1# coding: utf-8
2#
3# This file is part of pyasn1-modules software.
4#
5# Created by Stanisław Pitucha with asn1ate tool.
6# Modified by Russ Housley to add a maps for CMC Control Attributes
7#   and CMC Content Types for use with opentypes.
8#
9# Copyright (c) 2005-2019, Ilya Etingof <etingof@gmail.com>
10# License: http://snmplabs.com/pyasn1/license.html
11#
12# Certificate Management over CMS (CMC) Updates
13#
14# ASN.1 source from:
15# https://www.rfc-editor.org/rfc/rfc6402.txt
16#
17from pyasn1.type import char
18from pyasn1.type import constraint
19from pyasn1.type import namedtype
20from pyasn1.type import namedval
21from pyasn1.type import opentype
22from pyasn1.type import tag
23from pyasn1.type import univ
24from pyasn1.type import useful
25
26from pyasn1_modules import rfc4211
27from pyasn1_modules import rfc5280
28from pyasn1_modules import rfc5652
29
30MAX = float('inf')
31
32
33def _buildOid(*components):
34    output = []
35    for x in tuple(components):
36        if isinstance(x, univ.ObjectIdentifier):
37            output.extend(list(x))
38        else:
39            output.append(int(x))
40
41    return univ.ObjectIdentifier(output)
42
43
44# Since CMS Attributes and CMC Controls both use 'attrType', one map is used
45cmcControlAttributesMap = rfc5652.cmsAttributesMap
46
47
48class ChangeSubjectName(univ.Sequence):
49    pass
50
51
52ChangeSubjectName.componentType = namedtype.NamedTypes(
53    namedtype.OptionalNamedType('subject', rfc5280.Name()),
54    namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames())
55)
56
57
58class AttributeValue(univ.Any):
59    pass
60
61
62class CMCStatus(univ.Integer):
63    pass
64
65
66CMCStatus.namedValues = namedval.NamedValues(
67    ('success', 0),
68    ('failed', 2),
69    ('pending', 3),
70    ('noSupport', 4),
71    ('confirmRequired', 5),
72    ('popRequired', 6),
73    ('partial', 7)
74)
75
76
77class PendInfo(univ.Sequence):
78    pass
79
80
81PendInfo.componentType = namedtype.NamedTypes(
82    namedtype.NamedType('pendToken', univ.OctetString()),
83    namedtype.NamedType('pendTime', useful.GeneralizedTime())
84)
85
86bodyIdMax = univ.Integer(4294967295)
87
88
89class BodyPartID(univ.Integer):
90    pass
91
92
93BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax)
94
95
96class BodyPartPath(univ.SequenceOf):
97    pass
98
99
100BodyPartPath.componentType = BodyPartID()
101BodyPartPath.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
102
103
104class BodyPartReference(univ.Choice):
105    pass
106
107
108BodyPartReference.componentType = namedtype.NamedTypes(
109    namedtype.NamedType('bodyPartID', BodyPartID()),
110    namedtype.NamedType('bodyPartPath', BodyPartPath())
111)
112
113
114class CMCFailInfo(univ.Integer):
115    pass
116
117
118CMCFailInfo.namedValues = namedval.NamedValues(
119    ('badAlg', 0),
120    ('badMessageCheck', 1),
121    ('badRequest', 2),
122    ('badTime', 3),
123    ('badCertId', 4),
124    ('unsupportedExt', 5),
125    ('mustArchiveKeys', 6),
126    ('badIdentity', 7),
127    ('popRequired', 8),
128    ('popFailed', 9),
129    ('noKeyReuse', 10),
130    ('internalCAError', 11),
131    ('tryLater', 12),
132    ('authDataFail', 13)
133)
134
135
136class CMCStatusInfoV2(univ.Sequence):
137    pass
138
139
140CMCStatusInfoV2.componentType = namedtype.NamedTypes(
141    namedtype.NamedType('cMCStatus', CMCStatus()),
142    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())),
143    namedtype.OptionalNamedType('statusString', char.UTF8String()),
144    namedtype.OptionalNamedType(
145        'otherInfo', univ.Choice(
146            componentType=namedtype.NamedTypes(
147                namedtype.NamedType('failInfo', CMCFailInfo()),
148                namedtype.NamedType('pendInfo', PendInfo()),
149                namedtype.NamedType(
150                    'extendedFailInfo', univ.Sequence(
151                    componentType=namedtype.NamedTypes(
152                        namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()),
153                        namedtype.NamedType('failInfoValue', AttributeValue()))
154                    )
155                )
156            )
157        )
158    )
159)
160
161
162class GetCRL(univ.Sequence):
163    pass
164
165
166GetCRL.componentType = namedtype.NamedTypes(
167    namedtype.NamedType('issuerName', rfc5280.Name()),
168    namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()),
169    namedtype.OptionalNamedType('time', useful.GeneralizedTime()),
170    namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags())
171)
172
