upgrade pyasn1_modules to 0.1.4

src/pyasn1_modules/__init__.py

@@ -1,2 +1,2 @@
 # http://www.python.org/dev/peps/pep-0396/
-__version__ = '0.0.8'
+__version__ = '0.1.4'

src/pyasn1_modules/pem.py

@@ -1,17 +1,27 @@
-import base64, sys
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+import base64
+import sys
 
 stSpam, stHam, stDump = 0, 1, 2
 
+
 # The markers parameters is in form ('start1', 'stop1'), ('start2', 'stop2')...
 # Return is (marker-index, substrate)
 def readPemBlocksFromFile(fileObj, *markers):
-    startMarkers = dict(map(lambda x: (x[1],x[0]),
+    startMarkers = dict(map(lambda x: (x[1], x[0]),
-                            enumerate(map(lambda x: x[0], markers))))
+                            enumerate(map(lambda y: y[0], markers))))
-    stopMarkers = dict(map(lambda x: (x[1],x[0]),
+    stopMarkers = dict(map(lambda x: (x[1], x[0]),
-                           enumerate(map(lambda x: x[1], markers))))
+                           enumerate(map(lambda y: y[1], markers))))
-    idx = -1; substrate = ''
+    idx = -1
+    substrate = ''
+    certLines = []
     state = stSpam
-    while 1:
+    while True:
         certLine = fileObj.readline()
         if not certLine:
             break
@@ -29,23 +39,27 @@ def readPemBlocksFromFile(fileObj, *markers):
                 certLines.append(certLine)
         if state == stDump:
             if sys.version_info[0] <= 2:
-                substrate = ''.join([ base64.b64decode(x) for x in certLines ])
+                substrate = ''.join([base64.b64decode(x) for x in certLines])
             else:
-                substrate = ''.encode().join([ base64.b64decode(x.encode()) for x in certLines ])
+                substrate = ''.encode().join([base64.b64decode(x.encode()) for x in certLines])
             break
     return idx, substrate
 
+
 # Backward compatibility routine
-def readPemFromFile(fileObj, 
+def readPemFromFile(fileObj,
                     startMarker='-----BEGIN CERTIFICATE-----',
                     endMarker='-----END CERTIFICATE-----'):
     idx, substrate = readPemBlocksFromFile(fileObj, (startMarker, endMarker))
     return substrate
 
-def readBase64FromFile(fileObj):
+
+def readBase64fromText(text):
     if sys.version_info[0] <= 2:
-        return ''.join([ base64.b64decode(x) for x in fileObj.readlines() ])
+        return base64.b64decode(text)
     else:
-        return ''.encode().join(
+        return base64.b64decode(text.encode())
-            [ base64.b64decode(x.encode()) for x in fileObj.readlines() ]
+
-        )
+
+def readBase64FromFile(fileObj):
+    return readBase64fromText(fileObj.read())

src/pyasn1_modules/rfc1155.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv1 message syntax
 #
 # ASN.1 source from:
@@ -7,9 +12,12 @@
 # Sample captures from:
 # http://wiki.wireshark.org/SampleCaptures/
 #
-from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1.type import univ, namedtype, tag, constraint
+
+
+class ObjectName(univ.ObjectIdentifier):
+    pass
 
-class ObjectName(univ.ObjectIdentifier): pass
 
 class SimpleSyntax(univ.Choice):
     componentType = namedtype.NamedTypes(
@@ -17,46 +25,57 @@ class SimpleSyntax(univ.Choice):
         namedtype.NamedType('string', univ.OctetString()),
         namedtype.NamedType('object', univ.ObjectIdentifier()),
         namedtype.NamedType('empty', univ.Null())
-        )
+    )
+
 
 class IpAddress(univ.OctetString):
     tagSet = univ.OctetString.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0)
-        )
+    )
     subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(
         4, 4
-        )
+    )
+
+
 class NetworkAddress(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('internet', IpAddress())
-        )
+    )
+
 
 class Counter(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 1)
-        )
+    )
     subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
+
 class Gauge(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
-        )
+    )
     subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
+
 class TimeTicks(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 3)
-        )
+    )
     subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
+
 class Opaque(univ.OctetString):
     tagSet = univ.OctetString.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 4)
-        )
+    )
-    
+
+
 class ApplicationSyntax(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('address', NetworkAddress()),
@@ -64,10 +83,11 @@ class ApplicationSyntax(univ.Choice):
         namedtype.NamedType('gauge', Gauge()),
         namedtype.NamedType('ticks', TimeTicks()),
         namedtype.NamedType('arbitrary', Opaque())
-        )
+    )
-    
+
+
 class ObjectSyntax(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('simple', SimpleSyntax()),
         namedtype.NamedType('application-wide', ApplicationSyntax())
-        )
+    )

src/pyasn1_modules/rfc1157.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv1 message syntax
 #
 # ASN.1 source from:
@@ -7,18 +12,25 @@
 # Sample captures from:
 # http://wiki.wireshark.org/SampleCaptures/
 #
-from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1.type import univ, namedtype, namedval, tag
 from pyasn1_modules import rfc1155
 
+
 class Version(univ.Integer):
     namedValues = namedval.NamedValues(
         ('version-1', 0)
-        )
+    )
     defaultValue = 0
 
-class Community(univ.OctetString): pass
 
-class RequestID(univ.Integer): pass
+class Community(univ.OctetString):
+    pass
+
+
+class RequestID(univ.Integer):
+    pass
+
+
 class ErrorStatus(univ.Integer):
     namedValues = namedval.NamedValues(
         ('noError', 0),
@@ -27,52 +39,71 @@ class ErrorStatus(univ.Integer):
         ('badValue', 3),
         ('readOnly', 4),
         ('genErr', 5)
-        )
+    )
-class ErrorIndex(univ.Integer): pass
+
+
+class ErrorIndex(univ.Integer):
+    pass
+
 
 class VarBind(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('name', rfc1155.ObjectName()),
         namedtype.NamedType('value', rfc1155.ObjectSyntax())
-        )
+    )
+
+
 class VarBindList(univ.SequenceOf):
     componentType = VarBind()
 
+
 class _RequestBase(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('request-id', RequestID()),
         namedtype.NamedType('error-status', ErrorStatus()),
         namedtype.NamedType('error-index', ErrorIndex()),
         namedtype.NamedType('variable-bindings', VarBindList())
-        )
+    )
-                            
+
+
 class GetRequestPDU(_RequestBase):
     tagSet = _RequestBase.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
-        )    
+    )
+
+
 class GetNextRequestPDU(_RequestBase):
     tagSet = _RequestBase.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
-        )
+    )
+
+
 class GetResponsePDU(_RequestBase):
     tagSet = _RequestBase.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
-        )
+    )
+
+
 class SetRequestPDU(_RequestBase):
     tagSet = _RequestBase.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
-        )
+    )
+
 
 class TrapPDU(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('enterprise', univ.ObjectIdentifier()),
         namedtype.NamedType('agent-addr', rfc1155.NetworkAddress()),
-        namedtype.NamedType('generic-trap', univ.Integer().clone(namedValues=namedval.NamedValues(('coldStart', 0), ('warmStart', 1), ('linkDown', 2), ('linkUp', 3), ('authenticationFailure', 4), ('egpNeighborLoss', 5), ('enterpriseSpecific', 6)))),
+        namedtype.NamedType('generic-trap', univ.Integer().clone(
+            namedValues=namedval.NamedValues(('coldStart', 0), ('warmStart', 1), ('linkDown', 2), ('linkUp', 3),
+                                             ('authenticationFailure', 4), ('egpNeighborLoss', 5),
+                                             ('enterpriseSpecific', 6)))),
         namedtype.NamedType('specific-trap', univ.Integer()),
         namedtype.NamedType('time-stamp', rfc1155.TimeTicks()),
         namedtype.NamedType('variable-bindings', VarBindList())
-        )
+    )
-    
+
+
 class Pdus(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('get-request', GetRequestPDU()),
@@ -80,11 +111,12 @@ class Pdus(univ.Choice):
         namedtype.NamedType('get-response', GetResponsePDU()),
         namedtype.NamedType('set-request', SetRequestPDU()),
         namedtype.NamedType('trap', TrapPDU())
-        )
+    )
-        
+
+
 class Message(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('community', Community()),
         namedtype.NamedType('data', Pdus())
-        )
+    )

src/pyasn1_modules/rfc1901.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv2c message syntax
 #
 # ASN.1 source from:
@@ -6,10 +11,10 @@
 #
 from pyasn1.type import univ, namedtype, namedval
 
+
 class Message(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('version', univ.Integer(namedValues = namedval.NamedValues(('version-2c', 1)))),
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('version-2c', 1)))),
         namedtype.NamedType('community', univ.OctetString()),
         namedtype.NamedType('data', univ.Any())
-        )
+    )
-

src/pyasn1_modules/rfc1902.py

@@ -1,89 +1,110 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv2c message syntax
 #
 # ASN.1 source from:
 # http://www.ietf.org/rfc/rfc1902.txt
 #
-from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1.type import univ, namedtype, tag, constraint
+
 
 class Integer(univ.Integer):
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         -2147483648, 2147483647
-        )
+    )
+
 
 class Integer32(univ.Integer):
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         -2147483648, 2147483647
-        )
+    )
-    
+
+
 class OctetString(univ.OctetString):
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueSizeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(
         0, 65535
-        )
+    )
+
 
 class IpAddress(univ.OctetString):
     tagSet = univ.OctetString.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x00)
-        )
+    )
-    subtypeSpec = univ.OctetString.subtypeSpec+constraint.ValueSizeConstraint(
+    subtypeSpec = univ.OctetString.subtypeSpec + constraint.ValueSizeConstraint(
         4, 4
-        )
+    )
+
 
 class Counter32(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x01)
-        )
+    )
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
 
 class Gauge32(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
-        )
+    )
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
 
 class Unsigned32(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
-        )
+    )
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
 
 class TimeTicks(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x03)
-        )
+    )
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 4294967295
-        )
+    )
+
 
 class Opaque(univ.OctetString):
     tagSet = univ.OctetString.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x04)
-        )
+    )
+
 
 class Counter64(univ.Integer):
     tagSet = univ.Integer.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x06)
-        )
+    )
-    subtypeSpec = univ.Integer.subtypeSpec+constraint.ValueRangeConstraint(
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, 18446744073709551615
-        )
+    )
 
-class Bits(univ.OctetString): pass
 
-class ObjectName(univ.ObjectIdentifier): pass
+class Bits(univ.OctetString):
+    pass
+
+
+class ObjectName(univ.ObjectIdentifier):
+    pass
+
 
 class SimpleSyntax(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('integer-value', Integer()),
         namedtype.NamedType('string-value', OctetString()),
         namedtype.NamedType('objectID-value', univ.ObjectIdentifier())
-        )
+    )
+
 
 class ApplicationSyntax(univ.Choice):
     componentType = namedtype.NamedTypes(
@@ -92,14 +113,14 @@ class ApplicationSyntax(univ.Choice):
         namedtype.NamedType('timeticks-value', TimeTicks()),
         namedtype.NamedType('arbitrary-value', Opaque()),
         namedtype.NamedType('big-counter-value', Counter64()),
-# This conflicts with Counter32
+        # This conflicts with Counter32
-#        namedtype.NamedType('unsigned-integer-value', Unsigned32()),
+        #        namedtype.NamedType('unsigned-integer-value', Unsigned32()),
         namedtype.NamedType('gauge32-value', Gauge32())
-        ) # BITS misplaced?
+    )  # BITS misplaced?
+
 
 class ObjectSyntax(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('simple', SimpleSyntax()),
         namedtype.NamedType('application-wide', ApplicationSyntax())
-        )
+    )
-

src/pyasn1_modules/rfc1905.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv2c PDU syntax
 #
 # ASN.1 source from:
@@ -9,82 +14,108 @@ from pyasn1_modules import rfc1902
 
 max_bindings = rfc1902.Integer(2147483647)
 
+
 class _BindValue(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('value', rfc1902.ObjectSyntax()),
         namedtype.NamedType('unSpecified', univ.Null()),
-        namedtype.NamedType('noSuchObject', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('noSuchObject',
-        namedtype.NamedType('noSuchInstance', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.NamedType('endOfMibView', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        namedtype.NamedType('noSuchInstance',
-        )
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
-        
+        namedtype.NamedType('endOfMibView',
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
 class VarBind(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('name', rfc1902.ObjectName()),
         namedtype.NamedType('', _BindValue())
-        )
+    )
-    
+
+
 class VarBindList(univ.SequenceOf):
     componentType = VarBind()
     subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(
         0, max_bindings
-        )
+    )
+
 
 class PDU(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('request-id', rfc1902.Integer32()),
-        namedtype.NamedType('error-status', univ.Integer(namedValues=namedval.NamedValues(('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3), ('readOnly', 4), ('genErr', 5), ('noAccess', 6), ('wrongType', 7), ('wrongLength', 8), ('wrongEncoding', 9), ('wrongValue', 10), ('noCreation', 11), ('inconsistentValue', 12), ('resourceUnavailable', 13), ('commitFailed', 14), ('undoFailed', 15), ('authorizationError', 16), ('notWritable', 17), ('inconsistentName', 18)))),
+        namedtype.NamedType('error-status', univ.Integer(
-        namedtype.NamedType('error-index', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+            namedValues=namedval.NamedValues(('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3),
+                                             ('readOnly', 4), ('genErr', 5), ('noAccess', 6), ('wrongType', 7),
+                                             ('wrongLength', 8), ('wrongEncoding', 9), ('wrongValue', 10),
+                                             ('noCreation', 11), ('inconsistentValue', 12), ('resourceUnavailable', 13),
+                                             ('commitFailed', 14), ('undoFailed', 15), ('authorizationError', 16),
+                                             ('notWritable', 17), ('inconsistentName', 18)))),
+        namedtype.NamedType('error-index',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
         namedtype.NamedType('variable-bindings', VarBindList())
-        )
+    )
+
 
 class BulkPDU(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('request-id', rfc1902.Integer32()),
-        namedtype.NamedType('non-repeaters', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('non-repeaters',
-        namedtype.NamedType('max-repetitions', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('max-repetitions',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
         namedtype.NamedType('variable-bindings', VarBindList())
-        )
+    )
+
 
 class GetRequestPDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
-        )
+    )
+
 
 class GetNextRequestPDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
-        )
+    )
+
 
 class ResponsePDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
-        )
+    )
+
 
 class SetRequestPDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
-        )
+    )
+
 
 class GetBulkRequestPDU(BulkPDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
-        )
+    )
+
 
 class InformRequestPDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
-        )
+    )
+
 
 class SNMPv2TrapPDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
-        )
+    )
+
 
 class ReportPDU(PDU):
     tagSet = PDU.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
-        )
+    )
+
 
 class PDUs(univ.Choice):
     componentType = namedtype.NamedTypes(
@@ -96,5 +127,4 @@ class PDUs(univ.Choice):
         namedtype.NamedType('inform-request', InformRequestPDU()),
         namedtype.NamedType('snmpV2-trap', SNMPv2TrapPDU()),
         namedtype.NamedType('report', ReportPDU())
-        )
+    )
-

src/pyasn1_modules/rfc2251.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # LDAP message syntax
 #
 # ASN.1 source from:
@@ -7,313 +12,548 @@
 # Sample captures from:
 # http://wiki.wireshark.org/SampleCaptures/
 #
-from pyasn1.type import tag, namedtype, namedval, univ, constraint,char,useful
+from pyasn1.type import tag, namedtype, namedval, univ, constraint
-from pyasn1.codec.der import decoder, encoder
 
 maxInt = univ.Integer(2147483647)
 
