Hello community,
here is the log from the commit of package python-pyasn1-modules for
openSUSE:Factory checked in at 2012-07-30 09:40:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyasn1-modules (Old)
and /work/SRC/openSUSE:Factory/.python-pyasn1-modules.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pyasn1-modules", Maintainer is ""
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-pyasn1-modules/python-pyasn1-modules.changes
2012-05-08 06:48:01.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.python-pyasn1-modules.new/python-pyasn1-modules.changes
2012-07-30 09:40:13.000000000 +0200
@@ -1,0 +2,8 @@
+Fri Jul 27 18:03:12 UTC 2012 - [email protected]
+
+- Update to upstrean release 0.0.4
+
+The pyasn1-modules collection now includes Certificate Management Protocol
+(RFC4210) data structures.
+
+-------------------------------------------------------------------
Old:
----
pyasn1-modules-0.0.3.tar.gz
New:
----
pyasn1-modules-0.0.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pyasn1-modules.spec ++++++
--- /var/tmp/diff_new_pack.ckugSD/_old 2012-07-30 09:40:16.000000000 +0200
+++ /var/tmp/diff_new_pack.ckugSD/_new 2012-07-30 09:40:16.000000000 +0200
@@ -17,7 +17,7 @@
Name: python-pyasn1-modules
-Version: 0.0.3
+Version: 0.0.4
Release: 0
Url: http://pyasn1.sf.net/
Summary: Collection of protocols modules written in ASN.1 language
++++++ pyasn1-modules-0.0.3.tar.gz -> pyasn1-modules-0.0.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/CHANGES
new/pyasn1-modules-0.0.4/CHANGES
--- old/pyasn1-modules-0.0.3/CHANGES 2012-04-11 21:44:45.000000000 +0200
+++ new/pyasn1-modules-0.0.4/CHANGES 2012-07-11 17:38:13.000000000 +0200
@@ -1,3 +1,12 @@
+Revision 0.0.4
+--------------
+
+- CMP structures (RFC4210), cmpdump.py tool and test case added.
+- SNMPv2c Message syntax (RFC1901) properly defined.
+- Package version established in form of __init__.__version__
+ which is in-sync with distutils.
+- Package meta information and classifiers updated.
+
Revision 0.0.3
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/PKG-INFO
new/pyasn1-modules-0.0.4/PKG-INFO
--- old/pyasn1-modules-0.0.3/PKG-INFO 2012-04-20 10:50:26.000000000 +0200
+++ new/pyasn1-modules-0.0.4/PKG-INFO 2012-07-23 18:50:57.000000000 +0200
@@ -1,21 +1,26 @@
-Metadata-Version: 1.0
+Metadata-Version: 1.1
Name: pyasn1-modules
-Version: 0.0.3
-Summary: ASN.1 modules
+Version: 0.0.4
+Summary: A collection of ASN.1-based protocols modules.
Home-page: http://sourceforge.net/projects/pyasn1/
-Author: Ilya Etingof
+Author: Ilya Etingof <[email protected]>
Author-email: [email protected]
License: BSD
-Description: UNKNOWN
-Platform: UNKNOWN
+Description: A collection of ASN.1 modules expressed in form of pyasn1
classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data
structures (X.509, PKCS etc.).
+Platform: any
Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Telecommunications Industry
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Communications
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Classifier: License :: OSI Approved :: BSD License
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/pyasn1_modules/__init__.py
new/pyasn1-modules-0.0.4/pyasn1_modules/__init__.py
--- old/pyasn1-modules-0.0.3/pyasn1_modules/__init__.py 2011-02-17
19:35:16.000000000 +0100
+++ new/pyasn1-modules-0.0.4/pyasn1_modules/__init__.py 2012-07-04
14:47:00.000000000 +0200
@@ -0,0 +1,2 @@
+# http://www.python.org/dev/peps/pep-0396/
+__version__ = '0.0.4'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/pyasn1_modules/rfc1901.py
new/pyasn1-modules-0.0.4/pyasn1_modules/rfc1901.py
--- old/pyasn1-modules-0.0.3/pyasn1_modules/rfc1901.py 1970-01-01
01:00:00.000000000 +0100
+++ new/pyasn1-modules-0.0.4/pyasn1_modules/rfc1901.py 2012-07-11
17:36:25.000000000 +0200
@@ -0,0 +1,15 @@
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1901.txt
+#
+from pyasn1.type import univ, namedtype, namedval
+
+class Message(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('version', univ.Integer(namedValues =
namedval.NamedValues(('version-2c', 1)))),
+ namedtype.NamedType('community', univ.OctetString()),
+ namedtype.NamedType('data', univ.Any())
+ )
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/pyasn1_modules/rfc1905.py
new/pyasn1-modules-0.0.4/pyasn1_modules/rfc1905.py
--- old/pyasn1-modules-0.0.3/pyasn1_modules/rfc1905.py 2012-04-11
18:53:20.000000000 +0200
+++ new/pyasn1-modules-0.0.4/pyasn1_modules/rfc1905.py 2012-07-11
17:35:02.000000000 +0200
@@ -1,5 +1,5 @@
#
-# SNMPv2c message syntax
+# SNMPv2c PDU syntax
#
# ASN.1 source from:
# http://www.ietf.org/rfc/rfc1905.txt
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/pyasn1_modules/rfc4210.py
new/pyasn1-modules-0.0.4/pyasn1_modules/rfc4210.py
--- old/pyasn1-modules-0.0.3/pyasn1_modules/rfc4210.py 1970-01-01
01:00:00.000000000 +0100
+++ new/pyasn1-modules-0.0.4/pyasn1_modules/rfc4210.py 2012-05-30
17:26:27.000000000 +0200
@@ -0,0 +1,695 @@
+#
+# Certificate Management Protocol structures as per RFC4210
+#
+# Based on Alex Railean's work
+#
+from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+from pyasn1_modules import rfc2459, rfc2511, rfc2314
+
+MAX = 64
+
+class KeyIdentifier(univ.OctetString): pass
+
+class CMPCertificate(rfc2459.Certificate): pass
+
+class OOBCert(CMPCertificate): pass
+
+class CertAnnContent(CMPCertificate): pass
+
+class PKIFreeText(univ.SequenceOf):
+ """
+ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+ """
+ componentType = char.UTF8String()
+ subtypeSpec = univ.SequenceOf.subtypeSpec +
constraint.ValueSizeConstraint(1, MAX)
+
+class PollRepContent(univ.SequenceOf):
+ """
+ PollRepContent ::= SEQUENCE OF SEQUENCE {
+ certReqId INTEGER,
+ checkAfter INTEGER, -- time in seconds
+ reason PKIFreeText OPTIONAL
+ }
+ """
+ class CertReq(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certReqId', univ.Integer()),
+ namedtype.NamedType('checkAfter', univ.Integer()),
+ namedtype.OptionalNamedType('reason', PKIFreeText())
+ )
+ componentType = CertReq()
