Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/pyasn1_modules/rfc4210.py: 100%
104 statements
« prev ^ index » next coverage.py v7.2.2, created at 2023-03-26 06:04 +0000
1#
2# This file is part of pyasn1-modules software.
3#
4# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
5# License: http://snmplabs.com/pyasn1/license.html
6#
7# Certificate Management Protocol structures as per RFC4210
8#
9# Based on Alex Railean's work
10#
11from pyasn1.type import char
12from pyasn1.type import constraint
13from pyasn1.type import namedtype
14from pyasn1.type import namedval
15from pyasn1.type import tag
16from pyasn1.type import univ
17from pyasn1.type import useful
19from pyasn1_modules import rfc2314
20from pyasn1_modules import rfc2459
21from pyasn1_modules import rfc2511
23MAX = float('inf')
26class KeyIdentifier(univ.OctetString):
27 pass
30class CMPCertificate(rfc2459.Certificate):
31 pass
34class OOBCert(CMPCertificate):
35 pass
38class CertAnnContent(CMPCertificate):
39 pass
42class PKIFreeText(univ.SequenceOf):
43 """
44 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
45 """
46 componentType = char.UTF8String()
47 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
50class PollRepContent(univ.SequenceOf):
51 """
52 PollRepContent ::= SEQUENCE OF SEQUENCE {
53 certReqId INTEGER,
54 checkAfter INTEGER, -- time in seconds
55 reason PKIFreeText OPTIONAL
56 }
57 """
59 class CertReq(univ.Sequence):
60 componentType = namedtype.NamedTypes(
61 namedtype.NamedType('certReqId', univ.Integer()),
62 namedtype.NamedType('checkAfter', univ.Integer()),
63 namedtype.OptionalNamedType('reason', PKIFreeText())
64 )
66 componentType = CertReq()
69class PollReqContent(univ.SequenceOf):
70 """
71 PollReqContent ::= SEQUENCE OF SEQUENCE {
72 certReqId INTEGER
73 }
75 """
77 class CertReq(univ.Sequence):
78 componentType = namedtype.NamedTypes(
79 namedtype.NamedType('certReqId', univ.Integer())
80 )
82 componentType = CertReq()
85class InfoTypeAndValue(univ.Sequence):
86 """
87 InfoTypeAndValue ::= SEQUENCE {
88 infoType OBJECT IDENTIFIER,
89 infoValue ANY DEFINED BY infoType OPTIONAL
90 }"""
91 componentType = namedtype.NamedTypes(
92 namedtype.NamedType('infoType', univ.ObjectIdentifier()),
93 namedtype.OptionalNamedType('infoValue', univ.Any())
94 )
97class GenRepContent(univ.SequenceOf):
98 componentType = InfoTypeAndValue()
101class GenMsgContent(univ.SequenceOf):
102 componentType = InfoTypeAndValue()
105class PKIConfirmContent(univ.Null):
106 pass
109class CRLAnnContent(univ.SequenceOf):
110 componentType = rfc2459.CertificateList()
113class CAKeyUpdAnnContent(univ.Sequence):
114 """
115 CAKeyUpdAnnContent ::= SEQUENCE {
116 oldWithNew CMPCertificate,
117 newWithOld CMPCertificate,
118 newWithNew CMPCertificate
119 }
120 """
121 componentType = namedtype.NamedTypes(
122 namedtype.NamedType('oldWithNew', CMPCertificate()),
123 namedtype.NamedType('newWithOld', CMPCertificate()),
124 namedtype.NamedType('newWithNew', CMPCertificate())
125 )
128class RevDetails(univ.Sequence):
129 """
130 RevDetails ::= SEQUENCE {
131 certDetails CertTemplate,
132 crlEntryDetails Extensions OPTIONAL
133 }
134 """
135 componentType = namedtype.NamedTypes(
136 namedtype.NamedType('certDetails', rfc2511.CertTemplate()),
137 namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions())
138 )
141class RevReqContent(univ.SequenceOf):
142 componentType = RevDetails()
145class CertOrEncCert(univ.Choice):
146 """
147 CertOrEncCert ::= CHOICE {
148 certificate [0] CMPCertificate,
149 encryptedCert [1] EncryptedValue
150 }
151 """
152 componentType = namedtype.NamedTypes(
153 namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
154 namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
