1# coding: utf-8 2# 3# This file is part of pyasn1-modules software. 4# 5# Created by Stanisław Pitucha with asn1ate tool. 6# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 7# License: http://pyasn1.sf.net/license.html 8# 9# Certificate Management over CMS (CMC) Updates 10# 11# ASN.1 source from: 12# http://www.ietf.org/rfc/rfc6402.txt 13# 14from pyasn1.type import char 15from pyasn1.type import constraint 16from pyasn1.type import namedtype 17from pyasn1.type import namedval 18from pyasn1.type import tag 19from pyasn1.type import univ 20from pyasn1.type import useful 21 22from pyasn1_modules import rfc4211 23from pyasn1_modules import rfc5280 24from pyasn1_modules import rfc5652 25 26MAX = float('inf') 27 28 29def _buildOid(*components): 30 output = [] 31 for x in tuple(components): 32 if isinstance(x, univ.ObjectIdentifier): 33 output.extend(list(x)) 34 else: 35 output.append(int(x)) 36 37 return univ.ObjectIdentifier(output) 38 39 40class ChangeSubjectName(univ.Sequence): 41 pass 42 43 44ChangeSubjectName.componentType = namedtype.NamedTypes( 45 namedtype.OptionalNamedType('subject', rfc5280.Name()), 46 namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames()) 47) 48 49 50class AttributeValue(univ.Any): 51 pass 52 53 54class CMCStatus(univ.Integer): 55 pass 56 57 58CMCStatus.namedValues = namedval.NamedValues( 59 ('success', 0), 60 ('failed', 2), 61 ('pending', 3), 62 ('noSupport', 4), 63 ('confirmRequired', 5), 64 ('popRequired', 6), 65 ('partial', 7) 66) 67 68 69class PendInfo(univ.Sequence): 70 pass 71 72 73PendInfo.componentType = namedtype.NamedTypes( 74 namedtype.NamedType('pendToken', univ.OctetString()), 75 namedtype.NamedType('pendTime', useful.GeneralizedTime()) 76) 77 78bodyIdMax = univ.Integer(4294967295) 79 80 81class BodyPartID(univ.Integer): 82 pass 83 84 85BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax) 86 87 88class BodyPartPath(univ.SequenceOf): 89 pass 90 91 92BodyPartPath.componentType = BodyPartID() 93BodyPartPath.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 94 95 96class BodyPartReference(univ.Choice): 97 pass 98 99 100BodyPartReference.componentType = namedtype.NamedTypes( 101 namedtype.NamedType('bodyPartID', BodyPartID()), 102 namedtype.NamedType('bodyPartPath', BodyPartPath()) 103) 104 105 106class CMCFailInfo(univ.Integer): 107 pass 108 109 110CMCFailInfo.namedValues = namedval.NamedValues( 111 ('badAlg', 0), 112 ('badMessageCheck', 1), 113 ('badRequest', 2), 114 ('badTime', 3), 115 ('badCertId', 4), 116 ('unsupportedExt', 5), 117 ('mustArchiveKeys', 6), 118 ('badIdentity', 7), 119 ('popRequired', 8), 120 ('popFailed', 9), 121 ('noKeyReuse', 10), 122 ('internalCAError', 11), 123 ('tryLater', 12), 124 ('authDataFail', 13) 125) 126 127 128class CMCStatusInfoV2(univ.Sequence): 129 pass 130 131 132CMCStatusInfoV2.componentType = namedtype.NamedTypes( 133 namedtype.NamedType('cMCStatus', CMCStatus()), 134 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())), 135 namedtype.OptionalNamedType('statusString', char.UTF8String()), 136 namedtype.OptionalNamedType( 137 'otherInfo', univ.Choice( 138 componentType=namedtype.NamedTypes( 139 namedtype.NamedType('failInfo', CMCFailInfo()), 140 namedtype.NamedType('pendInfo', PendInfo()), 141 namedtype.NamedType( 142 'extendedFailInfo', univ.Sequence( 143 componentType=namedtype.NamedTypes( 144 namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()), 145 namedtype.NamedType('failInfoValue', AttributeValue())) 146 ) 147 ) 148 ) 149 ) 150 ) 151) 152 153 154class GetCRL(univ.Sequence): 155 pass 156 157 158GetCRL.componentType = namedtype.NamedTypes( 159 namedtype.NamedType('issuerName', rfc5280.Name()), 160 namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()), 161 