1# This file is being contributed to pyasn1-modules software. 2# 3# Created by Russ Housley with assistance from asn1ate v.0.6.0. 4# 5# Copyright (c) 2019, Vigil Security, LLC 6# License: http://snmplabs.com/pyasn1/license.html 7# 8# Trust Anchor Format 9# 10# ASN.1 source from: 11# https://www.rfc-editor.org/rfc/rfc5934.txt 12 13from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful 14 15from pyasn1_modules import rfc2985 16from pyasn1_modules import rfc5280 17from pyasn1_modules import rfc5652 18from pyasn1_modules import rfc5914 19 20MAX = float('inf') 21 22 23def _OID(*components): 24 output = [] 25 for x in tuple(components): 26 if isinstance(x, univ.ObjectIdentifier): 27 output.extend(list(x)) 28 else: 29 output.append(int(x)) 30 return univ.ObjectIdentifier(output) 31 32 33# Imports from RFC 2985 34 35SingleAttribute = rfc2985.SingleAttribute 36 37 38# Imports from RFC5914 39 40CertPathControls = rfc5914.CertPathControls 41 42TrustAnchorChoice = rfc5914.TrustAnchorChoice 43 44TrustAnchorTitle = rfc5914.TrustAnchorTitle 45 46 47# Imports from RFC 5280 48 49AlgorithmIdentifier = rfc5280.AlgorithmIdentifier 50 51AnotherName = rfc5280.AnotherName 52 53Attribute = rfc5280.Attribute 54 55Certificate = rfc5280.Certificate 56 57CertificateSerialNumber = rfc5280.CertificateSerialNumber 58 59Extension = rfc5280.Extension 60 61Extensions = rfc5280.Extensions 62 63KeyIdentifier = rfc5280.KeyIdentifier 64 65Name = rfc5280.Name 66 67SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo 68 69TBSCertificate = rfc5280.TBSCertificate 70 71Validity = rfc5280.Validity 72 73 74# Object Identifier Arc for TAMP Message Content Types 75 76id_tamp = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.77') 77 78 79# TAMP Status Query Message 80 81id_ct_TAMP_statusQuery = _OID(id_tamp, 1) 82 83 84class TAMPVersion(univ.Integer): 85 pass 86 87TAMPVersion.namedValues = namedval.NamedValues( 88 ('v1', 1), 89 ('v2', 2) 90) 91 92 93class TerseOrVerbose(univ.Enumerated): 94 pass 95 96TerseOrVerbose.namedValues = namedval.NamedValues( 97 ('terse', 1), 98 ('verbose', 2) 99) 100 101 102class HardwareSerialEntry(univ.Choice): 103 pass 104 105HardwareSerialEntry.componentType = namedtype.NamedTypes( 106 namedtype.NamedType('all', univ.Null()), 107 namedtype.NamedType('single', univ.OctetString()), 108 namedtype.NamedType('block', univ.Sequence(componentType=namedtype.NamedTypes( 109 namedtype.NamedType('low', univ.OctetString()), 110 namedtype.NamedType('high', univ.OctetString()) 111 )) 112 ) 113) 114 115 116class HardwareModules(univ.Sequence): 117 pass 118 119HardwareModules.componentType = namedtype.NamedTypes( 120 namedtype.NamedType('hwType', univ.ObjectIdentifier()), 121 namedtype.NamedType('hwSerialEntries', univ.SequenceOf( 122 componentType=HardwareSerialEntry()).subtype( 123 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) 124) 125 126 127class HardwareModuleIdentifierList(univ.SequenceOf): 128 pass 129 130HardwareModuleIdentifierList.componentType = HardwareModules() 131HardwareModuleIdentifierList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 132 133 134class Community(univ.ObjectIdentifier): 135 pass 136 137 138class CommunityIdentifierList(univ.SequenceOf): 139 pass 140 141CommunityIdentifierList.componentType = Community() 142CommunityIdentifierList.subtypeSpec=constraint.ValueSizeConstraint(0, MAX) 143 144 145class TargetIdentifier(univ.Choice): 146 pass 147 148TargetIdentifier.componentType = namedtype.NamedTypes( 149 