155 )
158class CertifiedKeyPair(univ.Sequence):
159 """
160 CertifiedKeyPair ::= SEQUENCE {
161 certOrEncCert CertOrEncCert,
162 privateKey [0] EncryptedValue OPTIONAL,
163 publicationInfo [1] PKIPublicationInfo OPTIONAL
164 }
165 """
166 componentType = namedtype.NamedTypes(
167 namedtype.NamedType('certOrEncCert', CertOrEncCert()),
168 namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
169 namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
170 )
173class POPODecKeyRespContent(univ.SequenceOf):
174 componentType = univ.Integer()
177class Challenge(univ.Sequence):
178 """
179 Challenge ::= SEQUENCE {
180 owf AlgorithmIdentifier OPTIONAL,
181 witness OCTET STRING,
182 challenge OCTET STRING
183 }
184 """
185 componentType = namedtype.NamedTypes(
186 namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()),
187 namedtype.NamedType('witness', univ.OctetString()),
188 namedtype.NamedType('challenge', univ.OctetString())
189 )
192class PKIStatus(univ.Integer):
193 """
194 PKIStatus ::= INTEGER {
195 accepted (0),
196 grantedWithMods (1),
197 rejection (2),
198 waiting (3),
199 revocationWarning (4),
200 revocationNotification (5),
201 keyUpdateWarning (6)
202 }
203 """
204 namedValues = namedval.NamedValues(
205 ('accepted', 0),
206 ('grantedWithMods', 1),
207 ('rejection', 2),
208 ('waiting', 3),
209 ('revocationWarning', 4),
210 ('revocationNotification', 5),
211 ('keyUpdateWarning', 6)
212 )
215class PKIFailureInfo(univ.BitString):
216 """
217 PKIFailureInfo ::= BIT STRING {
218 badAlg (0),
219 badMessageCheck (1),
220 badRequest (2),
221 badTime (3),
222 badCertId (4),
223 badDataFormat (5),
224 wrongAuthority (6),
225 incorrectData (7),
226 missingTimeStamp (8),
227 badPOP (9),
228 certRevoked (10),
229 certConfirmed (11),
230 wrongIntegrity (12),
231 badRecipientNonce (13),
232 timeNotAvailable (14),
233 unacceptedPolicy (15),
234 unacceptedExtension (16),
235 addInfoNotAvailable (17),
236 badSenderNonce (18),
237 badCertTemplate (19),
238 signerNotTrusted (20),
239 transactionIdInUse (21),
240 unsupportedVersion (22),
241 notAuthorized (23),
242 systemUnavail (24),
243 systemFailure (25),
244 duplicateCertReq (26)
245 """
246 namedValues = namedval.NamedValues(
247 ('badAlg', 0),
248 ('badMessageCheck', 1),
249 ('badRequest', 2),
250 ('badTime', 3),
251 ('badCertId', 4),
252 ('badDataFormat', 5),
253 ('wrongAuthority', 6),
254 ('incorrectData', 7),
255 ('missingTimeStamp', 8),
256 ('badPOP', 9),
257 ('certRevoked', 10),
258 ('certConfirmed', 11),
259 ('wrongIntegrity', 12),
260 ('badRecipientNonce', 13),
261 ('timeNotAvailable', 14),
262 ('unacceptedPolicy', 15),
263 ('unacceptedExtension', 16),
264 ('addInfoNotAvailable', 17),
265 ('badSenderNonce', 18),
266 ('badCertTemplate', 19),
267 ('signerNotTrusted', 20),
268 ('transactionIdInUse', 21),
269 ('unsupportedVersion', 22),
270 ('notAuthorized', 23),
271 ('systemUnavail', 24),
272 ('systemFailure', 25),
273 ('duplicateCertReq', 26)
274 )
277class PKIStatusInfo(univ.Sequence):
278 """
279 PKIStatusInfo ::= SEQUENCE {
280 status PKIStatus,
281 statusString PKIFreeText OPTIONAL,
282 failInfo PKIFailureInfo OPTIONAL
283 }
284 """
285 componentType = namedtype.NamedTypes(
286 namedtype.NamedType('status', PKIStatus()),
287 namedtype.OptionalNamedType('statusString', PKIFreeText()),
288 namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
289 )
292class ErrorMsgContent(univ.Sequence):
293 """
294 ErrorMsgContent ::= SEQUENCE {
295 pKIStatusInfo PKIStatusInfo,
296 errorCode INTEGER OPTIONAL,
297 -- implementation-specific error codes
298 errorDetails PKIFreeText OPTIONAL
299 -- implementation-specific error details
300 }
301 """
302 componentType = namedtype.NamedTypes(
