3 M(Yn@sbddlmZmZmZmZmZmZmZddlm Z m Z m Z e dZ GdddejZGddde jZGdd d eZGd d d eZGd d d ejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZGdddejZ Gd d!d!ejZ!Gd"d#d#ej"Z#Gd$d%d%ejZ$Gd&d'd'ejZ%Gd(d)d)ejZ&Gd*d+d+ej'Z(Gd,d-d-ej)Z*Gd.d/d/ejZ+Gd0d1d1ejZ,Gd2d3d3ejZ-Gd4d5d5ejZ.Gd6d7d7ejZ/Gd8d9d9ejZ0Gd:d;d;ejZ1Gdd?d?ejZ3Gd@dAdAejZ4GdBdCdCejZ5GdDdEdEejZ6GdFdGdGejZ7ej8dHZ9GdIdJdJejZ:ej8dKZ;GdLdMdMej)Zej?ej@dNdOZAGdPdQdQej"ZBGdRdSdSejZCGdTdUdUejZDGdVdWdWejZEGdXdYdYejZFeFe6_GeFeA_GdZS)[)tag namedtypenamedvaluniv constraintcharuseful)rfc2459rfc2511rfc2314infc@s eZdZdS) KeyIdentifierN)__name__ __module__ __qualname__rrH/private/tmp/pip-build-nl73fm5q/pyasn1-modules/pyasn1_modules/rfc4210.pyr sr c@s eZdZdS)CMPCertificateN)rrrrrrrrsrc@s eZdZdS)OOBCertN)rrrrrrrrsrc@s eZdZdS)CertAnnContentN)rrrrrrrrsrc@s,eZdZdZejZejj e j de Z dS) PKIFreeTextz> PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String N) rrr__doc__rZ UTF8String componentTyper SequenceOf subtypeSpecrValueSizeConstraintMAXrrrrr!src@s(eZdZdZGdddejZeZdS)PollRepContentz PollRepContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER, checkAfter INTEGER, -- time in seconds reason PKIFreeText OPTIONAL } c@s<eZdZejejdejejdejejde Z dS)zPollRepContent.CertReq certReqIdZ checkAfterreasonN) rrrr NamedTypes NamedTyperIntegerOptionalNamedTyperrrrrrCertReq2sr%N)rrrrrSequencer%rrrrrr)src@s(eZdZdZGdddejZeZdS)PollReqContentzh PollReqContent ::= SEQUENCE OF SEQUENCE { certReqId INTEGER } c@s"eZdZejejdejZdS)zPollReqContent.CertReqrN) rrrrr!r"rr#rrrrrr%Dsr%N)rrrrrr&r%rrrrrr'<sr'c@s4eZdZdZejejdejej dej Z dS)InfoTypeAndValuez InfoTypeAndValue ::= SEQUENCE { infoType OBJECT IDENTIFIER, infoValue ANY DEFINED BY infoType OPTIONAL }ZinfoType infoValueN) rrrrrr!r"rObjectIdentifierr$Anyrrrrrr(Lsr(c@seZdZeZdS) GenRepContentN)rrrr(rrrrrr,Xsr,c@seZdZeZdS) GenMsgContentN)rrrr(rrrrrr-\sr-c@s eZdZdS)PKIConfirmContentN)rrrrrrrr.`sr.c@seZdZejZdS) CRLAnnContentN)rrrr CertificateListrrrrrr/dsr/c@s<eZdZdZejejdeejdeejdeZdS)CAKeyUpdAnnContentz CAKeyUpdAnnContent ::= SEQUENCE { oldWithNew CMPCertificate, newWithOld CMPCertificate, newWithNew CMPCertificate } Z oldWithNewZ newWithOldZ newWithNewN) rrrrrr!r"rrrrrrr1hs   r1c@s4eZdZdZejejdejej de j Z dS) RevDetailsz RevDetails ::= SEQUENCE { certDetails CertTemplate, crlEntryDetails Extensions OPTIONAL } Z certDetailsZcrlEntryDetailsN) rrrrrr!r"r Z CertTemplater$r Extensionsrrrrrr2wsr2c@seZdZeZdS) RevReqContentN)rrrr2rrrrrr4sr4c @s^eZdZdZejejdeje j e j e j ddejde jje j e j e j ddZdS) CertOrEncCertz CertOrEncCert ::= CHOICE { certificate [0] CMPCertificate, encryptedCert [1] EncryptedValue } Z certificater) explicitTagZ encryptedCertrN)rrrrrr!r"rsubtyperTagtagClassContexttagFormatConstructedr EncryptedValuerrrrrr5s"r5c @sleZdZdZejejdeejde j j e j e je jddejde jj e j e je jddZdS) CertifiedKeyPairz CertifiedKeyPair ::= SEQUENCE { certOrEncCert CertOrEncCert, privateKey [0] EncryptedValue OPTIONAL, publicationInfo [1] PKIPublicationInfo OPTIONAL } Z certOrEncCertZ privateKeyr)r6ZpublicationInforN)rrrrrr!r"r5r$r r;r7rr8r9r:ZPKIPublicationInforrrrrr<s  $r<c@seZdZejZdS)POPODecKeyRespContentN)rrrrr#rrrrrr=sr=c@sBeZdZdZejejdejej de j ej de j Z dS) Challengez Challenge ::= SEQUENCE { owf AlgorithmIdentifier OPTIONAL, witness OCTET STRING, challenge OCTET STRING } owfZwitness challengeN) rrrrrr!r$r AlgorithmIdentifierr"r OctetStringrrrrrr>s r>c @s&eZdZdZejdddddddZdS) PKIStatusa+ PKIStatus ::= INTEGER { accepted (0), grantedWithMods (1), rejection (2), waiting (3), revocationWarning (4), revocationNotification (5), keyUpdateWarning (6) } acceptedrgrantedWithModsr rejectionwaitingrevocationWarningrevocationNotificationkeyUpdateWarningN)rDr)rEr)rFrG)rHrI)rJrK)rLrM)rNrO)rrrrr NamedValues namedValuesrrrrrCs rCc@sNeZdZdZejd9d:d;dd?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSZd8S)TPKIFailureInfoa PKIFailureInfo ::= BIT STRING { badAlg (0), badMessageCheck (1), badRequest (2), badTime (3), badCertId (4), badDataFormat (5), wrongAuthority (6), incorrectData (7), missingTimeStamp (8), badPOP (9), certRevoked (10), certConfirmed (11), wrongIntegrity (12), badRecipientNonce (13), timeNotAvailable (14), unacceptedPolicy (15), unacceptedExtension (16), addInfoNotAvailable (17), badSenderNonce (18), badCertTemplate (19), signerNotTrusted (20), transactionIdInUse (21), unsupportedVersion (22), notAuthorized (23), systemUnavail (24), systemFailure (25), duplicateCertReq (26) badAlgrbadMessageCheckr badRequestrGbadTimerI badCertIdrK badDataFormatrMwrongAuthorityrO incorrectDatamissingTimeStampbadPOP certRevoked certConfirmed wrongIntegrity badRecipientNonce timeNotAvailableunacceptedPolicyunacceptedExtensionaddInfoNotAvailablebadSenderNoncebadCertTemplatesignerNotTrustedtransactionIdInUseunsupportedVersion notAuthorized systemUnavail systemFailureduplicateCertReqN)rSr)rTr)rUrG)rVrI)rWrK)rXrM)rYrO)rZr[)r\r])r^r_)r`ra)rbrc)rdre)rfrg)rhri)rjrk)rlrm)rnro)rprq)rrrs)rtru)rvrw)rxry)rzr{)r|r})r~r)rr)rrrrrrPrQrrrrrRs:rRc@s<eZdZdZejejdeejde ejde Z dS) PKIStatusInfoz PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusString PKIFreeText OPTIONAL, failInfo PKIFailureInfo OPTIONAL } statusZ statusStringZfailInfoN) rrrrrr!r"rCr$rrRrrrrrr s   rc@s>eZdZdZejejdeejde j ejde Z dS)ErrorMsgContenta7 ErrorMsgContent ::= SEQUENCE { pKIStatusInfo PKIStatusInfo, errorCode INTEGER OPTIONAL, -- implementation-specific error codes errorDetails PKIFreeText OPTIONAL -- implementation-specific error details } Z pKIStatusInfoZ errorCodeZ errorDetailsN) rrrrrr!r"rr$rr#rrrrrrrs   rc@s@eZdZdZejejdejejdej ej de Z dS) CertStatusz CertStatus ::= SEQUENCE { certHash OCTET STRING, certReqId INTEGER, statusInfo PKIStatusInfo OPTIONAL } ZcertHashrZ statusInfoN) rrrrrr!r"rrBr#r$rrrrrrr,s rc@seZdZeZdS)CertConfirmContentN)rrrrrrrrrr;src@s\eZdZdZejejdeejdej ejde j ejde j ej de jZdS) RevAnnContenta RevAnnContent ::= SEQUENCE { status PKIStatus, certId CertId, willBeRevokedAt GeneralizedTime, badSinceDate GeneralizedTime, crlDetails