+
+class PollReqContent(univ.SequenceOf):
+ """
+ PollReqContent ::= SEQUENCE OF SEQUENCE {
+ certReqId INTEGER
+ }
+
+ """
+ class CertReq(univ.Sequence):
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certReqId', univ.Integer())
+ )
+ componentType = CertReq()
+
+class InfoTypeAndValue(univ.Sequence):
+ """
+ InfoTypeAndValue ::= SEQUENCE {
+ infoType OBJECT IDENTIFIER,
+ infoValue ANY DEFINED BY infoType OPTIONAL
+ }"""
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('infoType', univ.ObjectIdentifier()),
+ namedtype.OptionalNamedType('infoValue', univ.Any())
+ )
+
+class GenRepContent(univ.SequenceOf):
+ componentType = InfoTypeAndValue()
+
+class GenMsgContent(univ.SequenceOf):
+ componentType = InfoTypeAndValue()
+
+class PKIConfirmContent(univ.Null): pass
+
+class CRLAnnContent(univ.SequenceOf):
+ componentType = rfc2459.CertificateList()
+
+class CAKeyUpdAnnContent(univ.Sequence):
+ """
+ CAKeyUpdAnnContent ::= SEQUENCE {
+ oldWithNew CMPCertificate,
+ newWithOld CMPCertificate,
+ newWithNew CMPCertificate
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('oldWithNew', CMPCertificate()),
+ namedtype.NamedType('newWithOld', CMPCertificate()),
+ namedtype.NamedType('newWithNew', CMPCertificate())
+ )
+
+class RevDetails(univ.Sequence):
+ """
+ RevDetails ::= SEQUENCE {
+ certDetails CertTemplate,
+ crlEntryDetails Extensions OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certDetails', rfc2511.CertTemplate()),
+ namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions())
+ )
+
+class RevReqContent(univ.SequenceOf):
+ componentType = RevDetails()
+
+class CertOrEncCert(univ.Choice):
+ """
+ CertOrEncCert ::= CHOICE {
+ certificate [0] CMPCertificate,
+ encryptedCert [1] EncryptedValue
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certificate', CMPCertificate().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed,
0)
+ )
+ ),
+ namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed,
1)
+ )
+ )
+ )
+
+class CertifiedKeyPair(univ.Sequence):
+ """
+ CertifiedKeyPair ::= SEQUENCE {
+ certOrEncCert CertOrEncCert,
+ privateKey [0] EncryptedValue OPTIONAL,
+ publicationInfo [1] PKIPublicationInfo OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certOrEncCert', CertOrEncCert()),
+ namedtype.OptionalNamedType('privateKey',
rfc2511.EncryptedValue().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 0)
+ )
+ ),
+ namedtype.OptionalNamedType('publicationInfo',
rfc2511.PKIPublicationInfo().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 1)
+ )
+ )
+ )
+
+
+class POPODecKeyRespContent(univ.SequenceOf):
+ componentType = univ.Integer()
+
+class Challenge(univ.Sequence):
+ """
+ Challenge ::= SEQUENCE {
+ owf AlgorithmIdentifier OPTIONAL,
+ witness OCTET STRING,
+ challenge OCTET STRING
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()),
+ namedtype.NamedType('witness', univ.OctetString()),
+ namedtype.NamedType('challenge', univ.OctetString())
+ )
+
+class PKIStatus(univ.Integer):
+ """
+ PKIStatus ::= INTEGER {
+ accepted (0),
+ grantedWithMods (1),
+ rejection (2),
+ waiting (3),
+ revocationWarning (4),
+ revocationNotification (5),
+ keyUpdateWarning (6)
+ }
+ """
+ namedValues = namedval.NamedValues(
+ ('accepted', 0),
+ ('grantedWithMods', 1),
+ ('rejection', 2),
+ ('waiting', 3),
+ ('revocationWarning', 4),
+ ('revocationNotification', 5),
+ ('keyUpdateWarning', 6)
+ )
+
+class PKIFailureInfo(univ.BitString):
+ """
+ PKIFailureInfo ::= BIT STRING {
+ badAlg (0),
+ badMessageCheck (1),
+ badRequest (2),
+ badTime (3),
+ badCertId (4),
+ badDataFormat (5),
+ wrongAuthority (6),
+ incorrectData (7),
+ missingTimeStamp (8),
+ badPOP (9),
+ certRevoked (10),
+ certConfirmed (11),
+ wrongIntegrity (12),
+ badRecipientNonce (13),
+ timeNotAvailable (14),
+ unacceptedPolicy (15),
+ unacceptedExtension (16),
+ addInfoNotAvailable (17),
+ badSenderNonce (18),
+ badCertTemplate (19),
+ signerNotTrusted (20),
+ transactionIdInUse (21),
+ unsupportedVersion (22),
+ notAuthorized (23),
+ systemUnavail (24),
+ systemFailure (25),
+ duplicateCertReq (26)
+ """
+ namedValues = namedval.NamedValues(
+ ('badAlg', 0),
+ ('badMessageCheck', 1),
+ ('badRequest', 2),
+ ('badTime', 3),
+ ('badCertId', 4),
+ ('badDataFormat', 5),
+ ('wrongAuthority', 6),
+ ('incorrectData', 7),
+ ('missingTimeStamp', 8),
+ ('badPOP', 9),
+ ('certRevoked', 10),
+ ('certConfirmed', 11),
+ ('wrongIntegrity', 12),
+ ('badRecipientNonce', 13),
+ ('timeNotAvailable', 14),
+ ('unacceptedPolicy', 15),
+ ('unacceptedExtension', 16),
+ ('addInfoNotAvailable', 17),
+ ('badSenderNonce', 18),
+ ('badCertTemplate', 19),
+ ('signerNotTrusted', 20),
+ ('transactionIdInUse', 21),
+ ('unsupportedVersion', 22),
+ ('notAuthorized', 23),
+ ('systemUnavail', 24),
+ ('systemFailure', 25),
+ ('duplicateCertReq', 26)
+ )
+
+class PKIStatusInfo(univ.Sequence):
+ """
+ PKIStatusInfo ::= SEQUENCE {
+ status PKIStatus,
+ statusString PKIFreeText OPTIONAL,
+ failInfo PKIFailureInfo OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('status', PKIStatus()),
+ namedtype.OptionalNamedType('statusString', PKIFreeText()),
+ namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
+ )
+
+class ErrorMsgContent(univ.Sequence):
+ """
+ ErrorMsgContent ::= SEQUENCE {
+ pKIStatusInfo PKIStatusInfo,
+ errorCode INTEGER OPTIONAL,
+ -- implementation-specific error codes
+ errorDetails PKIFreeText OPTIONAL
+ -- implementation-specific error details
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()),
+ namedtype.OptionalNamedType('errorCode', univ.Integer()),
+ namedtype.OptionalNamedType('errorDetails', PKIFreeText())
+ )
+
+class CertStatus(univ.Sequence):
+ """
+ CertStatus ::= SEQUENCE {
+ certHash OCTET STRING,
+ certReqId INTEGER,
+ statusInfo PKIStatusInfo OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certHash', univ.OctetString()),
+ namedtype.NamedType('certReqId', univ.Integer()),
+ namedtype.OptionalNamedType('statusInfo', PKIStatusInfo())
+ )
+
+class CertConfirmContent(univ.SequenceOf):
+ componentType = CertStatus()