303 namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()),
304 namedtype.OptionalNamedType('errorCode', univ.Integer()),
305 namedtype.OptionalNamedType('errorDetails', PKIFreeText())
306 )
309class CertStatus(univ.Sequence):
310 """
311 CertStatus ::= SEQUENCE {
312 certHash OCTET STRING,
313 certReqId INTEGER,
314 statusInfo PKIStatusInfo OPTIONAL
315 }
316 """
317 componentType = namedtype.NamedTypes(
318 namedtype.NamedType('certHash', univ.OctetString()),
319 namedtype.NamedType('certReqId', univ.Integer()),
320 namedtype.OptionalNamedType('statusInfo', PKIStatusInfo())
321 )
324class CertConfirmContent(univ.SequenceOf):
325 componentType = CertStatus()
328class RevAnnContent(univ.Sequence):
329 """
330 RevAnnContent ::= SEQUENCE {
331 status PKIStatus,
332 certId CertId,
333 willBeRevokedAt GeneralizedTime,
334 badSinceDate GeneralizedTime,
335 crlDetails Extensions OPTIONAL
336 }
337 """
338 componentType = namedtype.NamedTypes(
339 namedtype.NamedType('status', PKIStatus()),
340 namedtype.NamedType('certId', rfc2511.CertId()),
341 namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
342 namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
343 namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions())
344 )
347class RevRepContent(univ.Sequence):
348 """
349 RevRepContent ::= SEQUENCE {
350 status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
351 revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
352 OPTIONAL,
353 crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList
354 OPTIONAL
355 """
356 componentType = namedtype.NamedTypes(
357 namedtype.NamedType(
358 'status', univ.SequenceOf(
359 componentType=PKIStatusInfo(),
360 sizeSpec=constraint.ValueSizeConstraint(1, MAX)
361 )
362 ),
363 namedtype.OptionalNamedType(
364 'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype(
365 sizeSpec=constraint.ValueSizeConstraint(1, MAX),
366 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
367 )
368 ),
369 namedtype.OptionalNamedType(
370 'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype(
371 sizeSpec=constraint.ValueSizeConstraint(1, MAX),
372 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
373 )
374 )
375 )
378class KeyRecRepContent(univ.Sequence):
379 """
380 KeyRecRepContent ::= SEQUENCE {
381 status PKIStatusInfo,
382 newSigCert [0] CMPCertificate OPTIONAL,
383 caCerts [1] SEQUENCE SIZE (1..MAX) OF
384 CMPCertificate OPTIONAL,
385 keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
386 CertifiedKeyPair OPTIONAL
387 }
388 """
389 componentType = namedtype.NamedTypes(
390 namedtype.NamedType('status', PKIStatusInfo()),
391 namedtype.OptionalNamedType(
392 'newSigCert', CMPCertificate().subtype(
393 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
394 )
395 ),
396 namedtype.OptionalNamedType(
397 'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype(
398 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1),
399 sizeSpec=constraint.ValueSizeConstraint(1, MAX)
400 )
401 ),
402 namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype(
403 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2),
404 sizeSpec=constraint.ValueSizeConstraint(1, MAX))
405 )
406 )
409class CertResponse(univ.Sequence):
410 """
411 CertResponse ::= SEQUENCE {
412 certReqId INTEGER,
413 status PKIStatusInfo,
414 certifiedKeyPair CertifiedKeyPair OPTIONAL,
415 rspInfo OCTET STRING OPTIONAL
416 }
417 """
418 componentType = namedtype.NamedTypes(
419 namedtype.NamedType('certReqId', univ.Integer()),
420 namedtype.NamedType('status', PKIStatusInfo()),
421 namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()),
422 namedtype.OptionalNamedType('rspInfo', univ.OctetString())
423 )
426class CertRepMessage(univ.Sequence):
427 """
