1# 2# This file is part of pyasn1-modules software. 3# 4# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com> 5# License: http://snmplabs.com/pyasn1/license.html 6# 7# Certificate Management Protocol structures as per RFC4210 8# 9# Based on Alex Railean's work 10# 11from pyasn1.type import char 12from pyasn1.type import constraint 13from pyasn1.type import namedtype 14from pyasn1.type import namedval 15from pyasn1.type import tag 16from pyasn1.type import univ 17from pyasn1.type import useful 18 19from pyasn1_modules import rfc2314 20from pyasn1_modules import rfc2459 21from pyasn1_modules import rfc2511 22 23MAX = float('inf') 24 25 26class KeyIdentifier(univ.OctetString): 27 pass 28 29 30class CMPCertificate(rfc2459.Certificate): 31 pass 32 33 34class OOBCert(CMPCertificate): 35 pass 36 37 38class CertAnnContent(CMPCertificate): 39 pass 40 41 42class PKIFreeText(univ.SequenceOf): 43 """ 44 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String 45 """ 46 componentType = char.UTF8String() 47 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 48 49 50class PollRepContent(univ.SequenceOf): 51 """ 52 PollRepContent ::= SEQUENCE OF SEQUENCE { 53 certReqId INTEGER, 54 checkAfter INTEGER, -- time in seconds 55 reason PKIFreeText OPTIONAL 56 } 57 """ 58 59 class CertReq(univ.Sequence): 60 componentType = namedtype.NamedTypes( 61 namedtype.NamedType('certReqId', univ.Integer()), 62 namedtype.NamedType('checkAfter', univ.Integer()), 63 namedtype.OptionalNamedType('reason', PKIFreeText()) 64 ) 65 66 componentType = CertReq() 67 68 69class PollReqContent(univ.SequenceOf): 70 """ 71 PollReqContent ::= SEQUENCE OF SEQUENCE { 72 certReqId INTEGER 73 } 74 75 """ 76 77 class CertReq(univ.Sequence): 78 componentType = namedtype.NamedTypes( 79 namedtype.NamedType('certReqId', univ.Integer()) 80 ) 81 82 componentType = CertReq() 83 84 85class InfoTypeAndValue(univ.Sequence): 86 """ 87 InfoTypeAndValue ::= SEQUENCE { 88 infoType OBJECT IDENTIFIER, 89 infoValue ANY DEFINED BY infoType OPTIONAL 90 }""" 91 componentType = namedtype.NamedTypes( 92 namedtype.NamedType('infoType', univ.ObjectIdentifier()), 93 namedtype.OptionalNamedType('infoValue', univ.Any()) 94 ) 95 96 97class GenRepContent(univ.SequenceOf): 98 componentType = InfoTypeAndValue() 99 100 101class GenMsgContent(univ.SequenceOf): 102 componentType = InfoTypeAndValue() 103 104 105class PKIConfirmContent(univ.Null): 106 pass 107 108 109class CRLAnnContent(univ.SequenceOf): 110 componentType = rfc2459.CertificateList() 111 112 113class CAKeyUpdAnnContent(univ.Sequence): 114 """ 115 CAKeyUpdAnnContent ::= SEQUENCE { 116 oldWithNew CMPCertificate, 117 newWithOld CMPCertificate, 118 newWithNew CMPCertificate 119 } 120 """ 121 componentType = namedtype.NamedTypes( 122 namedtype.NamedType('oldWithNew', CMPCertificate()), 123 namedtype.NamedType('newWithOld', CMPCertificate()), 124 namedtype.NamedType('newWithNew', CMPCertificate()) 125 ) 126 127 128class RevDetails(univ.Sequence): 129 """ 130 RevDetails ::= SEQUENCE { 131 certDetails CertTemplate, 132 crlEntryDetails Extensions OPTIONAL 133 } 134 """ 135 componentType = namedtype.NamedTypes( 136 namedtype.NamedType('certDetails', rfc2511.CertTemplate()), 137 namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions()) 138 ) 139 140 141class RevReqContent(univ.SequenceOf): 142 componentType = RevDetails() 143 144 145class CertOrEncCert(univ.Choice): 146 """ 147 CertOrEncCert ::= CHOICE { 148 certificate [0] CMPCertificate, 149 encryptedCert [1] EncryptedValue 150 } 151 """ 152 componentType = namedtype.NamedTypes( 153 namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 154 namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 155 ) 156 157 158class CertifiedKeyPair(univ.Sequence): 159 """ 160 CertifiedKeyPair ::= SEQUENCE { 161 certOrEncCert CertOrEncCert, 162 privateKey [0] EncryptedValue OPTIONAL, 163 publicationInfo [1] PKIPublicationInfo OPTIONAL 164 } 165 """ 166 componentType = namedtype.NamedTypes( 167 namedtype.NamedType('certOrEncCert', CertOrEncCert()), 168 namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 169 namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 170 ) 171 172 173class POPODecKeyRespContent(univ.SequenceOf): 174 componentType = univ.Integer() 175 176 177class Challenge(univ.Sequence): 178 """ 179 Challenge ::= SEQUENCE { 180 owf AlgorithmIdentifier OPTIONAL, 181 witness OCTET STRING, 182 challenge OCTET STRING 183 } 184 """ 185 componentType = namedtype.NamedTypes( 186 namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()), 187 namedtype.NamedType('witness', univ.OctetString()), 188 namedtype.NamedType('challenge', univ.OctetString()) 189 ) 190 191 192class PKIStatus(univ.Integer): 193 """ 194 PKIStatus ::= INTEGER { 195 accepted (0), 196 grantedWithMods (1), 197 rejection (2), 198 waiting (3), 199 revocationWarning (4), 200 revocationNotification (5), 201 keyUpdateWarning (6) 202 } 203 """ 204 namedValues = namedval.NamedValues( 205 ('accepted', 0), 206 ('grantedWithMods', 1), 207 ('rejection', 2), 208 ('waiting', 3), 209 ('revocationWarning', 4), 210 ('revocationNotification', 5), 211 ('keyUpdateWarning', 6) 212 ) 213 214 215class PKIFailureInfo(univ.BitString): 216 """ 217 PKIFailureInfo ::= BIT STRING { 218 badAlg (0), 219 badMessageCheck (1), 220 badRequest (2), 221 badTime (3), 222 badCertId (4), 223 badDataFormat (5), 224 wrongAuthority (6), 225 incorrectData (7), 226 missingTimeStamp (8), 227 badPOP (9), 228 certRevoked (10), 229 certConfirmed (11), 230 wrongIntegrity (12), 231 badRecipientNonce (13), 232 timeNotAvailable (14), 233 unacceptedPolicy (15), 234 unacceptedExtension (16), 235 addInfoNotAvailable (17), 236 badSenderNonce (18), 237 badCertTemplate (19), 238 signerNotTrusted (20), 239 transactionIdInUse (21), 240 unsupportedVersion (22), 241 notAuthorized (23), 242 systemUnavail (24), 243 systemFailure (25), 244 duplicateCertReq (26) 245 """ 246 namedValues = namedval.NamedValues( 247 ('badAlg', 0), 248 ('badMessageCheck', 1), 249 ('badRequest', 2), 250 ('badTime', 3), 251 ('badCertId', 4), 252 ('badDataFormat', 5), 253 ('wrongAuthority', 6), 254 ('incorrectData', 7), 255 ('missingTimeStamp', 8), 256 ('badPOP', 9), 257 ('certRevoked', 10), 258 ('certConfirmed', 11), 259 ('wrongIntegrity', 12), 260 ('badRecipientNonce', 13), 261 ('timeNotAvailable', 14), 262 ('unacceptedPolicy', 15), 263 ('unacceptedExtension', 16), 264 ('addInfoNotAvailable', 17), 265 ('badSenderNonce', 18), 266 ('badCertTemplate', 19), 267 ('signerNotTrusted', 20), 268 ('transactionIdInUse', 21), 269 ('unsupportedVersion', 22), 270 ('notAuthorized', 23), 271 ('systemUnavail', 24), 272 ('systemFailure', 25), 273 ('duplicateCertReq', 26) 274 ) 275 276 277class PKIStatusInfo(univ.Sequence): 278 """ 279 PKIStatusInfo ::= SEQUENCE { 280 status PKIStatus, 281 statusString PKIFreeText OPTIONAL, 282 failInfo PKIFailureInfo OPTIONAL 283 } 284 """ 285 componentType = namedtype.NamedTypes( 286 namedtype.NamedType('status', PKIStatus()), 287 namedtype.OptionalNamedType('statusString', PKIFreeText()), 288 namedtype.OptionalNamedType('failInfo', PKIFailureInfo()) 289 ) 290 291 292class ErrorMsgContent(univ.Sequence): 293 """ 294 ErrorMsgContent ::= SEQUENCE { 295 pKIStatusInfo PKIStatusInfo, 296 errorCode INTEGER OPTIONAL, 297 -- implementation-specific error codes 298 errorDetails PKIFreeText OPTIONAL 299 -- implementation-specific error details 300 } 301 """ 302 componentType = namedtype.NamedTypes( 303 namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()), 304 namedtype.OptionalNamedType('errorCode', univ.Integer()), 305 namedtype.OptionalNamedType('errorDetails', PKIFreeText()) 306 ) 307 308 309class CertStatus(univ.Sequence): 