namedtype.NamedType('hwModules', HardwareModuleIdentifierList().subtype( 150 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 151 namedtype.NamedType('communities', CommunityIdentifierList().subtype( 152 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 153 namedtype.NamedType('allModules', univ.Null().subtype( 154 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 155 namedtype.NamedType('uri', char.IA5String().subtype( 156 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 157 namedtype.NamedType('otherName', AnotherName().subtype( 158 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))) 159) 160 161 162class SeqNumber(univ.Integer): 163 pass 164 165SeqNumber.subtypeSpec = constraint.ValueRangeConstraint(0, 9223372036854775807) 166 167 168class TAMPMsgRef(univ.Sequence): 169 pass 170 171TAMPMsgRef.componentType = namedtype.NamedTypes( 172 namedtype.NamedType('target', TargetIdentifier()), 173 namedtype.NamedType('seqNum', SeqNumber()) 174) 175 176 177class TAMPStatusQuery(univ.Sequence): 178 pass 179 180TAMPStatusQuery.componentType = namedtype.NamedTypes( 181 namedtype.DefaultedNamedType('version', TAMPVersion().subtype( 182 implicitTag=tag.Tag(tag.tagClassContext, 183 tag.tagFormatSimple, 0)).subtype(value='v2')), 184 namedtype.DefaultedNamedType('terse', TerseOrVerbose().subtype( 185 implicitTag=tag.Tag(tag.tagClassContext, 186 tag.tagFormatSimple, 1)).subtype(value='verbose')), 187 namedtype.NamedType('query', TAMPMsgRef()) 188) 189 190 191tamp_status_query = rfc5652.ContentInfo() 192tamp_status_query['contentType'] = id_ct_TAMP_statusQuery 193tamp_status_query['content'] = TAMPStatusQuery() 194 195 196# TAMP Status Response Message 197 198id_ct_TAMP_statusResponse = _OID(id_tamp, 2) 199 200 201class KeyIdentifiers(univ.SequenceOf): 202 pass 203 204KeyIdentifiers.componentType = KeyIdentifier() 205KeyIdentifiers.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 206 207 208class TrustAnchorChoiceList(univ.SequenceOf): 209 pass 210 211TrustAnchorChoiceList.componentType = TrustAnchorChoice() 212TrustAnchorChoiceList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 213 214 215class TAMPSequenceNumber(univ.Sequence): 216 pass 217 218TAMPSequenceNumber.componentType = namedtype.NamedTypes( 219 namedtype.NamedType('keyId', KeyIdentifier()), 220 namedtype.NamedType('seqNumber', SeqNumber()) 221) 222 223 224class TAMPSequenceNumbers(univ.SequenceOf): 225 pass 226 227TAMPSequenceNumbers.componentType = TAMPSequenceNumber() 228TAMPSequenceNumbers.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 229 230 231class TerseStatusResponse(univ.Sequence): 232 pass 233 234TerseStatusResponse.componentType = namedtype.NamedTypes( 235 namedtype.NamedType('taKeyIds', KeyIdentifiers()), 236 namedtype.OptionalNamedType('communities', CommunityIdentifierList()) 237) 238 239 240class VerboseStatusResponse(univ.Sequence): 241 pass 242 243VerboseStatusResponse.componentType = namedtype.NamedTypes( 244 namedtype.NamedType('taInfo', TrustAnchorChoiceList()), 245 namedtype.OptionalNamedType('continPubKeyDecryptAlg', 246 AlgorithmIdentifier().subtype(implicitTag=tag.Tag( 247 tag.tagClassContext, tag.tagFormatSimple, 0))), 248 namedtype.OptionalNamedType('communities', 249 CommunityIdentifierList().subtype(implicitTag=tag.Tag( 250 tag.tagClassContext, tag.tagFormatSimple, 1))), 251 namedtype.OptionalNamedType('tampSeqNumbers', 252 TAMPSequenceNumbers().subtype(implicitTag=tag.Tag( 253 tag.tagClassContext, tag.tagFormatSimple, 2))) 254) 255 