1# coding: utf-8
2#
3# This file is part of pyasn1-modules software.
4#
5# Created by Stanisław Pitucha with asn1ate tool.
6# Modified by Russ Housley to add support for opentypes.
7#
8# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com>
9# License: http://snmplabs.com/pyasn1/license.html
10#
11# Cryptographic Message Syntax (CMS)
12#
13# ASN.1 source from:
14# http://www.ietf.org/rfc/rfc5652.txt
15#
16from pyasn1.type import constraint
17from pyasn1.type import namedtype
18from pyasn1.type import namedval
19from pyasn1.type import opentype
20from pyasn1.type import tag
21from pyasn1.type import univ
22from pyasn1.type import useful
23
24from pyasn1_modules import rfc3281
25from pyasn1_modules import rfc5280
26
27MAX = float('inf')
28
29
30def _buildOid(*components):
31    output = []
32    for x in tuple(components):
33        if isinstance(x, univ.ObjectIdentifier):
34            output.extend(list(x))
35        else:
36            output.append(int(x))
37
38    return univ.ObjectIdentifier(output)
39
40
41cmsContentTypesMap = { }
42
43cmsAttributesMap = { }
44
45otherKeyAttributesMap = { }
46
47otherCertFormatMap = { }
48
49otherRevInfoFormatMap = { }
50
51otherRecipientInfoMap = { }
52
53
54class AttCertVersionV1(univ.Integer):
55    pass
56
57
58AttCertVersionV1.namedValues = namedval.NamedValues(
59    ('v1', 0)
60)
61
62
63class AttributeCertificateInfoV1(univ.Sequence):
64    pass
65
66
67AttributeCertificateInfoV1.componentType = namedtype.NamedTypes(
68    namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value="v1")),
69    namedtype.NamedType(
70        'subject', univ.Choice(
71            componentType=namedtype.NamedTypes(
72                namedtype.NamedType('baseCertificateID', rfc3281.IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
73                namedtype.NamedType('subjectName', rfc5280.GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
74            )
75        )
76    ),
77    namedtype.NamedType('issuer', rfc5280.GeneralNames()),
78    namedtype.NamedType('signature', rfc5280.AlgorithmIdentifier()),
79    namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber()),
80    namedtype.NamedType('attCertValidityPeriod', rfc3281.AttCertValidityPeriod()),
81    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc5280.Attribute())),
82    namedtype.OptionalNamedType('issuerUniqueID', rfc5280.UniqueIdentifier()),
83    namedtype.OptionalNamedType('extensions', rfc5280.Extensions())
84)
85
86
87class AttributeCertificateV1(univ.Sequence):
88    pass
89
90
91AttributeCertificateV1.componentType = namedtype.NamedTypes(
92    namedtype.NamedType('acInfo', AttributeCertificateInfoV1()),
93    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
94    namedtype.NamedType('signature', univ.BitString())
95)
96
97
98class AttributeValue(univ.Any):
99    pass
100
101
102class Attribute(univ.Sequence):
103    pass
104
105
106Attribute.componentType = namedtype.NamedTypes(
107    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
108    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()),
109        openType=opentype.OpenType('attrType', cmsAttributesMap)
110    )
111)
112
113
114class SignedAttributes(univ.SetOf):
115    pass
116
117
118SignedAttributes.componentType = Attribute()
119SignedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
120
121
122class AttributeCertificateV2(rfc3281.AttributeCertificate):
123    pass
124
125
126class OtherKeyAttribute(univ.Sequence):
127    pass
128
129
130OtherKeyAttribute.componentType = namedtype.NamedTypes(
131    namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()),
132    namedtype.OptionalNamedType('keyAttr', univ.Any(),
133        openType=opentype.OpenType('keyAttrId', otherKeyAttributesMap)
134    )
135)
136
137
138class UnauthAttributes(univ.SetOf):
139    pass
140
141
142UnauthAttributes.componentType = Attribute()
143UnauthAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
144
145id_encryptedData = _buildOid(1, 2, 840, 113549, 1, 7, 6)
146
147
148class SignatureValue(univ.OctetString):
149    pass
150
151
152class IssuerAndSerialNumber(univ.Sequence):
153    pass
154
155
156IssuerAndSerialNumber.componentType = namedtype.NamedTypes(
157    namedtype.NamedType('issuer', rfc5280.Name()),
158    namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber())
159)
160
161
162class SubjectKeyIdentifier(univ.OctetString):
163    pass
164
165
166class RecipientKeyIdentifier(univ.Sequence):
