1# 2# This file is part of pyasn1-modules software. 3# 4# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 5# License: http://pyasn1.sf.net/license.html 6# 7# Certificate Management Protocol structures as per RFC4210 8# 9# Based on Alex Railean's work 10# 11from pyasn1.type import tag, namedtype, namedval, univ, constraint, char, useful 12from pyasn1_modules import rfc2459, rfc2511, rfc2314 13 14MAX = float('inf') 15 16 17class KeyIdentifier(univ.OctetString): 18 pass 19 20 21class CMPCertificate(rfc2459.Certificate): 22 pass 23 24 25class OOBCert(CMPCertificate): 26 pass 27 28 29class CertAnnContent(CMPCertificate): 30 pass 31 32 33class PKIFreeText(univ.SequenceOf): 34 """ 35 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String 36 """ 37 componentType = char.UTF8String() 38 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 39 40 41class PollRepContent(univ.SequenceOf): 42 """ 43 PollRepContent ::= SEQUENCE OF SEQUENCE { 44 certReqId INTEGER, 45 checkAfter INTEGER, -- time in seconds 46 reason PKIFreeText OPTIONAL 47 } 48 """ 49 50 class CertReq(univ.Sequence): 51 componentType = namedtype.NamedTypes( 52 namedtype.NamedType('certReqId', univ.Integer()), 53 namedtype.NamedType('checkAfter', univ.Integer()), 54 namedtype.OptionalNamedType('reason', PKIFreeText()) 55 ) 56 57 componentType = CertReq() 58 59 60class PollReqContent(univ.SequenceOf): 61 """ 62 PollReqContent ::= SEQUENCE OF SEQUENCE { 63 certReqId INTEGER 64 } 65 66 """ 67 68 class CertReq(univ.Sequence): 69 componentType = namedtype.NamedTypes( 70 namedtype.NamedType('certReqId', univ.Integer()) 71 ) 72 73 componentType = CertReq() 74 75 76class InfoTypeAndValue(univ.Sequence): 77 """ 78 InfoTypeAndValue ::= SEQUENCE { 79 infoType OBJECT IDENTIFIER, 80 infoValue ANY DEFINED BY infoType OPTIONAL 81 }""" 82 componentType = namedtype.NamedTypes( 83 namedtype.NamedType('infoType', univ.ObjectIdentifier()), 84 namedtype.OptionalNamedType('infoValue', univ.Any()) 85 ) 86 87 88class GenRepContent(univ.SequenceOf): 89 componentType = InfoTypeAndValue() 90 91 92class GenMsgContent(univ.SequenceOf): 93 componentType = InfoTypeAndValue() 94 95 96class PKIConfirmContent(univ.Null): 97 pass 98 99 100class CRLAnnContent(univ.SequenceOf): 101 componentType = rfc2459.CertificateList() 102 103 104class CAKeyUpdAnnContent(univ.Sequence): 105 """ 106 CAKeyUpdAnnContent ::= SEQUENCE { 107 oldWithNew CMPCertificate, 108 newWithOld CMPCertificate, 109 newWithNew CMPCertificate 110 } 111 """ 112 componentType = namedtype.NamedTypes( 113 namedtype.NamedType('oldWithNew', CMPCertificate()), 114 namedtype.NamedType('newWithOld', CMPCertificate()), 115 namedtype.NamedType('newWithNew', CMPCertificate()) 116 ) 117 118 119class RevDetails(univ.Sequence): 120 """ 121 RevDetails ::= SEQUENCE { 122 certDetails CertTemplate, 123 crlEntryDetails Extensions OPTIONAL 124 } 125 """ 126 componentType = namedtype.NamedTypes( 127 namedtype.NamedType('certDetails', rfc2511.CertTemplate()), 128 namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions()) 129 ) 130 131 132class RevReqContent(univ.SequenceOf): 133 componentType = RevDetails() 134 135 136class CertOrEncCert(univ.Choice): 137 """ 138 CertOrEncCert ::= CHOICE { 139 certificate [0] CMPCertificate, 140 encryptedCert [1] EncryptedValue 141 } 142 """ 143 componentType = namedtype.NamedTypes( 144 namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 145 namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 146 ) 147 148 149class CertifiedKeyPair(univ.Sequence): 150 """ 151 CertifiedKeyPair ::= SEQUENCE { 152 certOrEncCert CertOrEncCert, 153 privateKey [0] EncryptedValue OPTIONAL, 154 publicationInfo [1] PKIPublicationInfo OPTIONAL 155 } 156 """ 157 componentType = namedtype.NamedTypes( 158 