1 # coding: utf-8 2 # 3 # This file is part of pyasn1-modules software. 4 # 5 # Created by Stanisaw Pitucha with asn1ate tool. 6 # Copyright (c) 2005-2017, Ilya Etingof <etingof (at] gmail.com> 7 # License: http://pyasn1.sf.net/license.html 8 # 9 # Certificate Management over CMS (CMC) Updates 10 # 11 # ASN.1 source from: 12 # http://www.ietf.org/rfc/rfc6402.txt 13 # 14 from pyasn1.type import char 15 from pyasn1.type import constraint 16 from pyasn1.type import namedtype 17 from pyasn1.type import namedval 18 from pyasn1.type import tag 19 from pyasn1.type import univ 20 from pyasn1.type import useful 21 22 from pyasn1_modules import rfc4211 23 from pyasn1_modules import rfc5280 24 from pyasn1_modules import rfc5652 25 26 MAX = float('inf') 27 28 29 def _buildOid(*components): 30 output = [] 31 for x in tuple(components): 32 if isinstance(x, univ.ObjectIdentifier): 33 output.extend(list(x)) 34 else: 35 output.append(int(x)) 36 37 return univ.ObjectIdentifier(output) 38 39 40 class ChangeSubjectName(univ.Sequence): 41 pass 42 43 44 ChangeSubjectName.componentType = namedtype.NamedTypes( 45 namedtype.OptionalNamedType('subject', rfc5280.Name()), 46 namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames()) 47 ) 48 49 50 class AttributeValue(univ.Any): 51 pass 52 53 54 class CMCStatus(univ.Integer): 55 pass 56 57 58 CMCStatus.namedValues = namedval.NamedValues( 59 ('success', 0), 60 ('failed', 2), 61 ('pending', 3), 62 ('noSupport', 4), 63 ('confirmRequired', 5), 64 ('popRequired', 6), 65 ('partial', 7) 66 ) 67 68 69 class PendInfo(univ.Sequence): 70 pass 71 72 73 PendInfo.componentType = namedtype.NamedTypes( 74 namedtype.NamedType('pendToken', univ.OctetString()), 75 namedtype.NamedType('pendTime', useful.GeneralizedTime()) 76 ) 77 78 bodyIdMax = univ.Integer(4294967295) 79 80 81 class BodyPartID(univ.Integer): 82 pass 83 84 85 BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax) 86 87 88 class BodyPartPath(univ.SequenceOf): 89 pass 90 91 92 BodyPartPath.componentType = BodyPartID() 93 BodyPartPath.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 94 95 96 class BodyPartReference(univ.Choice): 97 pass 98 99 100 BodyPartReference.componentType = namedtype.NamedTypes( 101 namedtype.NamedType('bodyPartID', BodyPartID()), 102 namedtype.NamedType('bodyPartPath', BodyPartPath()) 103 ) 104 105 106 class CMCFailInfo(univ.Integer): 107 pass 108 109 110 CMCFailInfo.namedValues = namedval.NamedValues( 111 ('badAlg', 0), 112 ('badMessageCheck', 1), 113 ('badRequest', 2), 114 ('badTime', 3), 115 ('badCertId', 4), 116 ('unsupportedExt', 5), 117 ('mustArchiveKeys', 6), 118 ('badIdentity', 7), 119 ('popRequired', 8), 120 ('popFailed', 9), 121 ('noKeyReuse', 10), 122 ('internalCAError', 11), 123 ('tryLater', 12), 124 ('authDataFail', 13) 125 ) 126 127 128 class CMCStatusInfoV2(univ.Sequence): 129 pass 130 131 132 CMCStatusInfoV2.componentType = namedtype.NamedTypes( 133 namedtype.NamedType('cMCStatus', CMCStatus()), 134 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())), 135 namedtype.OptionalNamedType('statusString', char.UTF8String()), 136 namedtype.OptionalNamedType( 137 'otherInfo', univ.Choice( 138 componentType=namedtype.NamedTypes( 139 namedtype.NamedType('failInfo', CMCFailInfo()), 140 namedtype.NamedType('pendInfo', PendInfo()), 141 namedtype.NamedType( 142 'extendedFailInfo', univ.Sequence( 143 componentType=namedtype.NamedTypes( 144 namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()), 145 namedtype.NamedType('failInfoValue', AttributeValue())) 146 ) 147 ) 148 ) 149 ) 150 ) 151 ) 152 153 154 class GetCRL(univ.Sequence): 155 pass 156 157 158 GetCRL.componentType = namedtype.NamedTypes( 159 namedtype.NamedType('issuerName', rfc5280.Name()), 160 namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()), 