256 257class StatusResponse(univ.Choice): 258 pass 259 260StatusResponse.componentType = namedtype.NamedTypes( 261 namedtype.NamedType('terseResponse', TerseStatusResponse().subtype( 262 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 263 namedtype.NamedType('verboseResponse', VerboseStatusResponse().subtype( 264 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 265) 266 267 268class TAMPStatusResponse(univ.Sequence): 269 pass 270 271TAMPStatusResponse.componentType = namedtype.NamedTypes( 272 namedtype.DefaultedNamedType('version', TAMPVersion().subtype( 273 implicitTag=tag.Tag(tag.tagClassContext, 274 tag.tagFormatSimple, 0)).subtype(value='v2')), 275 namedtype.NamedType('query', TAMPMsgRef()), 276 namedtype.NamedType('response', StatusResponse()), 277 namedtype.DefaultedNamedType('usesApex', univ.Boolean().subtype(value=1)) 278) 279 280 281tamp_status_response = rfc5652.ContentInfo() 282tamp_status_response['contentType'] = id_ct_TAMP_statusResponse 283tamp_status_response['content'] = TAMPStatusResponse() 284 285 286# Trust Anchor Update Message 287 288id_ct_TAMP_update = _OID(id_tamp, 3) 289 290 291class TBSCertificateChangeInfo(univ.Sequence): 292 pass 293 294TBSCertificateChangeInfo.componentType = namedtype.NamedTypes( 295 namedtype.OptionalNamedType('serialNumber', CertificateSerialNumber()), 296 namedtype.OptionalNamedType('signature', AlgorithmIdentifier().subtype( 297 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 298 namedtype.OptionalNamedType('issuer', Name().subtype(implicitTag=tag.Tag( 299 tag.tagClassContext, tag.tagFormatSimple, 1))), 300 namedtype.OptionalNamedType('validity', Validity().subtype( 301 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 302 namedtype.OptionalNamedType('subject', Name().subtype(implicitTag=tag.Tag( 303 tag.tagClassContext, tag.tagFormatSimple, 3))), 304 namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo().subtype( 305 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 306 namedtype.OptionalNamedType('exts', Extensions().subtype(explicitTag=tag.Tag( 307 tag.tagClassContext, tag.tagFormatSimple, 5))) 308) 309 310 311class TrustAnchorChangeInfo(univ.Sequence): 312 pass 313 314TrustAnchorChangeInfo.componentType = namedtype.NamedTypes( 315 namedtype.NamedType('pubKey', SubjectPublicKeyInfo()), 316 namedtype.OptionalNamedType('keyId', KeyIdentifier()), 317 namedtype.OptionalNamedType('taTitle', TrustAnchorTitle()), 318 namedtype.OptionalNamedType('certPath', CertPathControls()), 319 namedtype.OptionalNamedType('exts', Extensions().subtype( 320 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) 321) 322 323 324class TrustAnchorChangeInfoChoice(univ.Choice): 325 pass 326 327TrustAnchorChangeInfoChoice.componentType = namedtype.NamedTypes( 328 namedtype.NamedType('tbsCertChange', TBSCertificateChangeInfo().subtype( 329 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 330 namedtype.NamedType('taChange', TrustAnchorChangeInfo().subtype( 331 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 332) 333 334 335class TrustAnchorUpdate(univ.Choice): 336 pass 337 338TrustAnchorUpdate.componentType = namedtype.NamedTypes( 339 namedtype.NamedType('add', TrustAnchorChoice().subtype( 340 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 341 namedtype.NamedType('remove', SubjectPublicKeyInfo().subtype( 342 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 343 namedtype.NamedType('change', TrustAnchorChangeInfoChoice().subtype( 344 