1# 2# This file is part of pyasn1-modules software. 3# 4# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> 5# License: http://pyasn1.sf.net/license.html 6# 7# Certificate Management Protocol structures as per RFC4210 8# 9# Based on Alex Railean's work 10# 11from pyasn1.type import char 12from pyasn1.type import constraint 13from pyasn1.type import namedtype 14from pyasn1.type import namedval 15from pyasn1.type import tag 16from pyasn1.type import univ 17from pyasn1.type import useful 18 19from pyasn1_modules import rfc2314 20from pyasn1_modules import rfc2459 21from pyasn1_modules import rfc2511 22 23MAX = float('inf') 24 25 26class KeyIdentifier(univ.OctetString): 27 pass 28 29 30class CMPCertificate(rfc2459.Certificate): 31 pass 32 33 34class OOBCert(CMPCertificate): 35 pass 36 37 38class CertAnnContent(CMPCertificate): 39 pass 40 41 42class PKIFreeText(univ.SequenceOf): 43 """ 44 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String 45 """ 46 componentType = char.UTF8String() 47 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 48 49 50class PollRepContent(univ.SequenceOf): 51 """ 52 PollRepContent ::= SEQUENCE OF SEQUENCE { 53 certReqId INTEGER, 54 checkAfter INTEGER, -- time in seconds 55 reason PKIFreeText OPTIONAL 56 } 57 """ 58 59 class CertReq(univ.Sequence): 60 componentType = namedtype.NamedTypes( 61 namedtype.NamedType('certReqId', univ.Integer()), 62 namedtype.NamedType('checkAfter', univ.Integer()), 63 namedtype.OptionalNamedType('reason', PKIFreeText()) 64 ) 65 66 componentType = CertReq() 67 68 69class PollReqContent(univ.SequenceOf): 70 """ 71 PollReqContent ::= SEQUENCE OF SEQUENCE { 72 certReqId INTEGER 73 } 74 75 """ 76 77 class CertReq(univ.Sequence): 78 componentType = namedtype.NamedTypes( 79 namedtype.NamedType('certReqId', univ.Integer()) 80 ) 81 82 componentType = CertReq() 83 84 85class InfoTypeAndValue(univ.Sequence): 86 """ 87 InfoTypeAndValue ::= SEQUENCE { 88 infoType OBJECT IDENTIFIER, 89 infoValue ANY DEFINED BY infoType OPTIONAL 90 }""" 91 componentType = namedtype.NamedTypes( 92 namedtype.NamedType('infoType', univ.ObjectIdentifier()), 93 namedtype.OptionalNamedType('infoValue', univ.Any()) 94 ) 95 96 97class GenRepContent(univ.SequenceOf): 98 componentType = InfoTypeAndValue() 99 100 101class GenMsgContent(univ.SequenceOf): 102 componentType = InfoTypeAndValue() 103 104 105class PKIConfirmContent(univ.Null): 106 pass 107 108 109class CRLAnnContent(univ.SequenceOf): 110 componentType = rfc2459.CertificateList() 111 112 113class CAKeyUpdAnnContent(univ.Sequence): 114 """ 115 CAKeyUpdAnnContent ::= SEQUENCE { 116 oldWithNew CMPCertificate, 117 newWithOld CMPCertificate, 118 newWithNew CMPCertificate 119 } 120 """ 121 componentType = namedtype.NamedTypes( 122 namedtype.NamedType('oldWithNew', CMPCertificate()), 123 namedtype.NamedType('newWithOld', CMPCertificate()), 124 namedtype.NamedType('newWithNew', CMPCertificate()) 125 ) 126 127 128class RevDetails(univ.Sequence): 129 """ 130 RevDetails ::= SEQUENCE { 131 certDetails CertTemplate, 132 crlEntryDetails Extensions OPTIONAL 133 } 134 """ 135 componentType = namedtype.NamedTypes( 136 namedtype.NamedType('certDetails', rfc2511.CertTemplate()), 137 namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions()) 138 ) 139 140 141class RevReqContent(univ.SequenceOf): 142 componentType = RevDetails() 143 144 145class CertOrEncCert(univ.Choice): 146 """ 147 CertOrEncCert ::= CHOICE { 148 certificate [0] CMPCertificate, 149 encryptedCert [1] EncryptedValue 150 } 151 """ 152 componentType = namedtype.NamedTypes( 153 namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 154 namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 155 ) 156 157 158class CertifiedKeyPair(univ.Sequence): 159 """ 160 CertifiedKeyPair ::= SEQUENCE { 161 certOrEncCert CertOrEncCert, 162 