Add files using upload-large-folder tool

.venv/lib/python3.11/site-packages/googleapis_common_protos-1.66.0.dist-info/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

.venv/lib/python3.11/site-packages/googleapis_common_protos-1.66.0.dist-info/WHEEL

@@ -0,0 +1,6 @@
+Wheel-Version: 1.0
+Generator: setuptools (75.3.0)
+Root-Is-Purelib: true
+Tag: py2-none-any
+Tag: py3-none-any
+

.venv/lib/python3.11/site-packages/pyasn1_modules/pem.py

@@ -0,0 +1,58 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+import base64
+
+stSpam, stHam, stDump = 0, 1, 2
+
+
+# The markers parameters is in form ('start1', 'stop1'), ('start2', 'stop2')...
+# Return is (marker-index, substrate)
+def readPemBlocksFromFile(fileObj, *markers):
+    startMarkers = dict(map(lambda x: (x[1], x[0]),
+                            enumerate(map(lambda y: y[0], markers))))
+    stopMarkers = dict(map(lambda x: (x[1], x[0]),
+                           enumerate(map(lambda y: y[1], markers))))
+    idx = -1
+    substrate = ''
+    certLines = []
+    state = stSpam
+    while True:
+        certLine = fileObj.readline()
+        if not certLine:
+            break
+        certLine = certLine.strip()
+        if state == stSpam:
+            if certLine in startMarkers:
+                certLines = []
+                idx = startMarkers[certLine]
+                state = stHam
+                continue
+        if state == stHam:
+            if certLine in stopMarkers and stopMarkers[certLine] == idx:
+                state = stDump
+            else:
+                certLines.append(certLine)
+        if state == stDump:
+            substrate = ''.encode().join([base64.b64decode(x.encode()) for x in certLines])
+            break
+    return idx, substrate
+
+
+# Backward compatibility routine
+def readPemFromFile(fileObj,
+                    startMarker='-----BEGIN CERTIFICATE-----',
+                    endMarker='-----END CERTIFICATE-----'):
+    idx, substrate = readPemBlocksFromFile(fileObj, (startMarker, endMarker))
+    return substrate
+
+
+def readBase64fromText(text):
+    return base64.b64decode(text.encode())
+
+
+def readBase64FromFile(fileObj):
+    return readBase64fromText(fileObj.read())

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc1155.py

@@ -0,0 +1,96 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv1 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1155.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+
+class ObjectName(univ.ObjectIdentifier):
+    pass
+
+
+class SimpleSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('number', univ.Integer()),
+        namedtype.NamedType('string', univ.OctetString()),
+        namedtype.NamedType('object', univ.ObjectIdentifier()),
+        namedtype.NamedType('empty', univ.Null())
+    )
+
+
+class IpAddress(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(
+        4, 4
+    )
+
+
+class NetworkAddress(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('internet', IpAddress())
+    )
+
+
+class Counter(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 1)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class Gauge(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class TimeTicks(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 3)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class Opaque(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 4)
+    )
+
+
+class ApplicationSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('address', NetworkAddress()),
+        namedtype.NamedType('counter', Counter()),
+        namedtype.NamedType('gauge', Gauge()),
+        namedtype.NamedType('ticks', TimeTicks()),
+        namedtype.NamedType('arbitrary', Opaque())
+    )
+
+
+class ObjectSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', SimpleSyntax()),
+        namedtype.NamedType('application-wide', ApplicationSyntax())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc1901.py

@@ -0,0 +1,22 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1901.txt
+#
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+
+class Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('version-2c', 1)))),
+        namedtype.NamedType('community', univ.OctetString()),
+        namedtype.NamedType('data', univ.Any())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc1902.py

@@ -0,0 +1,129 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv2c message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1902.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+
+class Integer(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        -2147483648, 2147483647
+    )
+
+
+class Integer32(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        -2147483648, 2147483647
+    )
+
+
+class OctetString(univ.OctetString):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(
+        0, 65535
+    )
+
+
+class IpAddress(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x00)
+    )
+    subtypeSpec = univ.OctetString.subtypeSpec + constraint.ValueSizeConstraint(
+        4, 4
+    )
+
+