173id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
174
175id_cmc = _buildOid(id_pkix, 7)
176
177id_cmc_batchResponses = _buildOid(id_cmc, 29)
178
179id_cmc_popLinkWitness = _buildOid(id_cmc, 23)
180
181
182class PopLinkWitnessV2(univ.Sequence):
183    pass
184
185
186PopLinkWitnessV2.componentType = namedtype.NamedTypes(
187    namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()),
188    namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()),
189    namedtype.NamedType('witness', univ.OctetString())
190)
191
192id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33)
193
194id_cmc_identityProofV2 = _buildOid(id_cmc, 34)
195
196id_cmc_revokeRequest = _buildOid(id_cmc, 17)
197
198id_cmc_recipientNonce = _buildOid(id_cmc, 7)
199
200
201class ControlsProcessed(univ.Sequence):
202    pass
203
204
205ControlsProcessed.componentType = namedtype.NamedTypes(
206    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference()))
207)
208
209
210class CertificationRequest(univ.Sequence):
211    pass
212
213
214CertificationRequest.componentType = namedtype.NamedTypes(
215    namedtype.NamedType(
216        'certificationRequestInfo', univ.Sequence(
217            componentType=namedtype.NamedTypes(
218                namedtype.NamedType('version', univ.Integer()),
219                namedtype.NamedType('subject', rfc5280.Name()),
220                namedtype.NamedType(
221                    'subjectPublicKeyInfo', univ.Sequence(
222                        componentType=namedtype.NamedTypes(
223                            namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
224                            namedtype.NamedType('subjectPublicKey', univ.BitString())
225                        )
226                    )
227                ),
228                namedtype.NamedType(
229                    'attributes', univ.SetOf(
230                        componentType=rfc5652.Attribute()).subtype(
231                        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
232                )
233            )
234        )
235    ),
236    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
237    namedtype.NamedType('signature', univ.BitString())
238)
239
240
241class TaggedCertificationRequest(univ.Sequence):
242    pass
243
244
245TaggedCertificationRequest.componentType = namedtype.NamedTypes(
246    namedtype.NamedType('bodyPartID', BodyPartID()),
247    namedtype.NamedType('certificationRequest', CertificationRequest())
248)
249
250
251class TaggedRequest(univ.Choice):
252    pass
253
254
255TaggedRequest.componentType = namedtype.NamedTypes(
256    namedtype.NamedType('tcr', TaggedCertificationRequest().subtype(
257        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
258    namedtype.NamedType('crm',
259                        rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
260    namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes(
261        namedtype.NamedType('bodyPartID', BodyPartID()),
262        namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()),
263        namedtype.NamedType('requestMessageValue', univ.Any())
264    ))
265                        .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
266)
267
268id_cmc_popLinkRandom = _buildOid(id_cmc, 22)
269
270id_cmc_statusInfo = _buildOid(id_cmc, 1)
271
272id_cmc_trustedAnchors = _buildOid(id_cmc, 26)
273
274id_cmc_transactionId = _buildOid(id_cmc, 5)
275
276id_cmc_encryptedPOP = _buildOid(id_cmc, 9)
277
278
279class PublishTrustAnchors(univ.Sequence):
280    pass
281
282
283PublishTrustAnchors.componentType = namedtype.NamedTypes(
284    namedtype.NamedType('seqNumber', univ.Integer()),
285    namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()),
286    namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString()))
287)
288
289
290class RevokeRequest(univ.Sequence):
291    pass
292
293
294RevokeRequest.componentType = namedtype.NamedTypes(
295    namedtype.NamedType('issuerName', rfc5280.Name()),
296    namedtype.NamedType('serialNumber', univ.Integer()),
297    namedtype.NamedType('reason', rfc5280.CRLReason()),
298    namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()),
299    namedtype.OptionalNamedType('passphrase', univ.OctetString()),
300    namedtype.OptionalNamedType('comment', char.UTF8String())
301)
302
303id_cmc_senderNonce = _buildOid(id_cmc, 6)
304
305id_cmc_authData = _buildOid(id_cmc, 27)
306
307
308class TaggedContentInfo(univ.Sequence):
309    pass
310
311
312TaggedContentInfo.componentType = namedtype.NamedTypes(
313    namedtype.NamedType('bodyPartID', BodyPartID()),
