1# coding: utf-8
2#
3# This file is part of pyasn1-modules software.
4#
5# Created by Stanisław Pitucha with asn1ate tool.
6# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
7# License: http://pyasn1.sf.net/license.html
8#
9# Certificate Management over CMS (CMC) Updates
10#
11# ASN.1 source from:
12# http://www.ietf.org/rfc/rfc6402.txt
13#
14from pyasn1.type import char
15from pyasn1.type import constraint
16from pyasn1.type import namedtype
17from pyasn1.type import namedval
18from pyasn1.type import tag
19from pyasn1.type import univ
20from pyasn1.type import useful
21
22from pyasn1_modules import rfc4211
23from pyasn1_modules import rfc5280
24from pyasn1_modules import rfc5652
25
26MAX = float('inf')
27
28
29def _buildOid(*components):
30    output = []
31    for x in tuple(components):
32        if isinstance(x, univ.ObjectIdentifier):
33            output.extend(list(x))
34        else:
35            output.append(int(x))
36
37    return univ.ObjectIdentifier(output)
38
39
40class ChangeSubjectName(univ.Sequence):
41    pass
42
43
44ChangeSubjectName.componentType = namedtype.NamedTypes(
45    namedtype.OptionalNamedType('subject', rfc5280.Name()),
46    namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames())
47)
48
49
50class AttributeValue(univ.Any):
51    pass
52
53
54class CMCStatus(univ.Integer):
55    pass
56
57
58CMCStatus.namedValues = namedval.NamedValues(
59    ('success', 0),
60    ('failed', 2),
61    ('pending', 3),
62    ('noSupport', 4),
63    ('confirmRequired', 5),
64    ('popRequired', 6),
65    ('partial', 7)
66)
67
68
69class PendInfo(univ.Sequence):
70    pass
71
72
73PendInfo.componentType = namedtype.NamedTypes(
74    namedtype.NamedType('pendToken', univ.OctetString()),
75    namedtype.NamedType('pendTime', useful.GeneralizedTime())
76)
77
78bodyIdMax = univ.Integer(4294967295)
79
80
81class BodyPartID(univ.Integer):
82    pass
83
84
85BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax)
86
87
88class BodyPartPath(univ.SequenceOf):
89    pass
90
91
92BodyPartPath.componentType = BodyPartID()
93BodyPartPath.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
94
95
96class BodyPartReference(univ.Choice):
97    pass
98
99
100BodyPartReference.componentType = namedtype.NamedTypes(
101    namedtype.NamedType('bodyPartID', BodyPartID()),
102    namedtype.NamedType('bodyPartPath', BodyPartPath())
103)
104
105
106class CMCFailInfo(univ.Integer):
107    pass
108
109
110CMCFailInfo.namedValues = namedval.NamedValues(
111    ('badAlg', 0),
112    ('badMessageCheck', 1),
113    ('badRequest', 2),
114    ('badTime', 3),
115    ('badCertId', 4),
116    ('unsupportedExt', 5),
117    ('mustArchiveKeys', 6),
118    ('badIdentity', 7),
119    ('popRequired', 8),
120    ('popFailed', 9),
121    ('noKeyReuse', 10),
122    ('internalCAError', 11),
123    ('tryLater', 12),
124    ('authDataFail', 13)
125)
126
127
128class CMCStatusInfoV2(univ.Sequence):
129    pass
130
131
132CMCStatusInfoV2.componentType = namedtype.NamedTypes(
133    namedtype.NamedType('cMCStatus', CMCStatus()),
134    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())),
135    namedtype.OptionalNamedType('statusString', char.UTF8String()),
136    namedtype.OptionalNamedType(
137        'otherInfo', univ.Choice(
138            componentType=namedtype.NamedTypes(
139                namedtype.NamedType('failInfo', CMCFailInfo()),
140                namedtype.NamedType('pendInfo', PendInfo()),
141                namedtype.NamedType(
142                    'extendedFailInfo', univ.Sequence(
143                    componentType=namedtype.NamedTypes(
144                        namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()),
145                        namedtype.NamedType('failInfoValue', AttributeValue()))
146                    )
147                )
148            )
149        )
150    )
151)
152
153
154class GetCRL(univ.Sequence):
155    pass
156
157
158GetCRL.componentType = namedtype.NamedTypes(