+class Counter32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x01)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class Gauge32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class Unsigned32(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x02)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class TimeTicks(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x03)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 4294967295
+    )
+
+
+class Opaque(univ.OctetString):
+    tagSet = univ.OctetString.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x04)
+    )
+
+
+class Counter64(univ.Integer):
+    tagSet = univ.Integer.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 0x06)
+    )
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, 18446744073709551615
+    )
+
+
+class Bits(univ.OctetString):
+    pass
+
+
+class ObjectName(univ.ObjectIdentifier):
+    pass
+
+
+class SimpleSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('integer-value', Integer()),
+        namedtype.NamedType('string-value', OctetString()),
+        namedtype.NamedType('objectID-value', univ.ObjectIdentifier())
+    )
+
+
+class ApplicationSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ipAddress-value', IpAddress()),
+        namedtype.NamedType('counter-value', Counter32()),
+        namedtype.NamedType('timeticks-value', TimeTicks()),
+        namedtype.NamedType('arbitrary-value', Opaque()),
+        namedtype.NamedType('big-counter-value', Counter64()),
+        # This conflicts with Counter32
+        #        namedtype.NamedType('unsigned-integer-value', Unsigned32()),
+        namedtype.NamedType('gauge32-value', Gauge32())
+    )  # BITS misplaced?
+
+
+class ObjectSyntax(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', SimpleSyntax()),
+        namedtype.NamedType('application-wide', ApplicationSyntax())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc1905.py

@@ -0,0 +1,135 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv2c PDU syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1905.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc1902
+
+max_bindings = rfc1902.Integer(2147483647)
+
+
+class _BindValue(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('value', rfc1902.ObjectSyntax()),
+        namedtype.NamedType('unSpecified', univ.Null()),
+        namedtype.NamedType('noSuchObject',
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('noSuchInstance',
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('endOfMibView',
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class VarBind(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('name', rfc1902.ObjectName()),
+        namedtype.NamedType('', _BindValue())
+    )
+
+
+class VarBindList(univ.SequenceOf):
+    componentType = VarBind()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(
+        0, max_bindings
+    )
+
+
+class PDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', rfc1902.Integer32()),
+        namedtype.NamedType('error-status', univ.Integer(
+            namedValues=namedval.NamedValues(('noError', 0), ('tooBig', 1), ('noSuchName', 2), ('badValue', 3),
+                                             ('readOnly', 4), ('genErr', 5), ('noAccess', 6), ('wrongType', 7),
+                                             ('wrongLength', 8), ('wrongEncoding', 9), ('wrongValue', 10),
+                                             ('noCreation', 11), ('inconsistentValue', 12), ('resourceUnavailable', 13),
+                                             ('commitFailed', 14), ('undoFailed', 15), ('authorizationError', 16),
+                                             ('notWritable', 17), ('inconsistentName', 18)))),
+        namedtype.NamedType('error-index',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('variable-bindings', VarBindList())
+    )
+
+
+class BulkPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', rfc1902.Integer32()),
+        namedtype.NamedType('non-repeaters',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('max-repetitions',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, max_bindings))),
+        namedtype.NamedType('variable-bindings', VarBindList())
+    )
+
+
+class GetRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+    )
+
+
+class GetNextRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+    )
+
+
+class ResponsePDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+    )
+
+
+class SetRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+    )
+
+
+class GetBulkRequestPDU(BulkPDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
+    )
+
+
+class InformRequestPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
+    )
+
+
+class SNMPv2TrapPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
+    )
+
+
+class ReportPDU(PDU):
+    tagSet = PDU.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
+    )
+
+
+class PDUs(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('get-request', GetRequestPDU()),
+        namedtype.NamedType('get-next-request', GetNextRequestPDU()),
+        namedtype.NamedType('get-bulk-request', GetBulkRequestPDU()),
+        namedtype.NamedType('response', ResponsePDU()),
+        namedtype.NamedType('set-request', SetRequestPDU()),
+        namedtype.NamedType('inform-request', InformRequestPDU()),
