Alternative Name extension manually using the working approach.

Parameters:

  • value (bytes)

  • critical (bool)

Return type:

cryptography.x509.Extension[cryptography.x509.SubjectAlternativeName]

_extract_general_names(san_asn1)[source]ΒΆ

Extract general names from SAN ASN.1 structure.

Parameters:

san_asn1 (pyasn1_modules.rfc2459.SubjectAltName)

Return type:

list[cryptography.x509.GeneralName]

_handle_ip_address(name_value, general_names, ipv4_byte_length, ipv6_byte_length)[source]ΒΆ

Handle IP address parsing for SAN.

Parameters:

  • name_value (Any)

  • general_names (list[cryptography.x509.GeneralName])

  • ipv4_byte_length (int)

  • ipv6_byte_length (int)

Return type:

None

_parse_basic_constraints(value, *, critical)[source]ΒΆ

Parse Basic Constraints extension manually.

Parameters:

  • value (bytes)

  • critical (bool)

Return type:

cryptography.x509.Extension[cryptography.x509.BasicConstraints]

static _get_usage_flag(asn1, name)[source]ΒΆ
Parameters:

  • asn1 (pyasn1_modules.rfc2459.KeyUsage)

  • name (str)

Return type:

bool

_parse_key_usage(value, *, critical)[source]ΒΆ

Parse Key Usage extension manually.

Parameters:

  • value (bytes)

  • critical (bool)

Return type:

cryptography.x509.Extension[cryptography.x509.KeyUsage]

_parse_extended_key_usage(value, *, critical)[source]ΒΆ

Parse Extended Key Usage extension manually.

Parameters:

  • value (bytes)

  • critical (bool)

Return type:

cryptography.x509.Extension[cryptography.x509.ExtendedKeyUsage]

_parse_subject_key_identifier(value, *, critical)[source]ΒΆ

Parse Subject Key Identifier extension manually.

Parameters:

  • value (bytes)

  • critical (bool)

Return type:

cryptography.x509.Extension[cryptography.x509.SubjectKeyIdentifier]

_parse_certificate_policies(value, *, critical)[source]ΒΆ

Parse Certificate Policies extension manually.

Parameters:

  • value (bytes)

  • critical (bool)

Return type:

cryptography.x509.Extension[cryptography.x509.CertificatePolicies]

_raise_value_error(message)[source]ΒΆ

Helper function to raise a ValueError with the given message.

Parameters:

message (str)

Return type:

Never

abstractmethod _raise_not_implemented_error(message)[source]ΒΆ

Helper function to raise NotImplementedError with a given message.

Parameters:

message (str)

Return type:

None

parse_ircr_body(context, pki_body, body_type)[source]ΒΆ

Extract the certificate request messages from CMP IR/CR body.

Parameters:
Return type:

None

class request.message_parser.cmp.CmpBodyValidation[source]ΒΆ

Bases: request.message_parser.base.ParsingComponent, trustpoint.logger.LoggerMixin

Component for validating CMP body based on operation context.

parse(context)[source]ΒΆ

Validate the CMP body type and extract the appropriate body.

Parameters:

context (request.request_context.BaseRequestContext)

Return type:

request.request_context.CmpBaseRequestContext

_validate_body_type_supported(body_type)[source]ΒΆ

Validate that the CMP body type is supported by the request pipeline.

Parameters:

body_type (str)

Return type:

None

_operation_from_body_type(body_type)[source]ΒΆ

Map CMP body type to operation.

Parameters:

body_type (str)

Return type:

str | None

_validate_operation_body_match(operation, body_type)[source]ΒΆ

Validate that the operation matches the body type.

Parameters:

  • operation (str | None)

  • body_type (str)

Return type:

None

_raise_value_error(message)[source]ΒΆ

Helper function to raise a ValueError with the given message.

Parameters:

message (str)

Return type:

Never

abstractmethod _raise_not_implemented_error(message)[source]ΒΆ

Helper function to raise NotImplementedError with a given message.

Parameters:

message (str)

Return type:

None

class request.message_parser.cmp.CmpMessageParser[source]ΒΆ

Bases: request.message_parser.base.CompositeParsing

Parser for CMP-specific HTTP requests.