1# coding: utf-8 2# 3# This file is part of pyasn1-modules software. 4# 5# Created by Stanisław Pitucha with asn1ate tool. 6# Modified by Russ Housley to add a maps for CMC Control Attributes 7# and CMC Content Types for use with opentypes. 8# 9# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> 10# License: http://snmplabs.com/pyasn1/license.html 11# 12# Certificate Management over CMS (CMC) Updates 13# 14# ASN.1 source from: 15# https://www.rfc-editor.org/rfc/rfc6402.txt 16# 17from pyasn1.type import char 18from pyasn1.type import constraint 19from pyasn1.type import namedtype 20from pyasn1.type import namedval 21from pyasn1.type import opentype 22from pyasn1.type import tag 23from pyasn1.type import univ 24from pyasn1.type import useful 25 26from pyasn1_modules import rfc4211 27from pyasn1_modules import rfc5280 28from pyasn1_modules import rfc5652 29 30MAX = float('inf') 31 32 33def _buildOid(*components): 34 output = [] 35 for x in tuple(components): 36 if isinstance(x, univ.ObjectIdentifier): 37 output.extend(list(x)) 38 else: 39 output.append(int(x)) 40 41 return univ.ObjectIdentifier(output) 42 43 44cmcControlAttributesMap = { } 45 46 47class ChangeSubjectName(univ.Sequence): 48 pass 49 50 51ChangeSubjectName.componentType = namedtype.NamedTypes( 52 namedtype.OptionalNamedType('subject', rfc5280.Name()), 53 namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames()) 54) 55 56 57class AttributeValue(univ.Any): 58 pass 59 60 61class CMCStatus(univ.Integer): 62 pass 63 64 65CMCStatus.namedValues = namedval.NamedValues( 66 ('success', 0), 67 ('failed', 2), 68 ('pending', 3), 69 ('noSupport', 4), 70 ('confirmRequired', 5), 71 ('popRequired', 6), 72 ('partial', 7) 73) 74 75 76class PendInfo(univ.Sequence): 77 pass 78 79 80PendInfo.componentType = namedtype.NamedTypes( 81 namedtype.NamedType('pendToken', univ.OctetString()), 82 namedtype.NamedType('pendTime', useful.GeneralizedTime()) 83) 84 85bodyIdMax = univ.Integer(4294967295) 86 87 88class BodyPartID(univ.Integer): 89 pass 90 91 92BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax) 93 94 95class BodyPartPath(univ.SequenceOf): 96 pass 97 98 99BodyPartPath.componentType = BodyPartID() 100BodyPartPath.sizeSpec = constraint.ValueSizeConstraint(1, MAX) 101 102 103class BodyPartReference(univ.Choice): 104 pass 105 106 107BodyPartReference.componentType = namedtype.NamedTypes( 108 namedtype.NamedType('bodyPartID', BodyPartID()), 109 namedtype.NamedType('bodyPartPath', BodyPartPath()) 110) 111 112 113class CMCFailInfo(univ.Integer): 114 pass 115 116 117CMCFailInfo.namedValues = namedval.NamedValues( 118 ('badAlg', 0), 119 ('badMessageCheck', 1), 120 ('badRequest', 2), 121 ('badTime', 3), 122 ('badCertId', 4), 123 ('unsupportedExt', 5), 124 ('mustArchiveKeys', 6), 125 ('badIdentity', 7), 126 ('popRequired', 8), 127 ('popFailed', 9), 128 ('noKeyReuse', 10), 129 ('internalCAError', 11), 130 ('tryLater', 12), 131 ('authDataFail', 13) 132) 133 134 135class CMCStatusInfoV2(univ.Sequence): 136 pass 137 138 139CMCStatusInfoV2.componentType = namedtype.NamedTypes( 140 namedtype.NamedType('cMCStatus', CMCStatus()), 141 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())), 142 namedtype.OptionalNamedType('statusString', char.UTF8String()), 143 namedtype.OptionalNamedType( 144 'otherInfo', univ.Choice( 145 componentType=namedtype.NamedTypes( 146 namedtype.NamedType('failInfo', CMCFailInfo()), 147 namedtype.NamedType('pendInfo', PendInfo()), 148 namedtype.NamedType( 149 'extendedFailInfo', univ.Sequence( 150 componentType=namedtype.NamedTypes( 151 namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()), 152 namedtype.NamedType('failInfoValue', AttributeValue())) 153 ) 154 ) 155 ) 156 ) 157 ) 158) 159 160 161class GetCRL(univ.Sequence): 162 pass 163 164 165GetCRL.componentType = namedtype.NamedTypes( 166 namedtype.NamedType('issuerName', rfc5280.Name()), 167 namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()), 168 namedtype.OptionalNamedType('time', useful.GeneralizedTime()), 169 namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags()) 170) 171 172id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7) 173 174id_cmc = _buildOid(id_pkix, 7) 175 176id_cmc_batchResponses = _buildOid(id_cmc, 29) 177 