167    pass
168
169
170RecipientKeyIdentifier.componentType = namedtype.NamedTypes(
171    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()),
172    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
173    namedtype.OptionalNamedType('other', OtherKeyAttribute())
174)
175
176
177class KeyAgreeRecipientIdentifier(univ.Choice):
178    pass
179
180
181KeyAgreeRecipientIdentifier.componentType = namedtype.NamedTypes(
182    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
183    namedtype.NamedType('rKeyId', RecipientKeyIdentifier().subtype(
184        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
185)
186
187
188class EncryptedKey(univ.OctetString):
189    pass
190
191
192class RecipientEncryptedKey(univ.Sequence):
193    pass
194
195
196RecipientEncryptedKey.componentType = namedtype.NamedTypes(
197    namedtype.NamedType('rid', KeyAgreeRecipientIdentifier()),
198    namedtype.NamedType('encryptedKey', EncryptedKey())
199)
200
201
202class RecipientEncryptedKeys(univ.SequenceOf):
203    pass
204
205
206RecipientEncryptedKeys.componentType = RecipientEncryptedKey()
207
208
209class MessageAuthenticationCode(univ.OctetString):
210    pass
211
212
213class CMSVersion(univ.Integer):
214    pass
215
216
217CMSVersion.namedValues = namedval.NamedValues(
218    ('v0', 0),
219    ('v1', 1),
220    ('v2', 2),
221    ('v3', 3),
222    ('v4', 4),
223    ('v5', 5)
224)
225
226
227class OtherCertificateFormat(univ.Sequence):
228    pass
229
230
231OtherCertificateFormat.componentType = namedtype.NamedTypes(
232    namedtype.NamedType('otherCertFormat', univ.ObjectIdentifier()),
233    namedtype.NamedType('otherCert', univ.Any(),
234        openType=opentype.OpenType('otherCertFormat', otherCertFormatMap)
235    )
236)
237
238
239class ExtendedCertificateInfo(univ.Sequence):
240    pass
241
242
243ExtendedCertificateInfo.componentType = namedtype.NamedTypes(
244    namedtype.NamedType('version', CMSVersion()),
245    namedtype.NamedType('certificate', rfc5280.Certificate()),
246    namedtype.NamedType('attributes', UnauthAttributes())
247)
248
249
250class Signature(univ.BitString):
251    pass
252
253
254class SignatureAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
255    pass
256
257
258class ExtendedCertificate(univ.Sequence):
259    pass
260
261
262ExtendedCertificate.componentType = namedtype.NamedTypes(
263    namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
264    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
265    namedtype.NamedType('signature', Signature())
266)
267
268
269class CertificateChoices(univ.Choice):
270    pass
271
272
273CertificateChoices.componentType = namedtype.NamedTypes(
274    namedtype.NamedType('certificate', rfc5280.Certificate()),
275    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
276        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
277    namedtype.NamedType('v1AttrCert', AttributeCertificateV1().subtype(
278        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
279    namedtype.NamedType('v2AttrCert', AttributeCertificateV2().subtype(
280        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
281    namedtype.NamedType('other', OtherCertificateFormat().subtype(
282        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
283)
284
285
286class CertificateSet(univ.SetOf):
287    pass
288
289
290CertificateSet.componentType = CertificateChoices()
291
292
293class OtherRevocationInfoFormat(univ.Sequence):
294    pass
295
296
297OtherRevocationInfoFormat.componentType = namedtype.NamedTypes(
298    namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()),
299    namedtype.NamedType('otherRevInfo', univ.Any(),
300        openType=opentype.OpenType('otherRevInfoFormat', otherRevInfoFormatMap)
301    )
302)
303
304
305class RevocationInfoChoice(univ.Choice):
306    pass
307
308
309RevocationInfoChoice.componentType = namedtype.NamedTypes(
310    namedtype.NamedType('crl', rfc5280.CertificateList()),
311    namedtype.NamedType('other', OtherRevocationInfoFormat().subtype(
312        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
313)
314
315
316class RevocationInfoChoices(univ.SetOf):
317    pass
318
319
320RevocationInfoChoices.componentType = RevocationInfoChoice()
321
322
323class OriginatorInfo(univ.Sequence):
324    pass
325
326
327OriginatorInfo.componentType = namedtype.NamedTypes(
328    namedtype.OptionalNamedType('certs', CertificateSet().subtype(