namedtype.OptionalNamedType('time', useful.GeneralizedTime()), 162 namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags()) 163) 164 165id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7) 166 167id_cmc = _buildOid(id_pkix, 7) 168 169id_cmc_batchResponses = _buildOid(id_cmc, 29) 170 171id_cmc_popLinkWitness = _buildOid(id_cmc, 23) 172 173 174class PopLinkWitnessV2(univ.Sequence): 175 pass 176 177 178PopLinkWitnessV2.componentType = namedtype.NamedTypes( 179 namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()), 180 namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()), 181 namedtype.NamedType('witness', univ.OctetString()) 182) 183 184id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33) 185 186id_cmc_identityProofV2 = _buildOid(id_cmc, 34) 187 188id_cmc_revokeRequest = _buildOid(id_cmc, 17) 189 190id_cmc_recipientNonce = _buildOid(id_cmc, 7) 191 192 193class ControlsProcessed(univ.Sequence): 194 pass 195 196 197ControlsProcessed.componentType = namedtype.NamedTypes( 198 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())) 199) 200 201 202class CertificationRequest(univ.Sequence): 203 pass 204 205 206CertificationRequest.componentType = namedtype.NamedTypes( 207 namedtype.NamedType( 208 'certificationRequestInfo', univ.Sequence( 209 componentType=namedtype.NamedTypes( 210 namedtype.NamedType('version', univ.Integer()), 211 namedtype.NamedType('subject', rfc5280.Name()), 212 namedtype.NamedType( 213 'subjectPublicKeyInfo', univ.Sequence( 214 componentType=namedtype.NamedTypes( 215 namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()), 216 namedtype.NamedType('subjectPublicKey', univ.BitString()) 217 ) 218 ) 219 ), 220 namedtype.NamedType( 221 'attributes', univ.SetOf( 222 componentType=rfc5652.Attribute()).subtype( 223 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) 224 ) 225 ) 226 ) 227 ), 228 namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()), 229 namedtype.NamedType('signature', univ.BitString()) 230) 231 232 233class TaggedCertificationRequest(univ.Sequence): 234 pass 235 236 237TaggedCertificationRequest.componentType = namedtype.NamedTypes( 238 namedtype.NamedType('bodyPartID', BodyPartID()), 239 namedtype.NamedType('certificationRequest', CertificationRequest()) 240) 241 242 243class TaggedRequest(univ.Choice): 244 pass 245 246 247TaggedRequest.componentType = namedtype.NamedTypes( 248 namedtype.NamedType('tcr', TaggedCertificationRequest().subtype( 249 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 250 namedtype.NamedType('crm', 251 rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 252 namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes( 253 namedtype.NamedType('bodyPartID', BodyPartID()), 254 namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()), 255 namedtype.NamedType('requestMessageValue', univ.Any()) 256 )) 257 .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 258) 259 260id_cmc_popLinkRandom = _buildOid(id_cmc, 22) 261 262id_cmc_statusInfo = _buildOid(id_cmc, 1) 263 264id_cmc_trustedAnchors = _buildOid(id_cmc, 26) 265 266id_cmc_transactionId = _buildOid(id_cmc, 5) 267 268id_cmc_encryptedPOP = _buildOid(id_cmc, 9) 269 270 271class PublishTrustAnchors(univ.Sequence): 272 pass 273 274 275PublishTrustAnchors.componentType = namedtype.NamedTypes( 276 namedtype.NamedType('seqNumber', univ.Integer()), 277 namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()), 278 namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString())) 279) 280 281 282class RevokeRequest(univ.Sequence): 283 pass 284 285 286RevokeRequest.componentType = namedtype.NamedTypes( 287 namedtype.NamedType('issuerName', rfc5280.Name()), 288 namedtype.NamedType('serialNumber', univ.Integer()), 289 