Extensions OPTIONAL } rcertIdZwillBeRevokedAtZ badSinceDateZ crlDetailsN)rrrrrr!r"rCr CertIdrGeneralizedTimer$r r3rrrrrr?s  rc @seZdZdZejejdeejde j e j dj ejdeejejejddejde j ejdj ejdeejejejddZd S) RevRepContentaI RevRepContent ::= SEQUENCE { status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL rZrevCerts)rrr)rr6ZcrlsN)rrrrrr!r"rr$rrr rr7rrrrr8r9r:r r0rrrrrrRs   rc @seZdZdZejejdeejde j e j e j e jddejdeje dj e j e j e jdejded ejd ejedj e j e j e jd ejded Zd S) KeyRecRepContenta KeyRecRepContent ::= SEQUENCE { status PKIStatusInfo, newSigCert [0] CMPCertificate OPTIONAL, caCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, keyPairHist [2] SEQUENCE SIZE (1..MAX) OF CertifiedKeyPair OPTIONAL } rZ newSigCertr)r6ZcaCerts)rr)r6rZ keyPairHistrGN)rrrrrr!r"rr$rr7rr8r9r:rrrrrr<rrrrrrls  rc@sLeZdZdZejejdejejde ej de ej dej Z dS) CertResponsez CertResponse ::= SEQUENCE { certReqId INTEGER, status PKIStatusInfo, certifiedKeyPair CertifiedKeyPair OPTIONAL, rspInfo OCTET STRING OPTIONAL } rrZcertifiedKeyPairZrspInfoN)rrrrrr!r"rr#rr$r<rBrrrrrrs   rc @s`eZdZdZejejdeje dj e j de ejejejddejdejedZdS)CertRepMessagez CertRepMessage ::= SEQUENCE { caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL, response SEQUENCE OF CertResponse } ZcaPubs)rr)rr6responseN)rrrrrr!r$rrrr7rrrrr8r9r:r"rrrrrrrs  rc@seZdZeZdS)POPODecKeyChallContentN)rrrr>rrrrrrsrc @sneZdZdZejejdejj e j e j e j ddejdejj e j e j e j ddejdejZdS) OOBCertHashz OOBCertHash ::= SEQUENCE { hashAlg [0] AlgorithmIdentifier OPTIONAL, certId [1] CertId OPTIONAL, hashVal BIT STRING } ZhashAlgr)r6rrZhashValN)rrrrrr!r$r rAr7rr8r9r:r rr"r BitStringrrrrrrs  rc@seZdZdZejZdS)NestedMessageContentz. NestedMessageContent ::= PKIMessages N)rrrrrr+rrrrrrsrc@s4eZdZdZejejdejejdejZ dS) DHBMParametera1 DHBMParameter ::= SEQUENCE { owf AlgorithmIdentifier, -- AlgId for a One-Way Function (SHA-1 recommended) mac AlgorithmIdentifier -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], } -- or HMAC [RFC2104, RFC2202]) r?macN) rrrrrr!r"r rArrrrrrsrz1.2.840.113533.7.66.30c@s`eZdZdZejejdejj e j dddejde j ejdejejde j Zd S) PBMParameterz PBMParameter ::= SEQUENCE { salt OCTET STRING, owf AlgorithmIdentifier, iterationCount INTEGER, mac AlgorithmIdentifier } Zsaltr)rr?ZiterationCountrN)rrrrrr!r"rrBr7rrr rAr#rrrrrrsrz1.2.840.113533.7.66.13c@s eZdZdS) PKIProtectionN)rrrrrrrrsrru)r6c"@seZdZdZejejdejj e j e j e j ddejdej e j e j e j ddejdejj e j e j e j ddejd ej e j e j e j d dejd ejj e j e j e j d dejd ej e j e j e j ddejdej e j e j e j ddejdejj e j e j e j ddejdej e j e j e j ddejdejj e j e j e j ddejdej e j e j e j ddejdej e j e j e j ddejdej e j e j e j ddejdejj e j e j e j ddejdej e j e j e j d dejd!ej e j e j e j d"dejd#ej e j e j e j d$dejd%ej e j e j e j d&dejd'ej e j e j e j d(dejd)ej e j e j e j d*dejd+eejd,ej e j e j e j d-dejd.ej e j e j e j d/dejd0ej e j e j e j d1dejd2ej e j e j e j d3dejd4e j e j e j e j d5dejd6e!j e j e j e j d7dZ"d8S)9PKIBodyag PKIBody ::= CHOICE { -- message-specific