namedtype.NamedType('certOrEncCert', CertOrEncCert()), 159 namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 160 namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 161 ) 162 163 164class POPODecKeyRespContent(univ.SequenceOf): 165 componentType = univ.Integer() 166 167 168class Challenge(univ.Sequence): 169 """ 170 Challenge ::= SEQUENCE { 171 owf AlgorithmIdentifier OPTIONAL, 172 witness OCTET STRING, 173 challenge OCTET STRING 174 } 175 """ 176 componentType = namedtype.NamedTypes( 177 namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()), 178 namedtype.NamedType('witness', univ.OctetString()), 179 namedtype.NamedType('challenge', univ.OctetString()) 180 ) 181 182 183class PKIStatus(univ.Integer): 184 """ 185 PKIStatus ::= INTEGER { 186 accepted (0), 187 grantedWithMods (1), 188 rejection (2), 189 waiting (3), 190 revocationWarning (4), 191 revocationNotification (5), 192 keyUpdateWarning (6) 193 } 194 """ 195 namedValues = namedval.NamedValues( 196 ('accepted', 0), 197 ('grantedWithMods', 1), 198 ('rejection', 2), 199 ('waiting', 3), 200 ('revocationWarning', 4), 201 ('revocationNotification', 5), 202 ('keyUpdateWarning', 6) 203 ) 204 205 206class PKIFailureInfo(univ.BitString): 207 """ 208 PKIFailureInfo ::= BIT STRING { 209 badAlg (0), 210 badMessageCheck (1), 211 badRequest (2), 212 badTime (3), 213 badCertId (4), 214 badDataFormat (5), 215 wrongAuthority (6), 216 incorrectData (7), 217 missingTimeStamp (8), 218 badPOP (9), 219 certRevoked (10), 220 certConfirmed (11), 221 wrongIntegrity (12), 222 badRecipientNonce (13), 223 timeNotAvailable (14), 224 unacceptedPolicy (15), 225 unacceptedExtension (16), 226 addInfoNotAvailable (17), 227 badSenderNonce (18), 228 badCertTemplate (19), 229 signerNotTrusted (20), 230 transactionIdInUse (21), 231 unsupportedVersion (22), 232 notAuthorized (23), 233 systemUnavail (24), 234 systemFailure (25), 235 duplicateCertReq (26) 236 """ 237 namedValues = namedval.NamedValues( 238 ('badAlg', 0), 239 ('badMessageCheck', 1), 240 ('badRequest', 2), 241 ('badTime', 3), 242 ('badCertId', 4), 243 ('badDataFormat', 5), 244 ('wrongAuthority', 6), 245 ('incorrectData', 7), 246 ('missingTimeStamp', 8), 247 ('badPOP', 9), 248 ('certRevoked', 10), 249 ('certConfirmed', 11), 250 ('wrongIntegrity', 12), 251 ('badRecipientNonce', 13), 252 ('timeNotAvailable', 14), 253 ('unacceptedPolicy', 15), 254 ('unacceptedExtension', 16), 255 ('addInfoNotAvailable', 17), 256 ('badSenderNonce', 18), 257 ('badCertTemplate', 19), 258 ('signerNotTrusted', 20), 259 ('transactionIdInUse', 21), 260 ('unsupportedVersion', 22), 261 ('notAuthorized', 23), 262 ('systemUnavail', 24), 263 ('systemFailure', 25), 264 ('duplicateCertReq', 26) 265 ) 266 267 268class PKIStatusInfo(univ.Sequence): 269 """ 270 PKIStatusInfo ::= SEQUENCE { 271 status PKIStatus, 272 statusString PKIFreeText OPTIONAL, 273 failInfo PKIFailureInfo OPTIONAL 274 } 275 """ 276 componentType = namedtype.NamedTypes( 277 namedtype.NamedType('status', PKIStatus()), 278 namedtype.OptionalNamedType('statusString', PKIFreeText()), 279 namedtype.OptionalNamedType('failInfo', PKIFailureInfo()) 280 ) 281 282 283class ErrorMsgContent(univ.Sequence): 284 """ 285 ErrorMsgContent ::= SEQUENCE { 286 pKIStatusInfo PKIStatusInfo, 287 errorCode INTEGER OPTIONAL, 288 -- implementation-specific error codes 289 errorDetails PKIFreeText OPTIONAL 290 -- implementation-specific error details 291 } 292 """ 293 componentType = namedtype.NamedTypes( 294 namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()), 295 namedtype.OptionalNamedType('errorCode', univ.Integer()), 296 namedtype.OptionalNamedType('errorDetails', PKIFreeText()) 297 ) 298 299 300class CertStatus(univ.Sequence): 301 """ 302 CertStatus ::= SEQUENCE { 303 certHash OCTET STRING, 304 certReqId INTEGER, 305 statusInfo