310 """ 311 CertStatus ::= SEQUENCE { 312 certHash OCTET STRING, 313 certReqId INTEGER, 314 statusInfo PKIStatusInfo OPTIONAL 315 } 316 """ 317 componentType = namedtype.NamedTypes( 318 namedtype.NamedType('certHash', univ.OctetString()), 319 namedtype.NamedType('certReqId', univ.Integer()), 320 namedtype.OptionalNamedType('statusInfo', PKIStatusInfo()) 321 ) 322 323 324class CertConfirmContent(univ.SequenceOf): 325 componentType = CertStatus() 326 327 328class RevAnnContent(univ.Sequence): 329 """ 330 RevAnnContent ::= SEQUENCE { 331 status PKIStatus, 332 certId CertId, 333 willBeRevokedAt GeneralizedTime, 334 badSinceDate GeneralizedTime, 335 crlDetails Extensions OPTIONAL 336 } 337 """ 338 componentType = namedtype.NamedTypes( 339 namedtype.NamedType('status', PKIStatus()), 340 namedtype.NamedType('certId', rfc2511.CertId()), 341 namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), 342 namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), 343 namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()) 344 ) 345 346 347class RevRepContent(univ.Sequence): 348 """ 349 RevRepContent ::= SEQUENCE { 350 status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, 351 revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId 352 OPTIONAL, 353 crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList 354 OPTIONAL 355 """ 356 componentType = namedtype.NamedTypes( 357 namedtype.NamedType( 358 'status', univ.SequenceOf( 359 componentType=PKIStatusInfo(), 360 sizeSpec=constraint.ValueSizeConstraint(1, MAX) 361 ) 362 ), 363 namedtype.OptionalNamedType( 364 'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype( 365 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 366 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 367 ) 368 ), 369 namedtype.OptionalNamedType( 370 'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype( 371 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 372 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 373 ) 374 ) 375 ) 376 377 378class KeyRecRepContent(univ.Sequence): 379 """ 380 KeyRecRepContent ::= SEQUENCE { 381 status PKIStatusInfo, 382 newSigCert [0] CMPCertificate OPTIONAL, 383 caCerts [1] SEQUENCE SIZE (1..MAX) OF 384 CMPCertificate OPTIONAL, 385 keyPairHist [2] SEQUENCE SIZE (1..MAX) OF 386 CertifiedKeyPair OPTIONAL 387 } 388 """ 389 componentType = namedtype.NamedTypes( 390 namedtype.NamedType('status', PKIStatusInfo()), 391 namedtype.OptionalNamedType( 392 'newSigCert', CMPCertificate().subtype( 393 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 394 ) 395 ), 396 namedtype.OptionalNamedType( 397 'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype( 398 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), 399 sizeSpec=constraint.ValueSizeConstraint(1, MAX) 400 ) 401 ), 402 namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype( 403 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2), 404 sizeSpec=constraint.ValueSizeConstraint(1, MAX)) 405 ) 406 ) 407 408 409class CertResponse(univ.Sequence): 410 """ 411 CertResponse ::= SEQUENCE { 412 certReqId INTEGER, 413 status PKIStatusInfo, 414 certifiedKeyPair CertifiedKeyPair OPTIONAL, 415 rspInfo OCTET STRING OPTIONAL 416 } 417 """ 418 componentType = namedtype.NamedTypes( 419 namedtype.NamedType('certReqId', univ.Integer()), 420 namedtype.NamedType('status', PKIStatusInfo()), 421 namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()), 422 namedtype.OptionalNamedType('rspInfo', univ.OctetString()) 423 ) 424 425 426class CertRepMessage(univ.Sequence): 427 """ 428 CertRepMessage ::= SEQUENCE { 429 caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 430 OPTIONAL, 431 response SEQUENCE OF CertResponse 432 } 433 """ 434 componentType = namedtype.NamedTypes( 435 namedtype.OptionalNamedType( 436 'caPubs', univ.SequenceOf( 437 componentType=CMPCertificate() 