1# 2# This file is part of pyasn1-modules software. 3# 4# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> 5# License: http://snmplabs.com/pyasn1/license.html 6# 7# Certificate Management Protocol structures as per RFC4210 8# 9# Based on Alex Railean's work 10# 11from pyasn1.type import char 12from pyasn1.type import constraint 13from pyasn1.type import namedtype 14from pyasn1.type import namedval 15from pyasn1.type import tag 16from pyasn1.type import univ 17from pyasn1.type import useful 18 19from pyasn1_modules import rfc2314 20from pyasn1_modules import rfc2459 21from pyasn1_modules import rfc2511 22 23MAX = float('inf') 24 25 26class KeyIdentifier(univ.OctetString): 27 pass 28 29 30class CMPCertificate(rfc2459.Certificate): 31 pass 32 33 34class OOBCert(CMPCertificate): 35 pass 36 37 38class CertAnnContent(CMPCertificate): 39 pass 40 41 42class PKIFreeText(univ.SequenceOf): 43 """ 44 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String 45 """ 46 componentType = char.UTF8String() 47 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 48 49 50class PollRepContent(univ.SequenceOf): 51 """ 52 PollRepContent ::= SEQUENCE OF SEQUENCE { 53 certReqId INTEGER, 54 checkAfter INTEGER, -- time in seconds 55 reason PKIFreeText OPTIONAL 56 } 57 """ 58 59 class CertReq(univ.Sequence): 60 componentType = namedtype.NamedTypes( 61 namedtype.NamedType('certReqId', univ.Integer()), 62 namedtype.NamedType('checkAfter', univ.Integer()), 63 namedtype.OptionalNamedType('reason', PKIFreeText()) 64 ) 65 66 componentType = CertReq() 67 68 69class PollReqContent(univ.SequenceOf): 70 """ 71 PollReqContent ::= SEQUENCE OF SEQUENCE { 72 certReqId INTEGER 73 } 74 75 """ 76 77 class CertReq(univ.Sequence): 78 componentType = namedtype.NamedTypes( 79 namedtype.NamedType('certReqId', univ.Integer()) 80 ) 81 82 componentType = CertReq() 83 84 85class InfoTypeAndValue(univ.Sequence): 86 """ 87 InfoTypeAndValue ::= SEQUENCE { 88 infoType OBJECT IDENTIFIER, 89 infoValue ANY DEFINED BY infoType OPTIONAL 90 }""" 91 componentType = namedtype.NamedTypes( 92 namedtype.NamedType('infoType', univ.ObjectIdentifier()), 93 namedtype.OptionalNamedType('infoValue', univ.Any()) 94 ) 95 96 97class GenRepContent(univ.SequenceOf): 98 componentType = InfoTypeAndValue() 99 100 101class GenMsgContent(univ.SequenceOf): 102 componentType = InfoTypeAndValue() 103 104 105class PKIConfirmContent(univ.Null): 106 pass 107 108 109class CRLAnnContent(univ.SequenceOf): 110 componentType = rfc2459.CertificateList() 111 112 113class CAKeyUpdAnnContent(univ.Sequence): 114 """ 115 CAKeyUpdAnnContent ::= SEQUENCE { 116 oldWithNew CMPCertificate, 117 newWithOld CMPCertificate, 118 newWithNew CMPCertificate 119 } 120 """ 121 componentType = namedtype.NamedTypes( 122 namedtype.NamedType('oldWithNew', CMPCertificate()), 123 namedtype.NamedType('newWithOld', CMPCertificate()), 124 namedtype.NamedType('newWithNew', CMPCertificate()) 125 ) 126 127 128class RevDetails(univ.Sequence): 129 """ 130 RevDetails ::= SEQUENCE { 131 certDetails CertTemplate, 132 crlEntryDetails Extensions OPTIONAL 133 } 134 """ 135 componentType = namedtype.NamedTypes( 136 namedtype.NamedType('certDetails', rfc2511.CertTemplate()), 137 namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions()) 138 ) 139 140 141class RevReqContent(univ.SequenceOf): 142 componentType = RevDetails() 143 144 145class CertOrEncCert(univ.Choice): 146 """ 147 CertOrEncCert ::= CHOICE { 148 certificate [0] CMPCertificate, 149 encryptedCert [1] EncryptedValue 150 } 151 """ 152 componentType = namedtype.NamedTypes( 153 namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 154 namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 155 ) 156 157 158class CertifiedKeyPair(univ.Sequence): 159 """ 160 CertifiedKeyPair ::= SEQUENCE { 161 certOrEncCert CertOrEncCert, 162 privateKey [0] EncryptedValue OPTIONAL, 163 publicationInfo [1] PKIPublicationInfo OPTIONAL 164 } 165 """ 166 componentType = namedtype.NamedTypes( 167 namedtype.NamedType('certOrEncCert', CertOrEncCert()), 168 namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 169 namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 170 ) 171 172 173class POPODecKeyRespContent(univ.SequenceOf): 174 componentType = univ.Integer() 175 176 177class Challenge(univ.Sequence): 178 """ 179 Challenge ::= SEQUENCE { 180 owf AlgorithmIdentifier OPTIONAL, 181 witness OCTET STRING, 182 challenge OCTET STRING 183 } 184 """ 185 componentType = namedtype.NamedTypes( 186 namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()), 187 namedtype.NamedType('witness', univ.OctetString()), 188 namedtype.NamedType('challenge', univ.OctetString()) 189 ) 190 191 192class PKIStatus(univ.Integer): 193 """ 194 PKIStatus ::= INTEGER { 195 accepted (0), 196 grantedWithMods (1), 197 rejection (2), 198 waiting (3), 199 revocationWarning (4), 200 revocationNotification (5), 201 keyUpdateWarning (6) 202 } 203 """ 204 namedValues = namedval.NamedValues( 205 ('accepted', 0), 206 ('grantedWithMods', 1), 207 ('rejection', 2), 208 ('waiting', 3), 209 ('revocationWarning', 4), 210 ('revocationNotification', 5), 211 ('keyUpdateWarning', 6) 212 ) 213 214 215class PKIFailureInfo(univ.BitString): 216 """ 217 PKIFailureInfo ::= BIT STRING { 218 badAlg (0), 219 badMessageCheck (1), 220 badRequest (2), 221 badTime (3), 222 badCertId (4), 223 badDataFormat (5), 224 wrongAuthority (6), 225 incorrectData (7), 226 missingTimeStamp (8), 227 badPOP (9), 228 certRevoked (10), 229 certConfirmed (11), 230 wrongIntegrity (12), 231 badRecipientNonce (13), 232 timeNotAvailable (14), 233 unacceptedPolicy (15), 234 unacceptedExtension (16), 235 addInfoNotAvailable (17), 236 badSenderNonce (18), 237 badCertTemplate (19), 238 signerNotTrusted (20), 239 transactionIdInUse (21), 240 unsupportedVersion (22), 241 notAuthorized (23), 242 systemUnavail (24), 243 systemFailure (25), 244 duplicateCertReq (26) 245 """ 246 namedValues = namedval.NamedValues( 247 ('badAlg', 0), 248 ('badMessageCheck', 1), 249 ('badRequest', 2), 250 ('badTime', 3), 251 ('badCertId', 4), 252 ('badDataFormat', 5), 253 ('wrongAuthority', 6), 254 ('incorrectData', 7), 255 ('missingTimeStamp', 8), 256 ('badPOP', 9), 257 ('certRevoked', 10), 258 ('certConfirmed', 11), 259 ('wrongIntegrity', 12), 260 ('badRecipientNonce', 13), 261 ('timeNotAvailable', 14), 262 ('unacceptedPolicy', 15), 263 ('unacceptedExtension', 16), 264 ('addInfoNotAvailable', 17), 265 ('badSenderNonce', 18), 266 ('badCertTemplate', 19), 267 ('signerNotTrusted', 20), 268 ('transactionIdInUse', 21), 269 ('unsupportedVersion', 22), 270 ('notAuthorized', 23), 271 ('systemUnavail', 24), 272 ('systemFailure', 25), 273 ('duplicateCertReq', 26) 274 ) 275 276 277class PKIStatusInfo(univ.Sequence): 278 """ 279 PKIStatusInfo ::= SEQUENCE { 280 status PKIStatus, 281 statusString PKIFreeText OPTIONAL, 282 failInfo PKIFailureInfo OPTIONAL 283 } 284 """ 285 componentType = namedtype.NamedTypes( 286 namedtype.NamedType('status', PKIStatus()), 287 namedtype.OptionalNamedType('statusString', PKIFreeText()), 288 namedtype.OptionalNamedType('failInfo', PKIFailureInfo()) 289 ) 290 291 292class ErrorMsgContent(univ.Sequence): 293 """ 294 ErrorMsgContent ::= SEQUENCE { 295 pKIStatusInfo PKIStatusInfo, 296 errorCode INTEGER OPTIONAL, 297 -- implementation-specific error codes 298 errorDetails PKIFreeText OPTIONAL 299 -- implementation-specific error details 300 } 301 """ 302 componentType = namedtype.NamedTypes( 303 namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()), 304 namedtype.OptionalNamedType('errorCode', univ.Integer()), 305 namedtype.OptionalNamedType('errorDetails', PKIFreeText()) 306 ) 307 308 309class