-class LDAPString(univ.OctetString): pass
-class LDAPOID(univ.OctetString): pass
 
-class LDAPDN(LDAPString): pass
+class LDAPString(univ.OctetString):
-class RelativeLDAPDN(LDAPString): pass
+    pass
-class AttributeType(LDAPString): pass
+
-class AttributeDescription(LDAPString): pass
+
+class LDAPOID(univ.OctetString):
+    pass
+
+
+class LDAPDN(LDAPString):
+    pass
+
+
+class RelativeLDAPDN(LDAPString):
+    pass
+
+
+class AttributeType(LDAPString):
+    pass
+
+
+class AttributeDescription(LDAPString):
+    pass
+
 
 class AttributeDescriptionList(univ.SequenceOf):
     componentType = AttributeDescription()
 
-class AttributeValue(univ.OctetString): pass
 
-class AssertionValue(univ.OctetString): pass
+class AttributeValue(univ.OctetString):
+    pass
+
+
+class AssertionValue(univ.OctetString):
+    pass
+
 
 class AttributeValueAssertion(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('attributeDesc', AttributeDescription()),
         namedtype.NamedType('assertionValue', AssertionValue())
-        )
+    )
+
 
 class Attribute(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('type', AttributeDescription()),
         namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
-        )
+    )
+
+
+class MatchingRuleId(LDAPString):
+    pass
 
-class MatchingRuleId(LDAPString): pass
 
 class Control(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('controlType', LDAPOID()),
         namedtype.DefaultedNamedType('criticality', univ.Boolean('False')),
         namedtype.OptionalNamedType('controlValue', univ.OctetString())
-        )
+    )
-                         
+
+
 class Controls(univ.SequenceOf):
     componentType = Control()
 
-class LDAPURL(LDAPString): pass
+
+class LDAPURL(LDAPString):
+    pass
+
 
 class Referral(univ.SequenceOf):
     componentType = LDAPURL()
 
+
 class SaslCredentials(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('mechanism', LDAPString()),
         namedtype.OptionalNamedType('credentials', univ.OctetString())
-        )
+    )
-    
+
+
 class AuthenticationChoice(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('simple', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('simple', univ.OctetString().subtype(
-        namedtype.NamedType('reserved-1', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.NamedType('reserved-2', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('reserved-1', univ.OctetString().subtype(
-        namedtype.NamedType('sasl', SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
-        )
+        namedtype.NamedType('reserved-2', univ.OctetString().subtype(
-        
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('sasl',
+                            SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+
 class BindRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 127))),
         namedtype.NamedType('name', LDAPDN()),
         namedtype.NamedType('authentication', AuthenticationChoice())
-        )
+    )
+
 
 class PartialAttributeList(univ.SequenceOf):
-    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
+    componentType = univ.Sequence(
-    
+        componentType=namedtype.NamedTypes(
+            namedtype.NamedType('type', AttributeDescription()),
+            namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+    )
+
+
 class SearchResultEntry(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 4)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('objectName', LDAPDN()),
         namedtype.NamedType('attributes', PartialAttributeList())
-        )
+    )
+
 
 class MatchingRuleAssertion(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(
-        namedtype.OptionalNamedType('type', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
-        namedtype.NamedType('matchValue', AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('type', AttributeDescription().subtype(
-        namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
-        )
+        namedtype.NamedType('matchValue',
-        
+                            AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+
 class SubstringFilter(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('type', AttributeDescription()),
-        namedtype.NamedType('substrings', univ.SequenceOf(componentType=univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))))))
+        namedtype.NamedType('substrings',
+            univ.SequenceOf(
+                componentType=univ.Choice(
+                    componentType=namedtype.NamedTypes(
+                        namedtype.NamedType(
+                            'initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+                        ),
+                        namedtype.NamedType(
+                            'any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))
+                        ),
+                        namedtype.NamedType(
+                            'final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))
+                        )
+                    )
+                )
+            )
         )
+    )
+
 
 # Ugly hack to handle recursive Filter reference (up to 3-levels deep).
 
 class Filter3(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(
-        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
-        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(
-        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
-        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(
-        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
-        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(
-        )
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
 
 class Filter2(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(
-        namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-        namedtype.NamedType('not', Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(
-        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
-        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('not',
-        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+                            Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
-        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(
-        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
-        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(
-        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
-        )
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
 
 class Filter(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(
-        namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-        namedtype.NamedType('not', Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(
-        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
-        namedtype.NamedType('substrings', SubstringFilter().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('not',
-        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+                            Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
-        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(
-        namedtype.NamedType('present', AttributeDescription().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
-        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(
-        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
-        )
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
 
 # End of Filter hack
 
 class SearchRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('baseObject', LDAPDN()),
-        namedtype.NamedType('scope', univ.Enumerated(namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
+        namedtype.NamedType('scope', univ.Enumerated(
-        namedtype.NamedType('derefAliases', univ.Enumerated(namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1), ('derefFindingBaseObj', 2), ('derefAlways', 3)))),
+            namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
-        namedtype.NamedType('sizeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('derefAliases', univ.Enumerated(
-        namedtype.NamedType('timeLimit', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+            namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1),
+                                             ('derefFindingBaseObj', 2), ('derefAlways', 3)))),
+        namedtype.NamedType('sizeLimit',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('timeLimit',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
         namedtype.NamedType('typesOnly', univ.Boolean()),
         namedtype.NamedType('filter', Filter()),
         namedtype.NamedType('attributes', AttributeDescriptionList())
-        )
+    )
+
 
 class UnbindRequest(univ.Null):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
-        )
+    )
+
 
 class BindResponse(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
-        )
+    )
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('resultCode', univ.Enumerated(
+            namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2),
+                                             ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5),
+                                             ('compareTrue', 6), ('authMethodNotSupported', 7),
+                                             ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10),
+                                             ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
+                                             ('confidentialityRequired', 13), ('saslBindInProgress', 14),
+                                             ('noSuchAttribute', 16), ('undefinedAttributeType', 17),
+                                             ('inappropriateMatching', 18), ('constraintViolation', 19),
+                                             ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
+                                             ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
+                                             ('reserved-35', 35), ('aliasDereferencingProblem', 36),
+                                             ('inappropriateAuthentication', 48), ('invalidCredentials', 49),
+                                             ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52),
+                                             ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64),
+                                             ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
+                                             ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
+                                             ('objectClassModsProhibited', 69), ('reserved-70', 70),
+                                             ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81),
+                                             ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84),
+                                             ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87),
+                                             ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
         namedtype.NamedType('matchedDN', LDAPDN()),
         namedtype.NamedType('errorMessage', LDAPString()),
-        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('referral', Referral().subtype(
-        namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
-        )
+        namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)))
+    )
+
 
 class LDAPResult(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('resultCode', univ.Enumerated(
+            namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2),
+                                             ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5),
+                                             ('compareTrue', 6), ('authMethodNotSupported', 7),
+                                             ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10),
+                                             ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
+                                             ('confidentialityRequired', 13), ('saslBindInProgress', 14),
+                                             ('noSuchAttribute', 16), ('undefinedAttributeType', 17),
+                                             ('inappropriateMatching', 18), ('constraintViolation', 19),
+                                             ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
+                                             ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
+                                             ('reserved-35', 35), ('aliasDereferencingProblem', 36),
+                                             ('inappropriateAuthentication', 48), ('invalidCredentials', 49),
+                                             ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52),
+                                             ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64),
+                                             ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
+                                             ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
+                                             ('objectClassModsProhibited', 69), ('reserved-70', 70),
+                                             ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81),
+                                             ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84),
+                                             ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87),
+                                             ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
         namedtype.NamedType('matchedDN', LDAPDN()),
         namedtype.NamedType('errorMessage', LDAPString()),
-        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+        namedtype.OptionalNamedType('referral', Referral().subtype(
-        )
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+    )
+
 
 class SearchResultReference(univ.SequenceOf):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 19)
-        )
+    )
     componentType = LDAPURL()
 
+
 class SearchResultDone(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 5)
-        )
+    )
+
 
 class AttributeTypeAndValues(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('type', AttributeDescription()),
         namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
-        )
+    )
-    
+
+
 class ModifyRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 6)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('object', LDAPDN()),
-        namedtype.NamedType('modification', univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))), namedtype.NamedType('modification', AttributeTypeAndValues())))))
+        namedtype.NamedType('modification',
+            univ.SequenceOf(
+                componentType=univ.Sequence(
+                    componentType=namedtype.NamedTypes(
+                        namedtype.NamedType(
+                            'operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))
+                        ),
+                        namedtype.NamedType('modification', AttributeTypeAndValues())))
+            )
         )
+    )
+
 
 class ModifyResponse(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 7)
-        )
+    )
+
 
 class AttributeList(univ.SequenceOf):
-    componentType = univ.Sequence(componentType=namedtype.NamedTypes(namedtype.NamedType('type', AttributeDescription()), namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))))
+    componentType = univ.Sequence(
-                                                                     
+        componentType=namedtype.NamedTypes(
+           namedtype.NamedType('type', AttributeDescription()),
+           namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+    )
+
+
 class AddRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 8)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('entry', LDAPDN()),
         namedtype.NamedType('attributes', AttributeList())
-        )
+    )
+
 
 class AddResponse(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 9)
-        )
+    )
+
 
 class DelRequest(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)
-        )
+    )
+
 
 class DelResponse(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11)
-        )
+    )
+
 
 class ModifyDNRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('entry', LDAPDN()),
         namedtype.NamedType('newrdn', RelativeLDAPDN()),
         namedtype.NamedType('deleteoldrdn', univ.Boolean()),
-        namedtype.OptionalNamedType('newSuperior', LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('newSuperior',
-        
+                                    LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
-        )
+
+    )
+
 
 class ModifyDNResponse(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13)
-        )
+    )
+
 
 class CompareRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14)
-        )
+    )
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('entry', LDAPDN()),
         namedtype.NamedType('ava', AttributeValueAssertion())
-        )
+    )
+
 
 class CompareResponse(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15)
-        )
+    )
+
 
 class AbandonRequest(LDAPResult):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 16)
-        )
+    )
+
 
 class ExtendedRequest(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 23)
-        )
+    )
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('requestName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('requestName',
-        namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+                            LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        )
+        namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
 
 class ExtendedResponse(univ.Sequence):
     tagSet = univ.Sequence.tagSet.tagImplicitly(
         tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 24)
-        )
+    )
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('resultCode', univ.Enumerated(namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('reserved-35', 35), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('reserved-70', 70), ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81), ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84), ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87), ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('resultCode', univ.Enumerated(
+            namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2),
+                                             ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5),
+                                             ('compareTrue', 6), ('authMethodNotSupported', 7),
+                                             ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10),
+                                             ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
+                                             ('confidentialityRequired', 13), ('saslBindInProgress', 14),
+                                             ('noSuchAttribute', 16), ('undefinedAttributeType', 17),
+                                             ('inappropriateMatching', 18), ('constraintViolation', 19),
+                                             ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
+                                             ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
+                                             ('reserved-35', 35), ('aliasDereferencingProblem', 36),
+                                             ('inappropriateAuthentication', 48), ('invalidCredentials', 49),
+                                             ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52),
+                                             ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64),
+                                             ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
+                                             ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
+                                             ('objectClassModsProhibited', 69), ('reserved-70', 70),
+                                             ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81),
+                                             ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84),
+                                             ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87),
+                                             ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
         namedtype.NamedType('matchedDN', LDAPDN()),
         namedtype.NamedType('errorMessage', LDAPString()),
-        namedtype.OptionalNamedType('referral', Referral().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('referral', Referral().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+
+        namedtype.OptionalNamedType('responseName', LDAPOID().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))),
+        namedtype.OptionalNamedType('response', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
+    )
 
-        namedtype.OptionalNamedType('responseName', LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))),
-        namedtype.OptionalNamedType('response', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
-        )
 
 class MessageID(univ.Integer):
     subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
         0, maxInt
-        )
+    )
+
 
 class LDAPMessage(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('messageID', MessageID()),
-        namedtype.NamedType('protocolOp', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('bindRequest', BindRequest()), namedtype.NamedType('bindResponse', BindResponse()), namedtype.NamedType('unbindRequest', UnbindRequest()), namedtype.NamedType('searchRequest', SearchRequest()), namedtype.NamedType('searchResEntry', SearchResultEntry()), namedtype.NamedType('searchResDone', SearchResultDone()), namedtype.NamedType('searchResRef', SearchResultReference()), namedtype.NamedType('modifyRequest', ModifyRequest()), namedtype.NamedType('modifyResponse', ModifyResponse()), namedtype.NamedType('addRequest', AddRequest()), namedtype.NamedType('addResponse', AddResponse()), namedtype.NamedType('delRequest', DelRequest()), namedtype.NamedType('delResponse', DelResponse()), namedtype.NamedType('modDNRequest', ModifyDNRequest()), namedtype.NamedType('modDNResponse', ModifyDNResponse()), namedtype.NamedType('compareRequest', CompareRequest()), namedtype.NamedType('compareResponse', CompareResponse()), namedtype.NamedType('abandonRequest', AbandonRequest()), namedtype.NamedType('extendedReq', ExtendedRequest()), namedtype.NamedType('extendedResp', ExtendedResponse())))),
+        namedtype.NamedType(
-        namedtype.OptionalNamedType('controls', Controls().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+            'protocolOp', univ.Choice(
-        )
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType('bindRequest', BindRequest()),
+                    namedtype.NamedType('bindResponse', BindResponse()),
+                    namedtype.NamedType('unbindRequest', UnbindRequest()),
+                    namedtype.NamedType('searchRequest', SearchRequest()),
+                    namedtype.NamedType('searchResEntry', SearchResultEntry()),
+                    namedtype.NamedType('searchResDone', SearchResultDone()),
+                    namedtype.NamedType('searchResRef', SearchResultReference()),
+                    namedtype.NamedType('modifyRequest', ModifyRequest()),
+                    namedtype.NamedType('modifyResponse', ModifyResponse()),
+                    namedtype.NamedType('addRequest', AddRequest()),
+                    namedtype.NamedType('addResponse', AddResponse()),
+                    namedtype.NamedType('delRequest', DelRequest()),
+                    namedtype.NamedType('delResponse', DelResponse()),
+                    namedtype.NamedType('modDNRequest', ModifyDNRequest()),
+                    namedtype.NamedType('modDNResponse', ModifyDNResponse()),
+                    namedtype.NamedType('compareRequest', CompareRequest()),
+                    namedtype.NamedType('compareResponse', CompareResponse()),
+                    namedtype.NamedType('abandonRequest', AbandonRequest()),
+                    namedtype.NamedType('extendedReq', ExtendedRequest()),
+                    namedtype.NamedType('extendedResp', ExtendedResponse())
+                )
+            )
+        ),
+        namedtype.OptionalNamedType('controls', Controls().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )

src/pyasn1_modules/rfc2314.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # PKCS#10 syntax
 #
 # ASN.1 source from:
@@ -6,24 +11,34 @@
 #
 # Sample captures could be obtained with "openssl req" command
 #
-from pyasn1.type import tag, namedtype, namedval, univ, constraint
 from pyasn1_modules.rfc2459 import *
 
+
 class Attributes(univ.SetOf):
     componentType = Attribute()
 
-class Version(univ.Integer): pass
+
+class Version(univ.Integer):
+    pass
+
 
 class CertificationRequestInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('subject', Name()),
         namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
-        namedtype.NamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        namedtype.NamedType('attributes',
+                            Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
     )
 
-class Signature(univ.BitString): pass
+
-class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
+class Signature(univ.BitString):
+    pass
+
+
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
 
 class CertificationRequest(univ.Sequence):
     componentType = namedtype.NamedTypes(

src/pyasn1_modules/rfc2315.py

@@ -1,26 +1,33 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # PKCS#7 message syntax
 #
 # ASN.1 source from:
-# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/pkcs7.asn
+# https://opensource.apple.com/source/Security/Security-55179.1/libsecurity_asn1/asn1/pkcs7.asn.auto.html
 #
 # Sample captures from:
 # openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b
 #
-from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
 from pyasn1_modules.rfc2459 import *
 