+        namedtype.NamedType('snmpV2-trap', SNMPv2TrapPDU()),
+        namedtype.NamedType('report', ReportPDU())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2315.py

@@ -0,0 +1,294 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#7 message syntax
+#
+# ASN.1 source from:
+# https://opensource.apple.com/source/Security/Security-55179.1/libsecurity_asn1/asn1/pkcs7.asn.auto.html
+#
+# Sample captures from:
+# openssl crl2pkcs7 -nocrl -certfile cert1.cer -out outfile.p7b
+#
+from pyasn1_modules.rfc2459 import *
+
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
+    )
+
+
+class AttributeValueAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeType', AttributeType()),
+        namedtype.NamedType('attributeValue', AttributeValue(),
+                            openType=opentype.OpenType('type', certificateAttributesMap))
+    )
+
+
+pkcs_7 = univ.ObjectIdentifier('1.2.840.113549.1.7')
+data = univ.ObjectIdentifier('1.2.840.113549.1.7.1')
+signedData = univ.ObjectIdentifier('1.2.840.113549.1.7.2')
+envelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.3')
+signedAndEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.7.4')
+digestedData = univ.ObjectIdentifier('1.2.840.113549.1.7.5')
+encryptedData = univ.ObjectIdentifier('1.2.840.113549.1.7.6')
+
+
+class ContentType(univ.ObjectIdentifier):
+    pass
+
+
+class ContentEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedContent(univ.OctetString):
+    pass
+
+
+contentTypeMap = {}
+
+
+class EncryptedContentInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contentType', ContentType()),
+        namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+        namedtype.OptionalNamedType(
+            'encryptedContent', EncryptedContent().subtype(
+                implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            ),
+            openType=opentype.OpenType('contentType', contentTypeMap)
+        )
+    )
+
+
+class Version(univ.Integer):  # overrides x509.Version
+    pass
+
+
+class EncryptedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
+    )
+
+
+class DigestAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    componentType = DigestAlgorithmIdentifier()
+
+
+class Digest(univ.OctetString):
+    pass
+
+
+class ContentInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contentType', ContentType()),
+        namedtype.OptionalNamedType(
+            'content',
+            univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)),
+            openType=opentype.OpenType('contentType', contentTypeMap)
+        )
+    )
+
+
+class DigestedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('contentInfo', ContentInfo()),
+        namedtype.NamedType('digest', Digest())
+    )
+
+
+class IssuerAndSerialNumber(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber())
+    )
+
+
+class KeyEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedKey(univ.OctetString):
+    pass
+
+
+class RecipientInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+        namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('encryptedKey', EncryptedKey())
+    )
+
+
+class RecipientInfos(univ.SetOf):
+    componentType = RecipientInfo()
+
+
+class Attributes(univ.SetOf):
+    componentType = Attribute()
+
+
+class ExtendedCertificateInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('certificate', Certificate()),
+        namedtype.NamedType('attributes', Attributes())
+    )
+
+
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class Signature(univ.BitString):
+    pass
+
+
+class ExtendedCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+    )
+
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificate', Certificate()),
+        namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class ExtendedCertificatesAndCertificates(univ.SetOf):
+    componentType = ExtendedCertificateOrCertificate()
+
+
+class SerialNumber(univ.Integer):
+    pass
+
+
+class CRLEntry(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userCertificate', SerialNumber()),
+        namedtype.NamedType('revocationDate', useful.UTCTime())
+    )
+
+
+class TBSCertificateRevocationList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('lastUpdate', useful.UTCTime()),
+        namedtype.NamedType('nextUpdate', useful.UTCTime()),
+        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=CRLEntry()))
+    )
+
+
+class CertificateRevocationList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertificateRevocationList', TBSCertificateRevocationList()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+
+class CertificateRevocationLists(univ.SetOf):
+    componentType = CertificateRevocationList()
+
+
+class DigestEncryptionAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedDigest(univ.OctetString):
+    pass
+
+
+class SignerInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.OptionalNamedType('authenticatedAttributes', Attributes().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('digestEncryptionAlgorithm', DigestEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('encryptedDigest', EncryptedDigest()),