+
+class RevAnnContent(univ.Sequence):
+ """
+ RevAnnContent ::= SEQUENCE {
+ status PKIStatus,
+ certId CertId,
+ willBeRevokedAt GeneralizedTime,
+ badSinceDate GeneralizedTime,
+ crlDetails Extensions OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('status', PKIStatus()),
+ namedtype.NamedType('certId', rfc2511.CertId()),
+ namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
+ namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
+ namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions())
+ )
+
+class RevRepContent(univ.Sequence):
+ """
+ RevRepContent ::= SEQUENCE {
+ status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
+ revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
+ OPTIONAL,
+ crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList
+ OPTIONAL
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('status', PKIStatusInfo()),
+ namedtype.OptionalNamedType('revCerts', univ.SequenceOf(
+ componentType=rfc2511.CertId()
+ ).subtype(
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 0)
+ )
+ ),
+ namedtype.OptionalNamedType('crls', univ.SequenceOf(
+ componentType=rfc2459.CertificateList()
+ ).subtype(
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 1)
+ )
+ )
+ )
+
+class KeyRecRepContent(univ.Sequence):
+ """
+ KeyRecRepContent ::= SEQUENCE {
+ status PKIStatusInfo,
+ newSigCert [0] CMPCertificate OPTIONAL,
+ caCerts [1] SEQUENCE SIZE (1..MAX) OF
+ CMPCertificate OPTIONAL,
+ keyPairHist [2] SEQUENCE SIZE (1..MAX) OF
+ CertifiedKeyPair OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('status', PKIStatusInfo()),
+ namedtype.OptionalNamedType('newSigCert', CMPCertificate().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed,
0)
+ )
+ ),
+ namedtype.OptionalNamedType('caCerts', univ.SequenceOf(
+ componentType=CMPCertificate()
+ ).subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 1),
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+ )
+ ),
+ namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(
+ componentType=CertifiedKeyPair()
+ ).subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 2),
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+ )
+ )
+ )
+
+class CertResponse(univ.Sequence):
+ """
+ CertResponse ::= SEQUENCE {
+ certReqId INTEGER,
+ status PKIStatusInfo,
+ certifiedKeyPair CertifiedKeyPair OPTIONAL,
+ rspInfo OCTET STRING OPTIONAL
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('certReqId', univ.Integer()),
+ namedtype.NamedType('status', PKIStatusInfo()),
+ namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()),
+ namedtype.OptionalNamedType('rspInfo', univ.OctetString())
+ )
+
+class CertRepMessage(univ.Sequence):
+ """
+ CertRepMessage ::= SEQUENCE {
+ caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+ OPTIONAL,
+ response SEQUENCE OF CertResponse
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('caPubs', univ.SequenceOf(
+ componentType=CMPCertificate()
+ ).subtype(
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+ )
+ ),
+ namedtype.NamedType('response', univ.SequenceOf(
+ componentType=CertResponse())
+ )
+ )
+
+class POPODecKeyChallContent(univ.SequenceOf):
+ componentType = Challenge()
+
+class OOBCertHash(univ.Sequence):
+ """
+ OOBCertHash ::= SEQUENCE {
+ hashAlg [0] AlgorithmIdentifier OPTIONAL,
+ certId [1] CertId OPTIONAL,
+ hashVal BIT STRING
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.OptionalNamedType('hashAlg',
+ rfc2459.AlgorithmIdentifier().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+ )
+ ),
+ namedtype.OptionalNamedType('certId', rfc2511.CertId().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+ )
+ ),
+ namedtype.NamedType('hashVal', univ.BitString())
+ )
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+class NestedMessageContent(univ.SequenceOf):
+ """
+ NestedMessageContent ::= PKIMessages
+ """
+ componentType = univ.Any()
+
+class DHBMParameter(univ.Sequence):
+ """
+ DHBMParameter ::= SEQUENCE {
+ owf AlgorithmIdentifier,
+ -- AlgId for a One-Way Function (SHA-1 recommended)
+ mac AlgorithmIdentifier
+ -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+ } -- or HMAC [RFC2104, RFC2202])
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+ namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+ )
+
+id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30')
+
+class PBMParameter(univ.Sequence):
+ """
+ PBMParameter ::= SEQUENCE {
+ salt OCTET STRING,
+ owf AlgorithmIdentifier,
+ iterationCount INTEGER,
+ mac AlgorithmIdentifier
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('salt', univ.OctetString().subtype(
+ subtypeSpec=constraint.ValueSizeConstraint(0, 128)
+ )
+ ),
+ namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+ namedtype.NamedType('iterationCount', univ.Integer()),
+ namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+ )
+
+id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13')
+
+class PKIProtection(univ.BitString): pass
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+nestedMessageContent =
NestedMessageContent().subtype(explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20))
+
+class PKIBody(univ.Choice):
+ """
+ PKIBody ::= CHOICE { -- message-specific body elements
+ ir [0] CertReqMessages, --Initialization Request
+ ip [1] CertRepMessage, --Initialization Response
+ cr [2] CertReqMessages, --Certification Request
+ cp [3] CertRepMessage, --Certification Response
+ p10cr [4] CertificationRequest, --imported from [PKCS10]
+ popdecc [5] POPODecKeyChallContent, --pop Challenge
+ popdecr [6] POPODecKeyRespContent, --pop Response
+ kur [7] CertReqMessages, --Key Update Request
+ kup [8] CertRepMessage, --Key Update Response
+ krr [9] CertReqMessages, --Key Recovery Request
+ krp [10] KeyRecRepContent, --Key Recovery Response
+ rr [11] RevReqContent, --Revocation Request
+ rp [12] RevRepContent, --Revocation Response
+ ccr [13] CertReqMessages, --Cross-Cert. Request
+ ccp [14] CertRepMessage, --Cross-Cert. Response
+ ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann.