161 namedtype.OptionalNamedType('time', useful.GeneralizedTime()), 162 namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags()) 163 ) 164 165 id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7) 166 167 id_cmc = _buildOid(id_pkix, 7) 168 169 id_cmc_batchResponses = _buildOid(id_cmc, 29) 170 171 id_cmc_popLinkWitness = _buildOid(id_cmc, 23) 172 173 174 class PopLinkWitnessV2(univ.Sequence): 175 pass 176 177 178 PopLinkWitnessV2.componentType = namedtype.NamedTypes( 179 namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()), 180 namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()), 181 namedtype.NamedType('witness', univ.OctetString()) 182 ) 183 184 id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33) 185 186 id_cmc_identityProofV2 = _buildOid(id_cmc, 34) 187 188 id_cmc_revokeRequest = _buildOid(id_cmc, 17) 189 190 id_cmc_recipientNonce = _buildOid(id_cmc, 7) 191 192 193 class ControlsProcessed(univ.Sequence): 194 pass 195 196 197 ControlsProcessed.componentType = namedtype.NamedTypes( 198 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())) 199 ) 200 201 202 class CertificationRequest(univ.Sequence): 203 pass 204 205 206 CertificationRequest.componentType = namedtype.NamedTypes( 207 namedtype.NamedType( 208 'certificationRequestInfo', univ.Sequence( 209 componentType=namedtype.NamedTypes( 210 namedtype.NamedType('version', univ.Integer()), 211 namedtype.NamedType('subject', rfc5280.Name()), 212 namedtype.NamedType( 213 'subjectPublicKeyInfo', univ.Sequence( 214 componentType=namedtype.NamedTypes( 215 namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()), 216 namedtype.NamedType('subjectPublicKey', univ.BitString()) 217 ) 218 ) 219 ), 220 namedtype.NamedType( 221 'attributes', univ.SetOf( 222 componentType=rfc5652.Attribute()).subtype( 223 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)) 224 ) 225 ) 226 ) 227 ), 228 namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()), 229 namedtype.NamedType('signature', univ.BitString()) 230 ) 231 232 233 class TaggedCertificationRequest(univ.Sequence): 234 pass 235 236 237 TaggedCertificationRequest.componentType = namedtype.NamedTypes( 238 namedtype.NamedType('bodyPartID', BodyPartID()), 239 namedtype.NamedType('certificationRequest', CertificationRequest()) 240 ) 241 242 243 class TaggedRequest(univ.Choice): 244 pass 245 246 247 TaggedRequest.componentType = namedtype.NamedTypes( 248 namedtype.NamedType('tcr', TaggedCertificationRequest().subtype( 249 implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), 250 namedtype.NamedType('crm', 251 rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), 252 namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes( 253 namedtype.NamedType('bodyPartID', BodyPartID()), 254 namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()), 255 namedtype.NamedType('requestMessageValue', univ.Any()) 256 )) 257 .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))) 258 ) 259 260 id_cmc_popLinkRandom = _buildOid(id_cmc, 22) 261 262 id_cmc_statusInfo = _buildOid(id_cmc, 1) 263 264 id_cmc_trustedAnchors = _buildOid(id_cmc, 26) 265 266 id_cmc_transactionId = _buildOid(id_cmc, 5) 267 268 id_cmc_encryptedPOP = _buildOid(id_cmc, 9) 269 270 271 class PublishTrustAnchors(univ.Sequence): 272 pass 273 274 275 PublishTrustAnchors.componentType = namedtype.NamedTypes( 276 namedtype.NamedType('seqNumber', univ.Integer()), 277 namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()), 278 namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString())) 279 ) 280 281 282 class RevokeRequest(univ.Sequence): 283 pass 284 285 286 RevokeRequest.componentType = namedtype.NamedTypes( 287 namedtype.NamedType('issuerName', rfc5280.Name()), 288 namedtype.NamedType('serialNumber', univ.Integer()), 289 