+        namedtype.OptionalNamedType('unauthenticatedAttributes', Attributes().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class SignerInfos(univ.SetOf):
+    componentType = SignerInfo()
+
+
+class SignedAndEnvelopedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('recipientInfos', RecipientInfos()),
+        namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('signerInfos', SignerInfos())
+    )
+
+
+class EnvelopedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('recipientInfos', RecipientInfos()),
+        namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo())
+    )
+
+
+class DigestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+        namedtype.NamedType('digest', Digest())
+    )
+
+
+class SignedData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.OptionalNamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+        namedtype.NamedType('contentInfo', ContentInfo()),
+        namedtype.OptionalNamedType('certificates', ExtendedCertificatesAndCertificates().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('crls', CertificateRevocationLists().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('signerInfos', SignerInfos())
+    )
+
+
+class Data(univ.OctetString):
+    pass
+
+_contentTypeMapUpdate = {
+    data: Data(),
+    signedData: SignedData(),
+    envelopedData: EnvelopedData(),
+    signedAndEnvelopedData: SignedAndEnvelopedData(),
+    digestedData: DigestedData(),
+    encryptedData: EncryptedData()
+}
+
+contentTypeMap.update(_contentTypeMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2459.py

@@ -0,0 +1,1339 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Updated by Russ Housley to resolve the TODO regarding the Certificate
+#   Policies Certificate Extension.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# X.509 message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/x509.asn
+# http://www.ietf.org/rfc/rfc2459.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+MAX = float('inf')
+
+#
+# PKIX1Explicit88
+#
+
+# Upper Bounds
+ub_name = univ.Integer(32768)
+ub_common_name = univ.Integer(64)
+ub_locality_name = univ.Integer(128)
+ub_state_name = univ.Integer(128)
+ub_organization_name = univ.Integer(64)
+ub_organizational_unit_name = univ.Integer(64)
+ub_title = univ.Integer(64)
+ub_match = univ.Integer(128)
+ub_emailaddress_length = univ.Integer(128)
+ub_common_name_length = univ.Integer(64)
+ub_country_name_alpha_length = univ.Integer(2)
+ub_country_name_numeric_length = univ.Integer(3)
+ub_domain_defined_attributes = univ.Integer(4)
+ub_domain_defined_attribute_type_length = univ.Integer(8)
+ub_domain_defined_attribute_value_length = univ.Integer(128)
+ub_domain_name_length = univ.Integer(16)
+ub_extension_attributes = univ.Integer(256)
+ub_e163_4_number_length = univ.Integer(15)
+ub_e163_4_sub_address_length = univ.Integer(40)
+ub_generation_qualifier_length = univ.Integer(3)
+ub_given_name_length = univ.Integer(16)
+ub_initials_length = univ.Integer(5)
+ub_integer_options = univ.Integer(256)
+ub_numeric_user_id_length = univ.Integer(32)
+ub_organization_name_length = univ.Integer(64)
+ub_organizational_unit_name_length = univ.Integer(32)
+ub_organizational_units = univ.Integer(4)
+ub_pds_name_length = univ.Integer(16)
+ub_pds_parameter_length = univ.Integer(30)
+ub_pds_physical_address_lines = univ.Integer(6)
+ub_postal_code_length = univ.Integer(16)
+ub_surname_length = univ.Integer(40)
+ub_terminal_id_length = univ.Integer(24)
+ub_unformatted_address_length = univ.Integer(180)
+ub_x121_address_length = univ.Integer(16)
+
+
+class UniversalString(char.UniversalString):
+    pass
+
+
+class BMPString(char.BMPString):
+    pass
+
+
+class UTF8String(char.UTF8String):
+    pass
+
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1')
+id_qt = univ.ObjectIdentifier('1.3.6.1.5.5.7.2')
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+id_ad = univ.ObjectIdentifier('1.3.6.1.5.5.7.48')
+
+id_qt_cps = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.1')
+id_qt_unotice = univ.ObjectIdentifier('1.3.6.1.5.5.7.2.2')
+
+id_ad_ocsp = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.1')
+id_ad_caIssuers = univ.ObjectIdentifier('1.3.6.1.5.5.7.48.2')
+
+
+
+
+id_at = univ.ObjectIdentifier('2.5.4')
+id_at_name = univ.ObjectIdentifier('2.5.4.41')
+# preserve misspelled variable for compatibility
+id_at_sutname = id_at_surname = univ.ObjectIdentifier('2.5.4.4')
+id_at_givenName = univ.ObjectIdentifier('2.5.4.42')
+id_at_initials = univ.ObjectIdentifier('2.5.4.43')
+id_at_generationQualifier = univ.ObjectIdentifier('2.5.4.44')
+
+
+class X520name(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString',
+                            char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('printableString',
+                            char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('universalString',
+                            char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('utf8String',
+                            char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+        namedtype.NamedType('bmpString',
+                            char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name)))
+    )