+ cann [16] CertAnnContent, --Certificate Ann.
+ rann [17] RevAnnContent, --Revocation Ann.
+ crlann [18] CRLAnnContent, --CRL Announcement
+ pkiconf [19] PKIConfirmContent, --Confirmation
+ nested [20] NestedMessageContent, --Nested Message
+ genm [21] GenMsgContent, --General Message
+
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('ir', rfc2511.CertReqMessages().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+ )
+ ),
+ namedtype.NamedType('ip', CertRepMessage().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+ )
+ ),
+ namedtype.NamedType('cr', rfc2511.CertReqMessages().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,2)
+ )
+ ),
+ namedtype.NamedType('cp', CertRepMessage().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,3)
+ )
+ ),
+ namedtype.NamedType('p10cr', rfc2314.CertificationRequest().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,4)
+ )
+ ),
+ namedtype.NamedType('popdecc', POPODecKeyChallContent().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,5)
+ )
+ ),
+ namedtype.NamedType('popdecr', POPODecKeyRespContent().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,6)
+ )
+ ),
+ namedtype.NamedType('kur', rfc2511.CertReqMessages().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,7)
+ )
+ ),
+ namedtype.NamedType('kup', CertRepMessage().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,8)
+ )
+ ),
+ namedtype.NamedType('krr', rfc2511.CertReqMessages().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,9)
+ )
+ ),
+ namedtype.NamedType('krp', KeyRecRepContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,10)
+ )
+ ),
+ namedtype.NamedType('rr', RevReqContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,11)
+ )
+ ),
+ namedtype.NamedType('rp', RevRepContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,12)
+ )
+ ),
+ namedtype.NamedType('ccr', rfc2511.CertReqMessages().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,13)
+ )
+ ),
+ namedtype.NamedType('ccp', CertRepMessage().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,14)
+ )
+ ),
+ namedtype.NamedType('ckuann', CAKeyUpdAnnContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,15)
+ )
+ ),
+ namedtype.NamedType('cann', CertAnnContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,16)
+ )
+ ),
+ namedtype.NamedType('rann', RevAnnContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,17)
+ )
+ ),
+ namedtype.NamedType('crlann', CRLAnnContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,18)
+ )
+ ),
+ namedtype.NamedType('pkiconf', PKIConfirmContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,19)
+ )
+ ),
+ namedtype.NamedType('nested', nestedMessageContent),
+# namedtype.NamedType('nested', NestedMessageContent().subtype(
+#
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
+# )
+# ),
+ namedtype.NamedType('genm', GenMsgContent().subtype(
+
explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,21)
+ )
+ )
+ )
+
+
+class PKIHeader(univ.Sequence):
+ """
+ PKIHeader ::= SEQUENCE {
+ pvno INTEGER { cmp1999(1), cmp2000(2) },
+ sender GeneralName,
+ recipient GeneralName,
+ messageTime [0] GeneralizedTime OPTIONAL,
+ protectionAlg [1] AlgorithmIdentifier OPTIONAL,
+ senderKID [2] KeyIdentifier OPTIONAL,
+ recipKID [3] KeyIdentifier OPTIONAL,
+ transactionID [4] OCTET STRING OPTIONAL,
+ senderNonce [5] OCTET STRING OPTIONAL,
+ recipNonce [6] OCTET STRING OPTIONAL,
+ freeText [7] PKIFreeText OPTIONAL,
+ generalInfo [8] SEQUENCE SIZE (1..MAX) OF
+ InfoTypeAndValue OPTIONAL
+ }
+
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer(
+ namedValues=namedval.NamedValues(
+ ('cmp1999', 1),
+ ('cmp2000', 2)
+ )
+ )
+ ),
+ namedtype.NamedType('sender', rfc2459.GeneralName()),
+ namedtype.NamedType('recipient', rfc2459.GeneralName()),
+ namedtype.OptionalNamedType('messageTime',
useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('protectionAlg',
rfc2459.AlgorithmIdentifier().subtype(
+ explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed,
1))),
+ namedtype.OptionalNamedType('senderKID',
rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('recipKID',
rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 3))),
+ namedtype.OptionalNamedType('transactionID',
univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 4))),
+ namedtype.OptionalNamedType('senderNonce',
univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 5))),
+ namedtype.OptionalNamedType('recipNonce',
univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 6))),
+ namedtype.OptionalNamedType('freeText',
PKIFreeText().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 7))),
+ namedtype.OptionalNamedType('generalInfo',
+ univ.SequenceOf(
+ componentType=InfoTypeAndValue().subtype(
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 8)
+ )
+ )
+ )
+ )
+
+class ProtectedPart(univ.Sequence):
+ """
+ ProtectedPart ::= SEQUENCE {
+ header PKIHeader,
+ body PKIBody
+ }
+ """
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('header', PKIHeader()),
+ namedtype.NamedType('infoValue', PKIBody())
+ )
+
+class PKIMessage(univ.Sequence):
+ """
+ PKIMessage ::= SEQUENCE {
+ header PKIHeader,
+ body PKIBody,
+ protection [0] PKIProtection OPTIONAL,
+ extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+ OPTIONAL
+ }"""
+ componentType = namedtype.NamedTypes(
+ namedtype.NamedType('header', PKIHeader()),
+ namedtype.NamedType('body', PKIBody()),
+ namedtype.OptionalNamedType('protection',
PKIProtection().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType( 'extraCerts',
+ univ.SequenceOf(
+ componentType=CMPCertificate()
+ ).subtype(
+ subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+ explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatConstructed, 1)
+ )
+ )
+ )
+
+class PKIMessages(univ.SequenceOf):
+ """
+ PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
+ """
+ componentType = PKIMessage()
+ subtypeSpec = univ.SequenceOf.subtypeSpec +
constraint.ValueSizeConstraint(1, MAX)
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+NestedMessageContent.componentType = PKIMessages()
+nestedMessageContent.componentType = PKIMessages()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyasn1-modules-0.0.3/pyasn1_modules.egg-info/PKG-INFO
new/pyasn1-modules-0.0.4/pyasn1_modules.egg-info/PKG-INFO
--- old/pyasn1-modules-0.0.3/pyasn1_modules.egg-info/PKG-INFO 2012-04-20
10:50:25.000000000 +0200
+++ new/pyasn1-modules-0.0.4/pyasn1_modules.egg-info/PKG-INFO 2012-07-23
18:50:57.000000000 +0200
@@ -1,21 +1,26 @@
-Metadata-Version: 1.0
+Metadata-Version: 1.1
Name: pyasn1-modules
-Version: 0.0.3
-Summary: ASN.1 modules
+Version: 0.0.4
+Summary: A collection of ASN.1-based protocols modules.