329        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
330    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
331        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
332)
333
334
335class ContentType(univ.ObjectIdentifier):
336    pass
337
338
339class EncryptedContent(univ.OctetString):
340    pass
341
342
343class ContentEncryptionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
344    pass
345
346
347class EncryptedContentInfo(univ.Sequence):
348    pass
349
350
351EncryptedContentInfo.componentType = namedtype.NamedTypes(
352    namedtype.NamedType('contentType', ContentType()),
353    namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
354    namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
355        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
356)
357
358
359class UnprotectedAttributes(univ.SetOf):
360    pass
361
362
363UnprotectedAttributes.componentType = Attribute()
364UnprotectedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
365
366
367class KeyEncryptionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
368    pass
369
370
371class KEKIdentifier(univ.Sequence):
372    pass
373
374
375KEKIdentifier.componentType = namedtype.NamedTypes(
376    namedtype.NamedType('keyIdentifier', univ.OctetString()),
377    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
378    namedtype.OptionalNamedType('other', OtherKeyAttribute())
379)
380
381
382class KEKRecipientInfo(univ.Sequence):
383    pass
384
385
386KEKRecipientInfo.componentType = namedtype.NamedTypes(
387    namedtype.NamedType('version', CMSVersion()),
388    namedtype.NamedType('kekid', KEKIdentifier()),
389    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
390    namedtype.NamedType('encryptedKey', EncryptedKey())
391)
392
393
394class KeyDerivationAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
395    pass
396
397
398class PasswordRecipientInfo(univ.Sequence):
399    pass
400
401
402PasswordRecipientInfo.componentType = namedtype.NamedTypes(
403    namedtype.NamedType('version', CMSVersion()),
404    namedtype.OptionalNamedType('keyDerivationAlgorithm', KeyDerivationAlgorithmIdentifier().subtype(
405        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
406    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
407    namedtype.NamedType('encryptedKey', EncryptedKey())
408)
409
410
411class RecipientIdentifier(univ.Choice):
412    pass
413
414
415RecipientIdentifier.componentType = namedtype.NamedTypes(
416    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
417    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
418        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
419)
420
421
422class KeyTransRecipientInfo(univ.Sequence):
423    pass
424
425
426KeyTransRecipientInfo.componentType = namedtype.NamedTypes(
427    namedtype.NamedType('version', CMSVersion()),
428    namedtype.NamedType('rid', RecipientIdentifier()),
429    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
430    namedtype.NamedType('encryptedKey', EncryptedKey())
431)
432
433
434class UserKeyingMaterial(univ.OctetString):
435    pass
436
437
438class OriginatorPublicKey(univ.Sequence):
439    pass
440
441
442OriginatorPublicKey.componentType = namedtype.NamedTypes(
443    namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
444    namedtype.NamedType('publicKey', univ.BitString())
445)
446
447
448class OriginatorIdentifierOrKey(univ.Choice):
449    pass
450
451
452OriginatorIdentifierOrKey.componentType = namedtype.NamedTypes(
453    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
454    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
455        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
456    namedtype.NamedType('originatorKey', OriginatorPublicKey().subtype(
457        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
458)
459
460
461class KeyAgreeRecipientInfo(univ.Sequence):
462    pass
463
464
465KeyAgreeRecipientInfo.componentType = namedtype.NamedTypes(
466    namedtype.NamedType('version', CMSVersion()),
467    namedtype.NamedType('originator', OriginatorIdentifierOrKey().subtype(
468        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
469    namedtype.OptionalNamedType('ukm', UserKeyingMaterial().subtype(
470        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
471    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