namedtype.NamedType('reason', rfc5280.CRLReason()), 290 namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()), 291 namedtype.OptionalNamedType('passphrase', univ.OctetString()), 292 namedtype.OptionalNamedType('comment', char.UTF8String()) 293 ) 294 295 id_cmc_senderNonce = _buildOid(id_cmc, 6) 296 297 id_cmc_authData = _buildOid(id_cmc, 27) 298 299 300 class TaggedContentInfo(univ.Sequence): 301 pass 302 303 304 TaggedContentInfo.componentType = namedtype.NamedTypes( 305 namedtype.NamedType('bodyPartID', BodyPartID()), 306 namedtype.NamedType('contentInfo', rfc5652.ContentInfo()) 307 ) 308 309 310 class IdentifyProofV2(univ.Sequence): 311 pass 312 313 314 IdentifyProofV2.componentType = namedtype.NamedTypes( 315 namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()), 316 namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()), 317 namedtype.NamedType('witness', univ.OctetString()) 318 ) 319 320 321 class CMCPublicationInfo(univ.Sequence): 322 pass 323 324 325 CMCPublicationInfo.componentType = namedtype.NamedTypes( 326 namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()), 327 namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())), 328 namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo()) 329 ) 330 331 id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27) 332 333 id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24) 334 335 id_cmc_raIdentityWitness = _buildOid(id_cmc, 35) 336 337 id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14) 338 339 id_cct = _buildOid(id_pkix, 12) 340 341 id_cct_PKIData = _buildOid(id_cct, 2) 342 343 id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28) 344 345 346 class CMCStatusInfo(univ.Sequence): 347 pass 348 349 350 CMCStatusInfo.componentType = namedtype.NamedTypes( 351 namedtype.NamedType('cMCStatus', CMCStatus()), 352 namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())), 353 namedtype.OptionalNamedType('statusString', char.UTF8String()), 354 namedtype.OptionalNamedType( 355 'otherInfo', univ.Choice( 356 componentType=namedtype.NamedTypes( 357 namedtype.NamedType('failInfo', CMCFailInfo()), 358 namedtype.NamedType('pendInfo', PendInfo()) 359 ) 360 ) 361 ) 362 ) 363 364 365 class DecryptedPOP(univ.Sequence): 366 pass 367 368 369 DecryptedPOP.componentType = namedtype.NamedTypes( 370 namedtype.NamedType('bodyPartID', BodyPartID()), 371 namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()), 372 namedtype.NamedType('thePOP', univ.OctetString()) 373 ) 374 375 id_cmc_addExtensions = _buildOid(id_cmc, 8) 376 377 id_cmc_modCertTemplate = _buildOid(id_cmc, 31) 378 379 380 class TaggedAttribute(univ.Sequence): 381 pass 382 383 384 TaggedAttribute.componentType = namedtype.NamedTypes( 385 namedtype.NamedType('bodyPartID', BodyPartID()), 386 namedtype.NamedType('attrType', univ.ObjectIdentifier()), 387 namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue())) 388 ) 389 390 391 class OtherMsg(univ.Sequence): 392 pass 393 394 395 OtherMsg.componentType = namedtype.NamedTypes( 396 namedtype.NamedType('bodyPartID', BodyPartID()), 397 namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()), 398 namedtype.NamedType('otherMsgValue', univ.Any()) 399 ) 400 401 402 class PKIData(univ.Sequence): 403 pass 404 405 406 PKIData.componentType = namedtype.NamedTypes( 407 namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())), 408 namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())), 409 namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())), 410 namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg())) 411 ) 412 413 414 class BodyPartList(univ.SequenceOf): 415 pass 416 417 418 BodyPartList.componentType = BodyPartID() 419 BodyPartList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 420 421 id_cmc_responseBody = _buildOid(id_cmc, 37) 422 423 424 class AuthPublish(BodyPartID): 425 pass 426 427 428 class CMCUnsignedData(univ.Sequence): 429 pass 430 431 432 CMCUnsignedData.componentType = namedtype.NamedTypes( 433 namedtype.NamedType('bodyPartPath', BodyPartPath()), 434 namedtype.NamedType('identifier', univ.ObjectIdentifier()), 435 namedtype.NamedType('content', univ.Any()) 436 ) 437 438 439 class CMCCertId(rfc5652.IssuerAndSerialNumber): 440 pass 441 442 443 class PKIResponse(univ.Sequence): 444 pass 445 446 447 PKIResponse.componentType = namedtype.NamedTypes( 448 namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())), 449 namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())), 450 namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg())) 451 ) 452 453 454 class ResponseBody(PKIResponse): 455 pass 456 457 458 id_cmc_statusInfoV2 = _buildOid(id_cmc, 25) 459 460 id_cmc_lraPOPWitness = _buildOid(id_cmc, 11) 461 462 463 class ModCertTemplate(univ.Sequence): 464 pass 465 466 467 ModCertTemplate.componentType = namedtype.NamedTypes( 468 namedtype.NamedType('pkiDataReference', BodyPartPath()), 469 namedtype.NamedType('certReferences', BodyPartList()), 470 namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)), 471 namedtype.NamedType('certTemplate', rfc4211.CertTemplate()) 472 ) 473 474 id_cmc_regInfo = _buildOid(id_cmc, 18) 475 476 id_cmc_identityProof = _buildOid(id_cmc, 3) 477 478 479 class ExtensionReq(univ.SequenceOf): 480 pass 481 482 483 ExtensionReq.componentType = rfc5280.Extension() 484 ExtensionReq.subtypeSpec = constraint.ValueSizeConstraint(1, MAX) 485 486 id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28) 487 488 id_cmc_publishCert = _buildOid(id_cmc, 30) 489 490 id_cmc_dataReturn = _buildOid(id_cmc, 4) 491 492 493 class LraPopWitness(univ.Sequence): 494 pass 495 496 497 LraPopWitness.componentType = namedtype.NamedTypes( 498 namedtype.NamedType('pkiDataBodyid', BodyPartID()), 499 namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID())) 500 ) 501 502 id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2) 503 504 id_aa_cmc_unsignedData = _buildOid(id_aa, 34) 505 506 id_cmc_getCert = _buildOid(id_cmc, 15) 507 508 id_cmc_batchRequests = _buildOid(id_cmc, 28) 509 510 id_cmc_decryptedPOP = _buildOid(id_cmc, 10) 511 512 id_cmc_responseInfo = _buildOid(id_cmc, 19) 513 514 id_cmc_changeSubjectName = _buildOid(id_cmc, 36) 515 516 517 class GetCert(univ.Sequence): 518 pass 519 520 521 GetCert.componentType = namedtype.NamedTypes( 522 namedtype.NamedType('issuerName', rfc5280.GeneralName()), 523 namedtype.NamedType('serialNumber', univ.Integer()) 524 ) 525 526 id_cmc_identification = _buildOid(id_cmc, 2) 527 528 id_cmc_queryPending = _buildOid(id_cmc, 21) 529 530 531 class AddExtensions(univ.Sequence): 532 pass 533 534 535 AddExtensions.componentType = namedtype.NamedTypes( 536 namedtype.NamedType('pkiDataReference', BodyPartID()), 537 namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())), 538 namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension())) 539 ) 540 541 542 class EncryptedPOP(univ.Sequence): 543 pass 544 545 546 EncryptedPOP.componentType = namedtype.NamedTypes( 547 namedtype.NamedType('request', TaggedRequest()), 548 namedtype.NamedType('cms', rfc5652.ContentInfo()), 549 namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()), 550 namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()), 551 namedtype.NamedType('witness', univ.OctetString()) 552 ) 553 554 id_cmc_getCRL = _buildOid(id_cmc, 16) 555 556 id_cct_PKIResponse = _buildOid(id_cct, 3) 557 558 id_cmc_controlProcessed = _buildOid(id_cmc, 32) 559 560 561 class NoSignatureValue(univ.OctetString): 562 pass 563 564 565 id_ad_cmc = _buildOid(rfc5280.id_ad, 12) 566 567 id_alg_noSignature = _buildOid(id_pkix, 6, 2) 568