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))) 345) 346 347 348class TAMPUpdate(univ.Sequence): 349 pass 350 351TAMPUpdate.componentType = namedtype.NamedTypes( 352 namedtype.DefaultedNamedType('version', 353 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 354 tag.tagFormatSimple, 0)).subtype(value='v2')), 355 namedtype.DefaultedNamedType('terse', 356 TerseOrVerbose().subtype(implicitTag=tag.Tag(tag.tagClassContext, 357 tag.tagFormatSimple, 1)).subtype(value='verbose')), 358 namedtype.NamedType('msgRef', TAMPMsgRef()), 359 namedtype.NamedType('updates', 360 univ.SequenceOf(componentType=TrustAnchorUpdate()).subtype( 361 subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), 362 namedtype.OptionalNamedType('tampSeqNumbers', 363 TAMPSequenceNumbers().subtype(implicitTag=tag.Tag( 364 tag.tagClassContext, tag.tagFormatSimple, 2))) 365) 366 367 368tamp_update = rfc5652.ContentInfo() 369tamp_update['contentType'] = id_ct_TAMP_update 370tamp_update['content'] = TAMPUpdate() 371 372 373# Trust Anchor Update Confirm Message 374 375id_ct_TAMP_updateConfirm = _OID(id_tamp, 4) 376 377 378class StatusCode(univ.Enumerated): 379 pass 380 381StatusCode.namedValues = namedval.NamedValues( 382 ('success', 0), 383 ('decodeFailure', 1), 384 ('badContentInfo', 2), 385 ('badSignedData', 3), 386 ('badEncapContent', 4), 387 ('badCertificate', 5), 388 ('badSignerInfo', 6), 389 ('badSignedAttrs', 7), 390 ('badUnsignedAttrs', 8), 391 ('missingContent', 9), 392 ('noTrustAnchor', 10), 393 ('notAuthorized', 11), 394 ('badDigestAlgorithm', 12), 395 ('badSignatureAlgorithm', 13), 396 ('unsupportedKeySize', 14), 397 ('unsupportedParameters', 15), 398 ('signatureFailure', 16), 399 ('insufficientMemory', 17), 400 ('unsupportedTAMPMsgType', 18), 401 ('apexTAMPAnchor', 19), 402 ('improperTAAddition', 20), 403 ('seqNumFailure', 21), 404 ('contingencyPublicKeyDecrypt', 22), 405 ('incorrectTarget', 23), 406 ('communityUpdateFailed', 24), 407 ('trustAnchorNotFound', 25), 408 ('unsupportedTAAlgorithm', 26), 409 ('unsupportedTAKeySize', 27), 410 ('unsupportedContinPubKeyDecryptAlg', 28), 411 ('missingSignature', 29), 412 ('resourcesBusy', 30), 413 ('versionNumberMismatch', 31), 414 ('missingPolicySet', 32), 415 ('revokedCertificate', 33), 416 ('unsupportedTrustAnchorFormat', 34), 417 ('improperTAChange', 35), 418 ('malformed', 36), 419 ('cmsError', 37), 420 ('unsupportedTargetIdentifier', 38), 421 ('other', 127) 422) 423 424 425class StatusCodeList(univ.SequenceOf): 426 pass 427 428StatusCodeList.componentType = StatusCode() 429StatusCodeList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 430 431 432class TerseUpdateConfirm(StatusCodeList): 433 pass 434 435 436class VerboseUpdateConfirm(univ.Sequence): 437 pass 438 439VerboseUpdateConfirm.componentType = namedtype.NamedTypes( 440 namedtype.NamedType('status', StatusCodeList()), 441 namedtype.NamedType('taInfo', TrustAnchorChoiceList()), 442 namedtype.OptionalNamedType('tampSeqNumbers', TAMPSequenceNumbers()), 443 namedtype.DefaultedNamedType('usesApex', univ.Boolean().subtype(value=1)) 444) 445 446 447class UpdateConfirm(univ.Choice): 448 pass 449 450UpdateConfirm.componentType = namedtype.NamedTypes( 451 namedtype.NamedType('terseConfirm', TerseUpdateConfirm().subtype( 452 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 453 namedtype.NamedType('verboseConfirm', VerboseUpdateConfirm().subtype( 454 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 455) 456 457 458class TAMPUpdateConfirm(univ.Sequence): 459 pass 460 