472    namedtype.NamedType('recipientEncryptedKeys', RecipientEncryptedKeys())
473)
474
475
476class OtherRecipientInfo(univ.Sequence):
477    pass
478
479
480OtherRecipientInfo.componentType = namedtype.NamedTypes(
481    namedtype.NamedType('oriType', univ.ObjectIdentifier()),
482    namedtype.NamedType('oriValue', univ.Any(),
483        openType=opentype.OpenType('oriType', otherRecipientInfoMap)
484    )
485)
486
487
488class RecipientInfo(univ.Choice):
489    pass
490
491
492RecipientInfo.componentType = namedtype.NamedTypes(
493    namedtype.NamedType('ktri', KeyTransRecipientInfo()),
494    namedtype.NamedType('kari', KeyAgreeRecipientInfo().subtype(
495        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
496    namedtype.NamedType('kekri', KEKRecipientInfo().subtype(
497        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
498    namedtype.NamedType('pwri', PasswordRecipientInfo().subtype(
499        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
500    namedtype.NamedType('ori', OtherRecipientInfo().subtype(
501        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
502)
503
504
505class RecipientInfos(univ.SetOf):
506    pass
507
508
509RecipientInfos.componentType = RecipientInfo()
510RecipientInfos.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
511
512
513class EnvelopedData(univ.Sequence):
514    pass
515
516
517EnvelopedData.componentType = namedtype.NamedTypes(
518    namedtype.NamedType('version', CMSVersion()),
519    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
520        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
521    namedtype.NamedType('recipientInfos', RecipientInfos()),
522    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
523    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
524        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
525)
526
527
528class DigestAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
529    pass
530
531
532id_ct_contentInfo = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 6)
533
534id_digestedData = _buildOid(1, 2, 840, 113549, 1, 7, 5)
535
536
537class EncryptedData(univ.Sequence):
538    pass
539
540
541EncryptedData.componentType = namedtype.NamedTypes(
542    namedtype.NamedType('version', CMSVersion()),
543    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
544    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
545        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
546)
547
548id_messageDigest = _buildOid(1, 2, 840, 113549, 1, 9, 4)
549
550id_signedData = _buildOid(1, 2, 840, 113549, 1, 7, 2)
551
552
553class MessageAuthenticationCodeAlgorithm(rfc5280.AlgorithmIdentifier):
554    pass
555
556
557class UnsignedAttributes(univ.SetOf):
558    pass
559
560
561UnsignedAttributes.componentType = Attribute()
562UnsignedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
563
564
565class SignerIdentifier(univ.Choice):
566    pass
567
568
569SignerIdentifier.componentType = namedtype.NamedTypes(
570    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
571    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
572        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
573)
574
575
576class SignerInfo(univ.Sequence):
577    pass
578
579
580SignerInfo.componentType = namedtype.NamedTypes(
581    namedtype.NamedType('version', CMSVersion()),
582    namedtype.NamedType('sid', SignerIdentifier()),
583    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
584    namedtype.OptionalNamedType('signedAttrs', SignedAttributes().subtype(
585        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
586    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
587    namedtype.NamedType('signature', SignatureValue()),
588    namedtype.OptionalNamedType('unsignedAttrs', UnsignedAttributes().subtype(
589        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
590)
591
592
593class SignerInfos(univ.SetOf):
594    pass
595
596
597SignerInfos.componentType = SignerInfo()
598
599
600class Countersignature(SignerInfo):
601    pass
602
603
604class ContentInfo(univ.Sequence):
605    pass
606
607
608ContentInfo.componentType = namedtype.NamedTypes(
609    namedtype.NamedType('contentType', ContentType()),
610    namedtype.NamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
611        openType=opentype.OpenType('contentType', cmsContentTypesMap)
612    )
613)
614
615
616class EncapsulatedContentInfo(univ.Sequence):
617    pass
618