Home-page: http://sourceforge.net/projects/pyasn1/
-Author: Ilya Etingof
+Author: Ilya Etingof <[email protected]>
Author-email: [email protected]
License: BSD
-Description: UNKNOWN
-Platform: UNKNOWN
+Description: A collection of ASN.1 modules expressed in form of pyasn1
classes. Includes protocols PDUs definition (SNMP, LDAP etc.) and various data
structures (X.509, PKCS etc.).
+Platform: any
Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Information Technology
+Classifier: Intended Audience :: Science/Research
+Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Telecommunications Industry
+Classifier: License :: OSI Approved :: BSD License
+Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Communications
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Classifier: License :: OSI Approved :: BSD License
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyasn1-modules-0.0.3/pyasn1_modules.egg-info/SOURCES.txt
new/pyasn1-modules-0.0.4/pyasn1_modules.egg-info/SOURCES.txt
--- old/pyasn1-modules-0.0.3/pyasn1_modules.egg-info/SOURCES.txt
2012-04-20 10:50:25.000000000 +0200
+++ new/pyasn1-modules-0.0.4/pyasn1_modules.egg-info/SOURCES.txt
2012-07-23 18:50:57.000000000 +0200
@@ -8,6 +8,7 @@
pyasn1_modules/pkcs12.py
pyasn1_modules/rfc1155.py
pyasn1_modules/rfc1157.py
+pyasn1_modules/rfc1901.py
pyasn1_modules/rfc1902.py
pyasn1_modules/rfc1905.py
pyasn1_modules/rfc2251.py
@@ -20,6 +21,7 @@
pyasn1_modules/rfc3412.py
pyasn1_modules/rfc3414.py
pyasn1_modules/rfc3447.py
+pyasn1_modules/rfc4210.py
pyasn1_modules/rfc5208.py
pyasn1_modules.egg-info/PKG-INFO
pyasn1_modules.egg-info/SOURCES.txt
@@ -27,6 +29,7 @@
pyasn1_modules.egg-info/requires.txt
pyasn1_modules.egg-info/top_level.txt
pyasn1_modules.egg-info/zip-safe
+test/cmp.sh
test/crl.sh
test/crmf.sh
test/ocspreq.sh
@@ -36,11 +39,13 @@
test/pkcs7.sh
test/pkcs8.sh
test/x509dump.sh
+tools/cmpdump.py
tools/crldump.py
tools/crmfdump.py
tools/ocspclient.py
tools/ocspreqdump.py
tools/ocsprspdump.py
+tools/ocspserver.py
tools/pkcs10dump.py
tools/pkcs1dump.py
tools/pkcs7dump.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyasn1-modules-0.0.3/pyasn1_modules.egg-info/requires.txt
new/pyasn1-modules-0.0.4/pyasn1_modules.egg-info/requires.txt
--- old/pyasn1-modules-0.0.3/pyasn1_modules.egg-info/requires.txt
2012-04-20 10:50:25.000000000 +0200
+++ new/pyasn1-modules-0.0.4/pyasn1_modules.egg-info/requires.txt
2012-07-23 18:50:57.000000000 +0200
@@ -1 +1 @@
-pyasn1>=0.1.1
\ No newline at end of file
+pyasn1>=0.1.4
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/setup.py
new/pyasn1-modules-0.0.4/setup.py
--- old/pyasn1-modules-0.0.3/setup.py 2012-04-17 21:41:05.000000000 +0200
+++ new/pyasn1-modules-0.0.4/setup.py 2012-07-23 18:49:00.000000000 +0200
@@ -1,51 +1,87 @@
#!/usr/bin/env python
-import sys
+"""A collection of ASN.1-based protocols modules.
+
+ A collection of ASN.1 modules expressed in form of pyasn1 classes.
+ Includes protocols PDUs definition (SNMP, LDAP etc.) and various
+ data structures (X.509, PKCS etc.).
+"""
+
+classifiers = """\
+Development Status :: 5 - Production/Stable
+Environment :: Console
+Intended Audience :: Developers
+Intended Audience :: Education
+Intended Audience :: Information Technology
+Intended Audience :: Science/Research
+Intended Audience :: System Administrators
+Intended Audience :: Telecommunications Industry
+License :: OSI Approved :: BSD License
+Natural Language :: English
+Operating System :: OS Independent
+Programming Language :: Python :: 2
+Programming Language :: Python :: 3
+Topic :: Communications
+Topic :: Security :: Cryptography
+Topic :: Software Development :: Libraries :: Python Modules
+"""
+
+def howto_install_distribute():
+ print("""
+ Error: You need the distribute Python package!
+
+ It's very easy to install it, just type (as root on Linux):
+
+ wget http://python-distribute.org/distribute_setup.py
+ python distribute_setup.py
+
+ Then you could make eggs from this package.
+""")
def howto_install_setuptools():
print("""
Error: You need setuptools Python package!
It's very easy to install it, just type (as root on Linux):
+
wget http://peak.telecommunity.com/dist/ez_setup.py
python ez_setup.py
+
+ Then you could make eggs from this package.