461TAMPUpdateConfirm.componentType = namedtype.NamedTypes( 462 namedtype.DefaultedNamedType('version', TAMPVersion().subtype( 463 implicitTag=tag.Tag(tag.tagClassContext, 464 tag.tagFormatSimple, 0)).subtype(value='v2')), 465 namedtype.NamedType('update', TAMPMsgRef()), 466 namedtype.NamedType('confirm', UpdateConfirm()) 467) 468 469 470tamp_update_confirm = rfc5652.ContentInfo() 471tamp_update_confirm['contentType'] = id_ct_TAMP_updateConfirm 472tamp_update_confirm['content'] = TAMPUpdateConfirm() 473 474 475# Apex Trust Anchor Update Message 476 477id_ct_TAMP_apexUpdate = _OID(id_tamp, 5) 478 479 480class TAMPApexUpdate(univ.Sequence): 481 pass 482 483TAMPApexUpdate.componentType = namedtype.NamedTypes( 484 namedtype.DefaultedNamedType('version', 485 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 486 tag.tagFormatSimple, 0)).subtype(value='v2')), 487 namedtype.DefaultedNamedType('terse', 488 TerseOrVerbose().subtype(implicitTag=tag.Tag(tag.tagClassContext, 489 tag.tagFormatSimple, 1)).subtype(value='verbose')), 490 namedtype.NamedType('msgRef', TAMPMsgRef()), 491 namedtype.NamedType('clearTrustAnchors', univ.Boolean()), 492 namedtype.NamedType('clearCommunities', univ.Boolean()), 493 namedtype.OptionalNamedType('seqNumber', SeqNumber()), 494 namedtype.NamedType('apexTA', TrustAnchorChoice()) 495) 496 497 498tamp_apex_update = rfc5652.ContentInfo() 499tamp_apex_update['contentType'] = id_ct_TAMP_apexUpdate 500tamp_apex_update['content'] = TAMPApexUpdate() 501 502 503# Apex Trust Anchor Update Confirm Message 504 505id_ct_TAMP_apexUpdateConfirm = _OID(id_tamp, 6) 506 507 508class TerseApexUpdateConfirm(StatusCode): 509 pass 510 511 512class VerboseApexUpdateConfirm(univ.Sequence): 513 pass 514 515VerboseApexUpdateConfirm.componentType = namedtype.NamedTypes( 516 namedtype.NamedType('status', StatusCode()), 517 namedtype.NamedType('taInfo', TrustAnchorChoiceList()), 518 namedtype.OptionalNamedType('communities', 519 CommunityIdentifierList().subtype(implicitTag=tag.Tag(tag.tagClassContext, 520 tag.tagFormatSimple, 0))), 521 namedtype.OptionalNamedType('tampSeqNumbers', 522 TAMPSequenceNumbers().subtype(implicitTag=tag.Tag(tag.tagClassContext, 523 tag.tagFormatSimple, 1))) 524) 525 526 527class ApexUpdateConfirm(univ.Choice): 528 pass 529 530ApexUpdateConfirm.componentType = namedtype.NamedTypes( 531 namedtype.NamedType('terseApexConfirm', 532 TerseApexUpdateConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext, 533 tag.tagFormatSimple, 0))), 534 namedtype.NamedType('verboseApexConfirm', 535 VerboseApexUpdateConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext, 536 tag.tagFormatConstructed, 1))) 537) 538 539 540class TAMPApexUpdateConfirm(univ.Sequence): 541 pass 542 543TAMPApexUpdateConfirm.componentType = namedtype.NamedTypes( 544 namedtype.DefaultedNamedType('version', 545 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 546 tag.tagFormatSimple, 0)).subtype(value='v2')), 547 namedtype.NamedType('apexReplace', TAMPMsgRef()), 548 namedtype.NamedType('apexConfirm', ApexUpdateConfirm()) 549) 550 551 552tamp_apex_update_confirm = rfc5652.ContentInfo() 553tamp_apex_update_confirm['contentType'] = id_ct_TAMP_apexUpdateConfirm 554tamp_apex_update_confirm['content'] = TAMPApexUpdateConfirm() 555 556 557# Community Update Message 558 559id_ct_TAMP_communityUpdate = _OID(id_tamp, 7) 560 561 562class CommunityUpdates(univ.Sequence): 563 pass 564 565CommunityUpdates.componentType = namedtype.NamedTypes( 566 