428 CertRepMessage ::= SEQUENCE {
429 caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
430 OPTIONAL,
431 response SEQUENCE OF CertResponse
432 }
433 """
434 componentType = namedtype.NamedTypes(
435 namedtype.OptionalNamedType(
436 'caPubs', univ.SequenceOf(
437 componentType=CMPCertificate()
438 ).subtype(sizeSpec=constraint.ValueSizeConstraint(1, MAX),
439 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))
440 ),
441 namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse()))
442 )
445class POPODecKeyChallContent(univ.SequenceOf):
446 componentType = Challenge()
449class OOBCertHash(univ.Sequence):
450 """
451 OOBCertHash ::= SEQUENCE {
452 hashAlg [0] AlgorithmIdentifier OPTIONAL,
453 certId [1] CertId OPTIONAL,
454 hashVal BIT STRING
455 }
456 """
457 componentType = namedtype.NamedTypes(
458 namedtype.OptionalNamedType(
459 'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))
460 ),
461 namedtype.OptionalNamedType(
462 'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))
463 ),
464 namedtype.NamedType('hashVal', univ.BitString())
465 )
468# pyasn1 does not naturally handle recursive definitions, thus this hack:
469# NestedMessageContent ::= PKIMessages
470class NestedMessageContent(univ.SequenceOf):
471 """
472 NestedMessageContent ::= PKIMessages
473 """
474 componentType = univ.Any()
477class DHBMParameter(univ.Sequence):
478 """
479 DHBMParameter ::= SEQUENCE {
480 owf AlgorithmIdentifier,
481 -- AlgId for a One-Way Function (SHA-1 recommended)
482 mac AlgorithmIdentifier
483 -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
484 } -- or HMAC [RFC2104, RFC2202])
485 """
486 componentType = namedtype.NamedTypes(
487 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
488 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
489 )
492id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30')
495class PBMParameter(univ.Sequence):
496 """
497 PBMParameter ::= SEQUENCE {
498 salt OCTET STRING,
499 owf AlgorithmIdentifier,
500 iterationCount INTEGER,
501 mac AlgorithmIdentifier
502 }
503 """
504 componentType = namedtype.NamedTypes(
505 namedtype.NamedType(
506 'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128))
507 ),
508 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
509 namedtype.NamedType('iterationCount', univ.Integer()),
510 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
511 )
514id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13')
517class PKIProtection(univ.BitString):
518 pass
521# pyasn1 does not naturally handle recursive definitions, thus this hack:
522# NestedMessageContent ::= PKIMessages
523nestedMessageContent = NestedMessageContent().subtype(
524 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20))
527class PKIBody(univ.Choice):
528 """
529 PKIBody ::= CHOICE { -- message-specific body elements
530 ir [0] CertReqMessages, --Initialization Request
531 ip [1] CertRepMessage, --Initialization Response
532 cr [2] CertReqMessages, --Certification Request
533 cp [3] CertRepMessage, --Certification Response
534 p10cr [4] CertificationRequest, --imported from [PKCS10]
535 popdecc [5] POPODecKeyChallContent, --pop Challenge
536 popdecr [6] POPODecKeyRespContent, --pop Response
537 kur [7] CertReqMessages, --Key Update Request
538 kup [8] CertRepMessage, --Key Update Response
539 krr [9] CertReqMessages, --Key Recovery Request
540 krp [10] KeyRecRepContent, --Key Recovery Response
541 rr [11] RevReqContent, --Revocation Request
542 rp [12] RevRepContent, --Revocation Response
543 ccr [13] CertReqMessages, --Cross-Cert. Request
544 ccp [14] CertRepMessage, --Cross-Cert. Response
545 ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
546 cann [16] CertAnnContent, --Certificate Ann.