+
 class Attribute(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('type', AttributeType()),
         namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
-        )
+    )
+
 
 class AttributeValueAssertion(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('attributeType', AttributeType()),
         namedtype.NamedType('attributeValue', AttributeValue())
-        )
+    )
+
 
 pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7')
 data = univ.ObjectIdentifier('1.2.840.113549.1.7.1')
@@ -30,57 +37,82 @@ signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4')
 digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5')
 encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6')
 
-class ContentType(univ.ObjectIdentifier): pass
 
-class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
+class ContentType(univ.ObjectIdentifier):
+    pass
+
+
+class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedContent(univ.OctetString):
+    pass
 
-class EncryptedContent(univ.OctetString): pass
 
 class EncryptedContentInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('contentType', ContentType()),
         namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
-        namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
-        )
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class Version(univ.Integer):  # overrides x509.Version
+    pass
 
-class Version(univ.Integer): pass  # overrides x509.Version
 
 class EncryptedData(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
-        )
+    )
+
+
+class DigestAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
 
-class DigestAlgorithmIdentifier(AlgorithmIdentifier): pass
 
 class DigestAlgorithmIdentifiers(univ.SetOf):
     componentType = DigestAlgorithmIdentifier()
 
-class Digest(univ.OctetString): pass
+
+class Digest(univ.OctetString):
+    pass
+
 
 class ContentInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('contentType', ContentType()),
-        namedtype.OptionalNamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        namedtype.OptionalNamedType('content', univ.Any().subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
 
 class DigestedData(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
         namedtype.NamedType('contentInfo', ContentInfo()),
-        namedtype.NamedType('digest', Digest)
+        namedtype.NamedType('digest', Digest())
-        )
+    )
+
 
 class IssuerAndSerialNumber(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('issuer', Name()),
         namedtype.NamedType('serialNumber', CertificateSerialNumber())
-        )
+    )
 
-class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
 
-class EncryptedKey(univ.OctetString): pass
+class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedKey(univ.OctetString):
+    pass
+
 
 class RecipientInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
@@ -88,48 +120,63 @@ class RecipientInfo(univ.Sequence):
         namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
         namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
         namedtype.NamedType('encryptedKey', EncryptedKey())
-        )
+    )
-                    
+
+
 class RecipientInfos(univ.SetOf):
     componentType = RecipientInfo()
 
+
 class Attributes(univ.SetOf):
     componentType = Attribute()
 
+
 class ExtendedCertificateInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('certificate', Certificate()),
         namedtype.NamedType('attributes', Attributes())
-        )
+    )
 
-class SignatureAlgorithmIdentifier(AlgorithmIdentifier): pass
 
-class Signature(univ.BitString): pass
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class Signature(univ.BitString):
+    pass
+
 
 class ExtendedCertificate(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
         namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
         namedtype.NamedType('signature', Signature())
-        )
+    )
+
 
 class ExtendedCertificateOrCertificate(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('certificate', Certificate()),
-        namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
-        )
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
 
 class ExtendedCertificatesAndCertificates(univ.SetOf):
     componentType = ExtendedCertificateOrCertificate()
 
-class SerialNumber(univ.Integer): pass
+
+class SerialNumber(univ.Integer):
+    pass
+
 
 class CRLEntry(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('userCertificate', SerialNumber()),
         namedtype.NamedType('revocationDate', useful.UTCTime())
-        )
+    )
+
 
 class TBSCertificateRevocationList(univ.Sequence):
     componentType = namedtype.NamedTypes(
@@ -138,68 +185,88 @@ class TBSCertificateRevocationList(univ.Sequence):
         namedtype.NamedType('lastUpdate', useful.UTCTime()),
         namedtype.NamedType('nextUpdate', useful.UTCTime()),
         namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry()))
-        )
+    )
-                            
+
+
 class CertificateRevocationList(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()),
         namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
         namedtype.NamedType('signature', univ.BitString())
-        )
+    )
+
 
 class CertificateRevocationLists(univ.SetOf):
     componentType = CertificateRevocationList()
 
-class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier): pass
 
-class EncryptedDigest(univ.OctetString): pass
+class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedDigest(univ.OctetString):
+    pass
+
 
 class SignerInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
         namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
-        namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
         namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()),
         namedtype.NamedType('encryptedDigest', EncryptedDigest()),
-        namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+        namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(
-        )
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
-                    
+    )
+
+
 class SignerInfos(univ.SetOf):
     componentType = SignerInfo()
 
+
 class SignedAndEnvelopedData(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('recipientInfos', RecipientInfos()),
         namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
         namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
-        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
-        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
         namedtype.NamedType('signerInfos', SignerInfos())
-        )
+    )
+
 
 class EnvelopedData(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('recipientInfos', RecipientInfos()),
         namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
-        )
+    )
-    
+
+
 class DigestInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
         namedtype.NamedType('digest', Digest())
-        )
+    )
-                    
+
+
 class SignedData(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
         namedtype.NamedType('contentInfo', ContentInfo()),
-        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
-        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
         namedtype.NamedType('signerInfos', SignerInfos())
-        )
+    )
-        
+
-class Data(univ.OctetString): pass
+
+class Data(univ.OctetString):
+    pass

src/pyasn1_modules/rfc2437.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # PKCS#1 syntax
 #
 # ASN.1 source from:
@@ -6,7 +11,7 @@
 #
 # Sample captures could be obtained with "openssl genrsa" command
 #
-from pyasn1.type import tag, namedtype, namedval, univ, constraint
+from pyasn1.type import tag, namedtype, univ
 from pyasn1_modules.rfc2459 import AlgorithmIdentifier
 
 pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
@@ -21,9 +26,12 @@ id_mgf1 = univ.ObjectIdentifier('1.2.840.113549.1.1.8')
 id_pSpecified = univ.ObjectIdentifier('1.2.840.113549.1.1.9')
 id_sha1 = univ.ObjectIdentifier('1.3.14.3.2.26')
 
-MAX = 16
+MAX = float('inf')
+
+
+class Version(univ.Integer):
+    pass
 
-class Version(univ.Integer): pass
 
 class RSAPrivateKey(univ.Sequence):
     componentType = namedtype.NamedTypes(
@@ -38,16 +46,21 @@ class RSAPrivateKey(univ.Sequence):
         namedtype.NamedType('coefficient', univ.Integer())
     )
 
+
 class RSAPublicKey(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('modulus', univ.Integer()),
         namedtype.NamedType('publicExponent', univ.Integer())
     )
 
+
 # XXX defaults not set
 class RSAES_OAEP_params(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(
-        namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-        namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+        namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
     )

src/pyasn1_modules/rfc2511.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # X.509 certificate Request Message Format (CRMF) syntax
 #
 # ASN.1 source from:
@@ -6,11 +11,10 @@
 #
 # Sample captures could be obtained with OpenSSL
 #
-from pyasn1.type import tag, namedtype, namedval, univ, constraint, char,useful
 from pyasn1_modules.rfc2459 import *
 from pyasn1_modules import rfc2315
 
-MAX=16
+MAX = float('inf')
 
 id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
 id_pkip = univ.ObjectIdentifier('1.3.6.1.5.5.7.5')
@@ -25,15 +29,22 @@ id_regInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2')
 id_regInfo_utf8Pairs = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.1')
 id_regInfo_certReq = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.2')
 
+
 # This should be in PKIX Certificate Extensions module
 
-class GeneralName(univ.OctetString): pass
+class GeneralName(univ.OctetString):
+    pass
+
 
 # end of PKIX Certificate Extensions module
 
-class UTF8Pairs(char.UTF8String): pass
+class UTF8Pairs(char.UTF8String):
+    pass
+
+
+class ProtocolEncrKey(SubjectPublicKeyInfo):
+    pass
 
-class ProtocolEncrKey(SubjectPublicKeyInfo): pass
 
 class CertId(univ.Sequence):
     componentType = namedtype.NamedTypes(
@@ -41,47 +52,74 @@ class CertId(univ.Sequence):
         namedtype.NamedType('serialNumber', univ.Integer())
     )
 
-class OldCertId(CertId): pass
 
-class KeyGenParameters(univ.OctetString): pass
+class OldCertId(CertId):
+    pass
+
+
+class KeyGenParameters(univ.OctetString):
+    pass
+
 
 class EncryptedValue(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype(
-        namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-        namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype(
-        namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
-        namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
         namedtype.NamedType('encValue', univ.BitString())
     )
 
+
 class EncryptedKey(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('encryptedValue', EncryptedValue()),
-        namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
     )
 
+
 class PKIArchiveOptions(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype(
-        namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-        namedtype.NamedType('archiveRemGenPrivKey', univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('archiveRemGenPrivKey',
+                            univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
     )
 
+
 class SinglePubInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('pubMethod', univ.Integer(namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
+        namedtype.NamedType('pubMethod', univ.Integer(
+            namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
         namedtype.OptionalNamedType('pubLocation', GeneralName())
     )
 
+
 class PKIPublicationInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('action', univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+        namedtype.NamedType('action',
-        namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+                            univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+        namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
     )
 
-class Authenticator(char.UTF8String): pass
+
-class RegToken(char.UTF8String): pass
+class Authenticator(char.UTF8String):
+    pass
+
+
+class RegToken(char.UTF8String):
+    pass
+
 
 class SubsequentMessage(univ.Integer):
     namedValues = namedval.NamedValues(
@@ -89,13 +127,18 @@ class SubsequentMessage(univ.Integer):
         ('challengeResp', 1)
     )
 
+
 class POPOPrivKey(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('thisMessage', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('thisMessage',
-        namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+                            univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.NamedType('dhMAC', univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dhMAC',
+                            univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
     )
 
+
 class PBMParameter(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('salt', univ.OctetString()),
@@ -104,73 +147,112 @@ class PBMParameter(univ.Sequence):
         namedtype.NamedType('mac', AlgorithmIdentifier())
     )
 
+
 class PKMACValue(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('algId', AlgorithmIdentifier()),
         namedtype.NamedType('value', univ.BitString())
     )
 
+
 class POPOSigningKeyInput(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('authInfo', univ.Choice(componentType=namedtype.NamedTypes(namedtype.NamedType('sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('publicKeyMAC', PKMACValue())))),
+        namedtype.NamedType(
+            'authInfo', univ.Choice(
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType(
+                        'sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+                    ),
+                    namedtype.NamedType('publicKeyMAC', PKMACValue())
+                )
+            )
+        ),
         namedtype.NamedType('publicKey', SubjectPublicKeyInfo())
     )
 
+
 class POPOSigningKey(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
         namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()),
         namedtype.NamedType('signature', univ.BitString())
     )
 
+
 class ProofOfPossession(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('raVerified', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('raVerified',
-        namedtype.NamedType('signature', POPOSigningKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('signature', POPOSigningKey().subtype(
-        namedtype.NamedType('keyAgreement', POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('keyAgreement', POPOPrivKey().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
     )
 
+
 class Controls(univ.SequenceOf):
     componentType = AttributeTypeAndValue()
     subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
 
+
 class OptionalValidity(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('notBefore', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notBefore',
-        namedtype.OptionalNamedType('notAfter', Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+                                    Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-	)
+        namedtype.OptionalNamedType('notAfter',
+                                    Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
 
 class CertTemplate(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('version', Version().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('version', Version().subtype(
-        namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(
-        namedtype.OptionalNamedType('issuer', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
-        namedtype.OptionalNamedType('validity', OptionalValidity().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype(
-        namedtype.OptionalNamedType('subject', Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
-        namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.OptionalNamedType('issuer', Name().subtype(
-        namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
-        namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+        namedtype.OptionalNamedType('validity', OptionalValidity().subtype(
-        namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
-	)
+        namedtype.OptionalNamedType('subject', Name().subtype(
-  
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
+
 class CertRequest(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('certReqId', univ.Integer()),
         namedtype.NamedType('certTemplate', CertTemplate()),
         namedtype.OptionalNamedType('controls', Controls())
-	)
+    )
+
+
+class CertReq(CertRequest):
+    pass
 
-class CertReq(CertRequest): pass
 
 class CertReqMsg(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('certReq', CertRequest()),
         namedtype.OptionalNamedType('pop', ProofOfPossession()),
-        namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+        namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()).subtype(
-	)
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
-        
+    )
+
+
 class CertReqMessages(univ.SequenceOf):
     componentType = CertReqMsg()
     subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)

src/pyasn1_modules/rfc2560.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # OCSP request/response syntax
 #
 # Derived from a minimal OCSP library (RFC2560) code written by
@@ -16,9 +21,10 @@
 # * dates are left as strings in GeneralizedTime format -- datetime.datetime
 # would be nicer
 #
-from pyasn1.type import tag, namedtype, namedval, univ, constraint, useful
+from pyasn1.type import tag, namedtype, namedval, univ, useful
 from pyasn1_modules import rfc2459
 
+
 # Start of OCSP module definitions
 
 # This should be in directory Authentication Framework (X.509) module
@@ -35,13 +41,16 @@ class CRLReason(univ.Enumerated):
         ('removeFromCRL', 8),
         ('privilegeWithdrawn', 9),
         ('aACompromise', 10)
-        )
+    )
+
 
 # end of directory Authentication Framework (X.509) module
 
 # This should be in PKIX Certificate Extensions module
 
-class GeneralName(univ.OctetString): pass
+class GeneralName(univ.OctetString):
+    pass
+
 
 # end of PKIX Certificate Extensions module
 
@@ -55,18 +64,26 @@ id_pkix_ocsp_nocheck = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 5))
 id_pkix_ocsp_archive_cutoff = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 6))
 id_pkix_ocsp_service_locator = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 7))
 
+
 class AcceptableResponses(univ.SequenceOf):
     componentType = univ.ObjectIdentifier()
 
-class ArchiveCutoff(useful.GeneralizedTime): pass
 
-class UnknownInfo(univ.Null): pass
+class ArchiveCutoff(useful.GeneralizedTime):
+    pass
+
+
+class UnknownInfo(univ.Null):
+    pass
+
 
 class RevokedInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('revocationTime', useful.GeneralizedTime()),
-        namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
 
 class CertID(univ.Sequence):
     componentType = namedtype.NamedTypes(
@@ -74,57 +91,77 @@ class CertID(univ.Sequence):
         namedtype.NamedType('issuerNameHash', univ.OctetString()),
         namedtype.NamedType('issuerKeyHash', univ.OctetString()),
         namedtype.NamedType('serialNumber', rfc2459.CertificateSerialNumber())
-        )
+    )
+
 
 class CertStatus(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('good', univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('good',
-        namedtype.NamedType('revoked', RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.NamedType('unknown', UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+        namedtype.NamedType('revoked',
-        )
+                            RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('unknown',
+                            UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
 
 class SingleResponse(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('certID', CertID()),
         namedtype.NamedType('certStatus', CertStatus()),
         namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
-        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(
-        namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        )
+        namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class KeyHash(univ.OctetString):
+    pass
 
-class KeyHash(univ.OctetString): pass
 
 class ResponderID(univ.Choice):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('byName', rfc2459.Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('byName',
-        namedtype.NamedType('byKey', KeyHash().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+                            rfc2459.Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
-        )
+        namedtype.NamedType('byKey',
+                            KeyHash().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
 
 class Version(univ.Integer):
     namedValues = namedval.NamedValues(('v1', 0))
 
