1 files changed, 567 insertions, 0 deletions

diff --git a/pyasn1_modules/rfc6402.py b/pyasn1_modules/rfc6402.py
new file mode 100644
index 0000000..faee07f
--- /dev/null
+++ b/pyasn1_modules/rfc6402.py
@@ -0,0 +1,567 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+# Certificate Management over CMS (CMC) Updates
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc6402.txt
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc4211
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class ChangeSubjectName(univ.Sequence):
+    pass
+
+
+ChangeSubjectName.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('subject', rfc5280.Name()),
+    namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames())
+)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class CMCStatus(univ.Integer):
+    pass
+
+
+CMCStatus.namedValues = namedval.NamedValues(
+    ('success', 0),
+    ('failed', 2),
+    ('pending', 3),
+    ('noSupport', 4),
+    ('confirmRequired', 5),
+    ('popRequired', 6),
+    ('partial', 7)
+)
+
+
+class PendInfo(univ.Sequence):
+    pass
+
+
+PendInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pendToken', univ.OctetString()),
+    namedtype.NamedType('pendTime', useful.GeneralizedTime())
+)
+
+bodyIdMax = univ.Integer(4294967295)
+
+
+class BodyPartID(univ.Integer):
+    pass
+
+
+BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax)
+
+
+class BodyPartPath(univ.SequenceOf):
+    pass
+
+
+BodyPartPath.componentType = BodyPartID()
+BodyPartPath.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class BodyPartReference(univ.Choice):
+    pass
+
+
+BodyPartReference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('bodyPartPath', BodyPartPath())
+)
+
+
+class CMCFailInfo(univ.Integer):
+    pass
+
+
+CMCFailInfo.namedValues = namedval.NamedValues(
+    ('badAlg', 0),
+    ('badMessageCheck', 1),
+    ('badRequest', 2),
+    ('badTime', 3),
+    ('badCertId', 4),
+    ('unsupportedExt', 5),
+    ('mustArchiveKeys', 6),
+    ('badIdentity', 7),
+    ('popRequired', 8),
+    ('popFailed', 9),
+    ('noKeyReuse', 10),
+    ('internalCAError', 11),
+    ('tryLater', 12),
+    ('authDataFail', 13)
+)
+
+
+class CMCStatusInfoV2(univ.Sequence):
+    pass
+
+
+CMCStatusInfoV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('cMCStatus', CMCStatus()),
+    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())),
+    namedtype.OptionalNamedType('statusString', char.UTF8String()),
+    namedtype.OptionalNamedType(
+        'otherInfo', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('failInfo', CMCFailInfo()),
+                namedtype.NamedType('pendInfo', PendInfo()),
+                namedtype.NamedType(
+                    'extendedFailInfo', univ.Sequence(
+                    componentType=namedtype.NamedTypes(
+                        namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()),
+                        namedtype.NamedType('failInfoValue', AttributeValue()))
+                    )
+                )
+            )
+        )
+    )
+)
+
+
+class GetCRL(univ.Sequence):
+    pass
+
+
+GetCRL.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerName', rfc5280.Name()),
+    namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()),
+    namedtype.OptionalNamedType('time', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags())
+)
+
+id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
+
+id_cmc = _buildOid(id_pkix, 7)
+
+id_cmc_batchResponses = _buildOid(id_cmc, 29)
+
+id_cmc_popLinkWitness = _buildOid(id_cmc, 23)
+
+
+class PopLinkWitnessV2(univ.Sequence):
+    pass
+
+
+PopLinkWitnessV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witness', univ.OctetString())
+)
+
+id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33)
+
+id_cmc_identityProofV2 = _buildOid(id_cmc, 34)
+
+id_cmc_revokeRequest = _buildOid(id_cmc, 17)
+
+id_cmc_recipientNonce = _buildOid(id_cmc, 7)
+
+
+class ControlsProcessed(univ.Sequence):
+    pass
+
+
+ControlsProcessed.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference()))
+)
+
+
+class CertificationRequest(univ.Sequence):
+    pass
+
+
+CertificationRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType(