159    namedtype.NamedType('issuerName', rfc5280.Name()),
160    namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()),
161    namedtype.OptionalNamedType('time', useful.GeneralizedTime()),
162    namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags())
163)
164
165id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
166
167id_cmc = _buildOid(id_pkix, 7)
168
169id_cmc_batchResponses = _buildOid(id_cmc, 29)
170
171id_cmc_popLinkWitness = _buildOid(id_cmc, 23)
172
173
174class PopLinkWitnessV2(univ.Sequence):
175    pass
176
177
178PopLinkWitnessV2.componentType = namedtype.NamedTypes(
179    namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()),
180    namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()),
181    namedtype.NamedType('witness', univ.OctetString())
182)
183
184id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33)
185
186id_cmc_identityProofV2 = _buildOid(id_cmc, 34)
187
188id_cmc_revokeRequest = _buildOid(id_cmc, 17)
189
190id_cmc_recipientNonce = _buildOid(id_cmc, 7)
191
192
193class ControlsProcessed(univ.Sequence):
194    pass
195
196
197ControlsProcessed.componentType = namedtype.NamedTypes(
198    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference()))
199)
200
201
202class CertificationRequest(univ.Sequence):
203    pass
204
205
206CertificationRequest.componentType = namedtype.NamedTypes(
207    namedtype.NamedType(
208        'certificationRequestInfo', univ.Sequence(
209            componentType=namedtype.NamedTypes(
210                namedtype.NamedType('version', univ.Integer()),
211                namedtype.NamedType('subject', rfc5280.Name()),
212                namedtype.NamedType(
213                    'subjectPublicKeyInfo', univ.Sequence(
214                        componentType=namedtype.NamedTypes(
215                            namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
216                            namedtype.NamedType('subjectPublicKey', univ.BitString())
217                        )
218                    )
219                ),
220                namedtype.NamedType(
221                    'attributes', univ.SetOf(
222                        componentType=rfc5652.Attribute()).subtype(
223                        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
224                )
225            )
226        )
227    ),
228    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
229    namedtype.NamedType('signature', univ.BitString())
230)
231
232
233class TaggedCertificationRequest(univ.Sequence):
234    pass
235
236
237TaggedCertificationRequest.componentType = namedtype.NamedTypes(
238    namedtype.NamedType('bodyPartID', BodyPartID()),
239    namedtype.NamedType('certificationRequest', CertificationRequest())
240)
241
242
243class TaggedRequest(univ.Choice):
244    pass
245
246
247TaggedRequest.componentType = namedtype.NamedTypes(
248    namedtype.NamedType('tcr', TaggedCertificationRequest().subtype(
249        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
250    namedtype.NamedType('crm',
251                        rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
252    namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes(
253        namedtype.NamedType('bodyPartID', BodyPartID()),
254        namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()),
255        namedtype.NamedType('requestMessageValue', univ.Any())
256    ))
257                        .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
258)
259
260id_cmc_popLinkRandom = _buildOid(id_cmc, 22)
261
262id_cmc_statusInfo = _buildOid(id_cmc, 1)
263
264id_cmc_trustedAnchors = _buildOid(id_cmc, 26)
265
266id_cmc_transactionId = _buildOid(id_cmc, 5)
267
268id_cmc_encryptedPOP = _buildOid(id_cmc, 9)
269
270
271class PublishTrustAnchors(univ.Sequence):
272    pass
273
274
275PublishTrustAnchors.componentType = namedtype.NamedTypes(
276    namedtype.NamedType('seqNumber', univ.Integer()),
277    namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()),