namedtype.OptionalNamedType('remove', 567 CommunityIdentifierList().subtype(implicitTag=tag.Tag(tag.tagClassContext, 568 tag.tagFormatSimple, 1))), 569 namedtype.OptionalNamedType('add', 570 CommunityIdentifierList().subtype(implicitTag=tag.Tag(tag.tagClassContext, 571 tag.tagFormatSimple, 2))) 572) 573 574 575class TAMPCommunityUpdate(univ.Sequence): 576 pass 577 578TAMPCommunityUpdate.componentType = namedtype.NamedTypes( 579 namedtype.DefaultedNamedType('version', 580 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 581 tag.tagFormatSimple, 0)).subtype(value='v2')), 582 namedtype.DefaultedNamedType('terse', 583 TerseOrVerbose().subtype(implicitTag=tag.Tag(tag.tagClassContext, 584 tag.tagFormatSimple, 1)).subtype(value='verbose')), 585 namedtype.NamedType('msgRef', TAMPMsgRef()), 586 namedtype.NamedType('updates', CommunityUpdates()) 587) 588 589 590tamp_community_update = rfc5652.ContentInfo() 591tamp_community_update['contentType'] = id_ct_TAMP_communityUpdate 592tamp_community_update['content'] = TAMPCommunityUpdate() 593 594 595# Community Update Confirm Message 596 597id_ct_TAMP_communityUpdateConfirm = _OID(id_tamp, 8) 598 599 600class TerseCommunityConfirm(StatusCode): 601 pass 602 603 604class VerboseCommunityConfirm(univ.Sequence): 605 pass 606 607VerboseCommunityConfirm.componentType = namedtype.NamedTypes( 608 namedtype.NamedType('status', StatusCode()), 609 namedtype.OptionalNamedType('communities', CommunityIdentifierList()) 610) 611 612 613class CommunityConfirm(univ.Choice): 614 pass 615 616CommunityConfirm.componentType = namedtype.NamedTypes( 617 namedtype.NamedType('terseCommConfirm', 618 TerseCommunityConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext, 619 tag.tagFormatSimple, 0))), 620 namedtype.NamedType('verboseCommConfirm', 621 VerboseCommunityConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext, 622 tag.tagFormatConstructed, 1))) 623) 624 625 626class TAMPCommunityUpdateConfirm(univ.Sequence): 627 pass 628 629TAMPCommunityUpdateConfirm.componentType = namedtype.NamedTypes( 630 namedtype.DefaultedNamedType('version', 631 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 632 tag.tagFormatSimple, 0)).subtype(value='v2')), 633 namedtype.NamedType('update', TAMPMsgRef()), 634 namedtype.NamedType('commConfirm', CommunityConfirm()) 635) 636 637 638tamp_community_update_confirm = rfc5652.ContentInfo() 639tamp_community_update_confirm['contentType'] = id_ct_TAMP_communityUpdateConfirm 640tamp_community_update_confirm['content'] = TAMPCommunityUpdateConfirm() 641 642 643# Sequence Number Adjust Message 644 645id_ct_TAMP_seqNumAdjust = _OID(id_tamp, 10) 646 647 648 649class SequenceNumberAdjust(univ.Sequence): 650 pass 651 652SequenceNumberAdjust.componentType = namedtype.NamedTypes( 653 namedtype.DefaultedNamedType('version', 654 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 655 tag.tagFormatSimple, 0)).subtype(value='v2')), 656 namedtype.NamedType('msgRef', TAMPMsgRef()) 657) 658 659 660tamp_sequence_number_adjust = rfc5652.ContentInfo() 661tamp_sequence_number_adjust['contentType'] = id_ct_TAMP_seqNumAdjust 662tamp_sequence_number_adjust['content'] = SequenceNumberAdjust() 663 664 665# Sequence Number Adjust Confirm Message 666 667id_ct_TAMP_seqNumAdjustConfirm = _OID(id_tamp, 11) 668 669 670class SequenceNumberAdjustConfirm(univ.Sequence): 671 pass 672 673SequenceNumberAdjustConfirm.componentType = namedtype.NamedTypes( 674 namedtype.DefaultedNamedType('version', 675 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 