+        'certificationRequestInfo', univ.Sequence(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('version', univ.Integer()),
+                namedtype.NamedType('subject', rfc5280.Name()),
+                namedtype.NamedType(
+                    'subjectPublicKeyInfo', univ.Sequence(
+                        componentType=namedtype.NamedTypes(
+                            namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
+                            namedtype.NamedType('subjectPublicKey', univ.BitString())
+                        )
+                    )
+                ),
+                namedtype.NamedType(
+                    'attributes', univ.SetOf(
+                        componentType=rfc5652.Attribute()).subtype(
+                        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+                )
+            )
+        )
+    ),
+    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class TaggedCertificationRequest(univ.Sequence):
+    pass
+
+
+TaggedCertificationRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('certificationRequest', CertificationRequest())
+)
+
+
+class TaggedRequest(univ.Choice):
+    pass
+
+
+TaggedRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tcr', TaggedCertificationRequest().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('crm',
+                        rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('bodyPartID', BodyPartID()),
+        namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()),
+        namedtype.NamedType('requestMessageValue', univ.Any())
+    ))
+                        .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+id_cmc_popLinkRandom = _buildOid(id_cmc, 22)
+
+id_cmc_statusInfo = _buildOid(id_cmc, 1)
+
+id_cmc_trustedAnchors = _buildOid(id_cmc, 26)
+
+id_cmc_transactionId = _buildOid(id_cmc, 5)
+
+id_cmc_encryptedPOP = _buildOid(id_cmc, 9)
+
+
+class PublishTrustAnchors(univ.Sequence):
+    pass
+
+
+PublishTrustAnchors.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('seqNumber', univ.Integer()),
+    namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString()))
+)
+
+
+class RevokeRequest(univ.Sequence):
+    pass
+
+
+RevokeRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerName', rfc5280.Name()),
+    namedtype.NamedType('serialNumber', univ.Integer()),
+    namedtype.NamedType('reason', rfc5280.CRLReason()),
+    namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('passphrase', univ.OctetString()),
+    namedtype.OptionalNamedType('comment', char.UTF8String())
+)
+
+id_cmc_senderNonce = _buildOid(id_cmc, 6)
+
+id_cmc_authData = _buildOid(id_cmc, 27)
+
+
+class TaggedContentInfo(univ.Sequence):
+    pass
+
+
+TaggedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('contentInfo', rfc5652.ContentInfo())
+)
+
+
+class IdentifyProofV2(univ.Sequence):
+    pass
+
+
+IdentifyProofV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witness', univ.OctetString())
+)
+
+
+class CMCPublicationInfo(univ.Sequence):
+    pass
+
+
+CMCPublicationInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())),
+    namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo())
+)
+
+id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27)
+
+id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24)
+
+id_cmc_raIdentityWitness = _buildOid(id_cmc, 35)
+
+id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14)
+
+id_cct = _buildOid(id_pkix, 12)
+
+id_cct_PKIData = _buildOid(id_cct, 2)
+
+id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28)
+
+
+class CMCStatusInfo(univ.Sequence):
+    pass
+
+
+CMCStatusInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('cMCStatus', CMCStatus()),
+    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())),
+    namedtype.OptionalNamedType('statusString', char.UTF8String()),
+    namedtype.OptionalNamedType(
+        'otherInfo', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('failInfo', CMCFailInfo()),
+                namedtype.NamedType('pendInfo', PendInfo())
+            )
+        )
+    )
+)
+
+
+class DecryptedPOP(univ.Sequence):
+    pass
+
+
+DecryptedPOP.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('thePOP', univ.OctetString())