PKIStatusInfo OPTIONAL 306 } 307 """ 308 componentType = namedtype.NamedTypes( 309 namedtype.NamedType('certHash', univ.OctetString()), 310 namedtype.NamedType('certReqId', univ.Integer()), 311 namedtype.OptionalNamedType('statusInfo', PKIStatusInfo()) 312 ) 313 314 315class CertConfirmContent(univ.SequenceOf): 316 componentType = CertStatus() 317 318 319class RevAnnContent(univ.Sequence): 320 """ 321 RevAnnContent ::= SEQUENCE { 322 status PKIStatus, 323 certId CertId, 324 willBeRevokedAt GeneralizedTime, 325 badSinceDate GeneralizedTime, 326 crlDetails Extensions OPTIONAL 327 } 328 """ 329 componentType = namedtype.NamedTypes( 330 namedtype.NamedType('status', PKIStatus()), 331 namedtype.NamedType('certId', rfc2511.CertId()), 332 namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), 333 namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), 334 namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()) 335 ) 336 337 338class RevRepContent(univ.Sequence): 339 """ 340 RevRepContent ::= SEQUENCE { 341 status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, 342 revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId 343 OPTIONAL, 344 crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList 345 OPTIONAL 346 """ 347 componentType = namedtype.NamedTypes( 348 namedtype.NamedType('status', PKIStatusInfo()), 349 namedtype.OptionalNamedType( 350 'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype( 351 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 352 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 353 ) 354 ), 355 namedtype.OptionalNamedType( 356 'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype( 357 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 358 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 359 ) 360 ) 361 ) 362 363 364class KeyRecRepContent(univ.Sequence): 365 """ 366 KeyRecRepContent ::= SEQUENCE { 367 status PKIStatusInfo, 368 newSigCert [0] CMPCertificate OPTIONAL, 369 caCerts [1] SEQUENCE SIZE (1..MAX) OF 370 CMPCertificate OPTIONAL, 371 keyPairHist [2] SEQUENCE SIZE (1..MAX) OF 372 CertifiedKeyPair OPTIONAL 373 } 374 """ 375 componentType = namedtype.NamedTypes( 376 namedtype.NamedType('status', PKIStatusInfo()), 377 namedtype.OptionalNamedType( 378 'newSigCert', CMPCertificate().subtype( 379 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 380 ) 381 ), 382 namedtype.OptionalNamedType( 383 'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype( 384 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), 385 subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 386 ) 387 ), 388 namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype( 389 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2), 390 subtypeSpec=constraint.ValueSizeConstraint(1, MAX)) 391 ) 392 ) 393 394 395class CertResponse(univ.Sequence): 396 """ 397 CertResponse ::= SEQUENCE { 398 certReqId INTEGER, 399 status PKIStatusInfo, 400 certifiedKeyPair CertifiedKeyPair OPTIONAL, 401 rspInfo OCTET STRING OPTIONAL 402 } 403 """ 404 componentType = namedtype.NamedTypes( 405 namedtype.NamedType('certReqId', univ.Integer()), 406 namedtype.NamedType('status', PKIStatusInfo()), 407 namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()), 408 namedtype.OptionalNamedType('rspInfo', univ.OctetString()) 409 ) 410 411 412class CertRepMessage(univ.Sequence): 413 """ 414 CertRepMessage ::= SEQUENCE { 415 caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 416 OPTIONAL, 417 response SEQUENCE OF CertResponse 418 } 419 """ 420 componentType = namedtype.NamedTypes( 421 namedtype.OptionalNamedType( 422 'caPubs', univ.SequenceOf( 423 componentType=CMPCertificate() 424 ).