+
 class ResponseData(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
         namedtype.NamedType('responderID', ResponderID()),
         namedtype.NamedType('producedAt', useful.GeneralizedTime()),
-        namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())),
+        namedtype.NamedType('responses', univ.SequenceOf(componentType=SingleResponse())),
-        namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+        namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
 
 class BasicOCSPResponse(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('tbsResponseData', ResponseData()),
         namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
         namedtype.NamedType('signature', univ.BitString()),
-        namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(componentType=rfc2459.Certificate()).subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
 
 class ResponseBytes(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('responseType', univ.ObjectIdentifier()),
         namedtype.NamedType('response', univ.OctetString())
-        )
+    )
+
 
 class OCSPResponseStatus(univ.Enumerated):
     namedValues = namedval.NamedValues(
@@ -135,37 +172,49 @@ class OCSPResponseStatus(univ.Enumerated):
         ('undefinedStatus', 4),  # should never occur
         ('sigRequired', 5),
         ('unauthorized', 6)
-        )
+    )
+
 
 class OCSPResponse(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('responseStatus',  OCSPResponseStatus()),
+        namedtype.NamedType('responseStatus', OCSPResponseStatus()),
-        namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
 
 class Request(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('reqCert', CertID()),
-        namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
 
 class Signature(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
         namedtype.NamedType('signature', univ.BitString()),
-        namedtype.OptionalNamedType('certs', univ.SequenceOf(rfc2459.Certificate()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(componentType=rfc2459.Certificate()).subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
 
 class TBSRequest(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
-        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-        namedtype.NamedType('requestList', univ.SequenceOf(Request())),
+        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(
-        namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
-        )
+        namedtype.NamedType('requestList', univ.SequenceOf(componentType=Request())),
+        namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
 
 class OCSPRequest(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('tbsRequest',  TBSRequest()),
+        namedtype.NamedType('tbsRequest', TBSRequest()),
-        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(
-        )
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )

src/pyasn1_modules/rfc3279.py

@@ -0,0 +1,231 @@
+#
+# This file is part of pyasn1-modules.
+#
+# Copyright (c) 2017, Danielle Madeley <danielle@madeley.id.au>
+# License: http://pyasn1.sf.net/license.html
+#
+# Derived from RFC 3279
+#
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+md2 = _OID(1, 2, 840, 113549, 2, 2)
+md5 = _OID(1, 2, 840, 113549, 2, 5)
+id_sha1 = _OID(1, 3, 14, 3, 2, 26)
+id_dsa = _OID(1, 2, 840, 10040, 4, 1)
+
+
+class DSAPublicKey(univ.Integer):
+    pass
+
+
+class Dss_Parms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer())
+    )
+
+
+id_dsa_with_sha1 = _OID(1, 2, 840, 10040, 4, 3)
+
+
+class Dss_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+
+pkcs_1 = _OID(1, 2, 840, 113549, 1, 1)
+rsaEncryption = _OID(pkcs_1, 1)
+md2WithRSAEncryption = _OID(pkcs_1, 2)
+md5WithRSAEncryption = _OID(pkcs_1, 4)
+sha1WithRSAEncryption = _OID(pkcs_1, 5)
+
+
+class RSAPublicKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer())
+    )
+
+
+dhpublicnumber = _OID(1, 2, 840, 10046, 2, 1)
+
+
+class DHPublicKey(univ.Integer):
+    pass
+
+
+class ValidationParms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('seed', univ.BitString()),
+        namedtype.NamedType('pgenCounter', univ.Integer())
+    )
+
+
+class DomainParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.OptionalNamedType('j', univ.Integer()),
+        namedtype.OptionalNamedType('validationParms', ValidationParms())
+    )
+
+
+id_keyExchangeAlgorithm = _OID(2, 16, 840, 1, 101, 2, 1, 1, 22)
+
+
+class KEA_Parms_Id(univ.OctetString):
+    pass
+
+
+ansi_X9_62 = _OID(1, 2, 840, 10045)
+
+
+class FieldID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('fieldType', univ.ObjectIdentifier()),
+        namedtype.NamedType('parameters', univ.Any())
+    )
+
+
+id_ecSigType = _OID(ansi_X9_62, 4)
+ecdsa_with_SHA1 = _OID(id_ecSigType, 1)
+
+
+class ECDSA_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+
+id_fieldType = _OID(ansi_X9_62, 1)
+prime_field = _OID(id_fieldType, 1)
+
+
+class Prime_p(univ.Integer):
+    pass
+
+
+characteristic_two_field = _OID(id_fieldType, 2)
+
+
+class Characteristic_two(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('m', univ.Integer()),
+        namedtype.NamedType('basis', univ.ObjectIdentifier()),
+        namedtype.NamedType('parameters', univ.Any())
+    )
+
+
+id_characteristic_two_basis = _OID(characteristic_two_field, 3)
+gnBasis = _OID(id_characteristic_two_basis, 1)
+tpBasis = _OID(id_characteristic_two_basis, 2)
+
+
+class Trinomial(univ.Integer):
+    pass
+
+
+ppBasis = _OID(id_characteristic_two_basis, 3)
+
+
+class Pentanomial(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('k1', univ.Integer()),
+        namedtype.NamedType('k2', univ.Integer()),
+        namedtype.NamedType('k3', univ.Integer())
+    )
+
+
+class FieldElement(univ.OctetString):
+    pass
+
+
+class ECPoint(univ.OctetString):
+    pass
+
+
+class Curve(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('a', FieldElement()),
+        namedtype.NamedType('b', FieldElement()),
+        namedtype.OptionalNamedType('seed', univ.BitString())
+    )
+
+
+class ECPVer(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('ecpVer1', 1)
+    )
+
+
+class ECParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', ECPVer()),
+        namedtype.NamedType('fieldID', FieldID()),
+        namedtype.NamedType('curve', Curve()),
+        namedtype.NamedType('base', ECPoint()),
+        namedtype.NamedType('order', univ.Integer()),
+        namedtype.OptionalNamedType('cofactor', univ.Integer())
+    )
+
+
+class EcpkParameters(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ecParameters', ECParameters()),
+        namedtype.NamedType('namedCurve', univ.ObjectIdentifier()),
+        namedtype.NamedType('implicitlyCA', univ.Null())
+    )
+
+
+id_publicKeyType = _OID(ansi_X9_62, 2)
+id_ecPublicKey = _OID(id_publicKeyType, 1)
+
+ellipticCurve = _OID(ansi_X9_62, 3)
+
+c_TwoCurve = _OID(ellipticCurve, 0)
+c2pnb163v1 = _OID(c_TwoCurve, 1)
+c2pnb163v2 = _OID(c_TwoCurve, 2)
+c2pnb163v3 = _OID(c_TwoCurve, 3)
+c2pnb176w1 = _OID(c_TwoCurve, 4)
+c2tnb191v1 = _OID(c_TwoCurve, 5)
+c2tnb191v2 = _OID(c_TwoCurve, 6)
+c2tnb191v3 = _OID(c_TwoCurve, 7)
+c2onb191v4 = _OID(c_TwoCurve, 8)
+c2onb191v5 = _OID(c_TwoCurve, 9)
+c2pnb208w1 = _OID(c_TwoCurve, 10)
+c2tnb239v1 = _OID(c_TwoCurve, 11)
+c2tnb239v2 = _OID(c_TwoCurve, 12)
+c2tnb239v3 = _OID(c_TwoCurve, 13)
+c2onb239v4 = _OID(c_TwoCurve, 14)
+c2onb239v5 = _OID(c_TwoCurve, 15)
+c2pnb272w1 = _OID(c_TwoCurve, 16)
+c2pnb304w1 = _OID(c_TwoCurve, 17)
+c2tnb359v1 = _OID(c_TwoCurve, 18)
+c2pnb368w1 = _OID(c_TwoCurve, 19)
+c2tnb431r1 = _OID(c_TwoCurve, 20)
+
+primeCurve = _OID(ellipticCurve, 1)
+prime192v1 = _OID(primeCurve, 1)
+prime192v2 = _OID(primeCurve, 2)
+prime192v3 = _OID(primeCurve, 3)
+prime239v1 = _OID(primeCurve, 4)
+prime239v2 = _OID(primeCurve, 5)
+prime239v3 = _OID(primeCurve, 6)
+prime256v1 = _OID(primeCurve, 7)

src/pyasn1_modules/rfc3281.py

@@ -0,0 +1,331 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+# An Internet Attribute Certificate Profile for Authorization
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3281.txt
+#
+from pyasn1.type import univ
+from pyasn1.type import char
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import constraint
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc3280
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class ObjectDigestInfo(univ.Sequence):
+    pass
+
+
+ObjectDigestInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('digestedObjectType', univ.Enumerated(
+        namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))),
+    namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()),
+    namedtype.NamedType('digestAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('objectDigest', univ.BitString())
+)
+
+
+class IssuerSerial(univ.Sequence):
+    pass
+
+
+IssuerSerial.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc3280.GeneralNames()),
+    namedtype.NamedType('serial', rfc3280.CertificateSerialNumber()),
+    namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier())
+)
+
+
+class TargetCert(univ.Sequence):
+    pass
+
+
+TargetCert.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('targetCertificate', IssuerSerial()),
+    namedtype.OptionalNamedType('targetName', rfc3280.GeneralName()),
+    namedtype.OptionalNamedType('certDigestInfo', ObjectDigestInfo())
+)
+
+
+class Target(univ.Choice):
+    pass
+
+
+Target.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('targetName', rfc3280.GeneralName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('targetGroup', rfc3280.GeneralName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('targetCert',
+                        TargetCert().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+class Targets(univ.SequenceOf):
+    pass
+
+
+Targets.componentType = Target()
+
+
+class ProxyInfo(univ.SequenceOf):
+    pass
+
+
+ProxyInfo.componentType = Targets()
+
+id_at_role = _buildOid(rfc3280.id_at, 72)
+
+id_pe_aaControls = _buildOid(rfc3280.id_pe, 6)
+
+id_ce_targetInformation = _buildOid(rfc3280.id_ce, 55)
+
+id_pe_ac_auditIdentity = _buildOid(rfc3280.id_pe, 4)
+
+
+class ClassList(univ.BitString):
+    pass
+
+
+ClassList.namedValues = namedval.NamedValues(
+    ('unmarked', 0),
+    ('unclassified', 1),
+    ('restricted', 2),
+    ('confidential', 3),
+    ('secret', 4),
+    ('topSecret', 5)
+)
+
+
+class SecurityCategory(univ.Sequence):
+    pass
+
+
+SecurityCategory.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class Clearance(univ.Sequence):
+    pass
+
+
+Clearance.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('policyId', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.DefaultedNamedType('classList',
+                                 ClassList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+                                                                         tag.tagFormatSimple, 1)).subtype(
+                                     value="unclassified")),
+    namedtype.OptionalNamedType('securityCategories', univ.SetOf(componentType=SecurityCategory()).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class AttCertVersion(univ.Integer):
+    pass
+
+
+AttCertVersion.namedValues = namedval.NamedValues(
+    ('v2', 1)
+)
+
+id_aca = _buildOid(rfc3280.id_pkix, 10)
+
+id_at_clearance = _buildOid(2, 5, 1, 5, 55)
+
+
+class AttrSpec(univ.SequenceOf):
+    pass
+
+
+AttrSpec.componentType = univ.ObjectIdentifier()
+
+
+class AAControls(univ.Sequence):
+    pass
+
+
+AAControls.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('pathLenConstraint',
+                                univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.OptionalNamedType('permittedAttrs',
+                                AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('excludedAttrs',
+                                AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.DefaultedNamedType('permitUnSpecified', univ.Boolean().subtype(value=1))
+)
+
+
+class AttCertValidityPeriod(univ.Sequence):
+    pass
+
+
+AttCertValidityPeriod.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()),
+    namedtype.NamedType('notAfterTime', useful.GeneralizedTime())
+)
+
+
+id_aca_authenticationInfo = _buildOid(id_aca, 1)
+
+
+class V2Form(univ.Sequence):
+    pass
+
+
+V2Form.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('issuerName', rfc3280.GeneralNames()),
+    namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class AttCertIssuer(univ.Choice):
+    pass
+
+
+AttCertIssuer.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('v1Form', rfc3280.GeneralNames()),
+    namedtype.NamedType('v2Form',
+                        V2Form().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class Holder(univ.Sequence):
+    pass
+
+
+Holder.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('entityName', rfc3280.GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+class AttributeCertificateInfo(univ.Sequence):
+    pass
+
+
+AttributeCertificateInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', AttCertVersion()),
+    namedtype.NamedType('holder', Holder()),
+    namedtype.NamedType('issuer', AttCertIssuer()),
+    namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()),
+    namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()),
+    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())),
+    namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()),
+    namedtype.OptionalNamedType('extensions', rfc3280.Extensions())
+)
+
+
+class AttributeCertificate(univ.Sequence):
+    pass
+
+
+AttributeCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acinfo', AttributeCertificateInfo()),
+    namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('signatureValue', univ.BitString())
+)
+
+id_mod = _buildOid(rfc3280.id_pkix, 0)
+
+id_mod_attribute_cert = _buildOid(id_mod, 12)
+
+id_aca_accessIdentity = _buildOid(id_aca, 2)
+
+
+class RoleSyntax(univ.Sequence):
+    pass
+
+
+RoleSyntax.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('roleAuthority', rfc3280.GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('roleName',
+                        rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_aca_chargingIdentity = _buildOid(id_aca, 3)
+
+
+class ACClearAttrs(univ.Sequence):
+    pass
+
+
+ACClearAttrs.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acIssuer', rfc3280.GeneralName()),
+    namedtype.NamedType('acSerial', univ.Integer()),
+    namedtype.NamedType('attrs', univ.SequenceOf(componentType=rfc3280.Attribute()))
+)
+
+id_aca_group = _buildOid(id_aca, 4)
+
+id_pe_ac_proxying = _buildOid(rfc3280.id_pe, 10)
+
+
+class SvceAuthInfo(univ.Sequence):
+    pass
+
+
+SvceAuthInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('service', rfc3280.GeneralName()),
+    namedtype.NamedType('ident', rfc3280.GeneralName()),
+    namedtype.OptionalNamedType('authInfo', univ.OctetString())
+)
+
+
+class IetfAttrSyntax(univ.Sequence):
+    pass
+
+
+IetfAttrSyntax.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType(
+        'policyAuthority', rfc3280.GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+    ),
+    namedtype.NamedType(
+        'values', univ.SequenceOf(
+            componentType=univ.Choice(
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType('octets', univ.OctetString()),
+                    namedtype.NamedType('oid', univ.ObjectIdentifier()),
+                    namedtype.NamedType('string', char.UTF8String())
+                )
+            )
+        )
+    )
+)
+
+id_aca_encAttrs = _buildOid(id_aca, 6)

src/pyasn1_modules/rfc3412.py

@@ -1,38 +1,50 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv3 message syntax
 #
 # ASN.1 source from:
 # http://www.ietf.org/rfc/rfc3412.txt
 #
-from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1.type import univ, namedtype, constraint
 from pyasn1_modules import rfc1905
 