278    namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString()))
279)
280
281
282class RevokeRequest(univ.Sequence):
283    pass
284
285
286RevokeRequest.componentType = namedtype.NamedTypes(
287    namedtype.NamedType('issuerName', rfc5280.Name()),
288    namedtype.NamedType('serialNumber', univ.Integer()),
289    namedtype.NamedType('reason', rfc5280.CRLReason()),
290    namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()),
291    namedtype.OptionalNamedType('passphrase', univ.OctetString()),
292    namedtype.OptionalNamedType('comment', char.UTF8String())
293)
294
295id_cmc_senderNonce = _buildOid(id_cmc, 6)
296
297id_cmc_authData = _buildOid(id_cmc, 27)
298
299
300class TaggedContentInfo(univ.Sequence):
301    pass
302
303
304TaggedContentInfo.componentType = namedtype.NamedTypes(
305    namedtype.NamedType('bodyPartID', BodyPartID()),
306    namedtype.NamedType('contentInfo', rfc5652.ContentInfo())
307)
308
309
310class IdentifyProofV2(univ.Sequence):
311    pass
312
313
314IdentifyProofV2.componentType = namedtype.NamedTypes(
315    namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()),
316    namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()),
317    namedtype.NamedType('witness', univ.OctetString())
318)
319
320
321class CMCPublicationInfo(univ.Sequence):
322    pass
323
324
325CMCPublicationInfo.componentType = namedtype.NamedTypes(
326    namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()),
327    namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())),
328    namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo())
329)
330
331id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27)
332
333id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24)
334
335id_cmc_raIdentityWitness = _buildOid(id_cmc, 35)
336
337id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14)
338
339id_cct = _buildOid(id_pkix, 12)
340
341id_cct_PKIData = _buildOid(id_cct, 2)
342
343id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28)
344
345
346class CMCStatusInfo(univ.Sequence):
347    pass
348
349
350CMCStatusInfo.componentType = namedtype.NamedTypes(
351    namedtype.NamedType('cMCStatus', CMCStatus()),
352    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())),
353    namedtype.OptionalNamedType('statusString', char.UTF8String()),
354    namedtype.OptionalNamedType(
355        'otherInfo', univ.Choice(
356            componentType=namedtype.NamedTypes(
357                namedtype.NamedType('failInfo', CMCFailInfo()),
358                namedtype.NamedType('pendInfo', PendInfo())
359            )
360        )
361    )
362)
363
364
365class DecryptedPOP(univ.Sequence):
366    pass
367
368
369DecryptedPOP.componentType = namedtype.NamedTypes(
370    namedtype.NamedType('bodyPartID', BodyPartID()),
371    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
372    namedtype.NamedType('thePOP', univ.OctetString())
373)
374
375id_cmc_addExtensions = _buildOid(id_cmc, 8)
376
377id_cmc_modCertTemplate = _buildOid(id_cmc, 31)
378
379
380class TaggedAttribute(univ.Sequence):
381    pass
382
383
384TaggedAttribute.componentType = namedtype.NamedTypes(
385    namedtype.NamedType('bodyPartID', BodyPartID()),
386    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
387    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()))
388)
389
390
391class OtherMsg(univ.Sequence):
392    pass
393
394
395OtherMsg.componentType = namedtype.NamedTypes(
396    namedtype.NamedType('bodyPartID', BodyPartID()),
397    namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()),
398    namedtype.NamedType('otherMsgValue', univ.Any())
399)
400
401
402class PKIData(univ.Sequence):
403    pass
404
405
406PKIData.componentType = namedtype.NamedTypes(
407    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
408    namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())),
409    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
410    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
411)
412
413