privateKey [0] EncryptedValue OPTIONAL, 163 publicationInfo [1] PKIPublicationInfo OPTIONAL 164 } 165 """ 166 componentType = namedtype.NamedTypes( 167 namedtype.NamedType('certOrEncCert', CertOrEncCert()), 168 namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 169 namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))) 170 ) 171 172 173class POPODecKeyRespContent(univ.SequenceOf): 174 componentType = univ.Integer() 175 176 177class Challenge(univ.Sequence): 178 """ 179 Challenge ::= SEQUENCE { 180 owf AlgorithmIdentifier OPTIONAL, 181 witness OCTET STRING, 182 challenge OCTET STRING 183 } 184 """ 185 componentType = namedtype.NamedTypes( 186 namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()), 187 namedtype.NamedType('witness', univ.OctetString()), 188 namedtype.NamedType('challenge', univ.OctetString()) 189 ) 190 191 192class PKIStatus(univ.Integer): 193 """ 194 PKIStatus ::= INTEGER { 195 accepted (0), 196 grantedWithMods (1), 197 rejection (2), 198 waiting (3), 199 revocationWarning (4), 200 revocationNotification (5), 201 keyUpdateWarning (6) 202 } 203 """ 204 namedValues = namedval.NamedValues( 205 ('accepted', 0), 206 ('grantedWithMods', 1), 207 ('rejection', 2), 208 ('waiting', 3), 209 ('revocationWarning', 4), 210 ('revocationNotification', 5), 211 ('keyUpdateWarning', 6) 212 ) 213 214 215class PKIFailureInfo(univ.BitString): 216 """ 217 PKIFailureInfo ::= BIT STRING { 218 badAlg (0), 219 badMessageCheck (1), 220 badRequest (2), 221 badTime (3), 222 badCertId (4), 223 badDataFormat (5), 224 wrongAuthority (6), 225 incorrectData (7), 226 missingTimeStamp (8), 227 badPOP (9), 228 certRevoked (10), 229 certConfirmed (11), 230 wrongIntegrity (12), 231 badRecipientNonce (13), 232 timeNotAvailable (14), 233 unacceptedPolicy (15), 234 unacceptedExtension (16), 235 addInfoNotAvailable (17), 236 badSenderNonce (18), 237 badCertTemplate (19), 238 signerNotTrusted (20), 239 transactionIdInUse (21), 240 unsupportedVersion (22), 241 notAuthorized (23), 242 systemUnavail (24), 243 systemFailure (25), 244 duplicateCertReq (26) 245 """ 246 namedValues = namedval.NamedValues( 247 ('badAlg', 0), 248 ('badMessageCheck', 1), 249 ('badRequest', 2), 250 ('badTime', 3), 251 ('badCertId', 4), 252 ('badDataFormat', 5), 253 ('wrongAuthority', 6), 254 ('incorrectData', 7), 255 ('missingTimeStamp', 8), 256 ('badPOP', 9), 257 ('certRevoked', 10), 258 ('certConfirmed', 11), 259 ('wrongIntegrity', 12), 260 ('badRecipientNonce', 13), 261 ('timeNotAvailable', 14), 262 ('unacceptedPolicy', 15), 263 ('unacceptedExtension', 16), 264 ('addInfoNotAvailable', 17), 265 ('badSenderNonce', 18), 266 ('badCertTemplate', 19), 267 ('signerNotTrusted', 20), 268 ('transactionIdInUse', 21), 269 ('unsupportedVersion', 22), 270 ('notAuthorized', 23), 271 ('systemUnavail', 24), 272 ('systemFailure', 25), 273 ('duplicateCertReq', 26) 274 ) 275 276 277class PKIStatusInfo(univ.Sequence): 278 """ 279 PKIStatusInfo ::= SEQUENCE { 280 status PKIStatus, 281 statusString PKIFreeText OPTIONAL, 282 failInfo PKIFailureInfo OPTIONAL 283 } 284 """ 285 componentType = namedtype.NamedTypes( 286 namedtype.NamedType('status', PKIStatus()), 287 namedtype.OptionalNamedType('statusString', PKIFreeText()), 288 namedtype.OptionalNamedType('failInfo', PKIFailureInfo()) 289 ) 290 291 292class ErrorMsgContent(univ.Sequence): 293 """ 294 ErrorMsgContent ::= SEQUENCE { 295 pKIStatusInfo PKIStatusInfo, 296 errorCode INTEGER OPTIONAL, 297 -- implementation-specific error codes 298 errorDetails PKIFreeText OPTIONAL 299 -- implementation-specific error details 300 } 301 """ 302 componentType = namedtype.NamedTypes( 303 namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()), 304 namedtype.OptionalNamedType('errorCode', univ.Integer()), 305 namedtype.OptionalNamedType('errorDetails', PKIFreeText()) 306 ) 307 308 