+)
+
+id_cmc_addExtensions = _buildOid(id_cmc, 8)
+
+id_cmc_modCertTemplate = _buildOid(id_cmc, 31)
+
+
+class TaggedAttribute(univ.Sequence):
+    pass
+
+
+TaggedAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
+    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()))
+)
+
+
+class OtherMsg(univ.Sequence):
+    pass
+
+
+OtherMsg.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherMsgValue', univ.Any())
+)
+
+
+class PKIData(univ.Sequence):
+    pass
+
+
+PKIData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
+    namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())),
+    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
+    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
+)
+
+
+class BodyPartList(univ.SequenceOf):
+    pass
+
+
+BodyPartList.componentType = BodyPartID()
+BodyPartList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_cmc_responseBody = _buildOid(id_cmc, 37)
+
+
+class AuthPublish(BodyPartID):
+    pass
+
+
+class CMCUnsignedData(univ.Sequence):
+    pass
+
+
+CMCUnsignedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartPath', BodyPartPath()),
+    namedtype.NamedType('identifier', univ.ObjectIdentifier()),
+    namedtype.NamedType('content', univ.Any())
+)
+
+
+class CMCCertId(rfc5652.IssuerAndSerialNumber):
+    pass
+
+
+class PKIResponse(univ.Sequence):
+    pass
+
+
+PKIResponse.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
+    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
+    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
+)
+
+
+class ResponseBody(PKIResponse):
+    pass
+
+
+id_cmc_statusInfoV2 = _buildOid(id_cmc, 25)
+
+id_cmc_lraPOPWitness = _buildOid(id_cmc, 11)
+
+
+class ModCertTemplate(univ.Sequence):
+    pass
+
+
+ModCertTemplate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkiDataReference', BodyPartPath()),
+    namedtype.NamedType('certReferences', BodyPartList()),
+    namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)),
+    namedtype.NamedType('certTemplate', rfc4211.CertTemplate())
+)
+
+id_cmc_regInfo = _buildOid(id_cmc, 18)
+
+id_cmc_identityProof = _buildOid(id_cmc, 3)
+
+
+class ExtensionReq(univ.SequenceOf):
+    pass
+
+
+ExtensionReq.componentType = rfc5280.Extension()
+ExtensionReq.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28)
+
+id_cmc_publishCert = _buildOid(id_cmc, 30)
+
+id_cmc_dataReturn = _buildOid(id_cmc, 4)
+
+
+class LraPopWitness(univ.Sequence):
+    pass
+
+
+LraPopWitness.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkiDataBodyid', BodyPartID()),
+    namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID()))
+)
+
+id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2)
+
+id_aa_cmc_unsignedData = _buildOid(id_aa, 34)
+
+id_cmc_getCert = _buildOid(id_cmc, 15)
+
+id_cmc_batchRequests = _buildOid(id_cmc, 28)
+
+id_cmc_decryptedPOP = _buildOid(id_cmc, 10)
+
+id_cmc_responseInfo = _buildOid(id_cmc, 19)
+
+id_cmc_changeSubjectName = _buildOid(id_cmc, 36)
+
+
+class GetCert(univ.Sequence):
+    pass
+
+
+GetCert.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerName', rfc5280.GeneralName()),
+    namedtype.NamedType('serialNumber', univ.Integer())
+)
+
+id_cmc_identification = _buildOid(id_cmc, 2)
+
+id_cmc_queryPending = _buildOid(id_cmc, 21)
+
+
+class AddExtensions(univ.Sequence):
+    pass
+
+
+AddExtensions.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkiDataReference', BodyPartID()),
+    namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())),
+    namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension()))
+)
+
+
+class EncryptedPOP(univ.Sequence):
+    pass
+
+
+EncryptedPOP.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('request', TaggedRequest()),
+    namedtype.NamedType('cms', rfc5652.ContentInfo()),
+    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witness', univ.OctetString())
+)
+
+id_cmc_getCRL = _buildOid(id_cmc, 16)
+
+id_cct_PKIResponse = _buildOid(id_cct, 3)
+
+id_cmc_controlProcessed = _buildOid(id_cmc, 32)
+
+
+class NoSignatureValue(univ.OctetString):
+    pass
+
+
+id_ad_cmc = _buildOid(rfc5280.id_ad, 12)
+
+id_alg_noSignature = _buildOid(id_pkix, 6, 2)