+
 class ScopedPDU(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('contextEngineId', univ.OctetString()),
         namedtype.NamedType('contextName', univ.OctetString()),
         namedtype.NamedType('data', rfc1905.PDUs())
-        )
+    )
-    
+
+
 class ScopedPduData(univ.Choice):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('plaintext', ScopedPDU()),
         namedtype.NamedType('encryptedPDU', univ.OctetString()),
-        )
+    )
-    
+
+
 class HeaderData(univ.Sequence):
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('msgID', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgID',
-        namedtype.NamedType('msgMaxSize', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))),
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgMaxSize',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))),
         namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))),
-        namedtype.NamedType('msgSecurityModel', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647)))
+        namedtype.NamedType('msgSecurityModel',
-        )
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647)))
+    )
+
 
 class SNMPv3Message(univ.Sequence):
     componentType = namedtype.NamedTypes(
-         namedtype.NamedType('msgVersion', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgVersion',
-         namedtype.NamedType('msgGlobalData', HeaderData()),
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
-         namedtype.NamedType('msgSecurityParameters', univ.OctetString()),
+        namedtype.NamedType('msgGlobalData', HeaderData()),
-         namedtype.NamedType('msgData', ScopedPduData())
+        namedtype.NamedType('msgSecurityParameters', univ.OctetString()),
-         )
+        namedtype.NamedType('msgData', ScopedPduData())
-
+    )

src/pyasn1_modules/rfc3414.py

@@ -1,17 +1,26 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # SNMPv3 message syntax
 #
 # ASN.1 source from:
 # http://www.ietf.org/rfc/rfc3414.txt
 #
-from pyasn1.type import univ, namedtype, namedval, tag, constraint
+from pyasn1.type import univ, namedtype, constraint
+
 
 class UsmSecurityParameters(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('msgAuthoritativeEngineID', univ.OctetString()),
-        namedtype.NamedType('msgAuthoritativeEngineBoots', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgAuthoritativeEngineBoots',
-        namedtype.NamedType('msgAuthoritativeEngineTime', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
-        namedtype.NamedType('msgUserName', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))),
+        namedtype.NamedType('msgAuthoritativeEngineTime',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgUserName',
+                            univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))),
         namedtype.NamedType('msgAuthenticationParameters', univ.OctetString()),
         namedtype.NamedType('msgPrivacyParameters', univ.OctetString())
-        )
+    )

src/pyasn1_modules/rfc3447.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # PKCS#1 syntax
 #
 # ASN.1 source from:
@@ -6,19 +11,22 @@
 #
 # Sample captures could be obtained with "openssl genrsa" command
 #
+from pyasn1.type import constraint, namedval
 from pyasn1_modules.rfc2437 import *
 
+
 class OtherPrimeInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('prime', univ.Integer()),
         namedtype.NamedType('exponent', univ.Integer()),
         namedtype.NamedType('coefficient', univ.Integer())
-        )
+    )
+
 
 class OtherPrimeInfos(univ.SequenceOf):
     componentType = OtherPrimeInfo()
-    subtypeSpec = univ.SequenceOf.subtypeSpec + \
+    subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
-                  constraint.ValueSizeConstraint(1, MAX)
+
 
 class RSAPrivateKey(univ.Sequence):
     componentType = namedtype.NamedTypes(

src/pyasn1_modules/rfc3852.py

@@ -0,0 +1,701 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+# Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3852.txt
+#
+from pyasn1.type import univ, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc3280
+from pyasn1_modules import rfc3281
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class Attribute(univ.Sequence):
+    pass
+
+
+Attribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
+    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()))
+)
+
+
+class SignedAttributes(univ.SetOf):
+    pass
+
+
+SignedAttributes.componentType = Attribute()
+SignedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class OtherRevocationInfoFormat(univ.Sequence):
+    pass
+
+
+OtherRevocationInfoFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherRevInfo', univ.Any())
+)
+
+
+class RevocationInfoChoice(univ.Choice):
+    pass
+
+
+RevocationInfoChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('crl', rfc3280.CertificateList()),
+    namedtype.NamedType('other', OtherRevocationInfoFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class RevocationInfoChoices(univ.SetOf):
+    pass
+
+
+RevocationInfoChoices.componentType = RevocationInfoChoice()
+
+
+class OtherKeyAttribute(univ.Sequence):
+    pass
+
+
+OtherKeyAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()),
+    namedtype.OptionalNamedType('keyAttr', univ.Any())
+)
+
+id_signedData = _buildOid(1, 2, 840, 113549, 1, 7, 2)
+
+
+class KeyEncryptionAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class EncryptedKey(univ.OctetString):
+    pass
+
+
+class CMSVersion(univ.Integer):
+    pass
+
+
+CMSVersion.namedValues = namedval.NamedValues(
+    ('v0', 0),
+    ('v1', 1),
+    ('v2', 2),
+    ('v3', 3),
+    ('v4', 4),
+    ('v5', 5)
+)
+
+
+class KEKIdentifier(univ.Sequence):
+    pass
+
+
+KEKIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyIdentifier', univ.OctetString()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KEKRecipientInfo(univ.Sequence):
+    pass
+
+
+KEKRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('kekid', KEKIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class KeyDerivationAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class PasswordRecipientInfo(univ.Sequence):
+    pass
+
+
+PasswordRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('keyDerivationAlgorithm', KeyDerivationAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class OtherRecipientInfo(univ.Sequence):
+    pass
+
+
+OtherRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('oriType', univ.ObjectIdentifier()),
+    namedtype.NamedType('oriValue', univ.Any())
+)
+
+
+class IssuerAndSerialNumber(univ.Sequence):
+    pass
+
+
+IssuerAndSerialNumber.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc3280.Name()),
+    namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber())
+)
+
+
+class SubjectKeyIdentifier(univ.OctetString):
+    pass
+
+
+class RecipientKeyIdentifier(univ.Sequence):
+    pass
+
+
+RecipientKeyIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KeyAgreeRecipientIdentifier(univ.Choice):
+    pass
+
+
+KeyAgreeRecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('rKeyId', RecipientKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class RecipientEncryptedKey(univ.Sequence):
+    pass
+
+
+RecipientEncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('rid', KeyAgreeRecipientIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientEncryptedKeys(univ.SequenceOf):
+    pass
+
+
+RecipientEncryptedKeys.componentType = RecipientEncryptedKey()
+
+
+class UserKeyingMaterial(univ.OctetString):
+    pass
+
+
+class OriginatorPublicKey(univ.Sequence):
+    pass
+
+
+OriginatorPublicKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('publicKey', univ.BitString())
+)
+
+
+class OriginatorIdentifierOrKey(univ.Choice):
+    pass
+
+
+OriginatorIdentifierOrKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('originatorKey', OriginatorPublicKey().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class KeyAgreeRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyAgreeRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('originator', OriginatorIdentifierOrKey().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('ukm', UserKeyingMaterial().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('recipientEncryptedKeys', RecipientEncryptedKeys())
+)
+
+
+class RecipientIdentifier(univ.Choice):
+    pass
+
+
+RecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KeyTransRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyTransRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('rid', RecipientIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientInfo(univ.Choice):
+    pass
+
+
+RecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ktri', KeyTransRecipientInfo()),
+    namedtype.NamedType('kari', KeyAgreeRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('kekri', KEKRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.NamedType('pwri', PasswordRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.NamedType('ori', OtherRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
+)
+
+
+class RecipientInfos(univ.SetOf):
+    pass
+
+
+RecipientInfos.componentType = RecipientInfo()
+RecipientInfos.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class DigestAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class Signature(univ.BitString):
+    pass
+
+
+class SignerIdentifier(univ.Choice):
+    pass
+
+
+SignerIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class UnprotectedAttributes(univ.SetOf):
+    pass
+
+
+UnprotectedAttributes.componentType = Attribute()
+UnprotectedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class ContentType(univ.ObjectIdentifier):
+    pass
+
+
+class EncryptedContent(univ.OctetString):
+    pass
+
+
+class ContentEncryptionAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class EncryptedContentInfo(univ.Sequence):
+    pass
+
+
+EncryptedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class EncryptedData(univ.Sequence):
+    pass
+
+
+EncryptedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_contentType = _buildOid(1, 2, 840, 113549, 1, 9, 3)
+
+id_data = _buildOid(1, 2, 840, 113549, 1, 7, 1)
+
+id_messageDigest = _buildOid(1, 2, 840, 113549, 1, 9, 4)
+
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    pass
+
+
+DigestAlgorithmIdentifiers.componentType = DigestAlgorithmIdentifier()
+
+
+class EncapsulatedContentInfo(univ.Sequence):
+    pass
+
+
+EncapsulatedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('eContentType', ContentType()),
+    namedtype.OptionalNamedType('eContent', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class Digest(univ.OctetString):
+    pass
+
+
+class DigestedData(univ.Sequence):
+    pass
+
+
+DigestedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.NamedType('digest', Digest())
+)
+
+
+class ContentInfo(univ.Sequence):
+    pass
+
+
+ContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class UnauthAttributes(univ.SetOf):
+    pass
+
+
+UnauthAttributes.componentType = Attribute()
+UnauthAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class ExtendedCertificateInfo(univ.Sequence):
+    pass
+
+
+ExtendedCertificateInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('certificate', rfc3280.Certificate()),
+    namedtype.NamedType('attributes', UnauthAttributes())
+)
+
+
+class SignatureAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class ExtendedCertificate(univ.Sequence):
+    pass
+
+
+ExtendedCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', Signature())
+)
+
+
+class OtherCertificateFormat(univ.Sequence):
+    pass
+
+
+OtherCertificateFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherCertFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherCert', univ.Any())
+)
+
+
+class AttributeCertificateV2(rfc3281.AttributeCertificate):
+    pass
+
+
+class AttCertVersionV1(univ.Integer):
+    pass
+
+
+AttCertVersionV1.namedValues = namedval.NamedValues(
+    ('v1', 0)
+)
+
+
+class AttributeCertificateInfoV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateInfoV1.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value="v1")),
+    namedtype.NamedType(
+        'subject', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('baseCertificateID', rfc3281.IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+                namedtype.NamedType('subjectName', rfc3280.GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+            )
+        )
+    ),
+    namedtype.NamedType('issuer', rfc3280.GeneralNames()),
+    namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()),
+    namedtype.NamedType('attCertValidityPeriod', rfc3281.AttCertValidityPeriod()),
+    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())),
+    namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()),
+    namedtype.OptionalNamedType('extensions', rfc3280.Extensions())
+)
+
+
+class AttributeCertificateV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateV1.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acInfo', AttributeCertificateInfoV1()),
+    namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class CertificateChoices(univ.Choice):
+    pass
+
+
+CertificateChoices.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc3280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('v1AttrCert', AttributeCertificateV1().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('v2AttrCert', AttributeCertificateV2().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('other', OtherCertificateFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class CertificateSet(univ.SetOf):
+    pass
+
+
+CertificateSet.componentType = CertificateChoices()
+
+
+class MessageAuthenticationCode(univ.OctetString):
+    pass
+
+
+class UnsignedAttributes(univ.SetOf):
+    pass
+
+
+UnsignedAttributes.componentType = Attribute()
+UnsignedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SignatureValue(univ.OctetString):
+    pass
+
+
+class SignerInfo(univ.Sequence):
+    pass
+
+
+SignerInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('sid', SignerIdentifier()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('signedAttrs', SignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', SignatureValue()),
+    namedtype.OptionalNamedType('unsignedAttrs', UnsignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SignerInfos(univ.SetOf):
+    pass
+
+
+SignerInfos.componentType = SignerInfo()
+
+
+class SignedData(univ.Sequence):
+    pass
+
+
+SignedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('certificates', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('signerInfos', SignerInfos())
+)
+
+
+class MessageAuthenticationCodeAlgorithm(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class MessageDigest(univ.OctetString):
+    pass
+
+
+class Time(univ.Choice):
+    pass
+
+
+Time.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('utcTime', useful.UTCTime()),
+    namedtype.NamedType('generalTime', useful.GeneralizedTime())
+)
+
+
+class OriginatorInfo(univ.Sequence):
+    pass
+
+
+OriginatorInfo.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('certs', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class AuthAttributes(univ.SetOf):
+    pass
+
+
+AuthAttributes.componentType = Attribute()
+AuthAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class AuthenticatedData(univ.Sequence):
+    pass
+
+
+AuthenticatedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('macAlgorithm', MessageAuthenticationCodeAlgorithm()),
+    namedtype.OptionalNamedType('digestAlgorithm', DigestAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('authAttrs', AuthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('mac', MessageAuthenticationCode()),
+    namedtype.OptionalNamedType('unauthAttrs', UnauthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+id_ct_contentInfo = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 6)
+
+id_envelopedData = _buildOid(1, 2, 840, 113549, 1, 7, 3)
+
+
+class EnvelopedData(univ.Sequence):
+    pass
+
+
+EnvelopedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class Countersignature(SignerInfo):
+    pass
+
+
+id_digestedData = _buildOid(1, 2, 840, 113549, 1, 7, 5)
+
+id_signingTime = _buildOid(1, 2, 840, 113549, 1, 9, 5)
+
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    pass
+
+
+ExtendedCertificateOrCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc3280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+id_encryptedData = _buildOid(1, 2, 840, 113549, 1, 7, 6)
+
+id_ct_authData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 2)
+
+
+class SigningTime(Time):
+    pass
+
+
+id_countersignature = _buildOid(1, 2, 840, 113549, 1, 9, 6)

src/pyasn1_modules/rfc4210.py

@@ -1,20 +1,34 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # Certificate Management Protocol structures as per RFC4210
 #
 # Based on Alex Railean's work
 #
-from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful
+from pyasn1.type import tag, namedtype, namedval, univ, constraint, char, useful
 from pyasn1_modules import rfc2459, rfc2511, rfc2314
 
-MAX = 64
+MAX = float('inf')
 
-class KeyIdentifier(univ.OctetString): pass
 
-class CMPCertificate(rfc2459.Certificate): pass
+class KeyIdentifier(univ.OctetString):
+    pass
 
-class OOBCert(CMPCertificate): pass
 
-class CertAnnContent(CMPCertificate): pass
+class CMPCertificate(rfc2459.Certificate):
+    pass
+
+
+class OOBCert(CMPCertificate):
+    pass
+
+
+class CertAnnContent(CMPCertificate):
+    pass
+
 
 class PKIFreeText(univ.SequenceOf):
     """
@@ -23,6 +37,7 @@ class PKIFreeText(univ.SequenceOf):
     componentType = char.UTF8String()
     subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
 
+
 class PollRepContent(univ.SequenceOf):
     """
          PollRepContent ::= SEQUENCE OF SEQUENCE {
@@ -31,14 +46,17 @@ class PollRepContent(univ.SequenceOf):
          reason                 PKIFreeText OPTIONAL
      }
     """
+
     class CertReq(univ.Sequence):
         componentType = namedtype.NamedTypes(
             namedtype.NamedType('certReqId', univ.Integer()),
             namedtype.NamedType('checkAfter', univ.Integer()),
             namedtype.OptionalNamedType('reason', PKIFreeText())
         )
+
     componentType = CertReq()
 
+
 class PollReqContent(univ.SequenceOf):
     """
          PollReqContent ::= SEQUENCE OF SEQUENCE {
@@ -46,12 +64,15 @@ class PollReqContent(univ.SequenceOf):
      }
 
     """
+
     class CertReq(univ.Sequence):
         componentType = namedtype.NamedTypes(
             namedtype.NamedType('certReqId', univ.Integer())
         )
+
     componentType = CertReq()
 
+
 class InfoTypeAndValue(univ.Sequence):
     """
     InfoTypeAndValue ::= SEQUENCE {
@@ -63,17 +84,23 @@ class InfoTypeAndValue(univ.Sequence):
         namedtype.OptionalNamedType('infoValue', univ.Any())
     )
 
+
 class GenRepContent(univ.SequenceOf):
     componentType = InfoTypeAndValue()
 
+
 class GenMsgContent(univ.SequenceOf):
     componentType = InfoTypeAndValue()
 
-class PKIConfirmContent(univ.Null): pass
+
+class PKIConfirmContent(univ.Null):
+    pass
+
 
 class CRLAnnContent(univ.SequenceOf):
     componentType = rfc2459.CertificateList()
 
+
 class CAKeyUpdAnnContent(univ.Sequence):
     """
     CAKeyUpdAnnContent ::= SEQUENCE {
@@ -88,6 +115,7 @@ class CAKeyUpdAnnContent(univ.Sequence):
         namedtype.NamedType('newWithNew', CMPCertificate())
     )
 
+
 class RevDetails(univ.Sequence):
     """
     RevDetails ::= SEQUENCE {
@@ -99,10 +127,12 @@ class RevDetails(univ.Sequence):
         namedtype.NamedType('certDetails', rfc2511.CertTemplate()),
         namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions())
     )
- 
+
+
 class RevReqContent(univ.SequenceOf):
     componentType = RevDetails()
 