+
+
+id_at_commonName = univ.ObjectIdentifier('2.5.4.3')
+
+
+class X520CommonName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('utf8String',
+                            char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+        namedtype.NamedType('bmpString',
+                            char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name)))
+    )
+
+
+id_at_localityName = univ.ObjectIdentifier('2.5.4.7')
+
+
+class X520LocalityName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('utf8String',
+                            char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+        namedtype.NamedType('bmpString',
+                            char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name)))
+    )
+
+
+id_at_stateOrProvinceName = univ.ObjectIdentifier('2.5.4.8')
+
+
+class X520StateOrProvinceName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString',
+                            char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('utf8String',
+                            char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+        namedtype.NamedType('bmpString',
+                            char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name)))
+    )
+
+
+id_at_organizationName = univ.ObjectIdentifier('2.5.4.10')
+
+
+class X520OrganizationName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name)))
+    )
+
+
+id_at_organizationalUnitName = univ.ObjectIdentifier('2.5.4.11')
+
+
+class X520OrganizationalUnitName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('printableString', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('universalString', char.UniversalString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name)))
+    )
+
+
+id_at_title = univ.ObjectIdentifier('2.5.4.12')
+
+
+class X520Title(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString',
+                            char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('printableString',
+                            char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('universalString',
+                            char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('utf8String',
+                            char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+        namedtype.NamedType('bmpString',
+                            char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title)))
+    )
+
+
+id_at_dnQualifier = univ.ObjectIdentifier('2.5.4.46')
+
+
+class X520dnQualifier(char.PrintableString):
+    pass
+
+
+id_at_countryName = univ.ObjectIdentifier('2.5.4.6')
+
+
+class X520countryName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(2, 2)
+
+
+pkcs_9 = univ.ObjectIdentifier('1.2.840.113549.1.9')
+
+emailAddress = univ.ObjectIdentifier('1.2.840.113549.1.9.1')
+
+
+class Pkcs9email(char.IA5String):
+    subtypeSpec = char.IA5String.subtypeSpec + constraint.ValueSizeConstraint(1, ub_emailaddress_length)
+
+
+# ----
+
+class DSAPrivateKey(univ.Sequence):
+    """PKIX compliant DSA private key structure"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 0)))),
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('public', univ.Integer()),
+        namedtype.NamedType('private', univ.Integer())
+    )
+
+
+# ----
+
+
+class DirectoryString(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('teletexString',
+                            char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('printableString',
+                            char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('universalString',
+                            char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('utf8String',
+                            char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+        # hm, this should not be here!? XXX
+    )
+
+
+# certificate and CRL specific structures begin here
+
+class AlgorithmIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('parameters', univ.Any())
+    )
+
+
+
+# Algorithm OIDs and parameter structures
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
+md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
+md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
+sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
+id_dsa_with_sha1 = univ.ObjectIdentifier('1.2.840.10040.4.3')
+
+
+class Dss_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+
+dhpublicnumber = univ.ObjectIdentifier('1.2.840.10046.2.1')
+
+
+class ValidationParms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('seed', univ.BitString()),
+        namedtype.NamedType('pgenCounter', univ.Integer())
+    )
+
+
+class DomainParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('j', univ.Integer()),
+        namedtype.OptionalNamedType('validationParms', ValidationParms())
+    )
+
+
+id_dsa = univ.ObjectIdentifier('1.2.840.10040.4.1')
+
+
+class Dss_Parms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer())
+    )
+
+
+# x400 address syntax starts here
+
+teletex_domain_defined_attributes = univ.Integer(6)
+
+
+class TeletexDomainDefinedAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+        namedtype.NamedType('value', char.TeletexString())