""")
try:
from setuptools import setup
params = {
- 'install_requires': [ 'pyasn1>=0.1.1' ],
+ 'install_requires': [ 'pyasn1>=0.1.4' ],
'zip_safe': True
}
except ImportError:
+ import sys
for arg in sys.argv:
if arg.find('egg') != -1:
- howto_install_setuptools()
+ if sys.version_info[0] > 2:
+ howto_install_distribute()
+ else:
+ howto_install_setuptools()
sys.exit(1)
from distutils.core import setup
params = {}
if sys.version_info[:2] > (2, 4):
- params['requires'] = [ 'pyasn1(>=0.1.1)' ]
+ params['requires'] = [ 'pyasn1(>=0.1.4)' ]
+
+doclines = [ x.strip() for x in __doc__.split('\n') if x ]
params.update( {
'name': 'pyasn1-modules',
- 'version': '0.0.3',
- 'description': 'ASN.1 modules',
+ 'version': open('pyasn1_modules/__init__.py').read().split('\'')[1],
+ 'description': doclines[0],
+ 'long_description': ' '.join(doclines[1:]),
+ 'maintainer': 'Ilya Etingof <[email protected]>',
'author': 'Ilya Etingof',
'author_email': '[email protected]',
'url': 'http://sourceforge.net/projects/pyasn1/',
- 'classifiers': [
- 'Development Status :: 5 - Production/Stable',
- 'Intended Audience :: Developers',
- 'Intended Audience :: Information Technology',
- 'Intended Audience :: Telecommunications Industry',
- 'Operating System :: OS Independent',
- 'Programming Language :: Python :: 2',
- 'Programming Language :: Python :: 3',
- 'Topic :: Communications',
- 'Topic :: Security :: Cryptography',
- 'Topic :: Software Development :: Libraries :: Python Modules',
- 'License :: OSI Approved :: BSD License'
- ],
+ 'platforms': ['any'],
+ 'classifiers': [ x for x in classifiers.split('\n') if x ],
'license': 'BSD',
'packages': [ 'pyasn1_modules' ]
} )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/test/cmp.sh
new/pyasn1-modules-0.0.4/test/cmp.sh
--- old/pyasn1-modules-0.0.3/test/cmp.sh 1970-01-01 01:00:00.000000000
+0100
+++ new/pyasn1-modules-0.0.4/test/cmp.sh 2012-05-30 17:26:19.000000000
+0200
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+cmpdump.py <<EOT
+MIITuTCCARECAQKkWTBXMQswCQYDVQQGEwJUUjEQMA4GA1UEChMHRS1HdXZlbjEUMBIGA1UECxML
+VHJ1c3RDZW50ZXIxIDAeBgNVBAMTF1JTQSBTZWN1cml0eSBDTVAgU2VydmVypC0wKzELMAkGA1UE
+BhMCVFIxHDAaBgNVBAMME1ZhbGltby1WZXR0b3ItMTdEZWOgERgPMjAxMjA1MDMxMTE2MTdaoQ8w
+DQYJKoZIhvcNAQEFBQCiIgQgZWVhMjg5MGU2ZGY5N2IyNzk5NWY2MWE0MzE2MzI1OWGkEgQQQ01Q
+VjJUMTIyMzM0NjI3MKUSBBCAAAABgAAAAYAAAAGAAAABphIEEDEzNjY0NDMwMjlSYW5kb22jghIZ
+MIISFaGCC84wggvKMIIFwDCCBKigAwIBAgIQfOVE05R616R6Nqgu3drXHzANBgkqhkiG9w0BAQUF
+ADBxMQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5T
+LjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNp
+c2kwHhcNMDgxMTI0MTAwMzI0WhcNMTYxMjE0MTExNzI0WjBdMQswCQYDVQQGEwJUUjEoMCYGA1UE
+CgwfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjEkMCIGA1UEAwwbZS1HdXZlbiBNb2Jp
+bCBUZXN0VVRGLTgtU09OMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqaymRo5chRK
+EKrhjWQky1HOm6b/Jy4tSUuo4vq3O9U3G2osOU/hHb6fyMmznLpc6CaZ3qKYiuDMFRW8g1kNjEjV
+sFSvH0Yd4qgwP1+qqzhBSe+nCAnEbRUrz+nXJ4fKhmGaQ+ZSic+MeyoqDsf/zENKqdV7ea9l3Ilu
+Rj93bmTxas9aWPWQ/U/fpwkwRXaqaONlM5e4GWdgA7T1aq106NvH1z6LDNXcMYw4lSZkj/UjmM/0
+NhVz+57Ib4a0bogTaBmm8a1E5NtzkcA7pgnZT8576T0UoiOpEo+NAELA1B0mRh1/82HK1/0xn1zt
+1ym4XZRtn2r2l/wTeEwU79ALVQIDAQABo4ICZjCCAmIwfAYIKwYBBQUHAQEEcDBuMDIGCCsGAQUF
+BzABhiZodHRwOi8vdGVzdG9jc3AyLmUtZ3V2ZW4uY29tL29jc3AueHVkYTA4BggrBgEFBQcwAoYs
+aHR0cDovL3d3dy5lLWd1dmVuLmNvbS9kb2N1bWVudHMvVGVzdEtvay5jcnQwDgYDVR0PAQH/BAQD
+AgEGMA8GA1UdEwEB/wQFMAMBAf8wggElBgNVHSAEggEcMIIBGDCCARQGCWCGGAMAAQECATCCAQUw
+NgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL05FU1VFLnBkZjCB
+ygYIKwYBBQUHAgIwgb0egboAQgB1ACAAcwBlAHIAdABpAGYAaQBrAGEAIABpAGwAZQAgAGkAbABn
+AGkAbABpACAAcwBlAHIAdABpAGYAaQBrAGEAIAB1AHkAZwB1AGwAYQBtAGEAIABlAHMAYQBzAGwA
+YQByATEAbgExACAAbwBrAHUAbQBhAGsAIABpAOcAaQBuACAAYgBlAGwAaQByAHQAaQBsAGUAbgAg
+AGQAbwBrAPwAbQBhAG4BMQAgAGEA5wExAG4BMQB6AC4wWAYDVR0fBFEwTzBNoEugSYZHaHR0cDov
+L3Rlc3RzaWwuZS1ndXZlbi5jb20vRWxla3Ryb25pa0JpbGdpR3V2ZW5saWdpQVNSb290L0xhdGVz
+dENSTC5jcmwwHQYDVR0OBBYEFLMoTImEKeXbqNjbYZkKshQi2vwzMB8GA1UdIwQYMBaAFGCI4dY9
+qCIkag0hwBgz5haCSNl0MA0GCSqGSIb3DQEBBQUAA4IBAQAWOsmvpoFB9sX2aq1/LjPDJ+A5Fpxm
+0XkOGM9yD/FsLfWgyv2HqBY1cVM7mjJfJ1ezkS0ODdlU6TyN5ouvAi21V9CIk69I3eUYSDjPpGia
+qcCCvJoMF0QD7B70kj2zW7IJ7pF11cbvPLaatdzojsH9fVfKtxtn/ZLrXtKsyUW5vKHOeniU6BBB
+Gl/ZZkFNXNN4mrB+B+wDV9OmdMw+Mc8KPq463hJQRat5a9lrXMdNtMAJOkvsUUzOemAsITjXWlyg
+BULijBhi8ZmMp0W7p6oKENX3vH2HCPCGQU29WIrK4iUoscjz93fB6oa4FQpxY0k3JRnWvD5FqkRD
+FKJdq/q9MIIDzzCCAregAwIBAgIQa34pJYdDFNXx90OkMkKzIjANBgkqhkiG9w0BAQUFADBxMQsw
+CQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE4MDYG
+A1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNpc2kwHhcN
+MDYxMjE1MTUxMzU0WhcNMTYxMjE1MTExMzU0WjBxMQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxl
+a3Ryb25payBCaWxnaSBHdXZlbmxpZ2kgQS5TLjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlr
+IFNlcnRpZmlrYSBIaXptZXQgU2FnbGF5aWNpc2kwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCU/PTxSkcWPJMx4UO8L8ep9/JqRgAZ79EqYWgR4K2bNLgENpc5j0hO+QydgovFODzkEIBP
+RIBavMz9Cw2PONpSBmxd4K1A/5hGqoGEz8UCA2tIx4+Z2A9AQ2O3BYi9FWM+0D1brJDO+6yvX4m5
+Rf3mLlso52NIVV705fIkmOExHjdAj/xB0/LICZMfwKn8F19Jae/SQv9cFnptbNRCq8hU5zLRngpR
+eT1PYrZVV0XLbzbDPwgzLXCzDxG1atdGd5JRTnD58qM1foC3+hGafuyissMQVGnBQFlsx7V6OdlD
+bsxUXegCl2li0RpRJXLqyqMdtEplaznKp8NnbddylfrPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
+hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFGCI4dY9qCIkag0hwBgz5haCSNl0MB0GA1Ud
+DgQWBBRgiOHWPagiJGoNIcAYM+YWgkjZdDANBgkqhkiG9w0BAQUFAAOCAQEAKftTVjgltZJxXwDs
+MumguOSlljOQjotVVpES1QYwo3a5RQVpKuS4KYDEdWLD4ITtDNOA/iGKYWCNyKsE1BCL66irknZw
+iR6p6P+q2Wf7fGYSwUBcSBwWBTA+0EgpvPL3/vRuVVCVgC8XHBr72jKKTg9Nwcj+1FwXGZTDpjX8
+dzPhTXEWceQcDn2FRdNt6BQad9Hdq08lMHiyozsWniYZYuWpud91i8Pl698H9t0KqiJg6rPKc9kd
+z9QyC8E/cLIJgYhvfzXMxvmSjeSSFSqTHioqfpU3k8AWXuxqJUxbdQ8QrVaTXRByzEr1Ze0TYpDs
+oel1PjC9ouO8bC7cGrbCWzCCAi8wggGYAhBlEjJUo9asY2ISG4oHjcpzMA0GCSqGSIb3DQEBBQUA
+MFoxCzAJBgNVBAYTAlRSMRAwDgYDVQQKEwdFLUd1dmVuMRQwEgYDVQQLEwtUcnVzdENlbnRlcjEj
+MCEGA1UEAxMaRS1HdXZlblRFU1RDQUhTTSBTeXN0ZW0gQ0EwHhcNMDkxMTMwMjIxMzEzWhcNMTYx
+MTMwMTkxMTUxWjBXMQswCQYDVQQGEwJUUjEQMA4GA1UEChMHRS1HdXZlbjEUMBIGA1UECxMLVHJ1
+c3RDZW50ZXIxIDAeBgNVBAMTF1JTQSBTZWN1cml0eSBDTVAgU2VydmVyMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDCaZeJerGULW+1UPSu9T0voPNgzPcihXX6G5Q45nS4RNCe+pOc226EtD51
+wu6Eq2oARpZmCrKPn63EFmHEE04dRDr8MS2LHuZK8xslIx/AvPnV568795EPoAyhGIX9Na9ZHhnI
+zSPWmWfBd9bsQiLVF7C9dOvfW125mtywWXELewIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAiIse/x
+aWwRWUM0CIzfnoXfrgyLdKVykK7dTPgoMJgAx229uN6VTPyk+E+lTKq9PhK+e/VJNNg9PjSFjKFd
+lfSDOi9ne1xOrb7cNTjw+sGf1mfNWyzizLXa7su7ISFN+GaClmAstH9vXsRxg1oh3pFMJv47I6iw
+gUQlwwg8WsY/MIIGPzCCBjsCAQAwAwIBADCCBi+gggYrMIIGJzCCBQ+gAwIBAgIRALGVtVAeoM1x
+gjgOX3alZ5MwDQYJKoZIhvcNAQEFBQAwXTELMAkGA1UEBhMCVFIxKDAmBgNVBAoMH0VsZWt0cm9u
+aWsgQmlsZ2kgR3V2ZW5saWdpIEEuUy4xJDAiBgNVBAMMG2UtR3V2ZW4gTW9iaWwgVGVzdFVURi04
+LVNPTjAeFw0xMjA1MDMxMTE2MTdaFw0xMzA1MDMxMTE2MTdaMGoxCzAJBgNVBAYTAlRSMREwDwYD
+VQQKDAhGaXJlIExMVDEbMBkGA1UECwwScG9wQ29kZSAtIDEyMzQ1Njc4MRQwEgYDVQQFEws3NjU0
+MzQ1Njc2NTEVMBMGA1UEAwwMQnVyYWsgWW9uZGVtMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCpfSB7xcsHZR4E27yGHkzUJx1y2iknzX4gRM2acyPljRw/V5Lm7POrfWIX9UF2sxfYfRqxYmD0
++nw72nx8R/5AFQK0BfjHxIc5W1YekMHF8PSORo9rJqcX+qn+NBYwqcJl4EdObTcOtMWC6ws6n0uA
+oDvYYN0ujkua496sp+INiQIDAQABo4IDVzCCA1MwQgYIKwYBBQUHAQEENjA0MDIGCCsGAQUFBzAB
+hiZodHRwOi8vdGVzdG9jc3AyLmUtZ3V2ZW4uY29tL29jc3AueHVkYTAfBgNVHSMEGDAWgBSzKEyJ
+hCnl26jY22GZCrIUItr8MzCCAXIGA1UdIASCAWkwggFlMIGxBgZghhgDAAEwgaYwNgYIKwYBBQUH
+AgEWKmh0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL05FU1VFLnBkZjBsBggrBgEFBQcC
+AjBgGl5CdSBzZXJ0aWZpa2EsIDUwNzAgc2F5xLFsxLEgRWxla3Ryb25payDEsG16YSBLYW51bnVu
+YSBnw7ZyZSBuaXRlbGlrbGkgZWxla3Ryb25payBzZXJ0aWZpa2FkxLFyMIGuBglghhgDAAEBAQMw
+gaAwNwYIKwYBBQUHAgEWK2h0dHA6Ly93d3cuZS1ndXZlbi5jb20vZG9jdW1lbnRzL01LTkVTSS5w
+ZGYwZQYIKwYBBQUHAgIwWRpXQnUgc2VydGlmaWthLCBNS05FU0kga2Fwc2FtxLFuZGEgeWF5xLFu
+bGFubcSxxZ8gYmlyIG5pdGVsaWtsaSBlbGVrdHJvbmlrIHNlcnRpZmlrYWTEsXIuMA4GA1UdDwEB
+/wQEAwIGwDCBgwYIKwYBBQUHAQMEdzB1MAgGBgQAjkYBATBpBgtghhgBPQABp04BAQxaQnUgc2Vy
+dGlmaWthLCA1MDcwIHNheWlsaSBFbGVrdHJvbmlrIEltemEgS2FudW51bmEgZ8O2cmUgbml0ZWxp
+a2xpIGVsZWt0cm9uaWsgc2VydGlmaWthZGlyMEUGA1UdCQQ+MDwwFAYIKwYBBQUHCQIxCAQGQW5r
+YXJhMBIGCCsGAQUFBwkBMQYEBDE5NzkwEAYIKwYBBQUHCQQxBAQCVFIwGAYDVR0RBBEwD4ENZmly
+ZUBmaXJlLmNvbTBgBgNVHR8EWTBXMFWgU6BRhk9odHRwOi8vdGVzdHNpbC5lLWd1dmVuLmNvbS9F
+bGVrdHJvbmlrQmlsZ2lHdXZlbmxpZ2lBU01LTkVTSS1VVEYtOC9MYXRlc3RDUkwuY3JsMB0GA1Ud
+DgQWBBSLG9aIb1k2emFLCpM93kXJkWhzuTANBgkqhkiG9w0BAQUFAAOCAQEACoGCn4bzDWLzs799
+rndpB971UD2wbwt8Hkw1MGZkkJVQeVF4IS8FacAyYk5vY8ONuTA/Wsh4x23v9WTCtO89HMTz81eU
+BclqZ2Gc2UeMq7Y4FQWR8PNCMdCsxVVhpRRE6jQAyyR9YEBHQYVLfy34e3+9G/h/BR73VGHZJdZI
+DDJYd+VWXmUD9kGk/mI35qYdzN3O28KI8sokqX0z2hvkpDKuP4jNXSCHcVkK23tX2x5m6m0LdqVn
+vnCx2LfBn1wf1u7q30p/GgMVX+mR3QHs7feGewEjlkxuEyLVVD+uBwWCT6zcad17oaAyXV5RV28L
+vH0WNg6pFUpwOP0l+nIOqqCBhAOBgQBAtTB5Qd18sTxEKhSzRiN2OycFPrqoqlZZTHBohe8bE2D4
+Xc1ejkFWUEvQivkqJxCD6C7I37xgDaq8DZnaczIBxbPkY0QMdeL4MiEqlw/tlrJGrWoC5Twb0t/m
+JA5RSwQoMDYTj2WrwtM/nsP12T39or4JRZhlLSM43IaTwEBtQw==
+EOT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/tools/cmpdump.py
new/pyasn1-modules-0.0.4/tools/cmpdump.py
--- old/pyasn1-modules-0.0.3/tools/cmpdump.py 1970-01-01 01:00:00.000000000
+0100
+++ new/pyasn1-modules-0.0.4/tools/cmpdump.py 2012-05-24 16:39:48.000000000
+0200