314    namedtype.NamedType('contentInfo', rfc5652.ContentInfo())
315)
316
317
318class IdentifyProofV2(univ.Sequence):
319    pass
320
321
322IdentifyProofV2.componentType = namedtype.NamedTypes(
323    namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()),
324    namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()),
325    namedtype.NamedType('witness', univ.OctetString())
326)
327
328
329class CMCPublicationInfo(univ.Sequence):
330    pass
331
332
333CMCPublicationInfo.componentType = namedtype.NamedTypes(
334    namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()),
335    namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())),
336    namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo())
337)
338
339id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27)
340
341id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24)
342
343id_cmc_raIdentityWitness = _buildOid(id_cmc, 35)
344
345id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14)
346
347id_cct = _buildOid(id_pkix, 12)
348
349id_cct_PKIData = _buildOid(id_cct, 2)
350
351id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28)
352
353
354class CMCStatusInfo(univ.Sequence):
355    pass
356
357
358CMCStatusInfo.componentType = namedtype.NamedTypes(
359    namedtype.NamedType('cMCStatus', CMCStatus()),
360    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())),
361    namedtype.OptionalNamedType('statusString', char.UTF8String()),
362    namedtype.OptionalNamedType(
363        'otherInfo', univ.Choice(
364            componentType=namedtype.NamedTypes(
365                namedtype.NamedType('failInfo', CMCFailInfo()),
366                namedtype.NamedType('pendInfo', PendInfo())
367            )
368        )
369    )
370)
371
372
373class DecryptedPOP(univ.Sequence):
374    pass
375
376
377DecryptedPOP.componentType = namedtype.NamedTypes(
378    namedtype.NamedType('bodyPartID', BodyPartID()),
379    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
380    namedtype.NamedType('thePOP', univ.OctetString())
381)
382
383id_cmc_addExtensions = _buildOid(id_cmc, 8)
384
385id_cmc_modCertTemplate = _buildOid(id_cmc, 31)
386
387
388class TaggedAttribute(univ.Sequence):
389    pass
390
391
392TaggedAttribute.componentType = namedtype.NamedTypes(
393    namedtype.NamedType('bodyPartID', BodyPartID()),
394    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
395    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()),
396        openType=opentype.OpenType('attrType', cmcControlAttributesMap)
397    )
398)
399
400
401class OtherMsg(univ.Sequence):
402    pass
403
404
405OtherMsg.componentType = namedtype.NamedTypes(
406    namedtype.NamedType('bodyPartID', BodyPartID()),
407    namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()),
408    namedtype.NamedType('otherMsgValue', univ.Any())
409)
410
411
412class PKIData(univ.Sequence):
413    pass
414
415
416PKIData.componentType = namedtype.NamedTypes(
417    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
418    namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())),
419    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
420    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
421)
422
423
424class BodyPartList(univ.SequenceOf):
425    pass
426
427
428BodyPartList.componentType = BodyPartID()
429BodyPartList.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
430
431id_cmc_responseBody = _buildOid(id_cmc, 37)
432
433
434class AuthPublish(BodyPartID):
435    pass
436
437
438class CMCUnsignedData(univ.Sequence):
439    pass
440
441
442CMCUnsignedData.componentType = namedtype.NamedTypes(
443    namedtype.NamedType('bodyPartPath', BodyPartPath()),
444    namedtype.NamedType('identifier', univ.ObjectIdentifier()),
445    namedtype.NamedType('content', univ.Any())
446)
447
448
449class CMCCertId(rfc5652.IssuerAndSerialNumber):
450    pass
451
452
453class PKIResponse(univ.Sequence):
454    pass
455
456
457PKIResponse.componentType = namedtype.NamedTypes(
458    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
459    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
460    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
461)
462
463
464class ResponseBody(PKIResponse):
465    pass
466
467
468id_cmc_statusInfoV2 = _buildOid(id_cmc, 25)
469
470id_cmc_lraPOPWitness = _buildOid(id_cmc, 11)
471
472
473class ModCertTemplate(univ.Sequence):
474    pass
475
476
477ModCertTemplate.componentType = namedtype.NamedTypes(
478    namedtype.NamedType('pkiDataReference', BodyPartPath()),