CertStatus(univ.Sequence): 310 """ 311 CertStatus ::= SEQUENCE { 312 certHash OCTET STRING, 313 certReqId INTEGER, 314 statusInfo PKIStatusInfo OPTIONAL 315 } 316 """ 317 componentType = namedtype.NamedTypes( 318 namedtype.NamedType('certHash', univ.OctetString()), 319 namedtype.NamedType('certReqId', univ.Integer()), 320 namedtype.OptionalNamedType('statusInfo', PKIStatusInfo()) 321 ) 322 323 324class CertConfirmContent(univ.SequenceOf): 325 componentType = CertStatus() 326 327 328class RevAnnContent(univ.Sequence): 329 """ 330 RevAnnContent ::= SEQUENCE { 331 status PKIStatus, 332 certId CertId, 333 willBeRevokedAt GeneralizedTime, 334 badSinceDate GeneralizedTime, 335 crlDetails Extensions OPTIONAL 336 } 337 """ 338 componentType = namedtype.NamedTypes( 339 namedtype.NamedType('status', PKIStatus()), 340 namedtype.NamedType('certId', rfc2511.CertId()), 341 namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), 342 namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), 343 namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()) 344 ) 345 346 347class RevRepContent(univ.Sequence): 348 """ 349 RevRepContent ::= SEQUENCE { 350 status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, 351 revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId 352 OPTIONAL, 353 crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList 354 OPTIONAL 355 """ 356 componentType = namedtype.NamedTypes( 357 namedtype.NamedType('status', PKIStatusInfo( 358 sizeSpec=constraint.ValueSizeConstraint(1, MAX))), 359 namedtype.OptionalNamedType( 360 'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype( 361 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 362 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 363 ) 364 ), 365 namedtype.OptionalNamedType( 366 'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype( 367 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 368 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 369 ) 370 ) 371 ) 372 373 374class KeyRecRepContent(univ.Sequence): 375 """ 376 KeyRecRepContent ::= SEQUENCE { 377 status PKIStatusInfo, 378 newSigCert [0] CMPCertificate OPTIONAL, 379 caCerts [1] SEQUENCE SIZE (1..MAX) OF 380 CMPCertificate OPTIONAL, 381 keyPairHist [2] SEQUENCE SIZE (1..MAX) OF 382 CertifiedKeyPair OPTIONAL 383 } 384 """ 385 componentType = namedtype.NamedTypes( 386 namedtype.NamedType('status', PKIStatusInfo()), 387 namedtype.OptionalNamedType( 388 'newSigCert', CMPCertificate().subtype( 389 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 390 ) 391 ), 392 namedtype.OptionalNamedType( 393 'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype( 394 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), 395 sizeSpec=constraint.ValueSizeConstraint(1, MAX) 396 ) 397 ), 398 namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype( 399 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2), 400 sizeSpec=constraint.ValueSizeConstraint(1, MAX)) 401 ) 402 ) 403 404 405class CertResponse(univ.Sequence): 406 """ 407 CertResponse ::= SEQUENCE { 408 certReqId INTEGER, 409 status PKIStatusInfo, 410 certifiedKeyPair CertifiedKeyPair OPTIONAL, 411 rspInfo OCTET STRING OPTIONAL 412 } 413 """ 414 componentType = namedtype.NamedTypes( 415 namedtype.NamedType('certReqId', univ.Integer()), 416 namedtype.NamedType('status', PKIStatusInfo()), 417 namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()), 418 namedtype.OptionalNamedType('rspInfo', univ.OctetString()) 419 ) 420 421 422class CertRepMessage(univ.Sequence): 423 """ 424 CertRepMessage ::= SEQUENCE { 425 caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 426 OPTIONAL, 427 response SEQUENCE OF CertResponse 428 } 429 """ 430 componentType = namedtype.NamedTypes( 431 namedtype.OptionalNamedType( 432 'caPubs', univ.SequenceOf( 433 componentType=CMPCertificate() 434 ).subtype(sizeSpec=constraint.ValueSizeConstraint(1, MAX), 435 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 436 ), 437 namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse())) 438 ) 439 440 441class POPODecKeyChallContent(univ.SequenceOf): 442 componentType = Challenge() 443 444 445class OOBCertHash(univ.Sequence): 446 """ 447 OOBCertHash ::= SEQUENCE { 448 hashAlg [0] AlgorithmIdentifier OPTIONAL, 449 certId [1] CertId OPTIONAL, 450 hashVal BIT STRING 451 } 452 """ 453 componentType = namedtype.NamedTypes( 454 namedtype.OptionalNamedType( 455 'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) 456 ), 457 namedtype.OptionalNamedType( 458 'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 459 ), 460 namedtype.NamedType('hashVal', univ.BitString()) 461 ) 462 463 464# pyasn1 does not naturally handle recursive definitions, thus this hack: 465# NestedMessageContent ::= PKIMessages 466class NestedMessageContent(univ.SequenceOf): 467 """ 468 NestedMessageContent ::= PKIMessages 469 """ 470 componentType = univ.Any() 471 472 473class DHBMParameter(univ.Sequence): 474 """ 475 DHBMParameter ::= SEQUENCE { 476 owf AlgorithmIdentifier, 477 -- AlgId for a One-Way Function (SHA-1 recommended) 478 mac AlgorithmIdentifier 479 -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], 480 } -- or HMAC [RFC2104, RFC2202]) 481 """ 482 componentType = namedtype.NamedTypes( 483 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 484 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 485 ) 486 487 488id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30') 489 490 491class PBMParameter(univ.Sequence): 492 """ 493 PBMParameter ::= SEQUENCE { 494 salt OCTET STRING, 495 owf AlgorithmIdentifier, 496 iterationCount INTEGER, 497 mac AlgorithmIdentifier 498 } 499 """ 500 componentType = namedtype.NamedTypes( 501 namedtype.NamedType( 502 'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128)) 503 ), 504 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 505 namedtype.NamedType('iterationCount', univ.Integer()), 506 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 507 ) 508 509 510id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13') 511 512 513class PKIProtection(univ.BitString): 514 pass 515 516 517# pyasn1 does not naturally handle recursive definitions, thus this hack: 518# NestedMessageContent ::= PKIMessages 519nestedMessageContent = NestedMessageContent().subtype( 520 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20)) 521 522 523class PKIBody(univ.Choice): 524 """ 525 PKIBody ::= CHOICE { -- message-specific body elements 526 ir [0] CertReqMessages, --Initialization Request 527 ip [1] CertRepMessage, --Initialization Response 528 cr [2] CertReqMessages, --Certification Request 529 cp [3] CertRepMessage, --Certification Response 530 p10cr [4] CertificationRequest, --imported from [PKCS10] 531 popdecc [5] POPODecKeyChallContent, --pop Challenge 532 popdecr [6] POPODecKeyRespContent, --pop Response 533 kur [7] CertReqMessages, --Key Update Request 534 kup [8] CertRepMessage, --Key Update Response 535 krr [9] CertReqMessages, --Key Recovery Request 536 krp [10] KeyRecRepContent, --Key Recovery Response 537 rr [11] RevReqContent, --Revocation Request 538 rp [12] RevRepContent, --Revocation Response 539 ccr [13] CertReqMessages, --Cross-Cert. Request 540 ccp [14] CertRepMessage, --Cross-Cert. Response 541 ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. 