547 rann [17] RevAnnContent, --Revocation Ann.
548 crlann [18] CRLAnnContent, --CRL Announcement
549 pkiconf [19] PKIConfirmContent, --Confirmation
550 nested [20] NestedMessageContent, --Nested Message
551 genm [21] GenMsgContent, --General Message
552 genp [22] GenRepContent, --General Response
553 error [23] ErrorMsgContent, --Error Message
554 certConf [24] CertConfirmContent, --Certificate confirm
555 pollReq [25] PollReqContent, --Polling request
556 pollRep [26] PollRepContent --Polling response
558 """
559 componentType = namedtype.NamedTypes(
560 namedtype.NamedType(
561 'ir', rfc2511.CertReqMessages().subtype(
562 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
563 )
564 ),
565 namedtype.NamedType(
566 'ip', CertRepMessage().subtype(
567 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
568 )
569 ),
570 namedtype.NamedType(
571 'cr', rfc2511.CertReqMessages().subtype(
572 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
573 )
574 ),
575 namedtype.NamedType(
576 'cp', CertRepMessage().subtype(
577 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
578 )
579 ),
580 namedtype.NamedType(
581 'p10cr', rfc2314.CertificationRequest().subtype(
582 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)
583 )
584 ),
585 namedtype.NamedType(
586 'popdecc', POPODecKeyChallContent().subtype(
587 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
588 )
589 ),
590 namedtype.NamedType(
591 'popdecr', POPODecKeyRespContent().subtype(
592 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
593 )
594 ),
595 namedtype.NamedType(
596 'kur', rfc2511.CertReqMessages().subtype(
597 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
598 )
599 ),
600 namedtype.NamedType(
601 'kup', CertRepMessage().subtype(
602 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
603 )
604 ),
605 namedtype.NamedType(
606 'krr', rfc2511.CertReqMessages().subtype(
607 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)
608 )
609 ),
610 namedtype.NamedType(
611 'krp', KeyRecRepContent().subtype(
612 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10)
613 )
614 ),
615 namedtype.NamedType(
616 'rr', RevReqContent().subtype(
617 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11)
618 )
619 ),
620 namedtype.NamedType(
621 'rp', RevRepContent().subtype(
622 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12)
623 )
624 ),
625 namedtype.NamedType(
626 'ccr', rfc2511.CertReqMessages().subtype(
627 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13)
628 )
629 ),
630 namedtype.NamedType(
631 'ccp', CertRepMessage().subtype(
632 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14)
633 )
634 ),
635 namedtype.NamedType(
636 'ckuann', CAKeyUpdAnnContent().subtype(
637 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15)
638 )
639 ),
640 namedtype.NamedType(
641 'cann', CertAnnContent().subtype(
642 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16)
643 )
644 ),
645 namedtype.NamedType(
646 'rann', RevAnnContent().subtype(
647 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17)
648 )
649 ),
650 namedtype.NamedType(
651 'crlann', CRLAnnContent().subtype(
652 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18)
653 )
654 ),
655 namedtype.NamedType(
656 'pkiconf', PKIConfirmContent().subtype(
657 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19)
658 )
659 ),
660 namedtype.NamedType(
661 'nested', nestedMessageContent
662 ),
663 # namedtype.NamedType('nested', NestedMessageContent().subtype(
664 # explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
665 # )
666 # ),
667 namedtype.NamedType(
668 'genm', GenMsgContent().subtype(
669 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21)
670 )
671 ),
672 namedtype.NamedType(
673 'gen', GenRepContent().subtype(
674 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22)
675 )
676 ),
677 namedtype.NamedType(
678 'error', ErrorMsgContent().subtype(
679 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23)
680 )
681 ),
682 namedtype.NamedType(