+    )
+
+
+class TeletexDomainDefinedAttributes(univ.SequenceOf):
+    componentType = TeletexDomainDefinedAttribute()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+
+terminal_type = univ.Integer(23)
+
+
+class TerminalType(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, ub_integer_options)
+    namedValues = namedval.NamedValues(
+        ('telex', 3),
+        ('teletelex', 4),
+        ('g3-facsimile', 5),
+        ('g4-facsimile', 6),
+        ('ia5-terminal', 7),
+        ('videotex', 8)
+    )
+
+
+class PresentationAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3),
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    )
+
+
+extended_network_address = univ.Integer(22)
+
+
+class E163_4_address(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('number', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class ExtendedNetworkAddress(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('e163-4-address', E163_4_address()),
+        namedtype.NamedType('psap-address', PresentationAddress().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class PDSParameter(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))),
+        namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))
+    )
+
+
+local_postal_attributes = univ.Integer(21)
+
+
+class LocalPostalAttributes(PDSParameter):
+    pass
+
+
+class UniquePostalName(PDSParameter):
+    pass
+
+
+unique_postal_name = univ.Integer(20)
+
+poste_restante_address = univ.Integer(19)
+
+
+class PosteRestanteAddress(PDSParameter):
+    pass
+
+
+post_office_box_address = univ.Integer(18)
+
+
+class PostOfficeBoxAddress(PDSParameter):
+    pass
+
+
+street_address = univ.Integer(17)
+
+
+class StreetAddress(PDSParameter):
+    pass
+
+
+class UnformattedPostalAddress(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_physical_address_lines)))),
+        namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length)))
+    )
+
+
+physical_delivery_office_name = univ.Integer(10)
+
+
+class PhysicalDeliveryOfficeName(PDSParameter):
+    pass
+
+
+physical_delivery_office_number = univ.Integer(11)
+
+
+class PhysicalDeliveryOfficeNumber(PDSParameter):
+    pass
+
+
+extension_OR_address_components = univ.Integer(12)
+
+
+class ExtensionORAddressComponents(PDSParameter):
+    pass
+
+
+physical_delivery_personal_name = univ.Integer(13)
+
+
+class PhysicalDeliveryPersonalName(PDSParameter):
+    pass
+
+
+physical_delivery_organization_name = univ.Integer(14)
+
+
+class PhysicalDeliveryOrganizationName(PDSParameter):
+    pass
+
+
+extension_physical_delivery_address_components = univ.Integer(15)
+
+
+class ExtensionPhysicalDeliveryAddressComponents(PDSParameter):
+    pass
+
+
+unformatted_postal_address = univ.Integer(16)
+
+postal_code = univ.Integer(9)
+
+
+class PostalCode(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric-code', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))),
+        namedtype.NamedType('printable-code', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length)))
+    )
+
+
+class PhysicalDeliveryCountryName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length,
+                                                       ub_country_name_numeric_length))),
+        namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+    )
+
+
+class PDSName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_pds_name_length)
+
+
+physical_delivery_country_name = univ.Integer(8)
+
+
+class TeletexOrganizationalUnitName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+
+pds_name = univ.Integer(7)
+
+teletex_organizational_unit_names = univ.Integer(5)
+
+
+class TeletexOrganizationalUnitNames(univ.SequenceOf):
+    componentType = TeletexOrganizationalUnitName()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+
+teletex_personal_name = univ.Integer(4)
+
+
+class TeletexPersonalName(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('surname', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('initials', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+
+teletex_organization_name = univ.Integer(3)
+
+
+class TeletexOrganizationName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+
+teletex_common_name = univ.Integer(2)
+
+
+class TeletexCommonName(char.TeletexString):
+    subtypeSpec = char.TeletexString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+
+class CommonName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+
+common_name = univ.Integer(1)
+
+
+class ExtensionAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(0, ub_extension_attributes),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('extension-attribute-value',
+                            univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class ExtensionAttributes(univ.SetOf):
+    componentType = ExtensionAttribute()
+    sizeSpec = univ.SetOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_extension_attributes)
+
+
+class BuiltInDomainDefinedAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+        namedtype.NamedType('value', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+    )
+
+
+class BuiltInDomainDefinedAttributes(univ.SequenceOf):