414class BodyPartList(univ.SequenceOf):
415    pass
416
417
418BodyPartList.componentType = BodyPartID()
419BodyPartList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
420
421id_cmc_responseBody = _buildOid(id_cmc, 37)
422
423
424class AuthPublish(BodyPartID):
425    pass
426
427
428class CMCUnsignedData(univ.Sequence):
429    pass
430
431
432CMCUnsignedData.componentType = namedtype.NamedTypes(
433    namedtype.NamedType('bodyPartPath', BodyPartPath()),
434    namedtype.NamedType('identifier', univ.ObjectIdentifier()),
435    namedtype.NamedType('content', univ.Any())
436)
437
438
439class CMCCertId(rfc5652.IssuerAndSerialNumber):
440    pass
441
442
443class PKIResponse(univ.Sequence):
444    pass
445
446
447PKIResponse.componentType = namedtype.NamedTypes(
448    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
449    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
450    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
451)
452
453
454class ResponseBody(PKIResponse):
455    pass
456
457
458id_cmc_statusInfoV2 = _buildOid(id_cmc, 25)
459
460id_cmc_lraPOPWitness = _buildOid(id_cmc, 11)
461
462
463class ModCertTemplate(univ.Sequence):
464    pass
465
466
467ModCertTemplate.componentType = namedtype.NamedTypes(
468    namedtype.NamedType('pkiDataReference', BodyPartPath()),
469    namedtype.NamedType('certReferences', BodyPartList()),
470    namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)),
471    namedtype.NamedType('certTemplate', rfc4211.CertTemplate())
472)
473
474id_cmc_regInfo = _buildOid(id_cmc, 18)
475
476id_cmc_identityProof = _buildOid(id_cmc, 3)
477
478
479class ExtensionReq(univ.SequenceOf):
480    pass
481
482
483ExtensionReq.componentType = rfc5280.Extension()
484ExtensionReq.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
485
486id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28)
487
488id_cmc_publishCert = _buildOid(id_cmc, 30)
489
490id_cmc_dataReturn = _buildOid(id_cmc, 4)
491
492
493class LraPopWitness(univ.Sequence):
494    pass
495
496
497LraPopWitness.componentType = namedtype.NamedTypes(
498    namedtype.NamedType('pkiDataBodyid', BodyPartID()),
499    namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID()))
500)
501
502id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2)
503
504id_aa_cmc_unsignedData = _buildOid(id_aa, 34)
505
506id_cmc_getCert = _buildOid(id_cmc, 15)
507
508id_cmc_batchRequests = _buildOid(id_cmc, 28)
509
510id_cmc_decryptedPOP = _buildOid(id_cmc, 10)
511
512id_cmc_responseInfo = _buildOid(id_cmc, 19)
513
514id_cmc_changeSubjectName = _buildOid(id_cmc, 36)
515
516
517class GetCert(univ.Sequence):
518    pass
519
520
521GetCert.componentType = namedtype.NamedTypes(
522    namedtype.NamedType('issuerName', rfc5280.GeneralName()),
523    namedtype.NamedType('serialNumber', univ.Integer())
524)
525
526id_cmc_identification = _buildOid(id_cmc, 2)
527
528id_cmc_queryPending = _buildOid(id_cmc, 21)
529
530
531class AddExtensions(univ.Sequence):
532    pass
533
534
535AddExtensions.componentType = namedtype.NamedTypes(
536    namedtype.NamedType('pkiDataReference', BodyPartID()),
537    namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())),
538    namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension()))
539)
540
541
542class EncryptedPOP(univ.Sequence):
543    pass
544
545
546EncryptedPOP.componentType = namedtype.NamedTypes(
547    namedtype.NamedType('request', TaggedRequest()),
548    namedtype.NamedType('cms', rfc5652.ContentInfo()),
549    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
550    namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()),
551    namedtype.NamedType('witness', univ.OctetString())
552)
553
554id_cmc_getCRL = _buildOid(id_cmc, 16)
555
556id_cct_PKIResponse = _buildOid(id_cct, 3)
557
558id_cmc_controlProcessed = _buildOid(id_cmc, 32)
559
560
561class NoSignatureValue(univ.OctetString):
562    pass
563
564
565id_ad_cmc = _buildOid(rfc5280.id_ad, 12)
566
567id_alg_noSignature = _buildOid(id_pkix, 6, 2)
568