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+# Read ASN.1/PEM CMP message on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc4210, pem
+from pyasn1 import debug
+import sys
+
+if len(sys.argv) == 2 and sys.argv[1] == '-d':
+ debug.setLogger(debug.Debug('all'))
+elif len(sys.argv) != 1:
+ print("""Usage:
+$ cat cmp.pem | %s [-d]""" % sys.argv[0])
+ sys.exit(-1)
+
+pkiMessage = rfc4210.PKIMessage()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+ sys.exit(0)
+
+pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage)
+
+print(pkiMsg.prettyPrint())
+
+assert encoder.encode(pkiMsg, defMode=False) == substrate or \
+ encoder.encode(pkiMsg, defMode=True) == substrate, \
+ 'CMP message recode fails'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyasn1-modules-0.0.3/tools/ocspserver.py
new/pyasn1-modules-0.0.4/tools/ocspserver.py
--- old/pyasn1-modules-0.0.3/tools/ocspserver.py 1970-01-01
01:00:00.000000000 +0100
+++ new/pyasn1-modules-0.0.4/tools/ocspserver.py 2012-04-11
11:39:42.000000000 +0200
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+ import urllib2
+except ImportError:
+ import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+ # These methods just do not encode tag and length fields of TLV
+ def encodeTag(self, *args): return ''
+ def encodeLength(self, *args): return ''
+ def encodeValue(*args):
+ substrate, isConstructed =
encoder.encoder.BitStringEncoder.encodeValue(*args)
+ # OCSP-specific hack follows: cut off the "unused bit count"
+ # encoded bit-string value.
+ return substrate[1:], isConstructed
+
+ def __call__(self, bitStringValue):
+ return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+ issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+ issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+
+ userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+ userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+ assert issuerSubject == userIssuer, '%s\n%s' % (
+ issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+ )
+
+ userIssuerHash = hashlib.sha1(
+ encoder.encode(userIssuer)
+ ).digest()
+
+ issuerSubjectPublicKey =
issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+
+ issuerKeyHash = hashlib.sha1(
+ valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+ ).digest()
+
+ userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+ # Build request object
+
+ request = rfc2560.Request()
+
+ reqCert =
request.setComponentByName('reqCert').getComponentByName('reqCert')
+
+ hashAlgorithm =
reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+ hashAlgorithm.setComponentByName('algorithm', sha1oid)
+
+ reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+ reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+ reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+ ocspRequest = rfc2560.OCSPRequest()
+
+ tbsRequest =
ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+ tbsRequest.setComponentByName('version', 'v1')
+
+ requestList =
tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+ requestList.setComponentByPosition(0, request)
+
+ return ocspRequest
+
+def parseOcspRequest(ocspRequest):
+ tbsRequest = ocspRequest['responseStatus']
+
+ assert responseStatus == rfc2560.OCSPResponseStatus('successful'),
responseStatus.prettyPrint()
+ responseBytes = ocspResponse.getComponentByName('responseBytes')
+ responseType = responseBytes.getComponentByName('responseType')
+ assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+
+ response = responseBytes.getComponentByName('response')
+
+ basicOCSPResponse, _ = decoder.decode(
+ response, asn1Spec=rfc2560.BasicOCSPResponse()
+ )
+
+ tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+ response0 =
tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+
+ return (
+ tbsResponseData.getComponentByName('producedAt'),
+ response0.getComponentByName('certID'),
+ response0.getComponentByName('certStatus').getName(),
+ response0.getComponentByName('thisUpdate')
+ )
+
+if len(sys.argv) != 2:
+ print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" %
sys.argv[0])
+ sys.exit(-1)
+else:
+ ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+ pem.readPemFromFile(sys.stdin)[1],
+ asn1Spec=rfc2459.Certificate()
+ )
+userCert, _ = decoder.decode(
+ pem.readPemFromFile(sys.stdin)[1],
+ asn1Spec=rfc2459.Certificate()
+ )
+
+# Build OCSP request
+
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+ ocspUrl,
+ encoder.encode(ocspReq),
+ { 'Content-Type': 'application/ocsp-request' }
+ )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+ certId.getComponentByName('serialNumber'),
+ certStatus,
+ producedAt,
+ thisUpdate
+ ))
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