178id_cmc_popLinkWitness = _buildOid(id_cmc, 23) 179 180 181class PopLinkWitnessV2(univ.Sequence): 182 pass 183 184 185PopLinkWitnessV2.componentType = namedtype.NamedTypes( 186 namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()), 187 namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()), 188 namedtype.NamedType('witness', univ.OctetString()) 189) 190 191id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33) 192 193id_cmc_identityProofV2 = _buildOid(id_cmc, 34) 194 195id_cmc_revokeRequest = _buildOid(id_cmc, 17) 196 197id_cmc_recipientNonce = _buildOid(id_cmc, 7) 198 199 200class ControlsProcessed(univ.Sequence): 201 pass 202 203 204ControlsProcessed.componentType = namedtype.NamedTypes( 205 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())) 206) 207 208 209class CertificationRequest(univ.Sequence): 210 pass 211 212 213CertificationRequest.componentType = namedtype.NamedTypes( 214 namedtype.NamedType( 215 'certificationRequestInfo', univ.Sequence( 216 componentType=namedtype.NamedTypes( 217 namedtype.NamedType('version', univ.Integer()), 218 namedtype.NamedType('subject', rfc5280.Name()), 219 namedtype.NamedType( 220 'subjectPublicKeyInfo', univ.Sequence( 221 componentType=namedtype.NamedTypes( 222 namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()), 223 namedtype.NamedType('subjectPublicKey', univ.BitString()) 224 ) 225 ) 226 ), 227 namedtype.NamedType( 228 'attributes', univ.SetOf( 229 componentType=rfc5652.Attribute()).subtype( 230 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) 231 ) 232 ) 233 ) 234 ), 235 namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()), 236 namedtype.NamedType('signature', univ.BitString()) 237) 238 239 240class TaggedCertificationRequest(univ.Sequence): 241 pass 242 243 244TaggedCertificationRequest.componentType = namedtype.NamedTypes( 245 namedtype.NamedType('bodyPartID', BodyPartID()), 246 namedtype.NamedType('certificationRequest', CertificationRequest()) 247) 248 249 250class TaggedRequest(univ.Choice): 251 pass 252 253 254TaggedRequest.componentType = namedtype.NamedTypes( 255 namedtype.NamedType('tcr', TaggedCertificationRequest().subtype( 256 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 257 namedtype.NamedType('crm', 258 rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 259 namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes( 260 namedtype.NamedType('bodyPartID', BodyPartID()), 261 namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()), 262 namedtype.NamedType('requestMessageValue', univ.Any()) 263 )) 264 .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 265) 266 267id_cmc_popLinkRandom = _buildOid(id_cmc, 22) 268 269id_cmc_statusInfo = _buildOid(id_cmc, 1) 270 271id_cmc_trustedAnchors = _buildOid(id_cmc, 26) 272 273id_cmc_transactionId = _buildOid(id_cmc, 5) 274 275id_cmc_encryptedPOP = _buildOid(id_cmc, 9) 276 277 278class PublishTrustAnchors(univ.Sequence): 279 pass 280 281 282PublishTrustAnchors.componentType = namedtype.NamedTypes( 283 namedtype.NamedType('seqNumber', univ.Integer()), 284 namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()), 285 namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString())) 286) 287 288 289class RevokeRequest(univ.Sequence): 290 pass 291 292 293RevokeRequest.componentType = namedtype.NamedTypes( 294 namedtype.NamedType('issuerName', rfc5280.Name()), 295 namedtype.NamedType('serialNumber', univ.Integer()), 296 namedtype.NamedType('reason', rfc5280.CRLReason()), 297 namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()), 298 namedtype.OptionalNamedType('passphrase', univ.OctetString()), 299 namedtype.OptionalNamedType('comment', char.UTF8String()) 300) 301 302id_cmc_senderNonce = _buildOid(id_cmc, 6) 303 304id_cmc_authData = _buildOid(id_cmc, 27) 305 306 307class TaggedContentInfo(univ.Sequence): 308 pass 309 310 311TaggedContentInfo.componentType = namedtype.NamedTypes( 312 namedtype.NamedType('bodyPartID', BodyPartID()), 313 namedtype.NamedType('contentInfo', rfc5652.ContentInfo()) 314) 315 316 317class IdentifyProofV2(univ.Sequence): 318 pass 319 320 321IdentifyProofV2.componentType = namedtype.NamedTypes( 322 namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()), 323 namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()), 324 namedtype.NamedType('witness', univ.OctetString()) 325) 326 327 328class CMCPublicationInfo(univ.Sequence): 329 pass 330 331 332CMCPublicationInfo.componentType = namedtype.NamedTypes( 333 namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()), 334 namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())), 335 namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo()) 336) 337 338id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27) 339 340id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24) 341 342id_cmc_raIdentityWitness = _buildOid(id_cmc, 35) 343 344id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14) 345 346id_cct = _buildOid(id_pkix, 12) 347 348id_cct_PKIData = _buildOid(id_cct, 2) 349 350id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28) 351 352 353class CMCStatusInfo(univ.Sequence): 354 pass 355 356 357CMCStatusInfo.componentType = namedtype.NamedTypes( 358 namedtype.NamedType('cMCStatus', CMCStatus()), 359 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())), 360 namedtype.OptionalNamedType('statusString', char.UTF8String()), 361 namedtype.OptionalNamedType( 362 'otherInfo', univ.Choice( 363 componentType=namedtype.NamedTypes( 364 namedtype.NamedType('failInfo', CMCFailInfo()), 365 namedtype.NamedType('pendInfo', PendInfo()) 366 ) 367 ) 368 ) 369) 370 371 372class DecryptedPOP(univ.Sequence): 373 pass 374 375 376DecryptedPOP.componentType = namedtype.NamedTypes( 377 namedtype.NamedType('bodyPartID', BodyPartID()), 378 namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()), 379 namedtype.NamedType('thePOP', univ.OctetString()) 380) 381 382id_cmc_addExtensions = _buildOid(id_cmc, 8) 383 384id_cmc_modCertTemplate = _buildOid(id_cmc, 31) 385 386 387class TaggedAttribute(univ.Sequence): 388 pass 389 390 391TaggedAttribute.componentType = namedtype.NamedTypes( 392 namedtype.NamedType('bodyPartID', BodyPartID()), 393 namedtype.NamedType('attrType', univ.ObjectIdentifier()), 394 namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()), 395 openType=opentype.OpenType('attrType', cmcControlAttributesMap) 396 ) 397) 398 399 400class OtherMsg(univ.Sequence): 401 pass 402 403 404OtherMsg.componentType = namedtype.NamedTypes( 405 namedtype.NamedType('bodyPartID', BodyPartID()), 406 namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()), 407 namedtype.NamedType('otherMsgValue', univ.Any()) 408) 409 410 411class PKIData(univ.Sequence): 412 pass 413 414 415PKIData.componentType = namedtype.NamedTypes( 416 namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())), 417 namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())), 418 namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())), 419 namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg())) 420) 421 422 423class BodyPartList(univ.SequenceOf): 424 pass 425 426 427BodyPartList.componentType = BodyPartID() 428BodyPartList.sizeSpec = constraint.ValueSizeConstraint(1, MAX) 429 430id_cmc_responseBody = _buildOid(id_cmc, 37) 431 432 433class AuthPublish(BodyPartID): 434 pass 435 436 437class CMCUnsignedData(univ.Sequence): 438 pass 439 440 441CMCUnsignedData.componentType = namedtype.NamedTypes( 442 namedtype.NamedType('bodyPartPath', BodyPartPath()), 443 namedtype.NamedType('identifier', univ.ObjectIdentifier()), 444 namedtype.NamedType('content', univ.Any()) 445) 446 447 448class CMCCertId(rfc5652.IssuerAndSerialNumber): 449 pass 450 451 452class PKIResponse(univ.Sequence): 453 pass 454 455 456PKIResponse.componentType = namedtype.NamedTypes( 457 namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())), 458 namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())), 459 namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg())) 460) 461 462 463class ResponseBody(PKIResponse): 464 pass 465 466 467id_cmc_statusInfoV2 = _buildOid(id_cmc, 25) 468 469id_cmc_lraPOPWitness = _buildOid(id_cmc, 11) 470 471 472class ModCertTemplate(univ.Sequence): 473 pass 474 475 476ModCertTemplate.componentType = namedtype.NamedTypes( 477 namedtype.NamedType('pkiDataReference', BodyPartPath()), 478 namedtype.NamedType('certReferences', BodyPartList()), 479 namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)), 480 