542 cann [16] CertAnnContent, --Certificate Ann. 543 rann [17] RevAnnContent, --Revocation Ann. 544 crlann [18] CRLAnnContent, --CRL Announcement 545 pkiconf [19] PKIConfirmContent, --Confirmation 546 nested [20] NestedMessageContent, --Nested Message 547 genm [21] GenMsgContent, --General Message 548 genp [22] GenRepContent, --General Response 549 error [23] ErrorMsgContent, --Error Message 550 certConf [24] CertConfirmContent, --Certificate confirm 551 pollReq [25] PollReqContent, --Polling request 552 pollRep [26] PollRepContent --Polling response 553 554 """ 555 componentType = namedtype.NamedTypes( 556 namedtype.NamedType( 557 'ir', rfc2511.CertReqMessages().subtype( 558 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 559 ) 560 ), 561 namedtype.NamedType( 562 'ip', CertRepMessage().subtype( 563 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 564 ) 565 ), 566 namedtype.NamedType( 567 'cr', rfc2511.CertReqMessages().subtype( 568 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2) 569 ) 570 ), 571 namedtype.NamedType( 572 'cp', CertRepMessage().subtype( 573 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3) 574 ) 575 ), 576 namedtype.NamedType( 577 'p10cr', rfc2314.CertificationRequest().subtype( 578 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4) 579 ) 580 ), 581 namedtype.NamedType( 582 'popdecc', POPODecKeyChallContent().subtype( 583 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5) 584 ) 585 ), 586 namedtype.NamedType( 587 'popdecr', POPODecKeyRespContent().subtype( 588 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6) 589 ) 590 ), 591 namedtype.NamedType( 592 'kur', rfc2511.CertReqMessages().subtype( 593 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7) 594 ) 595 ), 596 namedtype.NamedType( 597 'kup', CertRepMessage().subtype( 598 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8) 599 ) 600 ), 601 namedtype.NamedType( 602 'krr', rfc2511.CertReqMessages().subtype( 603 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9) 604 ) 605 ), 606 namedtype.NamedType( 607 'krp', KeyRecRepContent().subtype( 608 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10) 609 ) 610 ), 611 namedtype.NamedType( 612 'rr', RevReqContent().subtype( 613 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11) 614 ) 615 ), 616 namedtype.NamedType( 617 'rp', RevRepContent().subtype( 618 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12) 619 ) 620 ), 621 namedtype.NamedType( 622 'ccr', rfc2511.CertReqMessages().subtype( 623 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13) 624 ) 625 ), 626 namedtype.NamedType( 627 'ccp', CertRepMessage().subtype( 628 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14) 629 ) 630 ), 631 namedtype.NamedType( 632 'ckuann', CAKeyUpdAnnContent().subtype( 633 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15) 634 ) 635 ), 636 namedtype.NamedType( 637 'cann', CertAnnContent().subtype( 638 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16) 639 ) 640 ), 641 namedtype.NamedType( 642 'rann', RevAnnContent().subtype( 643 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17) 644 ) 645 ), 646 namedtype.NamedType( 647 'crlann', CRLAnnContent().subtype( 648 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18) 649 ) 650 ), 651 namedtype.NamedType( 652 'pkiconf', PKIConfirmContent().subtype( 653 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19) 654 ) 655 ), 656 namedtype.NamedType( 657 'nested', nestedMessageContent 658 ), 659 # namedtype.NamedType('nested', NestedMessageContent().subtype( 660 # explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20) 661 # ) 662 # ), 663 namedtype.NamedType( 664 'genm', GenMsgContent().subtype( 665 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21) 666 ) 667 ), 668 namedtype.NamedType( 669 'gen', GenRepContent().subtype( 670 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22) 671 ) 672 ), 673 namedtype.NamedType( 674 'error', ErrorMsgContent().subtype( 675 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23) 676 ) 677 ), 678 namedtype.NamedType( 679 'certConf', CertConfirmContent().subtype( 680 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24) 681 ) 682 ), 683 namedtype.NamedType( 684 'pollReq', PollReqContent().subtype( 685 