438 ).subtype(sizeSpec=constraint.ValueSizeConstraint(1, MAX), 439 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 440 ), 441 namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse())) 442 ) 443 444 445class POPODecKeyChallContent(univ.SequenceOf): 446 componentType = Challenge() 447 448 449class OOBCertHash(univ.Sequence): 450 """ 451 OOBCertHash ::= SEQUENCE { 452 hashAlg [0] AlgorithmIdentifier OPTIONAL, 453 certId [1] CertId OPTIONAL, 454 hashVal BIT STRING 455 } 456 """ 457 componentType = namedtype.NamedTypes( 458 namedtype.OptionalNamedType( 459 'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) 460 ), 461 namedtype.OptionalNamedType( 462 'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 463 ), 464 namedtype.NamedType('hashVal', univ.BitString()) 465 ) 466 467 468# pyasn1 does not naturally handle recursive definitions, thus this hack: 469# NestedMessageContent ::= PKIMessages 470class NestedMessageContent(univ.SequenceOf): 471 """ 472 NestedMessageContent ::= PKIMessages 473 """ 474 componentType = univ.Any() 475 476 477class DHBMParameter(univ.Sequence): 478 """ 479 DHBMParameter ::= SEQUENCE { 480 owf AlgorithmIdentifier, 481 -- AlgId for a One-Way Function (SHA-1 recommended) 482 mac AlgorithmIdentifier 483 -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], 484 } -- or HMAC [RFC2104, RFC2202]) 485 """ 486 componentType = namedtype.NamedTypes( 487 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 488 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 489 ) 490 491 492id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30') 493 494 495class PBMParameter(univ.Sequence): 496 """ 497 PBMParameter ::= SEQUENCE { 498 salt OCTET STRING, 499 owf AlgorithmIdentifier, 500 iterationCount INTEGER, 501 mac AlgorithmIdentifier 502 } 503 """ 504 componentType = namedtype.NamedTypes( 505 namedtype.NamedType( 506 'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128)) 507 ), 508 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 509 namedtype.NamedType('iterationCount', univ.Integer()), 510 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 511 ) 512 513 514id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13') 515 516 517class PKIProtection(univ.BitString): 518 pass 519 520 521# pyasn1 does not naturally handle recursive definitions, thus this hack: 522# NestedMessageContent ::= PKIMessages 523nestedMessageContent = NestedMessageContent().subtype( 524 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20)) 525 526 527class PKIBody(univ.Choice): 528 """ 529 PKIBody ::= CHOICE { -- message-specific body elements 530 ir [0] CertReqMessages, --Initialization Request 531 ip [1] CertRepMessage, --Initialization Response 532 cr [2] CertReqMessages, --Certification Request 533 cp [3] CertRepMessage, --Certification Response 534 p10cr [4] CertificationRequest, --imported from [PKCS10] 535 popdecc [5] POPODecKeyChallContent, --pop Challenge 536 popdecr [6] POPODecKeyRespContent, --pop Response 537 kur [7] CertReqMessages, --Key Update Request 538 kup [8] CertRepMessage, --Key Update Response 539 krr [9] CertReqMessages, --Key Recovery Request 540 krp [10] KeyRecRepContent, --Key Recovery Response 541 rr [11] RevReqContent, --Revocation Request 542 rp [12] RevRepContent, --Revocation Response 543 ccr [13] CertReqMessages, --Cross-Cert. Request 544 ccp [14] CertRepMessage, --Cross-Cert. Response 545 ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. 