+
 class CertOrEncCert(univ.Choice):
     """
      CertOrEncCert ::= CHOICE {
@@ -111,16 +141,11 @@ class CertOrEncCert(univ.Choice):
      }
     """
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('certificate', CMPCertificate().subtype(
+        namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
-            )
-        ),
-        namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(
-            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
-            )
-        )
     )
 
+
 class CertifiedKeyPair(univ.Sequence):
     """
     CertifiedKeyPair ::= SEQUENCE {
@@ -131,20 +156,15 @@ class CertifiedKeyPair(univ.Sequence):
     """
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('certOrEncCert', CertOrEncCert()),
-        namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(
+        namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
-                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+        namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
-            )
-        ),
-        namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(
-                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
-            )
-        )
     )
- 
+
 
 class POPODecKeyRespContent(univ.SequenceOf):
     componentType = univ.Integer()
 
+
 class Challenge(univ.Sequence):
     """
     Challenge ::= SEQUENCE {
@@ -159,6 +179,7 @@ class Challenge(univ.Sequence):
         namedtype.NamedType('challenge', univ.OctetString())
     )
 
+
 class PKIStatus(univ.Integer):
     """
     PKIStatus ::= INTEGER {
@@ -180,7 +201,8 @@ class PKIStatus(univ.Integer):
         ('revocationNotification', 5),
         ('keyUpdateWarning', 6)
     )
- 
+
+
 class PKIFailureInfo(univ.BitString):
     """
     PKIFailureInfo ::= BIT STRING {
@@ -242,6 +264,7 @@ class PKIFailureInfo(univ.BitString):
         ('duplicateCertReq', 26)
     )
 
+
 class PKIStatusInfo(univ.Sequence):
     """
     PKIStatusInfo ::= SEQUENCE {
@@ -254,7 +277,8 @@ class PKIStatusInfo(univ.Sequence):
         namedtype.NamedType('status', PKIStatus()),
         namedtype.OptionalNamedType('statusString', PKIFreeText()),
         namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
-        )
+    )
+
 
 class ErrorMsgContent(univ.Sequence):
     """
@@ -272,6 +296,7 @@ class ErrorMsgContent(univ.Sequence):
         namedtype.OptionalNamedType('errorDetails', PKIFreeText())
     )
 
+
 class CertStatus(univ.Sequence):
     """
     CertStatus ::= SEQUENCE {
@@ -286,9 +311,11 @@ class CertStatus(univ.Sequence):
         namedtype.OptionalNamedType('statusInfo', PKIStatusInfo())
     )
 
+
 class CertConfirmContent(univ.SequenceOf):
     componentType = CertStatus()
 
+
 class RevAnnContent(univ.Sequence):
     """
     RevAnnContent ::= SEQUENCE {
@@ -307,6 +334,7 @@ class RevAnnContent(univ.Sequence):
         namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions())
     )
 
+
 class RevRepContent(univ.Sequence):
     """
     RevRepContent ::= SEQUENCE {
@@ -318,22 +346,21 @@ class RevRepContent(univ.Sequence):
     """
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('status', PKIStatusInfo()),
-        namedtype.OptionalNamedType('revCerts', univ.SequenceOf(
+        namedtype.OptionalNamedType(
-                componentType=rfc2511.CertId()
+            'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype(
-            ).subtype(
                 subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
                 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
             )
         ),
-        namedtype.OptionalNamedType('crls', univ.SequenceOf(
+        namedtype.OptionalNamedType(
-                componentType=rfc2459.CertificateList()
+            'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype(
-            ).subtype(
                 subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
                 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
             )
         )
     )
 
+
 class KeyRecRepContent(univ.Sequence):
     """
     KeyRecRepContent ::= SEQUENCE {
@@ -347,26 +374,24 @@ class KeyRecRepContent(univ.Sequence):
     """
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('status', PKIStatusInfo()),
-        namedtype.OptionalNamedType('newSigCert', CMPCertificate().subtype(
+        namedtype.OptionalNamedType(
-            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            'newSigCert', CMPCertificate().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
             )
         ),
-        namedtype.OptionalNamedType('caCerts', univ.SequenceOf(
+        namedtype.OptionalNamedType(
-                componentType=CMPCertificate()
+            'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype(
-            ).subtype(
                 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1),
                 subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
             )
         ),
-        namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(
+        namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype(
-                componentType=CertifiedKeyPair()
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2),
-            ).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX))
-                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2),
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
-            )
         )
     )
- 
+
+
 class CertResponse(univ.Sequence):
     """
     CertResponse ::= SEQUENCE {
@@ -383,6 +408,7 @@ class CertResponse(univ.Sequence):
         namedtype.OptionalNamedType('rspInfo', univ.OctetString())
     )
 
+
 class CertRepMessage(univ.Sequence):
     """
     CertRepMessage ::= SEQUENCE {
@@ -392,21 +418,19 @@ class CertRepMessage(univ.Sequence):
      }
     """
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('caPubs', univ.SequenceOf(
+        namedtype.OptionalNamedType(
+            'caPubs', univ.SequenceOf(
                 componentType=CMPCertificate()
-            ).subtype(
+            ).subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
-                explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
-            )
         ),
-        namedtype.NamedType('response', univ.SequenceOf(
+        namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse()))
-                componentType=CertResponse())
-            )
     )
 
+
 class POPODecKeyChallContent(univ.SequenceOf):
     componentType = Challenge()
 
+
 class OOBCertHash(univ.Sequence):
     """
     OOBCertHash ::= SEQUENCE {
@@ -416,18 +440,16 @@ class OOBCertHash(univ.Sequence):
      }
     """
     componentType = namedtype.NamedTypes(
-        namedtype.OptionalNamedType('hashAlg',
+        namedtype.OptionalNamedType(
-                                    rfc2459.AlgorithmIdentifier().subtype(
+            'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
-            )
         ),
-        namedtype.OptionalNamedType('certId', rfc2511.CertId().subtype(
+        namedtype.OptionalNamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))
-            )
         ),
         namedtype.NamedType('hashVal', univ.BitString())
     )
 
+
 # pyasn1 does not naturally handle recursive definitions, thus this hack:
 # NestedMessageContent ::= PKIMessages
 class NestedMessageContent(univ.SequenceOf):
@@ -436,6 +458,7 @@ class NestedMessageContent(univ.SequenceOf):
     """
     componentType = univ.Any()
 
+
 class DHBMParameter(univ.Sequence):
     """
     DHBMParameter ::= SEQUENCE {
@@ -450,8 +473,10 @@ class DHBMParameter(univ.Sequence):
         namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
     )
 
+
 id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30')
 
+
 class PBMParameter(univ.Sequence):
     """
     PBMParameter ::= SEQUENCE {
@@ -462,23 +487,28 @@ class PBMParameter(univ.Sequence):
      }
     """
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('salt', univ.OctetString().subtype(
+        namedtype.NamedType(
-                subtypeSpec=constraint.ValueSizeConstraint(0, 128)
+            'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128))
-            )
         ),
         namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
         namedtype.NamedType('iterationCount', univ.Integer()),
         namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
     )
 
+
 id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13')
 
-class PKIProtection(univ.BitString): pass
+
+class PKIProtection(univ.BitString):
+    pass
+
 
 # pyasn1 does not naturally handle recursive definitions, thus this hack:
 # NestedMessageContent ::= PKIMessages
-nestedMessageContent = NestedMessageContent().subtype(explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20))
+nestedMessageContent = NestedMessageContent().subtype(
- 
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20))
+
+
 class PKIBody(univ.Choice):
     """
     PKIBody ::= CHOICE {       -- message-specific body elements
@@ -512,113 +542,141 @@ class PKIBody(univ.Choice):
 
     """
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('ir', rfc2511.CertReqMessages().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,0)
+            'ir', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
             )
         ),
-        namedtype.NamedType('ip', CertRepMessage().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,1)
+            'ip', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
             )
         ),
-        namedtype.NamedType('cr', rfc2511.CertReqMessages().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,2)
+            'cr', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
             )
         ),
-        namedtype.NamedType('cp', CertRepMessage().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,3)
+            'cp', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
             )
         ),
-        namedtype.NamedType('p10cr', rfc2314.CertificationRequest().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,4)
+            'p10cr', rfc2314.CertificationRequest().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)
             )
         ),
-        namedtype.NamedType('popdecc', POPODecKeyChallContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,5)
+            'popdecc', POPODecKeyChallContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
             )
         ),
-        namedtype.NamedType('popdecr', POPODecKeyRespContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,6)
+            'popdecr', POPODecKeyRespContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
             )
         ),
-        namedtype.NamedType('kur', rfc2511.CertReqMessages().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,7)
+            'kur', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
             )
         ),
-        namedtype.NamedType('kup', CertRepMessage().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,8)
+            'kup', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
             )
         ),
-        namedtype.NamedType('krr', rfc2511.CertReqMessages().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,9)
+            'krr', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)
             )
         ),
-        namedtype.NamedType('krp', KeyRecRepContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,10)
+            'krp', KeyRecRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10)
             )
         ),
-        namedtype.NamedType('rr', RevReqContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,11)
+            'rr', RevReqContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11)
             )
         ),
-        namedtype.NamedType('rp', RevRepContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,12)
+            'rp', RevRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12)
             )
         ),
-        namedtype.NamedType('ccr', rfc2511.CertReqMessages().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,13)
+            'ccr', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13)
             )
         ),
-        namedtype.NamedType('ccp', CertRepMessage().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,14)
+            'ccp', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14)
             )
         ),
-        namedtype.NamedType('ckuann', CAKeyUpdAnnContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,15)
+            'ckuann', CAKeyUpdAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15)
             )
         ),
-        namedtype.NamedType('cann', CertAnnContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,16)
+            'cann', CertAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16)
             )
         ),
-        namedtype.NamedType('rann', RevAnnContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,17)
+            'rann', RevAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17)
             )
         ),
-        namedtype.NamedType('crlann', CRLAnnContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,18)
+            'crlann', CRLAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18)
             )
         ),
-        namedtype.NamedType('pkiconf', PKIConfirmContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,19)
+            'pkiconf', PKIConfirmContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19)
             )
         ),
-        namedtype.NamedType('nested', nestedMessageContent),
+        namedtype.NamedType(
-#        namedtype.NamedType('nested', NestedMessageContent().subtype(
+            'nested', nestedMessageContent
-#            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
+        ),
-#            )
+        #        namedtype.NamedType('nested', NestedMessageContent().subtype(
-#        ),
+        #            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
-        namedtype.NamedType('genm', GenMsgContent().subtype(
+        #            )
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,21)
+        #        ),
+        namedtype.NamedType(
+            'genm', GenMsgContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21)
             )
         ),
-        namedtype.NamedType('gen', GenRepContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,22)
+            'gen', GenRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22)
             )
         ),
-        namedtype.NamedType('error', ErrorMsgContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,23)
+            'error', ErrorMsgContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23)
             )
         ),
-        namedtype.NamedType('certConf', CertConfirmContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,24)
+            'certConf', CertConfirmContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24)
             )
         ),
-        namedtype.NamedType('pollReq', PollReqContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,25)
+            'pollReq', PollReqContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25)
             )
         ),
-        namedtype.NamedType('pollRep', PollRepContent().subtype(
+        namedtype.NamedType(
-            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,26)
+            'pollRep', PollRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26)
             )
         )
     )
@@ -644,33 +702,39 @@ class PKIHeader(univ.Sequence):
 
     """
     componentType = namedtype.NamedTypes(
-        namedtype.NamedType('pvno', univ.Integer(
+        namedtype.NamedType(
-                namedValues=namedval.NamedValues(    
+            'pvno', univ.Integer(
-                    ('cmp1999', 1), 
+                namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2))
-                    ('cmp2000', 2)    
-                )
             )
         ),
         namedtype.NamedType('sender', rfc2459.GeneralName()),
         namedtype.NamedType('recipient', rfc2459.GeneralName()),
-        namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
         namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
             explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
-        namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(
-        namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
-        namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(
-        namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
-        namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(
-        namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
         namedtype.OptionalNamedType('generalInfo',
-            univ.SequenceOf(
+                                    univ.SequenceOf(
-                componentType=InfoTypeAndValue().subtype( 
+                                        componentType=InfoTypeAndValue().subtype(
-                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                                            subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
-                    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
+                                            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
-                    )
+                                        )
-                )
+                                    )
-            )
+                                    )
-        )
+    )
+
 
 class ProtectedPart(univ.Sequence):
     """
@@ -682,7 +746,8 @@ class ProtectedPart(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('header', PKIHeader()),
         namedtype.NamedType('infoValue', PKIBody())
-        )
+    )
+
 
 class PKIMessage(univ.Sequence):
     """
@@ -696,17 +761,19 @@ class PKIMessage(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('header', PKIHeader()),
         namedtype.NamedType('body', PKIBody()),
-        namedtype.OptionalNamedType('protection', PKIProtection().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('protection', PKIProtection().subtype(
-        namedtype.OptionalNamedType( 'extraCerts',
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
-            univ.SequenceOf(
+        namedtype.OptionalNamedType('extraCerts',
-                componentType=CMPCertificate()
+                                    univ.SequenceOf(
-            ).subtype(
+                                        componentType=CMPCertificate()
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+                                    ).subtype(
-                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+                                        subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
-            )
+                                        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
-        )
+                                    )
+                                    )
     )
 
+
 class PKIMessages(univ.SequenceOf):
     """
     PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
@@ -714,7 +781,8 @@ class PKIMessages(univ.SequenceOf):
     componentType = PKIMessage()
     subtypeSpec = univ.SequenceOf.subtypeSpec + constraint.ValueSizeConstraint(1, MAX)
 