309class CertStatus(univ.Sequence): 310 """ 311 CertStatus ::= SEQUENCE { 312 certHash OCTET STRING, 313 certReqId INTEGER, 314 statusInfo PKIStatusInfo OPTIONAL 315 } 316 """ 317 componentType = namedtype.NamedTypes( 318 namedtype.NamedType('certHash', univ.OctetString()), 319 namedtype.NamedType('certReqId', univ.Integer()), 320 namedtype.OptionalNamedType('statusInfo', PKIStatusInfo()) 321 ) 322 323 324class CertConfirmContent(univ.SequenceOf): 325 componentType = CertStatus() 326 327 328class RevAnnContent(univ.Sequence): 329 """ 330 RevAnnContent ::= SEQUENCE { 331 status PKIStatus, 332 certId CertId, 333 willBeRevokedAt GeneralizedTime, 334 badSinceDate GeneralizedTime, 335 crlDetails Extensions OPTIONAL 336 } 337 """ 338 componentType = namedtype.NamedTypes( 339 namedtype.NamedType('status', PKIStatus()), 340 namedtype.NamedType('certId', rfc2511.CertId()), 341 namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), 342 namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), 343 namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()) 344 ) 345 346 347class RevRepContent(univ.Sequence): 348 """ 349 RevRepContent ::= SEQUENCE { 350 status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, 351 revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId 352 OPTIONAL, 353 crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList 354 OPTIONAL 355 """ 356 componentType = namedtype.NamedTypes( 357 namedtype.NamedType('status', PKIStatusInfo()), 358 namedtype.OptionalNamedType( 359 'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype( 360 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 361 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 362 ) 363 ), 364 namedtype.OptionalNamedType( 365 'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype( 366 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 367 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 368 ) 369 ) 370 ) 371 372 373class KeyRecRepContent(univ.Sequence): 374 """ 375 KeyRecRepContent ::= SEQUENCE { 376 status PKIStatusInfo, 377 newSigCert [0] CMPCertificate OPTIONAL, 378 caCerts [1] SEQUENCE SIZE (1..MAX) OF 379 CMPCertificate OPTIONAL, 380 keyPairHist [2] SEQUENCE SIZE (1..MAX) OF 381 CertifiedKeyPair OPTIONAL 382 } 383 """ 384 componentType = namedtype.NamedTypes( 385 namedtype.NamedType('status', PKIStatusInfo()), 386 namedtype.OptionalNamedType( 387 'newSigCert', CMPCertificate().subtype( 388 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 389 ) 390 ), 391 namedtype.OptionalNamedType( 392 'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype( 393 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), 394 subtypeSpec=constraint.ValueSizeConstraint(1, MAX) 395 ) 396 ), 397 namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype( 398 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2), 399 subtypeSpec=constraint.ValueSizeConstraint(1, MAX)) 400 ) 401 ) 402 403 404class CertResponse(univ.Sequence): 405 """ 406 CertResponse ::= SEQUENCE { 407 certReqId INTEGER, 408 status PKIStatusInfo, 409 certifiedKeyPair CertifiedKeyPair OPTIONAL, 410 rspInfo OCTET STRING OPTIONAL 411 } 412 """ 413 componentType = namedtype.NamedTypes( 414 namedtype.NamedType('certReqId', univ.Integer()), 415 namedtype.NamedType('status', PKIStatusInfo()), 416 namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()), 417 namedtype.OptionalNamedType('rspInfo', univ.OctetString()) 418 ) 419 420 421class CertRepMessage(univ.Sequence): 422 """ 423 CertRepMessage ::= SEQUENCE { 424 caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 425 OPTIONAL, 426 response SEQUENCE OF CertResponse 427 } 428 """ 429 componentType = namedtype.NamedTypes( 430 namedtype.OptionalNamedType( 431 'caPubs', univ.SequenceOf( 432 componentType=CMPCertificate() 433 ).