676 tag.tagFormatSimple, 0)).subtype(value='v2')), 677 namedtype.NamedType('adjust', TAMPMsgRef()), 678 namedtype.NamedType('status', StatusCode()) 679) 680 681 682tamp_sequence_number_adjust_confirm = rfc5652.ContentInfo() 683tamp_sequence_number_adjust_confirm['contentType'] = id_ct_TAMP_seqNumAdjustConfirm 684tamp_sequence_number_adjust_confirm['content'] = SequenceNumberAdjustConfirm() 685 686 687# TAMP Error Message 688 689id_ct_TAMP_error = _OID(id_tamp, 9) 690 691 692class TAMPError(univ.Sequence): 693 pass 694 695TAMPError.componentType = namedtype.NamedTypes( 696 namedtype.DefaultedNamedType('version', 697 TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext, 698 tag.tagFormatSimple, 0)).subtype(value='v2')), 699 namedtype.NamedType('msgType', univ.ObjectIdentifier()), 700 namedtype.NamedType('status', StatusCode()), 701 namedtype.OptionalNamedType('msgRef', TAMPMsgRef()) 702) 703 704 705tamp_error = rfc5652.ContentInfo() 706tamp_error['contentType'] = id_ct_TAMP_error 707tamp_error['content'] = TAMPError() 708 709 710# Object Identifier Arc for Attributes 711 712id_attributes = univ.ObjectIdentifier('2.16.840.1.101.2.1.5') 713 714 715# contingency-public-key-decrypt-key unsigned attribute 716 717id_aa_TAMP_contingencyPublicKeyDecryptKey = _OID(id_attributes, 63) 718 719 720class PlaintextSymmetricKey(univ.OctetString): 721 pass 722 723 724contingency_public_key_decrypt_key = Attribute() 725contingency_public_key_decrypt_key['type'] = id_aa_TAMP_contingencyPublicKeyDecryptKey 726contingency_public_key_decrypt_key['values'][0] = PlaintextSymmetricKey() 727 728 729# id-pe-wrappedApexContinKey extension 730 731id_pe_wrappedApexContinKey =univ.ObjectIdentifier('1.3.6.1.5.5.7.1.20') 732 733 734class ApexContingencyKey(univ.Sequence): 735 pass 736 737ApexContingencyKey.componentType = namedtype.NamedTypes( 738 namedtype.NamedType('wrapAlgorithm', AlgorithmIdentifier()), 739 namedtype.NamedType('wrappedContinPubKey', univ.OctetString()) 740) 741 742 743wrappedApexContinKey = Extension() 744wrappedApexContinKey['extnID'] = id_pe_wrappedApexContinKey 745wrappedApexContinKey['critical'] = 0 746wrappedApexContinKey['extnValue'] = univ.OctetString() 747 748 749# Add to the map of CMS Content Type OIDs to Content Types in 750# rfc5652.py 751 752_cmsContentTypesMapUpdate = { 753 id_ct_TAMP_statusQuery: TAMPStatusQuery(), 754 id_ct_TAMP_statusResponse: TAMPStatusResponse(), 755 id_ct_TAMP_update: TAMPUpdate(), 756 id_ct_TAMP_updateConfirm: TAMPUpdateConfirm(), 757 id_ct_TAMP_apexUpdate: TAMPApexUpdate(), 758 id_ct_TAMP_apexUpdateConfirm: TAMPApexUpdateConfirm(), 759 id_ct_TAMP_communityUpdate: TAMPCommunityUpdate(), 760 id_ct_TAMP_communityUpdateConfirm: TAMPCommunityUpdateConfirm(), 761 id_ct_TAMP_seqNumAdjust: SequenceNumberAdjust(), 762 id_ct_TAMP_seqNumAdjustConfirm: SequenceNumberAdjustConfirm(), 763 id_ct_TAMP_error: TAMPError(), 764} 765 766rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate) 767 768 769# Add to the map of CMS Attribute OIDs to Attribute Values in 770# rfc5652.py 771 772_cmsAttributesMapUpdate = { 773 id_aa_TAMP_contingencyPublicKeyDecryptKey: PlaintextSymmetricKey(), 774} 775 776rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate) 777 778 779# Add to the map of Certificate Extension OIDs to Extensions in 780# rfc5280.py 781 782_certificateExtensionsMap = { 783 id_pe_wrappedApexContinKey: ApexContingencyKey(), 784} 785 786rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap) 787