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 425 ), 426 namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse())) 427 ) 428 429 430class POPODecKeyChallContent(univ.SequenceOf): 431 componentType = Challenge() 432 433 434class OOBCertHash(univ.Sequence): 435 """ 436 OOBCertHash ::= SEQUENCE { 437 hashAlg [0] AlgorithmIdentifier OPTIONAL, 438 certId [1] CertId OPTIONAL, 439 hashVal BIT STRING 440 } 441 """ 442 componentType = namedtype.NamedTypes( 443 namedtype.OptionalNamedType( 444 'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) 445 ), 446 namedtype.OptionalNamedType( 447 'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 448 ), 449 namedtype.NamedType('hashVal', univ.BitString()) 450 ) 451 452 453# pyasn1 does not naturally handle recursive definitions, thus this hack: 454# NestedMessageContent ::= PKIMessages 455class NestedMessageContent(univ.SequenceOf): 456 """ 457 NestedMessageContent ::= PKIMessages 458 """ 459 componentType = univ.Any() 460 461 462class DHBMParameter(univ.Sequence): 463 """ 464 DHBMParameter ::= SEQUENCE { 465 owf AlgorithmIdentifier, 466 -- AlgId for a One-Way Function (SHA-1 recommended) 467 mac AlgorithmIdentifier 468 -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], 469 } -- or HMAC [RFC2104, RFC2202]) 470 """ 471 componentType = namedtype.NamedTypes( 472 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 473 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 474 ) 475 476 477id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30') 478 479 480class PBMParameter(univ.Sequence): 481 """ 482 PBMParameter ::= SEQUENCE { 483 salt OCTET STRING, 484 owf AlgorithmIdentifier, 485 iterationCount INTEGER, 486 mac AlgorithmIdentifier 487 } 488 """ 489 componentType = namedtype.NamedTypes( 490 namedtype.NamedType( 491 'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128)) 492 ), 493 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 494 namedtype.NamedType('iterationCount', univ.Integer()), 495 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 496 ) 497 498 499id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13') 500 501 502class PKIProtection(univ.BitString): 503 pass 504 505 506# pyasn1 does not naturally handle recursive definitions, thus this hack: 507# NestedMessageContent ::= PKIMessages 508nestedMessageContent = NestedMessageContent().subtype( 509 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20)) 510 511 512class PKIBody(univ.Choice): 513 """ 514 PKIBody ::= CHOICE { -- message-specific body elements 515 ir [0] CertReqMessages, --Initialization Request 516 ip [1] CertRepMessage, --Initialization Response 517 cr [2] CertReqMessages, --Certification Request 518 cp [3] CertRepMessage, --Certification Response 519 p10cr [4] CertificationRequest, --imported from [PKCS10] 520 popdecc [5] POPODecKeyChallContent, --pop Challenge 521 popdecr [6] POPODecKeyRespContent, --pop Response 522 kur [7] CertReqMessages, --Key Update Request 523 kup [8] CertRepMessage, --Key Update Response 524 krr [9] CertReqMessages, --Key Recovery Request 525 krp [10] KeyRecRepContent, --Key Recovery Response 526 rr [11] RevReqContent, --Revocation Request 527 rp [12] RevRepContent, --Revocation Response 528 ccr [13] CertReqMessages, --Cross-Cert. Request 529 ccp [14] CertRepMessage, --Cross-Cert. Response 530 ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. 