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 434 ), 435 namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse())) 436 ) 437 438 439class POPODecKeyChallContent(univ.SequenceOf): 440 componentType = Challenge() 441 442 443class OOBCertHash(univ.Sequence): 444 """ 445 OOBCertHash ::= SEQUENCE { 446 hashAlg [0] AlgorithmIdentifier OPTIONAL, 447 certId [1] CertId OPTIONAL, 448 hashVal BIT STRING 449 } 450 """ 451 componentType = namedtype.NamedTypes( 452 namedtype.OptionalNamedType( 453 'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)) 454 ), 455 namedtype.OptionalNamedType( 456 'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)) 457 ), 458 namedtype.NamedType('hashVal', univ.BitString()) 459 ) 460 461 462# pyasn1 does not naturally handle recursive definitions, thus this hack: 463# NestedMessageContent ::= PKIMessages 464class NestedMessageContent(univ.SequenceOf): 465 """ 466 NestedMessageContent ::= PKIMessages 467 """ 468 componentType = univ.Any() 469 470 471class DHBMParameter(univ.Sequence): 472 """ 473 DHBMParameter ::= SEQUENCE { 474 owf AlgorithmIdentifier, 475 -- AlgId for a One-Way Function (SHA-1 recommended) 476 mac AlgorithmIdentifier 477 -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], 478 } -- or HMAC [RFC2104, RFC2202]) 479 """ 480 componentType = namedtype.NamedTypes( 481 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 482 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 483 ) 484 485 486id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30') 487 488 489class PBMParameter(univ.Sequence): 490 """ 491 PBMParameter ::= SEQUENCE { 492 salt OCTET STRING, 493 owf AlgorithmIdentifier, 494 iterationCount INTEGER, 495 mac AlgorithmIdentifier 496 } 497 """ 498 componentType = namedtype.NamedTypes( 499 namedtype.NamedType( 500 'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128)) 501 ), 502 namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()), 503 namedtype.NamedType('iterationCount', univ.Integer()), 504 namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier()) 505 ) 506 507 508id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13') 509 510 511class PKIProtection(univ.BitString): 512 pass 513 514 515# pyasn1 does not naturally handle recursive definitions, thus this hack: 516# NestedMessageContent ::= PKIMessages 517nestedMessageContent = NestedMessageContent().subtype( 518 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20)) 519 520 521class PKIBody(univ.Choice): 522 """ 523 PKIBody ::= CHOICE { -- message-specific body elements 524 ir [0] CertReqMessages, --Initialization Request 525 ip [1] CertRepMessage, --Initialization Response 526 cr [2] CertReqMessages, --Certification Request 527 cp [3] CertRepMessage, --Certification Response 528 p10cr [4] CertificationRequest, --imported from [PKCS10] 529 popdecc [5] POPODecKeyChallContent, --pop Challenge 530 popdecr [6] POPODecKeyRespContent, --pop Response 531 kur [7] CertReqMessages, --Key Update Request 532 kup [8] CertRepMessage, --Key Update Response 533 krr [9] CertReqMessages, --Key Recovery Request 534 krp [10] KeyRecRepContent, --Key Recovery Response 535 rr [11] RevReqContent, --Revocation Request 536 rp [12] RevRepContent, --Revocation Response 537 ccr [13] CertReqMessages, --Cross-Cert. Request 538 ccp [14] CertRepMessage, --Cross-Cert. Response 539 ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. 