546 cann [16] CertAnnContent, --Certificate Ann. 547 rann [17] RevAnnContent, --Revocation Ann. 548 crlann [18] CRLAnnContent, --CRL Announcement 549 pkiconf [19] PKIConfirmContent, --Confirmation 550 nested [20] NestedMessageContent, --Nested Message 551 genm [21] GenMsgContent, --General Message 552 genp [22] GenRepContent, --General Response 553 error [23] ErrorMsgContent, --Error Message 554 certConf [24] CertConfirmContent, --Certificate confirm 555 pollReq [25] PollReqContent, --Polling request 556 pollRep [26] PollRepContent --Polling response 557 558 """ 559 componentType = namedtype.NamedTypes( 560 namedtype.NamedType( 561 'ir', rfc2511.CertReqMessages().subtype( 562 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 563 ) 564 ), 565 namedtype.NamedType( 566 'ip', CertRepMessage().subtype( 567 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 568 ) 569 ), 570 namedtype.NamedType( 571 'cr', rfc2511.CertReqMessages().subtype( 572 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2) 573 ) 574 ), 575 namedtype.NamedType( 576 'cp', CertRepMessage().subtype( 577 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3) 578 ) 579 ), 580 namedtype.NamedType( 581 'p10cr', rfc2314.CertificationRequest().subtype( 582 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4) 583 ) 584 ), 585 namedtype.NamedType( 586 'popdecc', POPODecKeyChallContent().subtype( 587 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5) 588 ) 589 ), 590 namedtype.NamedType( 591 'popdecr', POPODecKeyRespContent().subtype( 592 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6) 593 ) 594 ), 595 namedtype.NamedType( 596 'kur', rfc2511.CertReqMessages().subtype( 597 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7) 598 ) 599 ), 600 namedtype.NamedType( 601 'kup', CertRepMessage().subtype( 602 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8) 603 ) 604 ), 605 namedtype.NamedType( 606 'krr', rfc2511.CertReqMessages().subtype( 607 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9) 608 ) 609 ), 610 namedtype.NamedType( 611 'krp', KeyRecRepContent().subtype( 612 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10) 613 ) 614 ), 615 namedtype.NamedType( 616 'rr', RevReqContent().subtype( 617 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11) 618 ) 619 ), 620 namedtype.NamedType( 621 'rp', RevRepContent().subtype( 622 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12) 623 ) 624 ), 625 namedtype.NamedType( 626 'ccr', rfc2511.CertReqMessages().subtype( 627 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13) 628 ) 629 ), 630 namedtype.NamedType( 631 'ccp', CertRepMessage().subtype( 632 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14) 633 ) 634 ), 635 namedtype.NamedType( 636 'ckuann', CAKeyUpdAnnContent().subtype( 637 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15) 638 ) 639 ), 640 namedtype.NamedType( 641 'cann', CertAnnContent().subtype( 642 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16) 643 ) 644 ), 645 namedtype.NamedType( 646 'rann', RevAnnContent().subtype( 647 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17) 648 ) 649 ), 650 namedtype.NamedType( 651 'crlann', CRLAnnContent().subtype( 652 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18) 653 ) 654 ), 655 namedtype.NamedType( 656 'pkiconf', PKIConfirmContent().subtype( 657 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19) 658 ) 659 ), 660 namedtype.NamedType( 661 'nested', nestedMessageContent 662 ), 663 # namedtype.NamedType('nested', NestedMessageContent().subtype( 664 # explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20) 665 # ) 666 # ), 667 namedtype.NamedType( 668 'genm', GenMsgContent().subtype( 669 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21) 670 ) 671 ), 672 namedtype.NamedType( 673 'gen', GenRepContent().subtype( 674 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22) 675 ) 676 ), 677 namedtype.NamedType( 678 'error', ErrorMsgContent().subtype( 679 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23) 680 ) 681 ), 682 namedtype.NamedType( 683 'certConf', CertConfirmContent().subtype( 684 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24) 685 ) 686 ), 687 namedtype.NamedType( 688 'pollReq', PollReqContent().subtype( 