683 'certConf', CertConfirmContent().subtype(
684 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24)
685 )
686 ),
687 namedtype.NamedType(
688 'pollReq', PollReqContent().subtype(
689 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25)
690 )
691 ),
692 namedtype.NamedType(
693 'pollRep', PollRepContent().subtype(
694 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26)
695 )
696 )
697 )
700class PKIHeader(univ.Sequence):
701 """
702 PKIHeader ::= SEQUENCE {
703 pvno INTEGER { cmp1999(1), cmp2000(2) },
704 sender GeneralName,
705 recipient GeneralName,
706 messageTime [0] GeneralizedTime OPTIONAL,
707 protectionAlg [1] AlgorithmIdentifier OPTIONAL,
708 senderKID [2] KeyIdentifier OPTIONAL,
709 recipKID [3] KeyIdentifier OPTIONAL,
710 transactionID [4] OCTET STRING OPTIONAL,
711 senderNonce [5] OCTET STRING OPTIONAL,
712 recipNonce [6] OCTET STRING OPTIONAL,
713 freeText [7] PKIFreeText OPTIONAL,
714 generalInfo [8] SEQUENCE SIZE (1..MAX) OF
715 InfoTypeAndValue OPTIONAL
716 }
718 """
719 componentType = namedtype.NamedTypes(
720 namedtype.NamedType(
721 'pvno', univ.Integer(
722 namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2))
723 )
724 ),
725 namedtype.NamedType('sender', rfc2459.GeneralName()),
726 namedtype.NamedType('recipient', rfc2459.GeneralName()),
727 namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(
728 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
729 namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
730 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
731 namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(
732 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
733 namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(
734 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
735 namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(
736 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
737 namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(
738 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
739 namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(
740 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
741 namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(
742 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
743 namedtype.OptionalNamedType('generalInfo',
744 univ.SequenceOf(
745 componentType=InfoTypeAndValue().subtype(
746 sizeSpec=constraint.ValueSizeConstraint(1, MAX)
747 )
748 ).subtype(
749 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))
750 )
751 )
754class ProtectedPart(univ.Sequence):
755 """
756 ProtectedPart ::= SEQUENCE {
757 header PKIHeader,
758 body PKIBody
759 }
760 """
761 componentType = namedtype.NamedTypes(
762 namedtype.NamedType('header', PKIHeader()),
763 namedtype.NamedType('infoValue', PKIBody())
764 )
767class PKIMessage(univ.Sequence):
768 """
769 PKIMessage ::= SEQUENCE {
770 header PKIHeader,
771 body PKIBody,
772 protection [0] PKIProtection OPTIONAL,
773 extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
774 OPTIONAL
775 }"""
776 componentType = namedtype.NamedTypes(
777 namedtype.NamedType('header', PKIHeader()),
778 namedtype.NamedType('body', PKIBody()),
779 namedtype.OptionalNamedType('protection', PKIProtection().subtype(
780 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
781 namedtype.OptionalNamedType('extraCerts',
782 univ.SequenceOf(
783 componentType=CMPCertificate()
784 ).subtype(
785 sizeSpec=constraint.ValueSizeConstraint(1, MAX),
786 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
787 )
788 )
789 )
792class PKIMessages(univ.SequenceOf):
793 """
794 PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
795 """
796 componentType = PKIMessage()
797 sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
800# pyasn1 does not naturally handle recursive definitions, thus this hack:
801# NestedMessageContent ::= PKIMessages
802NestedMessageContent._componentType = PKIMessages()
803nestedMessageContent._componentType = PKIMessages()