540 cann [16] CertAnnContent, --Certificate Ann. 541 rann [17] RevAnnContent, --Revocation Ann. 542 crlann [18] CRLAnnContent, --CRL Announcement 543 pkiconf [19] PKIConfirmContent, --Confirmation 544 nested [20] NestedMessageContent, --Nested Message 545 genm [21] GenMsgContent, --General Message 546 genp [22] GenRepContent, --General Response 547 error [23] ErrorMsgContent, --Error Message 548 certConf [24] CertConfirmContent, --Certificate confirm 549 pollReq [25] PollReqContent, --Polling request 550 pollRep [26] PollRepContent --Polling response 551 552 """ 553 componentType = namedtype.NamedTypes( 554 namedtype.NamedType( 555 'ir', rfc2511.CertReqMessages().subtype( 556 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) 557 ) 558 ), 559 namedtype.NamedType( 560 'ip', CertRepMessage().subtype( 561 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 562 ) 563 ), 564 namedtype.NamedType( 565 'cr', rfc2511.CertReqMessages().subtype( 566 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2) 567 ) 568 ), 569 namedtype.NamedType( 570 'cp', CertRepMessage().subtype( 571 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3) 572 ) 573 ), 574 namedtype.NamedType( 575 'p10cr', rfc2314.CertificationRequest().subtype( 576 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4) 577 ) 578 ), 579 namedtype.NamedType( 580 'popdecc', POPODecKeyChallContent().subtype( 581 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5) 582 ) 583 ), 584 namedtype.NamedType( 585 'popdecr', POPODecKeyRespContent().subtype( 586 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6) 587 ) 588 ), 589 namedtype.NamedType( 590 'kur', rfc2511.CertReqMessages().subtype( 591 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7) 592 ) 593 ), 594 namedtype.NamedType( 595 'kup', CertRepMessage().subtype( 596 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8) 597 ) 598 ), 599 namedtype.NamedType( 600 'krr', rfc2511.CertReqMessages().subtype( 601 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9) 602 ) 603 ), 604 namedtype.NamedType( 605 'krp', KeyRecRepContent().subtype( 606 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10) 607 ) 608 ), 609 namedtype.NamedType( 610 'rr', RevReqContent().subtype( 611 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11) 612 ) 613 ), 614 namedtype.NamedType( 615 'rp', RevRepContent().subtype( 616 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12) 617 ) 618 ), 619 namedtype.NamedType( 620 'ccr', rfc2511.CertReqMessages().subtype( 621 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13) 622 ) 623 ), 624 namedtype.NamedType( 625 'ccp', CertRepMessage().subtype( 626 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14) 627 ) 628 ), 629 namedtype.NamedType( 630 'ckuann', CAKeyUpdAnnContent().subtype( 631 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15) 632 ) 633 ), 634 namedtype.NamedType( 635 'cann', CertAnnContent().subtype( 636 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16) 637 ) 638 ), 639 namedtype.NamedType( 640 'rann', RevAnnContent().subtype( 641 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17) 642 ) 643 ), 644 namedtype.NamedType( 645 'crlann', CRLAnnContent().subtype( 646 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18) 647 ) 648 ), 649 namedtype.NamedType( 650 'pkiconf', PKIConfirmContent().subtype( 651 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19) 652 ) 653 ), 654 namedtype.NamedType( 655 'nested', nestedMessageContent 656 ), 657 # namedtype.NamedType('nested', NestedMessageContent().subtype( 658 # explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20) 659 # ) 660 # ), 661 namedtype.NamedType( 662 'genm', GenMsgContent().subtype( 663 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21) 664 ) 665 ), 666 namedtype.NamedType( 667 'gen', GenRepContent().subtype( 668 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22) 669 ) 670 ), 671 namedtype.NamedType( 672 'error', ErrorMsgContent().subtype( 673 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23) 674 ) 675 ), 676 namedtype.NamedType( 677 'certConf', CertConfirmContent().subtype( 678 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24) 679 ) 680 ), 681 namedtype.NamedType( 682 'pollReq', PollReqContent().subtype( 683 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25) 