+
 # pyasn1 does not naturally handle recursive definitions, thus this hack:
 # NestedMessageContent ::= PKIMessages
-NestedMessageContent.componentType = PKIMessages()
+NestedMessageContent._componentType = PKIMessages()
-nestedMessageContent.componentType = PKIMessages()
+nestedMessageContent._componentType = PKIMessages()

src/pyasn1_modules/rfc4211.py

@@ -0,0 +1,391 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+# Internet X.509 Public Key Infrastructure Certificate Request
+# Message Format (CRMF)
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc4211.txt
+#
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint
+
+from pyasn1_modules import rfc3280
+from pyasn1_modules import rfc3852
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
+
+id_pkip = _buildOid(id_pkix, 5)
+
+id_regCtrl = _buildOid(id_pkip, 1)
+
+
+class SinglePubInfo(univ.Sequence):
+    pass
+
+
+SinglePubInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pubMethod', univ.Integer(
+        namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
+    namedtype.OptionalNamedType('pubLocation', rfc3280.GeneralName())
+)
+
+
+class UTF8Pairs(char.UTF8String):
+    pass
+
+
+class PKMACValue(univ.Sequence):
+    pass
+
+
+PKMACValue.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algId', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('value', univ.BitString())
+)
+
+
+class POPOSigningKeyInput(univ.Sequence):
+    pass
+
+
+POPOSigningKeyInput.componentType = namedtype.NamedTypes(
+    namedtype.NamedType(
+        'authInfo', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType(
+                    'sender', rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))
+                ),
+                namedtype.NamedType(
+                    'publicKeyMAC', PKMACValue()
+                )
+            )
+        )
+    ),
+    namedtype.NamedType('publicKey', rfc3280.SubjectPublicKeyInfo())
+)
+
+
+class POPOSigningKey(univ.Sequence):
+    pass
+
+
+POPOSigningKey.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('algorithmIdentifier', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class Attributes(univ.SetOf):
+    pass
+
+
+Attributes.componentType = rfc3280.Attribute()
+
+
+class PrivateKeyInfo(univ.Sequence):
+    pass
+
+
+PrivateKeyInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', univ.Integer()),
+    namedtype.NamedType('privateKeyAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('privateKey', univ.OctetString()),
+    namedtype.OptionalNamedType('attributes',
+                                Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class EncryptedValue(univ.Sequence):
+    pass
+
+
+EncryptedValue.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('intendedAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('symmAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('keyAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.NamedType('encValue', univ.BitString())
+)
+
+
+class EncryptedKey(univ.Choice):
+    pass
+
+
+EncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptedValue', EncryptedValue()),
+    namedtype.NamedType('envelopedData', rfc3852.EnvelopedData().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KeyGenParameters(univ.OctetString):
+    pass
+
+
+class PKIArchiveOptions(univ.Choice):
+    pass
+
+
+PKIArchiveOptions.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptedPrivKey',
+                        EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('keyGenParameters',
+                        KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('archiveRemGenPrivKey',
+                        univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+id_regCtrl_authenticator = _buildOid(id_regCtrl, 2)
+
+id_regInfo = _buildOid(id_pkip, 2)
+
+id_regInfo_certReq = _buildOid(id_regInfo, 2)
+
+
+class ProtocolEncrKey(rfc3280.SubjectPublicKeyInfo):
+    pass
+
+
+class Authenticator(char.UTF8String):
+    pass
+
+
+class SubsequentMessage(univ.Integer):
+    pass
+
+
+SubsequentMessage.namedValues = namedval.NamedValues(
+    ('encrCert', 0),
+    ('challengeResp', 1)
+)
+
+
+class AttributeTypeAndValue(univ.Sequence):
+    pass
+
+
+AttributeTypeAndValue.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', univ.ObjectIdentifier()),
+    namedtype.NamedType('value', univ.Any())
+)
+
+
+class POPOPrivKey(univ.Choice):
+    pass
+
+
+POPOPrivKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('thisMessage',
+                        univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('subsequentMessage',
+                        SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('dhMAC',
+                        univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('agreeMAC',
+                        PKMACValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.NamedType('encryptedKey', rfc3852.EnvelopedData().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
+class ProofOfPossession(univ.Choice):
+    pass
+
+
+ProofOfPossession.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('raVerified',
+                        univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('signature', POPOSigningKey().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('keyEncipherment',
+                        POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.NamedType('keyAgreement',
+                        POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class OptionalValidity(univ.Sequence):
+    pass
+
+
+OptionalValidity.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('notBefore', rfc3280.Time().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('notAfter', rfc3280.Time().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class CertTemplate(univ.Sequence):
+    pass
+
+
+CertTemplate.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('version', rfc3280.Version().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('signingAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('issuer', rfc3280.Name().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.OptionalNamedType('validity', OptionalValidity().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+    namedtype.OptionalNamedType('subject', rfc3280.Name().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+    namedtype.OptionalNamedType('publicKey', rfc3280.SubjectPublicKeyInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+    namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+    namedtype.OptionalNamedType('subjectUID', rfc3280.UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+    namedtype.OptionalNamedType('extensions', rfc3280.Extensions().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9)))
+)
+
+
+class Controls(univ.SequenceOf):
+    pass
+
+
+Controls.componentType = AttributeTypeAndValue()
+Controls.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class CertRequest(univ.Sequence):
+    pass
+
+
+CertRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certReqId', univ.Integer()),
+    namedtype.NamedType('certTemplate', CertTemplate()),
+    namedtype.OptionalNamedType('controls', Controls())
+)
+
+
+class CertReqMsg(univ.Sequence):
+    pass
+
+
+CertReqMsg.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certReq', CertRequest()),
+    namedtype.OptionalNamedType('popo', ProofOfPossession()),
+    namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()))
+)
+
+
+class CertReqMessages(univ.SequenceOf):
+    pass
+
+
+CertReqMessages.componentType = CertReqMsg()
+CertReqMessages.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class CertReq(CertRequest):
+    pass
+
+
+id_regCtrl_pkiPublicationInfo = _buildOid(id_regCtrl, 3)
+
+
+class CertId(univ.Sequence):
+    pass
+
+
+CertId.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc3280.GeneralName()),
+    namedtype.NamedType('serialNumber', univ.Integer())
+)
+
+
+class OldCertId(CertId):
+    pass
+
+
+class PKIPublicationInfo(univ.Sequence):
+    pass
+
+
+PKIPublicationInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('action',
+                        univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+    namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()))
+)
+
+
+class EncKeyWithID(univ.Sequence):
+    pass
+
+
+EncKeyWithID.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('privateKey', PrivateKeyInfo()),
+    namedtype.OptionalNamedType(
+        'identifier', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('string', char.UTF8String()),
+                namedtype.NamedType('generalName', rfc3280.GeneralName())
+            )
+        )
+    )
+)
+
+id_regCtrl_protocolEncrKey = _buildOid(id_regCtrl, 6)
+
+id_regCtrl_oldCertID = _buildOid(id_regCtrl, 5)
+
+id_smime = _buildOid(1, 2, 840, 113549, 1, 9, 16)
+
+
+class PBMParameter(univ.Sequence):
+    pass
+
+
+PBMParameter.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.OctetString()),
+    namedtype.NamedType('owf', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('iterationCount', univ.Integer()),
+    namedtype.NamedType('mac', rfc3280.AlgorithmIdentifier())
+)
+
+id_regCtrl_regToken = _buildOid(id_regCtrl, 1)
+
+id_regCtrl_pkiArchiveOptions = _buildOid(id_regCtrl, 4)
+
+id_regInfo_utf8Pairs = _buildOid(id_regInfo, 1)
+
+id_ct = _buildOid(id_smime, 1)
+
+id_ct_encKeyWithID = _buildOid(id_ct, 21)
+
+
+class RegToken(char.UTF8String):
+    pass

src/pyasn1_modules/rfc5208.py

@@ -1,4 +1,9 @@
 #
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
 # PKCS#8 syntax
 #
 # ASN.1 source from:
@@ -6,15 +11,21 @@
 #
 # Sample captures could be obtained with "openssl pkcs8 -topk8" command
 #
-from pyasn1.type import tag, namedtype, namedval, univ, constraint
 from pyasn1_modules.rfc2459 import *
 from pyasn1_modules import rfc2251
 
-class KeyEncryptionAlgorithms(AlgorithmIdentifier): pass
 
-class PrivateKeyAlgorithms(AlgorithmIdentifier): pass
+class KeyEncryptionAlgorithms(AlgorithmIdentifier):
+    pass
+
+
+class PrivateKeyAlgorithms(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedData(univ.OctetString):
+    pass
 
-class EncryptedData(univ.OctetString): pass
 
 class EncryptedPrivateKeyInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
@@ -22,18 +33,24 @@ class EncryptedPrivateKeyInfo(univ.Sequence):
         namedtype.NamedType('encryptedData', EncryptedData())
     )
 
-class PrivateKey(univ.OctetString): pass
+
+class PrivateKey(univ.OctetString):
+    pass
+
 
 class Attributes(univ.SetOf):
     componentType = rfc2251.Attribute()
 
+
 class Version(univ.Integer):
-    namedValues = namedval.NamedValues(('v1', 0), ('v2', 1)) 
+    namedValues = namedval.NamedValues(('v1', 0), ('v2', 1))
+
 
 class PrivateKeyInfo(univ.Sequence):
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('version', Version()),
         namedtype.NamedType('privateKeyAlgorithm', AlgorithmIdentifier()),
         namedtype.NamedType('privateKey', PrivateKey()),
-        namedtype.OptionalNamedType('attributes', Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+        namedtype.OptionalNamedType('attributes', Attributes().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
     )

src/pyasn1_modules/rfc5652.py

@@ -0,0 +1,706 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+# Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc5652.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc3281
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class AttCertVersionV1(univ.Integer):
+    pass
+
+
+AttCertVersionV1.namedValues = namedval.NamedValues(
+    ('v1', 0)
+)
+
+
+class AttributeCertificateInfoV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateInfoV1.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value="v1")),
+    namedtype.NamedType(
+        'subject', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('baseCertificateID', rfc3281.IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+                namedtype.NamedType('subjectName', rfc5280.GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+            )
+        )
+    ),
+    namedtype.NamedType('issuer', rfc5280.GeneralNames()),
+    namedtype.NamedType('signature', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber()),
+    namedtype.NamedType('attCertValidityPeriod', rfc3281.AttCertValidityPeriod()),
+    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc5280.Attribute())),
+    namedtype.OptionalNamedType('issuerUniqueID', rfc5280.UniqueIdentifier()),
+    namedtype.OptionalNamedType('extensions', rfc5280.Extensions())
+)
+
+
+class AttributeCertificateV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateV1.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acInfo', AttributeCertificateInfoV1()),
+    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class Attribute(univ.Sequence):
+    pass
+
+
+Attribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
+    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()))
+)
+
+
+class SignedAttributes(univ.SetOf):
+    pass
+
+
+SignedAttributes.componentType = Attribute()
+SignedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class AttributeCertificateV2(rfc3281.AttributeCertificate):
+    pass
+
+
+class OtherKeyAttribute(univ.Sequence):
+    pass
+
+
+OtherKeyAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()),
+    namedtype.OptionalNamedType('keyAttr', univ.Any())
+)
+
+
+class UnauthAttributes(univ.SetOf):
+    pass
+
+
+UnauthAttributes.componentType = Attribute()
+UnauthAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_encryptedData = _buildOid(1, 2, 840, 113549, 1, 7, 6)
+
+
+class SignatureValue(univ.OctetString):
+    pass
+
+
+class IssuerAndSerialNumber(univ.Sequence):
+    pass
+
+
+IssuerAndSerialNumber.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc5280.Name()),
+    namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber())
+)
+
+
+class SubjectKeyIdentifier(univ.OctetString):
+    pass
+
+
+class RecipientKeyIdentifier(univ.Sequence):
+    pass
+
+
+RecipientKeyIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KeyAgreeRecipientIdentifier(univ.Choice):
+    pass
+
+
+KeyAgreeRecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('rKeyId', RecipientKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class EncryptedKey(univ.OctetString):
+    pass
+
+
+class RecipientEncryptedKey(univ.Sequence):
+    pass
+
+
+RecipientEncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('rid', KeyAgreeRecipientIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientEncryptedKeys(univ.SequenceOf):
+    pass
+
+
+RecipientEncryptedKeys.componentType = RecipientEncryptedKey()
+
+
+class MessageAuthenticationCode(univ.OctetString):
+    pass
+
+
+class CMSVersion(univ.Integer):
+    pass
+
+
+CMSVersion.namedValues = namedval.NamedValues(
+    ('v0', 0),
+    ('v1', 1),
+    ('v2', 2),
+    ('v3', 3),
+    ('v4', 4),
+    ('v5', 5)
+)
+
+
+class OtherCertificateFormat(univ.Sequence):
+    pass
+
+
+OtherCertificateFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherCertFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherCert', univ.Any())
+)
+
+
+class ExtendedCertificateInfo(univ.Sequence):
+    pass
+
+
+ExtendedCertificateInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('certificate', rfc5280.Certificate()),
+    namedtype.NamedType('attributes', UnauthAttributes())
+)
+
+
+class Signature(univ.BitString):
+    pass
+
+
+class SignatureAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class ExtendedCertificate(univ.Sequence):
+    pass
+
+
+ExtendedCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', Signature())
+)
+
+
+class CertificateChoices(univ.Choice):
+    pass
+
+
+CertificateChoices.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc5280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('v1AttrCert', AttributeCertificateV1().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('v2AttrCert', AttributeCertificateV2().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('other', OtherCertificateFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class CertificateSet(univ.SetOf):
+    pass
+
+
+CertificateSet.componentType = CertificateChoices()
+
+
+class OtherRevocationInfoFormat(univ.Sequence):
+    pass
+
+
+OtherRevocationInfoFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherRevInfo', univ.Any())
+)
+
+
+class RevocationInfoChoice(univ.Choice):
+    pass
+
+
+RevocationInfoChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('crl', rfc5280.CertificateList()),
+    namedtype.NamedType('other', OtherRevocationInfoFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class RevocationInfoChoices(univ.SetOf):
+    pass
+
+
+RevocationInfoChoices.componentType = RevocationInfoChoice()
+
+
+class OriginatorInfo(univ.Sequence):
+    pass
+
+
+OriginatorInfo.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('certs', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class ContentType(univ.ObjectIdentifier):
+    pass
+
+
+class EncryptedContent(univ.OctetString):
+    pass
+
+
+class ContentEncryptionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class EncryptedContentInfo(univ.Sequence):
+    pass
+
+
+EncryptedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class UnprotectedAttributes(univ.SetOf):
+    pass
+
+
+UnprotectedAttributes.componentType = Attribute()
+UnprotectedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class KeyEncryptionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class KEKIdentifier(univ.Sequence):
+    pass
+
+
+KEKIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyIdentifier', univ.OctetString()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KEKRecipientInfo(univ.Sequence):
+    pass
+
+
+KEKRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('kekid', KEKIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class KeyDerivationAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class PasswordRecipientInfo(univ.Sequence):
+    pass
+
+
+PasswordRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('keyDerivationAlgorithm', KeyDerivationAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientIdentifier(univ.Choice):
+    pass
+
+
+RecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KeyTransRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyTransRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('rid', RecipientIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class UserKeyingMaterial(univ.OctetString):
+    pass
+
+
+class OriginatorPublicKey(univ.Sequence):
+    pass
+
+
+OriginatorPublicKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('publicKey', univ.BitString())
+)
+
+
+class OriginatorIdentifierOrKey(univ.Choice):
+    pass
+
+
+OriginatorIdentifierOrKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('originatorKey', OriginatorPublicKey().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class KeyAgreeRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyAgreeRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('originator', OriginatorIdentifierOrKey().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('ukm', UserKeyingMaterial().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('recipientEncryptedKeys', RecipientEncryptedKeys())
+)
+
+
+class OtherRecipientInfo(univ.Sequence):
+    pass
+
+
+OtherRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('oriType', univ.ObjectIdentifier()),
+    namedtype.NamedType('oriValue', univ.Any())
+)
+
+
+class RecipientInfo(univ.Choice):
+    pass
+
+
+RecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ktri', KeyTransRecipientInfo()),
+    namedtype.NamedType('kari', KeyAgreeRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('kekri', KEKRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.NamedType('pwri', PasswordRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.NamedType('ori', OtherRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
+)
+
+
+class RecipientInfos(univ.SetOf):
+    pass
+
+
+RecipientInfos.componentType = RecipientInfo()
+RecipientInfos.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class EnvelopedData(univ.Sequence):
+    pass
+
+
+EnvelopedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class DigestAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+id_ct_contentInfo = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 6)
+
+id_digestedData = _buildOid(1, 2, 840, 113549, 1, 7, 5)
+
+
+class EncryptedData(univ.Sequence):
+    pass
+
+
+EncryptedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_messageDigest = _buildOid(1, 2, 840, 113549, 1, 9, 4)
+
+id_signedData = _buildOid(1, 2, 840, 113549, 1, 7, 2)
+
+
+class MessageAuthenticationCodeAlgorithm(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class UnsignedAttributes(univ.SetOf):
+    pass
+
+
+UnsignedAttributes.componentType = Attribute()
+UnsignedAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SignerIdentifier(univ.Choice):
+    pass
+
+
+SignerIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class SignerInfo(univ.Sequence):
+    pass
+
+
+SignerInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('sid', SignerIdentifier()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('signedAttrs', SignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', SignatureValue()),
+    namedtype.OptionalNamedType('unsignedAttrs', UnsignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SignerInfos(univ.SetOf):
+    pass
+
+
+SignerInfos.componentType = SignerInfo()
+
+
+class Countersignature(SignerInfo):
+    pass
+
+
+class ContentInfo(univ.Sequence):
+    pass
+
+
+ContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class EncapsulatedContentInfo(univ.Sequence):
+    pass
+
+
+EncapsulatedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('eContentType', ContentType()),
+    namedtype.OptionalNamedType('eContent', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+id_countersignature = _buildOid(1, 2, 840, 113549, 1, 9, 6)
+
+id_data = _buildOid(1, 2, 840, 113549, 1, 7, 1)
+
+
+class MessageDigest(univ.OctetString):
+    pass
+
+
+class AuthAttributes(univ.SetOf):
+    pass
+
+
+AuthAttributes.componentType = Attribute()
+AuthAttributes.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class Time(univ.Choice):
+    pass
+
+
+Time.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('utcTime', useful.UTCTime()),
+    namedtype.NamedType('generalTime', useful.GeneralizedTime())
+)
+
+
+class AuthenticatedData(univ.Sequence):
+    pass
+
+
+AuthenticatedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('macAlgorithm', MessageAuthenticationCodeAlgorithm()),
+    namedtype.OptionalNamedType('digestAlgorithm', DigestAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('authAttrs', AuthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('mac', MessageAuthenticationCode()),
+    namedtype.OptionalNamedType('unauthAttrs', UnauthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+id_contentType = _buildOid(1, 2, 840, 113549, 1, 9, 3)
+
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    pass
+
+
+ExtendedCertificateOrCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc5280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class Digest(univ.OctetString):
+    pass
+
+
+class DigestedData(univ.Sequence):
+    pass
+
+
+DigestedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.NamedType('digest', Digest())
+)
+
+id_envelopedData = _buildOid(1, 2, 840, 113549, 1, 7, 3)
+
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    pass
+
+
+DigestAlgorithmIdentifiers.componentType = DigestAlgorithmIdentifier()
+
+
+class SignedData(univ.Sequence):
+    pass
+
+
+SignedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('certificates', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('signerInfos', SignerInfos())
+)
+
+id_signingTime = _buildOid(1, 2, 840, 113549, 1, 9, 5)
+
+
+class SigningTime(Time):
+    pass
+
+
+id_ct_authData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 2)