namedtype.NamedType('certTemplate', rfc4211.CertTemplate()) 481) 482 483id_cmc_regInfo = _buildOid(id_cmc, 18) 484 485id_cmc_identityProof = _buildOid(id_cmc, 3) 486 487 488class ExtensionReq(univ.SequenceOf): 489 pass 490 491 492ExtensionReq.componentType = rfc5280.Extension() 493ExtensionReq.sizeSpec = constraint.ValueSizeConstraint(1, MAX) 494 495id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28) 496 497id_cmc_publishCert = _buildOid(id_cmc, 30) 498 499id_cmc_dataReturn = _buildOid(id_cmc, 4) 500 501 502class LraPopWitness(univ.Sequence): 503 pass 504 505 506LraPopWitness.componentType = namedtype.NamedTypes( 507 namedtype.NamedType('pkiDataBodyid', BodyPartID()), 508 namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID())) 509) 510 511id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2) 512 513id_aa_cmc_unsignedData = _buildOid(id_aa, 34) 514 515id_cmc_getCert = _buildOid(id_cmc, 15) 516 517id_cmc_batchRequests = _buildOid(id_cmc, 28) 518 519id_cmc_decryptedPOP = _buildOid(id_cmc, 10) 520 521id_cmc_responseInfo = _buildOid(id_cmc, 19) 522 523id_cmc_changeSubjectName = _buildOid(id_cmc, 36) 524 525 526class GetCert(univ.Sequence): 527 pass 528 529 530GetCert.componentType = namedtype.NamedTypes( 531 namedtype.NamedType('issuerName', rfc5280.GeneralName()), 532 namedtype.NamedType('serialNumber', univ.Integer()) 533) 534 535id_cmc_identification = _buildOid(id_cmc, 2) 536 537id_cmc_queryPending = _buildOid(id_cmc, 21) 538 539 540class AddExtensions(univ.Sequence): 541 pass 542 543 544AddExtensions.componentType = namedtype.NamedTypes( 545 namedtype.NamedType('pkiDataReference', BodyPartID()), 546 namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())), 547 namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension())) 548) 549 550 551class EncryptedPOP(univ.Sequence): 552 pass 553 554 555EncryptedPOP.componentType = namedtype.NamedTypes( 556 namedtype.NamedType('request', TaggedRequest()), 557 namedtype.NamedType('cms', rfc5652.ContentInfo()), 558 namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()), 559 namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()), 560 namedtype.NamedType('witness', univ.OctetString()) 561) 562 563id_cmc_getCRL = _buildOid(id_cmc, 16) 564 565id_cct_PKIResponse = _buildOid(id_cct, 3) 566 567id_cmc_controlProcessed = _buildOid(id_cmc, 32) 568 569 570class NoSignatureValue(univ.OctetString): 571 pass 572 573 574id_ad_cmc = _buildOid(rfc5280.id_ad, 12) 575 576id_alg_noSignature = _buildOid(id_pkix, 6, 2) 577 578 579# Map of CMC Control OIDs to CMC Control Attributes 580 581_cmcControlAttributesMapUpdate = { 582 id_cmc_statusInfo: CMCStatusInfo(), 583 id_cmc_statusInfoV2: CMCStatusInfoV2(), 584 id_cmc_identification: char.UTF8String(), 585 id_cmc_identityProof: univ.OctetString(), 586 id_cmc_identityProofV2: IdentifyProofV2(), 587 id_cmc_dataReturn: univ.OctetString(), 588 id_cmc_transactionId: univ.Integer(), 589 id_cmc_senderNonce: univ.OctetString(), 590 id_cmc_recipientNonce: univ.OctetString(), 591 id_cmc_addExtensions: AddExtensions(), 592 id_cmc_encryptedPOP: EncryptedPOP(), 593 id_cmc_decryptedPOP: DecryptedPOP(), 594 id_cmc_lraPOPWitness: LraPopWitness(), 595 id_cmc_getCert: GetCert(), 596 id_cmc_getCRL: GetCRL(), 597 id_cmc_revokeRequest: RevokeRequest(), 598 id_cmc_regInfo: univ.OctetString(), 599 id_cmc_responseInfo: univ.OctetString(), 600 id_cmc_queryPending: univ.OctetString(), 601 id_cmc_popLinkRandom: univ.OctetString(), 602 id_cmc_popLinkWitness: univ.OctetString(), 603 id_cmc_popLinkWitnessV2: PopLinkWitnessV2(), 604 id_cmc_confirmCertAcceptance: CMCCertId(), 605 id_cmc_trustedAnchors: PublishTrustAnchors(), 606 id_cmc_authData: AuthPublish(), 607 id_cmc_batchRequests: BodyPartList(), 608 id_cmc_batchResponses: BodyPartList(), 609 id_cmc_publishCert: CMCPublicationInfo(), 610 id_cmc_modCertTemplate: ModCertTemplate(), 611 id_cmc_controlProcessed: ControlsProcessed(), 612 id_ExtensionReq: ExtensionReq(), 613} 614 615cmcControlAttributesMap.update(_cmcControlAttributesMapUpdate) 616 617 618# Map of CMC Content Type OIDs to CMC Content Types 619# To be added to the ones that are in rfc5652.py 620 621cmsContentTypesMapUpdate = { 622 id_cct_PKIData: PKIData(), 623 id_cct_PKIResponse: PKIResponse(), 624}