body elements ir [0] CertReqMessages, --Initialization Request ip [1] CertRepMessage, --Initialization Response cr [2] CertReqMessages, --Certification Request cp [3] CertRepMessage, --Certification Response p10cr [4] CertificationRequest, --imported from [PKCS10] popdecc [5] POPODecKeyChallContent, --pop Challenge popdecr [6] POPODecKeyRespContent, --pop Response kur [7] CertReqMessages, --Key Update Request kup [8] CertRepMessage, --Key Update Response krr [9] CertReqMessages, --Key Recovery Request krp [10] KeyRecRepContent, --Key Recovery Response rr [11] RevReqContent, --Revocation Request rp [12] RevRepContent, --Revocation Response ccr [13] CertReqMessages, --Cross-Cert. Request ccp [14] CertRepMessage, --Cross-Cert. Response ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. cann [16] CertAnnContent, --Certificate Ann. rann [17] RevAnnContent, --Revocation Ann. crlann [18] CRLAnnContent, --CRL Announcement pkiconf [19] PKIConfirmContent, --Confirmation nested [20] NestedMessageContent, --Nested Message genm [21] GenMsgContent, --General Message genp [22] GenRepContent, --General Response error [23] ErrorMsgContent, --Error Message certConf [24] CertConfirmContent, --Certificate confirm pollReq [25] PollReqContent, --Polling request pollRep [26] PollRepContent --Polling response Zirr)r6iprcrrGcprIZp10crrKZpopdeccrMZpopdecrrOZkurr[Zkupr]Zkrrr_ZkrpraZrrrcrpreZccrrgZccpriZckuannrkZcannrmZrannroZcrlannrqZpkiconfrsnestedZgenmrwgenryerrorr{ZcertConfr}ZpollReqrZpollReprN)#rrrrrr!r"r ZCertReqMessagesr7rr8r9r:rr ZCertificationRequestrr=rr4rr1rrr/r.nestedMessageContentr-r,rrr'rrrrrrrs      rc@seZdZdZejejdeje j dddejde j ejd e j ej d ejjejejejd d ej d e jjejejejdd ej de jjejejejdd ej de jjejejejdd ej dejjejejejdd ej dejjejejejdd ej dejjejejejdd ej dejejejejdd ej dejejejdeejejejddd ZdS) PKIHeadera PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } Zpvnocmp1999rcmp2000rG)rQZsenderZ recipientZ messageTimer)r6Z protectionAlgZ senderKIDZrecipKIDrIZ transactionIDrKZ senderNoncerMZ recipNoncerOZfreeTextr[Z generalInfor])rr6)rN)rr)rrG) rrrrrr!r"rr#rrPr Z GeneralNamer$rrr7rr8r9tagFormatSimplerAr:r rBrrr(rrrrrrrrrs8  rc@s0eZdZdZejejdeejdeZ dS) ProtectedPartzg ProtectedPart ::= SEQUENCE { header PKIHeader, body PKIBody } headerr)N) rrrrrr!r"rrrrrrrrs rc @seZdZdZejejdeejdeej de j e j e je jddej dejedj ejd ee j e je jd d Zd S) PKIMessagez PKIMessage ::= SEQUENCE { header PKIHeader, body PKIBody, protection [0] PKIProtection OPTIONAL, extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate OPTIONAL }rbodyZ protectionr)r6Z extraCerts)rr)rr6N)rrrrrr!r"rrr$rr7rr8r9rrrrrrrr:rrrrrrs     rc@s*eZdZdZeZejje j de ZdS) PKIMessagesz> PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage rN) rrrrrrrrrrrrrrrrr srN)HZ pyasn1.typerrrrrrrZpyasn1_modulesr r r floatrrBr Z Certificaterrrrrrr'r&r(r,r-ZNullr.r/r1r2r4ZChoicer5r<r=r>r#rCrrRrrrrrrrrrrrrrr*Z id_DHBasedMacrZid_PasswordBasedMacrr7r8r9r:rrrrrrZ_componentTyperrrr sd$   >  .6