531 cann [16] CertAnnContent, --Certificate Ann. 532 rann [17] RevAnnContent, --Revocation Ann. 533 crlann [18] CRLAnnContent, --CRL Announcement 534 pkiconf [19] PKIConfirmContent, --Confirmation 535 nested [20] NestedMessageContent, --Nested Message 536 genm [21] GenMsgContent, --General Message 537 genp [22] GenRepContent, --General Response 538 error [23] ErrorMsgContent, --Error Message 539 certConf [24] CertConfirmContent, --Certificate confirm 540 pollReq [25] PollReqContent, --Polling request 541 pollRep [26] PollRepContent --Polling response 542 543 """ 544 componentType = namedtype.NamedTypes( 545 namedtype.NamedType( 546 'ir', rfc2511.CertReqMessages().subtype( 547 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 548 ) 549 ), 550 namedtype.NamedType( 551 'ip', CertRepMessage().subtype( 552 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 553 ) 554 ), 555 namedtype.NamedType( 556 'cr', rfc2511.CertReqMessages().subtype( 557 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2) 558 ) 559 ), 560 namedtype.NamedType( 561 'cp', CertRepMessage().subtype( 562 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3) 563 ) 564 ), 565 namedtype.NamedType( 566 'p10cr', rfc2314.CertificationRequest().subtype( 567 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4) 568 ) 569 ), 570 namedtype.NamedType( 571 'popdecc', POPODecKeyChallContent().subtype( 572 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5) 573 ) 574 ), 575 namedtype.NamedType( 576 'popdecr', POPODecKeyRespContent().subtype( 577 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6) 578 ) 579 ), 580 namedtype.NamedType( 581 'kur', rfc2511.CertReqMessages().subtype( 582 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7) 583 ) 584 ), 585 namedtype.NamedType( 586 'kup', CertRepMessage().subtype( 587 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8) 588 ) 589 ), 590 namedtype.NamedType( 591 'krr', rfc2511.CertReqMessages().subtype( 592 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9) 593 ) 594 ), 595 namedtype.NamedType( 596 'krp', KeyRecRepContent().subtype( 597 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10) 598 ) 599 ), 600 namedtype.NamedType( 601 'rr', RevReqContent().subtype( 602 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11) 603 ) 604 ), 605 namedtype.NamedType( 606 'rp', RevRepContent().subtype( 607 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12) 608 ) 609 ), 610 namedtype.NamedType( 611 'ccr', rfc2511.CertReqMessages().subtype( 612 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13) 613 ) 614 ), 615 namedtype.NamedType( 616 'ccp', CertRepMessage().subtype( 617 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14) 618 ) 619 ), 620 namedtype.NamedType( 621 'ckuann', CAKeyUpdAnnContent().subtype( 622 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15) 623 ) 624 ), 625 namedtype.NamedType( 626 'cann', CertAnnContent().subtype( 627 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16) 628 ) 629 ), 630 namedtype.NamedType( 631 'rann', RevAnnContent().subtype( 632 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17) 633 ) 634 ), 635 namedtype.NamedType( 636 'crlann', CRLAnnContent().subtype( 637 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18) 638 ) 639 ), 640 namedtype.NamedType( 641 'pkiconf', PKIConfirmContent().subtype( 642 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19) 643 ) 644 ), 645 namedtype.NamedType( 646 'nested', nestedMessageContent 647 ), 648 # namedtype.NamedType('nested', NestedMessageContent().subtype( 649 # explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20) 650 # ) 651 # ), 652 namedtype.NamedType( 653 'genm', GenMsgContent().subtype( 654 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21) 655 ) 656 ), 657 namedtype.NamedType( 658 'gen', GenRepContent().subtype( 659 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22) 660 ) 661 ), 662 namedtype.NamedType( 663 'error', ErrorMsgContent().subtype( 664 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23) 665 ) 666 ), 667 namedtype.NamedType( 668 'certConf', CertConfirmContent().subtype( 669 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24) 670 ) 671 ), 672 namedtype.NamedType( 673 'pollReq', PollReqContent().subtype( 674 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25) 