684 ) 685 ), 686 namedtype.NamedType( 687 'pollRep', PollRepContent().subtype( 688 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26) 689 ) 690 ) 691 ) 692 693 694class PKIHeader(univ.Sequence): 695 """ 696 PKIHeader ::= SEQUENCE { 697 pvno INTEGER { cmp1999(1), cmp2000(2) }, 698 sender GeneralName, 699 recipient GeneralName, 700 messageTime [0] GeneralizedTime OPTIONAL, 701 protectionAlg [1] AlgorithmIdentifier OPTIONAL, 702 senderKID [2] KeyIdentifier OPTIONAL, 703 recipKID [3] KeyIdentifier OPTIONAL, 704 transactionID [4] OCTET STRING OPTIONAL, 705 senderNonce [5] OCTET STRING OPTIONAL, 706 recipNonce [6] OCTET STRING OPTIONAL, 707 freeText [7] PKIFreeText OPTIONAL, 708 generalInfo [8] SEQUENCE SIZE (1..MAX) OF 709 InfoTypeAndValue OPTIONAL 710 } 711 712 """ 713 componentType = namedtype.NamedTypes( 714 namedtype.NamedType( 715 'pvno', univ.Integer( 716 namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)) 717 ) 718 ), 719 namedtype.NamedType('sender', rfc2459.GeneralName()), 720 namedtype.NamedType('recipient', rfc2459.GeneralName()), 721 namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( 722 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 723 namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( 724 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), 725 namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( 726 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), 727 namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( 728 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), 729 namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( 730 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), 731 namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( 732 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), 733 namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( 734 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), 735 namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( 736 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), 737 namedtype.OptionalNamedType('generalInfo', 738 univ.SequenceOf( 739 componentType=InfoTypeAndValue().subtype( 740 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 741 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) 742 ) 743 ) 744 ) 745 ) 746 747 748class ProtectedPart(univ.Sequence): 749 """ 750 ProtectedPart ::= SEQUENCE { 751 header PKIHeader, 752 body PKIBody 753 } 754 """ 755 componentType = namedtype.NamedTypes( 756 namedtype.NamedType('header', PKIHeader()), 757 namedtype.NamedType('infoValue', PKIBody()) 758 ) 759 760 761class PKIMessage(univ.Sequence): 762 """ 763 PKIMessage ::= SEQUENCE { 764 header PKIHeader, 765 body PKIBody, 766 protection [0] PKIProtection OPTIONAL, 767 extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate 768 OPTIONAL 769 }""" 770 componentType = namedtype.NamedTypes( 771 namedtype.NamedType('header', PKIHeader()), 772 namedtype.NamedType('body', PKIBody()), 773 namedtype.OptionalNamedType('protection', PKIProtection().subtype( 774 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 775 namedtype.OptionalNamedType('extraCerts', 776 univ.SequenceOf( 777 componentType=CMPCertificate() 778 ).subtype( 779 subtypeSpec=constraint.ValueSizeConstraint(1, MAX), 780 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) 781 ) 782 ) 783 ) 784 785 786class PKIMessages(univ.SequenceOf): 787 """ 788 PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage 789 """ 790 componentType = PKIMessage() 791 subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX) 792 793 794# pyasn1 does not naturally handle recursive definitions, thus this hack: 795# NestedMessageContent ::= PKIMessages 796NestedMessageContent._componentType = PKIMessages() 797nestedMessageContent._componentType = PKIMessages() 798