619
620EncapsulatedContentInfo.componentType = namedtype.NamedTypes(
621    namedtype.NamedType('eContentType', ContentType()),
622    namedtype.OptionalNamedType('eContent', univ.OctetString().subtype(
623        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
624)
625
626id_countersignature = _buildOid(1, 2, 840, 113549, 1, 9, 6)
627
628id_data = _buildOid(1, 2, 840, 113549, 1, 7, 1)
629
630
631class MessageDigest(univ.OctetString):
632    pass
633
634
635class AuthAttributes(univ.SetOf):
636    pass
637
638
639AuthAttributes.componentType = Attribute()
640AuthAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
641
642
643class Time(univ.Choice):
644    pass
645
646
647Time.componentType = namedtype.NamedTypes(
648    namedtype.NamedType('utcTime', useful.UTCTime()),
649    namedtype.NamedType('generalTime', useful.GeneralizedTime())
650)
651
652
653class AuthenticatedData(univ.Sequence):
654    pass
655
656
657AuthenticatedData.componentType = namedtype.NamedTypes(
658    namedtype.NamedType('version', CMSVersion()),
659    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
660        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
661    namedtype.NamedType('recipientInfos', RecipientInfos()),
662    namedtype.NamedType('macAlgorithm', MessageAuthenticationCodeAlgorithm()),
663    namedtype.OptionalNamedType('digestAlgorithm', DigestAlgorithmIdentifier().subtype(
664        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
665    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
666    namedtype.OptionalNamedType('authAttrs', AuthAttributes().subtype(
667        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
668    namedtype.NamedType('mac', MessageAuthenticationCode()),
669    namedtype.OptionalNamedType('unauthAttrs', UnauthAttributes().subtype(
670        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
671)
672
673id_contentType = _buildOid(1, 2, 840, 113549, 1, 9, 3)
674
675
676class ExtendedCertificateOrCertificate(univ.Choice):
677    pass
678
679
680ExtendedCertificateOrCertificate.componentType = namedtype.NamedTypes(
681    namedtype.NamedType('certificate', rfc5280.Certificate()),
682    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
683        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
684)
685
686
687class Digest(univ.OctetString):
688    pass
689
690
691class DigestedData(univ.Sequence):
692    pass
693
694
695DigestedData.componentType = namedtype.NamedTypes(
696    namedtype.NamedType('version', CMSVersion()),
697    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
698    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
699    namedtype.NamedType('digest', Digest())
700)
701
702id_envelopedData = _buildOid(1, 2, 840, 113549, 1, 7, 3)
703
704
705class DigestAlgorithmIdentifiers(univ.SetOf):
706    pass
707
708
709DigestAlgorithmIdentifiers.componentType = DigestAlgorithmIdentifier()
710
711
712class SignedData(univ.Sequence):
713    pass
714
715
716SignedData.componentType = namedtype.NamedTypes(
717    namedtype.NamedType('version', CMSVersion()),
718    namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
719    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
720    namedtype.OptionalNamedType('certificates', CertificateSet().subtype(
721        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
722    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
723        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
724    namedtype.NamedType('signerInfos', SignerInfos())
725)
726
727id_signingTime = _buildOid(1, 2, 840, 113549, 1, 9, 5)
728
729
730class SigningTime(Time):
731    pass
732
733
734id_ct_authData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 2)
735
736
737# CMS Content Type Map
738
739_cmsContentTypesMapUpdate = {
740    id_ct_contentInfo: ContentInfo(),
741    id_data: univ.OctetString(),
742    id_signedData: SignedData(),
743    id_envelopedData: EnvelopedData(),
744    id_digestedData: DigestedData(),
745    id_encryptedData: EncryptedData(),
746    id_ct_authData: AuthenticatedData(),
747}
748
749cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
750
751
752# CMS Attribute Map
753
754_cmsAttributesMapUpdate = {
755    id_contentType: ContentType(),
756    id_messageDigest: MessageDigest(),
757    id_signingTime: SigningTime(),
758    id_countersignature: Countersignature(),
759}
760
761cmsAttributesMap.update(_cmsAttributesMapUpdate)
762