479    namedtype.NamedType('certReferences', BodyPartList()),
480    namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)),
481    namedtype.NamedType('certTemplate', rfc4211.CertTemplate())
482)
483
484id_cmc_regInfo = _buildOid(id_cmc, 18)
485
486id_cmc_identityProof = _buildOid(id_cmc, 3)
487
488
489class ExtensionReq(univ.SequenceOf):
490    pass
491
492
493ExtensionReq.componentType = rfc5280.Extension()
494ExtensionReq.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
495
496id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28)
497
498id_cmc_publishCert = _buildOid(id_cmc, 30)
499
500id_cmc_dataReturn = _buildOid(id_cmc, 4)
501
502
503class LraPopWitness(univ.Sequence):
504    pass
505
506
507LraPopWitness.componentType = namedtype.NamedTypes(
508    namedtype.NamedType('pkiDataBodyid', BodyPartID()),
509    namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID()))
510)
511
512id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2)
513
514id_aa_cmc_unsignedData = _buildOid(id_aa, 34)
515
516id_cmc_getCert = _buildOid(id_cmc, 15)
517
518id_cmc_batchRequests = _buildOid(id_cmc, 28)
519
520id_cmc_decryptedPOP = _buildOid(id_cmc, 10)
521
522id_cmc_responseInfo = _buildOid(id_cmc, 19)
523
524id_cmc_changeSubjectName = _buildOid(id_cmc, 36)
525
526
527class GetCert(univ.Sequence):
528    pass
529
530
531GetCert.componentType = namedtype.NamedTypes(
532    namedtype.NamedType('issuerName', rfc5280.GeneralName()),
533    namedtype.NamedType('serialNumber', univ.Integer())
534)
535
536id_cmc_identification = _buildOid(id_cmc, 2)
537
538id_cmc_queryPending = _buildOid(id_cmc, 21)
539
540
541class AddExtensions(univ.Sequence):
542    pass
543
544
545AddExtensions.componentType = namedtype.NamedTypes(
546    namedtype.NamedType('pkiDataReference', BodyPartID()),
547    namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())),
548    namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension()))
549)
550
551
552class EncryptedPOP(univ.Sequence):
553    pass
554
555
556EncryptedPOP.componentType = namedtype.NamedTypes(
557    namedtype.NamedType('request', TaggedRequest()),
558    namedtype.NamedType('cms', rfc5652.ContentInfo()),
559    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
560    namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()),
561    namedtype.NamedType('witness', univ.OctetString())
562)
563
564id_cmc_getCRL = _buildOid(id_cmc, 16)
565
566id_cct_PKIResponse = _buildOid(id_cct, 3)
567
568id_cmc_controlProcessed = _buildOid(id_cmc, 32)
569
570
571class NoSignatureValue(univ.OctetString):
572    pass
573
574
575id_ad_cmc = _buildOid(rfc5280.id_ad, 12)
576
577id_alg_noSignature = _buildOid(id_pkix, 6, 2)
578
579
580# Map of CMC Control OIDs to CMC Control Attributes
581
582_cmcControlAttributesMapUpdate = {
583    id_cmc_statusInfo: CMCStatusInfo(),
584    id_cmc_statusInfoV2: CMCStatusInfoV2(),
585    id_cmc_identification: char.UTF8String(),
586    id_cmc_identityProof: univ.OctetString(),
587    id_cmc_identityProofV2: IdentifyProofV2(),
588    id_cmc_dataReturn: univ.OctetString(),
589    id_cmc_transactionId: univ.Integer(),
590    id_cmc_senderNonce: univ.OctetString(),
591    id_cmc_recipientNonce: univ.OctetString(),
592    id_cmc_addExtensions: AddExtensions(),
593    id_cmc_encryptedPOP: EncryptedPOP(),
594    id_cmc_decryptedPOP: DecryptedPOP(),
595    id_cmc_lraPOPWitness: LraPopWitness(),
596    id_cmc_getCert: GetCert(),
597    id_cmc_getCRL: GetCRL(),
598    id_cmc_revokeRequest: RevokeRequest(),
599    id_cmc_regInfo: univ.OctetString(),
600    id_cmc_responseInfo: univ.OctetString(),
601    id_cmc_queryPending: univ.OctetString(),
602    id_cmc_popLinkRandom: univ.OctetString(),
603    id_cmc_popLinkWitness: univ.OctetString(),
604    id_cmc_popLinkWitnessV2: PopLinkWitnessV2(),
605    id_cmc_confirmCertAcceptance: CMCCertId(),
606    id_cmc_trustedAnchors: PublishTrustAnchors(),
607    id_cmc_authData: AuthPublish(),
608    id_cmc_batchRequests: BodyPartList(),
609    id_cmc_batchResponses: BodyPartList(),
610    id_cmc_publishCert: CMCPublicationInfo(),
611    id_cmc_modCertTemplate: ModCertTemplate(),
612    id_cmc_controlProcessed: ControlsProcessed(),
613    id_ExtensionReq: ExtensionReq(),
614}
615
616cmcControlAttributesMap.update(_cmcControlAttributesMapUpdate)
617
618
619# Map of CMC Content Type OIDs to CMC Content Types are added to
620# the ones that are in rfc5652.py
621
622_cmsContentTypesMapUpdate = {
623    id_cct_PKIData: PKIData(),
624    id_cct_PKIResponse: PKIResponse(),
625}
626
627rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
628
629