689 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25) 690 ) 691 ), 692 namedtype.NamedType( 693 'pollRep', PollRepContent().subtype( 694 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26) 695 ) 696 ) 697 ) 698 699 700class PKIHeader(univ.Sequence): 701 """ 702 PKIHeader ::= SEQUENCE { 703 pvno INTEGER { cmp1999(1), cmp2000(2) }, 704 sender GeneralName, 705 recipient GeneralName, 706 messageTime [0] GeneralizedTime OPTIONAL, 707 protectionAlg [1] AlgorithmIdentifier OPTIONAL, 708 senderKID [2] KeyIdentifier OPTIONAL, 709 recipKID [3] KeyIdentifier OPTIONAL, 710 transactionID [4] OCTET STRING OPTIONAL, 711 senderNonce [5] OCTET STRING OPTIONAL, 712 recipNonce [6] OCTET STRING OPTIONAL, 713 freeText [7] PKIFreeText OPTIONAL, 714 generalInfo [8] SEQUENCE SIZE (1..MAX) OF 715 InfoTypeAndValue OPTIONAL 716 } 717 718 """ 719 componentType = namedtype.NamedTypes( 720 namedtype.NamedType( 721 'pvno', univ.Integer( 722 namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)) 723 ) 724 ), 725 namedtype.NamedType('sender', rfc2459.GeneralName()), 726 namedtype.NamedType('recipient', rfc2459.GeneralName()), 727 namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( 728 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 729 namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( 730 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 731 namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( 732 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 733 namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( 734 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 735 namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( 736 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 737 namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( 738 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 739 namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( 740 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 741 namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( 742 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), 743 namedtype.OptionalNamedType('generalInfo', 744 univ.SequenceOf( 745 componentType=InfoTypeAndValue().subtype( 746 sizeSpec=constraint.ValueSizeConstraint(1, MAX) 747 ) 748 ).subtype( 749 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)) 750 ) 751 ) 752 753 754class ProtectedPart(univ.Sequence): 755 """ 756 ProtectedPart ::= SEQUENCE { 757 header PKIHeader, 758 body PKIBody 759 } 760 """ 761 componentType = namedtype.NamedTypes( 762 namedtype.NamedType('header', PKIHeader()), 763 namedtype.NamedType('infoValue', PKIBody()) 764 ) 765 766 767class PKIMessage(univ.Sequence): 768 """ 769 PKIMessage ::= SEQUENCE { 770 header PKIHeader, 771 body PKIBody, 772 protection [0] PKIProtection OPTIONAL, 773 extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 774 OPTIONAL 775 }""" 776 componentType = namedtype.NamedTypes( 777 namedtype.NamedType('header', PKIHeader()), 778 namedtype.NamedType('body', PKIBody()), 779 namedtype.OptionalNamedType('protection', PKIProtection().subtype( 780 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 781 namedtype.OptionalNamedType('extraCerts', 782 univ.SequenceOf( 783 componentType=CMPCertificate() 784 ).subtype( 785 sizeSpec=constraint.ValueSizeConstraint(1, MAX), 786 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 787 ) 788 ) 789 ) 790 791 792class PKIMessages(univ.SequenceOf): 793 """ 794 PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage 795 """ 796 componentType = PKIMessage() 797 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) 798 799 800# pyasn1 does not naturally handle recursive definitions, thus this hack: 801# NestedMessageContent ::= PKIMessages 802NestedMessageContent._componentType = PKIMessages() 803nestedMessageContent._componentType = PKIMessages() 804