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25) 686 ) 687 ), 688 namedtype.NamedType( 689 'pollRep', PollRepContent().subtype( 690 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26) 691 ) 692 ) 693 ) 694 695 696class PKIHeader(univ.Sequence): 697 """ 698 PKIHeader ::= SEQUENCE { 699 pvno INTEGER { cmp1999(1), cmp2000(2) }, 700 sender GeneralName, 701 recipient GeneralName, 702 messageTime [0] GeneralizedTime OPTIONAL, 703 protectionAlg [1] AlgorithmIdentifier OPTIONAL, 704 senderKID [2] KeyIdentifier OPTIONAL, 705 recipKID [3] KeyIdentifier OPTIONAL, 706 transactionID [4] OCTET STRING OPTIONAL, 707 senderNonce [5] OCTET STRING OPTIONAL, 708 recipNonce [6] OCTET STRING OPTIONAL, 709 freeText [7] PKIFreeText OPTIONAL, 710 generalInfo [8] SEQUENCE SIZE (1..MAX) OF 711 InfoTypeAndValue OPTIONAL 712 } 713 714 """ 715 componentType = namedtype.NamedTypes( 716 namedtype.NamedType( 717 'pvno', univ.Integer( 718 namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)) 719 ) 720 ), 721 namedtype.NamedType('sender', rfc2459.GeneralName()), 722 namedtype.NamedType('recipient', rfc2459.GeneralName()), 723 namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( 724 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 725 namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( 726 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 727 namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( 728 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 729 namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( 730 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 731 namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( 732 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 733 namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( 734 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 735 namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( 736 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 737 namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( 738 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), 739 namedtype.OptionalNamedType('generalInfo', 740 univ.SequenceOf( 741 componentType=InfoTypeAndValue().subtype( 742 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 743 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) 744 ) 745 ) 746 ) 747 ) 748 749 750class ProtectedPart(univ.Sequence): 751 """ 752 ProtectedPart ::= SEQUENCE { 753 header PKIHeader, 754 body PKIBody 755 } 756 """ 757 componentType = namedtype.NamedTypes( 758 namedtype.NamedType('header', PKIHeader()), 759 namedtype.NamedType('infoValue', PKIBody()) 760 ) 761 762 763class PKIMessage(univ.Sequence): 764 """ 765 PKIMessage ::= SEQUENCE { 766 header PKIHeader, 767 body PKIBody, 768 protection [0] PKIProtection OPTIONAL, 769 extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 770 OPTIONAL 771 }""" 772 componentType = namedtype.NamedTypes( 773 namedtype.NamedType('header', PKIHeader()), 774 namedtype.NamedType('body', PKIBody()), 775 namedtype.OptionalNamedType('protection', PKIProtection().subtype( 776 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 777 namedtype.OptionalNamedType('extraCerts', 778 univ.SequenceOf( 779 componentType=CMPCertificate() 780 ).subtype( 781 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 782 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 783 ) 784 ) 785 ) 786 787 788class PKIMessages(univ.SequenceOf): 789 """ 790 PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage 791 """ 792 componentType = PKIMessage() 793 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 794 795 796# pyasn1 does not naturally handle recursive definitions, thus this hack: 797# NestedMessageContent ::= PKIMessages 798NestedMessageContent._componentType = PKIMessages() 799nestedMessageContent._componentType = PKIMessages() 800