namedtype.NamedType('reason', rfc5280.CRLReason()), 290 namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()), 291 namedtype.OptionalNamedType('passphrase', univ.OctetString()), 292 namedtype.OptionalNamedType('comment', char.UTF8String()) 293) 294 295id_cmc_senderNonce = _buildOid(id_cmc, 6) 296 297id_cmc_authData = _buildOid(id_cmc, 27) 298 299 300class TaggedContentInfo(univ.Sequence): 301 pass 302 303 304TaggedContentInfo.componentType = namedtype.NamedTypes( 305 namedtype.NamedType('bodyPartID', BodyPartID()), 306 namedtype.NamedType('contentInfo', rfc5652.ContentInfo()) 307) 308 309 310class IdentifyProofV2(univ.Sequence): 311 pass 312 313 314IdentifyProofV2.componentType = namedtype.NamedTypes( 315 namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()), 316 namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()), 317 namedtype.NamedType('witness', univ.OctetString()) 318) 319 320 321class CMCPublicationInfo(univ.Sequence): 322 pass 323 324 325CMCPublicationInfo.componentType = namedtype.NamedTypes( 326 namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()), 327 namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())), 328 namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo()) 329) 330 331id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27) 332 333id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24) 334 335id_cmc_raIdentityWitness = _buildOid(id_cmc, 35) 336 337id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14) 338 339id_cct = _buildOid(id_pkix, 12) 340 341id_cct_PKIData = _buildOid(id_cct, 2) 342 343id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28) 344 345 346class CMCStatusInfo(univ.Sequence): 347 pass 348 349 350CMCStatusInfo.componentType = namedtype.NamedTypes( 351 namedtype.NamedType('cMCStatus', CMCStatus()), 352 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())), 353 namedtype.OptionalNamedType('statusString', char.UTF8String()), 354 namedtype.OptionalNamedType( 355 'otherInfo', univ.Choice( 356 componentType=namedtype.NamedTypes( 357 namedtype.NamedType('failInfo', CMCFailInfo()), 358 namedtype.NamedType('pendInfo', PendInfo()) 359 ) 360 ) 361 ) 362) 363 364 365class DecryptedPOP(univ.Sequence): 366 pass 367 368 369DecryptedPOP.componentType = namedtype.NamedTypes( 370 namedtype.NamedType('bodyPartID', BodyPartID()), 371 namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()), 372 namedtype.NamedType('thePOP', univ.OctetString()) 373) 374 375id_cmc_addExtensions = _buildOid(id_cmc, 8) 376 377id_cmc_modCertTemplate = _buildOid(id_cmc, 31) 378 379 380class TaggedAttribute(univ.Sequence): 381 pass 382 383 384TaggedAttribute.componentType = namedtype.NamedTypes( 385 namedtype.NamedType('bodyPartID', BodyPartID()), 386 namedtype.NamedType('attrType', univ.ObjectIdentifier()), 387 namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue())) 388) 389 390 391class OtherMsg(univ.Sequence): 392 pass 393 394 395OtherMsg.componentType = namedtype.NamedTypes( 396 namedtype.NamedType('bodyPartID', BodyPartID()), 397 namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()), 398 namedtype.NamedType('otherMsgValue', univ.Any()) 399) 400 401 402class PKIData(univ.Sequence): 403 pass 404 405 406PKIData.componentType = namedtype.NamedTypes( 407 namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())), 408 namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())), 409 namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())), 410 namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg())) 411) 412 413 414class BodyPartList(univ.SequenceOf): 415 pass 416 417 418BodyPartList.componentType = BodyPartID() 419BodyPartList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 420 421id_cmc_responseBody = _buildOid(id_cmc, 37) 422 423 424class AuthPublish(BodyPartID): 425 pass 426 427 428class CMCUnsignedData(univ.Sequence): 429 pass 430 431 432CMCUnsignedData.componentType = namedtype.NamedTypes( 433 namedtype.NamedType('bodyPartPath', BodyPartPath()), 434 namedtype.NamedType('identifier', univ.ObjectIdentifier()), 435 namedtype.NamedType('content', univ.Any()) 436) 437 438 439class CMCCertId(rfc5652.IssuerAndSerialNumber): 440 pass 441 442 443class PKIResponse(univ.Sequence): 444 pass 445 446 447PKIResponse.componentType = namedtype.NamedTypes( 448 namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())), 449 namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())), 450 namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg())) 451) 452 453 454class ResponseBody(PKIResponse): 455 pass 456 457 458id_cmc_statusInfoV2 = _buildOid(id_cmc, 25) 459 460id_cmc_lraPOPWitness = _buildOid(id_cmc, 11) 461 462 463class ModCertTemplate(univ.Sequence): 464 pass 465 466 467ModCertTemplate.componentType = namedtype.NamedTypes( 468 namedtype.NamedType('pkiDataReference', BodyPartPath()), 469 namedtype.NamedType('certReferences', BodyPartList()), 470 namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)), 471 namedtype.NamedType('certTemplate', rfc4211.CertTemplate()) 472) 473 474id_cmc_regInfo = _buildOid(id_cmc, 18) 475 476id_cmc_identityProof = _buildOid(id_cmc, 3) 477 478 479class ExtensionReq(univ.SequenceOf): 480 pass 481 482 483ExtensionReq.componentType = rfc5280.Extension() 484ExtensionReq.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 485 486id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28) 487 488id_cmc_publishCert = _buildOid(id_cmc, 30) 489 490id_cmc_dataReturn = _buildOid(id_cmc, 4) 491 492 493class LraPopWitness(univ.Sequence): 494 pass 495 496 497LraPopWitness.componentType = namedtype.NamedTypes( 498 namedtype.NamedType('pkiDataBodyid', BodyPartID()), 499 namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID())) 500) 501 502id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2) 503 504id_aa_cmc_unsignedData = _buildOid(id_aa, 34) 505 506id_cmc_getCert = _buildOid(id_cmc, 15) 507 508id_cmc_batchRequests = _buildOid(id_cmc, 28) 509 510id_cmc_decryptedPOP = _buildOid(id_cmc, 10) 511 512id_cmc_responseInfo = _buildOid(id_cmc, 19) 513 514id_cmc_changeSubjectName = _buildOid(id_cmc, 36) 515 516 517class GetCert(univ.Sequence): 518 pass 519 520 521GetCert.componentType = namedtype.NamedTypes( 522 namedtype.NamedType('issuerName', rfc5280.GeneralName()), 523 namedtype.NamedType('serialNumber', univ.Integer()) 524) 525 526id_cmc_identification = _buildOid(id_cmc, 2) 527 528id_cmc_queryPending = _buildOid(id_cmc, 21) 529 530 531class AddExtensions(univ.Sequence): 532 pass 533 534 535AddExtensions.componentType = namedtype.NamedTypes( 536 namedtype.NamedType('pkiDataReference', BodyPartID()), 537 namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())), 538 namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension())) 539) 540 541 542class EncryptedPOP(univ.Sequence): 543 pass 544 545 546EncryptedPOP.componentType = namedtype.NamedTypes( 547 namedtype.NamedType('request', TaggedRequest()), 548 namedtype.NamedType('cms', rfc5652.ContentInfo()), 549 namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()), 550 namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()), 551 namedtype.NamedType('witness', univ.OctetString()) 552) 553 554id_cmc_getCRL = _buildOid(id_cmc, 16) 555 556id_cct_PKIResponse = _buildOid(id_cct, 3) 557 558id_cmc_controlProcessed = _buildOid(id_cmc, 32) 559 560 561class NoSignatureValue(univ.OctetString): 562 pass 563 564 565id_ad_cmc = _buildOid(rfc5280.id_ad, 12) 566 567id_alg_noSignature = _buildOid(id_pkix, 6, 2) 568