675 ) 676 ), 677 namedtype.NamedType( 678 'pollRep', PollRepContent().subtype( 679 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26) 680 ) 681 ) 682 ) 683 684 685class PKIHeader(univ.Sequence): 686 """ 687 PKIHeader ::= SEQUENCE { 688 pvno INTEGER { cmp1999(1), cmp2000(2) }, 689 sender GeneralName, 690 recipient GeneralName, 691 messageTime [0] GeneralizedTime OPTIONAL, 692 protectionAlg [1] AlgorithmIdentifier OPTIONAL, 693 senderKID [2] KeyIdentifier OPTIONAL, 694 recipKID [3] KeyIdentifier OPTIONAL, 695 transactionID [4] OCTET STRING OPTIONAL, 696 senderNonce [5] OCTET STRING OPTIONAL, 697 recipNonce [6] OCTET STRING OPTIONAL, 698 freeText [7] PKIFreeText OPTIONAL, 699 generalInfo [8] SEQUENCE SIZE (1..MAX) OF 700 InfoTypeAndValue OPTIONAL 701 } 702 703 """ 704 componentType = namedtype.NamedTypes( 705 namedtype.NamedType( 706 'pvno', univ.Integer( 707 namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)) 708 ) 709 ), 710 namedtype.NamedType('sender', rfc2459.GeneralName()), 711 namedtype.NamedType('recipient', rfc2459.GeneralName()), 712 namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( 713 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 714 namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( 715 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 716 namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( 717 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 718 namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( 719 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 720 namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( 721 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 722 namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( 723 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 724 namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( 725 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 726 namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( 727 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), 728 namedtype.OptionalNamedType('generalInfo', 729 univ.SequenceOf( 730 componentType=InfoTypeAndValue().subtype( 731 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 732 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) 733 ) 734 ) 735 ) 736 ) 737 738 739class ProtectedPart(univ.Sequence): 740 """ 741 ProtectedPart ::= SEQUENCE { 742 header PKIHeader, 743 body PKIBody 744 } 745 """ 746 componentType = namedtype.NamedTypes( 747 namedtype.NamedType('header', PKIHeader()), 748 namedtype.NamedType('infoValue', PKIBody()) 749 ) 750 751 752class PKIMessage(univ.Sequence): 753 """ 754 PKIMessage ::= SEQUENCE { 755 header PKIHeader, 756 body PKIBody, 757 protection [0] PKIProtection OPTIONAL, 758 extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 759 OPTIONAL 760 }""" 761 componentType = namedtype.NamedTypes( 762 namedtype.NamedType('header', PKIHeader()), 763 namedtype.NamedType('body', PKIBody()), 764 namedtype.OptionalNamedType('protection', PKIProtection().subtype( 765 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 766 namedtype.OptionalNamedType('extraCerts', 767 univ.SequenceOf( 768 componentType=CMPCertificate() 769 ).subtype( 770 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 771 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 772 ) 773 ) 774 ) 775 776 777class PKIMessages(univ.SequenceOf): 778 """ 779 PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage 780 """ 781 componentType = PKIMessage() 782 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 783 784 785# pyasn1 does not naturally handle recursive definitions, thus this hack: 786# NestedMessageContent ::= PKIMessages 787NestedMessageContent._componentType = PKIMessages() 788nestedMessageContent._componentType = PKIMessages() 789