src/pyasn1_modules/rfc6402.py

@@ -0,0 +1,561 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com>
+# License: http://pyasn1.sf.net/license.html
+#
+# Certificate Management over CMS (CMC) Updates
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc6402.txt
+#
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc4211
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class ChangeSubjectName(univ.Sequence):
+    pass
+
+
+ChangeSubjectName.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('subject', rfc5280.Name()),
+    namedtype.OptionalNamedType('subjectAlt', rfc5280.GeneralNames())
+)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class CMCStatus(univ.Integer):
+    pass
+
+
+CMCStatus.namedValues = namedval.NamedValues(
+    ('success', 0),
+    ('failed', 2),
+    ('pending', 3),
+    ('noSupport', 4),
+    ('confirmRequired', 5),
+    ('popRequired', 6),
+    ('partial', 7)
+)
+
+
+class PendInfo(univ.Sequence):
+    pass
+
+
+PendInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pendToken', univ.OctetString()),
+    namedtype.NamedType('pendTime', useful.GeneralizedTime())
+)
+
+bodyIdMax = univ.Integer(4294967295)
+
+
+class BodyPartID(univ.Integer):
+    pass
+
+
+BodyPartID.subtypeSpec = constraint.ValueRangeConstraint(0, bodyIdMax)
+
+
+class BodyPartPath(univ.SequenceOf):
+    pass
+
+
+BodyPartPath.componentType = BodyPartID()
+BodyPartPath.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class BodyPartReference(univ.Choice):
+    pass
+
+
+BodyPartReference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('bodyPartPath', BodyPartPath())
+)
+
+
+class CMCFailInfo(univ.Integer):
+    pass
+
+
+CMCFailInfo.namedValues = namedval.NamedValues(
+    ('badAlg', 0),
+    ('badMessageCheck', 1),
+    ('badRequest', 2),
+    ('badTime', 3),
+    ('badCertId', 4),
+    ('unsupportedExt', 5),
+    ('mustArchiveKeys', 6),
+    ('badIdentity', 7),
+    ('popRequired', 8),
+    ('popFailed', 9),
+    ('noKeyReuse', 10),
+    ('internalCAError', 11),
+    ('tryLater', 12),
+    ('authDataFail', 13)
+)
+
+
+class CMCStatusInfoV2(univ.Sequence):
+    pass
+
+
+CMCStatusInfoV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('cMCStatus', CMCStatus()),
+    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference())),
+    namedtype.OptionalNamedType('statusString', char.UTF8String()),
+    namedtype.OptionalNamedType(
+        'otherInfo', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('failInfo', CMCFailInfo()),
+                namedtype.NamedType('pendInfo', PendInfo()),
+                namedtype.NamedType(
+                    'extendedFailInfo', univ.Sequence(
+                    componentType=namedtype.NamedTypes(
+                        namedtype.NamedType('failInfoOID', univ.ObjectIdentifier()),
+                        namedtype.NamedType('failInfoValue', AttributeValue()))
+                    )
+                )
+            )
+        )
+    )
+)
+
+
+class GetCRL(univ.Sequence):
+    pass
+
+
+GetCRL.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerName', rfc5280.Name()),
+    namedtype.OptionalNamedType('cRLName', rfc5280.GeneralName()),
+    namedtype.OptionalNamedType('time', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('reasons', rfc5280.ReasonFlags())
+)
+
+id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
+
+id_cmc = _buildOid(id_pkix, 7)
+
+id_cmc_batchResponses = _buildOid(id_cmc, 29)
+
+id_cmc_popLinkWitness = _buildOid(id_cmc, 23)
+
+
+class PopLinkWitnessV2(univ.Sequence):
+    pass
+
+
+PopLinkWitnessV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyGenAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('macAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witness', univ.OctetString())
+)
+
+id_cmc_popLinkWitnessV2 = _buildOid(id_cmc, 33)
+
+id_cmc_identityProofV2 = _buildOid(id_cmc, 34)
+
+id_cmc_revokeRequest = _buildOid(id_cmc, 17)
+
+id_cmc_recipientNonce = _buildOid(id_cmc, 7)
+
+
+class ControlsProcessed(univ.Sequence):
+    pass
+
+
+ControlsProcessed.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartReference()))
+)
+
+
+class CertificationRequest(univ.Sequence):
+    pass
+
+
+CertificationRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType(
+        'certificationRequestInfo', univ.Sequence(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('version', univ.Integer()),
+                namedtype.NamedType('subject', rfc5280.Name()),
+                namedtype.NamedType(
+                    'subjectPublicKeyInfo', univ.Sequence(
+                        componentType=namedtype.NamedTypes(
+                            namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
+                            namedtype.NamedType('subjectPublicKey', univ.BitString())
+                        )
+                    )
+                ),
+                namedtype.NamedType(
+                    'attributes', univ.SetOf(
+                        componentType=rfc5652.Attribute()).subtype(
+                        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+                )
+            )
+        )
+    ),
+    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class TaggedCertificationRequest(univ.Sequence):
+    pass
+
+
+TaggedCertificationRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('certificationRequest', CertificationRequest())
+)
+
+
+class TaggedRequest(univ.Choice):
+    pass
+
+
+TaggedRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tcr', TaggedCertificationRequest().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('crm',
+                        rfc4211.CertReqMsg().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('orm', univ.Sequence(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('bodyPartID', BodyPartID()),
+        namedtype.NamedType('requestMessageType', univ.ObjectIdentifier()),
+        namedtype.NamedType('requestMessageValue', univ.Any())
+    ))
+                        .subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+id_cmc_popLinkRandom = _buildOid(id_cmc, 22)
+
+id_cmc_statusInfo = _buildOid(id_cmc, 1)
+
+id_cmc_trustedAnchors = _buildOid(id_cmc, 26)
+
+id_cmc_transactionId = _buildOid(id_cmc, 5)
+
+id_cmc_encryptedPOP = _buildOid(id_cmc, 9)
+
+
+class PublishTrustAnchors(univ.Sequence):
+    pass
+
+
+PublishTrustAnchors.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('seqNumber', univ.Integer()),
+    namedtype.NamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('anchorHashes', univ.SequenceOf(componentType=univ.OctetString()))
+)
+
+
+class RevokeRequest(univ.Sequence):
+    pass
+
+
+RevokeRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerName', rfc5280.Name()),
+    namedtype.NamedType('serialNumber', univ.Integer()),
+    namedtype.NamedType('reason', rfc5280.CRLReason()),
+    namedtype.OptionalNamedType('invalidityDate', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('passphrase', univ.OctetString()),
+    namedtype.OptionalNamedType('comment', char.UTF8String())
+)
+
+id_cmc_senderNonce = _buildOid(id_cmc, 6)
+
+id_cmc_authData = _buildOid(id_cmc, 27)
+
+
+class TaggedContentInfo(univ.Sequence):
+    pass
+
+
+TaggedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('contentInfo', rfc5652.ContentInfo())
+)
+
+
+class IdentifyProofV2(univ.Sequence):
+    pass
+
+
+IdentifyProofV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('proofAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('macAlgId', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witness', univ.OctetString())
+)
+
+
+class CMCPublicationInfo(univ.Sequence):
+    pass
+
+
+CMCPublicationInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('certHashes', univ.SequenceOf(componentType=univ.OctetString())),
+    namedtype.NamedType('pubInfo', rfc4211.PKIPublicationInfo())
+)
+
+id_kp_cmcCA = _buildOid(rfc5280.id_kp, 27)
+
+id_cmc_confirmCertAcceptance = _buildOid(id_cmc, 24)
+
+id_cmc_raIdentityWitness = _buildOid(id_cmc, 35)
+
+id_ExtensionReq = _buildOid(1, 2, 840, 113549, 1, 9, 14)
+
+id_cct = _buildOid(id_pkix, 12)
+
+id_cct_PKIData = _buildOid(id_cct, 2)
+
+id_kp_cmcRA = _buildOid(rfc5280.id_kp, 28)
+
+
+class CMCStatusInfo(univ.Sequence):
+    pass
+
+
+CMCStatusInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('cMCStatus', CMCStatus()),
+    namedtype.NamedType('bodyList', univ.SequenceOf(componentType=BodyPartID())),
+    namedtype.OptionalNamedType('statusString', char.UTF8String()),
+    namedtype.OptionalNamedType(
+        'otherInfo', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('failInfo', CMCFailInfo()),
+                namedtype.NamedType('pendInfo', PendInfo())
+            )
+        )
+    )
+)
+
+
+class DecryptedPOP(univ.Sequence):
+    pass
+
+
+DecryptedPOP.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('thePOP', univ.OctetString())
+)
+
+id_cmc_addExtensions = _buildOid(id_cmc, 8)
+
+id_cmc_modCertTemplate = _buildOid(id_cmc, 31)
+
+
+class TaggedAttribute(univ.Sequence):
+    pass
+
+
+TaggedAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
+    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()))
+)
+
+
+class OtherMsg(univ.Sequence):
+    pass
+
+
+OtherMsg.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartID', BodyPartID()),
+    namedtype.NamedType('otherMsgType', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherMsgValue', univ.Any())
+)
+
+
+class PKIData(univ.Sequence):
+    pass
+
+
+PKIData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
+    namedtype.NamedType('reqSequence', univ.SequenceOf(componentType=TaggedRequest())),
+    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
+    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
+)
+
+
+class BodyPartList(univ.SequenceOf):
+    pass
+
+
+BodyPartList.componentType = BodyPartID()
+BodyPartList.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_cmc_responseBody = _buildOid(id_cmc, 37)
+
+
+class AuthPublish(BodyPartID):
+    pass
+
+
+class CMCUnsignedData(univ.Sequence):
+    pass
+
+
+CMCUnsignedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('bodyPartPath', BodyPartPath()),
+    namedtype.NamedType('identifier', univ.ObjectIdentifier()),
+    namedtype.NamedType('content', univ.Any())
+)
+
+
+class CMCCertId(rfc5652.IssuerAndSerialNumber):
+    pass
+
+
+class PKIResponse(univ.Sequence):
+    pass
+
+
+PKIResponse.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('controlSequence', univ.SequenceOf(componentType=TaggedAttribute())),
+    namedtype.NamedType('cmsSequence', univ.SequenceOf(componentType=TaggedContentInfo())),
+    namedtype.NamedType('otherMsgSequence', univ.SequenceOf(componentType=OtherMsg()))
+)
+
+
+class ResponseBody(PKIResponse):
+    pass
+
+
+id_cmc_statusInfoV2 = _buildOid(id_cmc, 25)
+
+id_cmc_lraPOPWitness = _buildOid(id_cmc, 11)
+
+
+class ModCertTemplate(univ.Sequence):
+    pass
+
+
+ModCertTemplate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkiDataReference', BodyPartPath()),
+    namedtype.NamedType('certReferences', BodyPartList()),
+    namedtype.DefaultedNamedType('replace', univ.Boolean().subtype(value=1)),
+    namedtype.NamedType('certTemplate', rfc4211.CertTemplate())
+)
+
+id_cmc_regInfo = _buildOid(id_cmc, 18)
+
+id_cmc_identityProof = _buildOid(id_cmc, 3)
+
+
+class ExtensionReq(univ.SequenceOf):
+    pass
+
+
+ExtensionReq.componentType = rfc5280.Extension()
+ExtensionReq.subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_kp_cmcArchive = _buildOid(rfc5280.id_kp, 28)
+
+id_cmc_publishCert = _buildOid(id_cmc, 30)
+
+id_cmc_dataReturn = _buildOid(id_cmc, 4)
+
+
+class LraPopWitness(univ.Sequence):
+    pass
+
+
+LraPopWitness.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkiDataBodyid', BodyPartID()),
+    namedtype.NamedType('bodyIds', univ.SequenceOf(componentType=BodyPartID()))
+)
+
+id_aa = _buildOid(1, 2, 840, 113549, 1, 9, 16, 2)
+
+id_aa_cmc_unsignedData = _buildOid(id_aa, 34)
+
+id_cmc_getCert = _buildOid(id_cmc, 15)
+
+id_cmc_batchRequests = _buildOid(id_cmc, 28)
+
+id_cmc_decryptedPOP = _buildOid(id_cmc, 10)
+
+id_cmc_responseInfo = _buildOid(id_cmc, 19)
+
+id_cmc_changeSubjectName = _buildOid(id_cmc, 36)
+
+
+class GetCert(univ.Sequence):
+    pass
+
+
+GetCert.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerName', rfc5280.GeneralName()),
+    namedtype.NamedType('serialNumber', univ.Integer())
+)
+
+id_cmc_identification = _buildOid(id_cmc, 2)
+
+id_cmc_queryPending = _buildOid(id_cmc, 21)
+
+
+class AddExtensions(univ.Sequence):
+    pass
+
+
+AddExtensions.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pkiDataReference', BodyPartID()),
+    namedtype.NamedType('certReferences', univ.SequenceOf(componentType=BodyPartID())),
+    namedtype.NamedType('extensions', univ.SequenceOf(componentType=rfc5280.Extension()))
+)
+
+
+class EncryptedPOP(univ.Sequence):
+    pass
+
+
+EncryptedPOP.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('request', TaggedRequest()),
+    namedtype.NamedType('cms', rfc5652.ContentInfo()),
+    namedtype.NamedType('thePOPAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witnessAlgID', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('witness', univ.OctetString())
+)
+
+id_cmc_getCRL = _buildOid(id_cmc, 16)
+
+id_cct_PKIResponse = _buildOid(id_cct, 3)
+
+id_cmc_controlProcessed = _buildOid(id_cmc, 32)
+
+
+class NoSignatureValue(univ.OctetString):
+    pass
+
+
+id_ad_cmc = _buildOid(rfc5280.id_ad, 12)
+
+id_alg_noSignature = _buildOid(id_pkix, 6, 2)