+    componentType = BuiltInDomainDefinedAttribute()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+
+class OrganizationalUnitName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+
+class OrganizationalUnitNames(univ.SequenceOf):
+    componentType = OrganizationalUnitName()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+
+class PersonalName(univ.Set):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('surname', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('initials', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length),
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+
+class NumericUserIdentifier(char.NumericString):
+    subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_numeric_user_id_length)
+
+
+class OrganizationName(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+
+class PrivateDomainName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))),
+        namedtype.NamedType('printable', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length)))
+    )
+
+
+class TerminalIdentifier(char.PrintableString):
+    subtypeSpec = char.PrintableString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_terminal_id_length)
+
+
+class X121Address(char.NumericString):
+    subtypeSpec = char.NumericString.subtypeSpec + constraint.ValueSizeConstraint(1, ub_x121_address_length)
+
+
+class NetworkAddress(X121Address):
+    pass
+
+
+class AdministrationDomainName(univ.Choice):
+    tagSet = univ.Choice.tagSet.tagExplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('numeric', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))),
+        namedtype.NamedType('printable', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
+    )
+
+
+class CountryName(univ.Choice):
+    tagSet = univ.Choice.tagSet.tagExplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length,
+                                                       ub_country_name_numeric_length))),
+        namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+    )
+
+
+class BuiltInStandardAttributes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('country-name', CountryName()),
+        namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()),
+        namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('personal-name', PersonalName().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6)))
+    )
+
+
+class ORAddress(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()),
+        namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()),
+        namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes())
+    )
+
+
+#
+# PKIX1Implicit88
+#
+
+id_ce_invalidityDate = univ.ObjectIdentifier('2.5.29.24')
+
+
+class InvalidityDate(useful.GeneralizedTime):
+    pass
+
+
+id_holdinstruction_none = univ.ObjectIdentifier('2.2.840.10040.2.1')
+id_holdinstruction_callissuer = univ.ObjectIdentifier('2.2.840.10040.2.2')
+id_holdinstruction_reject = univ.ObjectIdentifier('2.2.840.10040.2.3')
+
+holdInstruction = univ.ObjectIdentifier('2.2.840.10040.2')
+
+id_ce_holdInstructionCode = univ.ObjectIdentifier('2.5.29.23')
+
+
+class HoldInstructionCode(univ.ObjectIdentifier):
+    pass
+
+
+id_ce_cRLReasons = univ.ObjectIdentifier('2.5.29.21')
+
+
+class CRLReason(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6),
+        ('removeFromCRL', 8)
+    )
+
+
+id_ce_cRLNumber = univ.ObjectIdentifier('2.5.29.20')
+
+
+class CRLNumber(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
+
+
+class BaseCRLNumber(CRLNumber):
+    pass
+
+
+id_kp_serverAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1')
+id_kp_clientAuth = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.2')
+id_kp_codeSigning = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.3')
+id_kp_emailProtection = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.4')
+id_kp_ipsecEndSystem = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.5')
+id_kp_ipsecTunnel = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.6')
+id_kp_ipsecUser = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.7')
+id_kp_timeStamping = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.8')
+id_pe_authorityInfoAccess = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.1')
+id_ce_extKeyUsage = univ.ObjectIdentifier('2.5.29.37')
+
+
+class KeyPurposeId(univ.ObjectIdentifier):
+    pass
+
+
+class ExtKeyUsageSyntax(univ.SequenceOf):
+    componentType = KeyPurposeId()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class ReasonFlags(univ.BitString):
+    namedValues = namedval.NamedValues(
+        ('unused', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6)
+    )
+
+
+class SkipCerts(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueSizeConstraint(0, MAX)
+
+
+id_ce_policyConstraints = univ.ObjectIdentifier('2.5.29.36')
+
+
+class PolicyConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('requireExplicitPolicy', SkipCerts().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('inhibitPolicyMapping', SkipCerts().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+id_ce_basicConstraints = univ.ObjectIdentifier('2.5.29.19')
+
+
+class BasicConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('cA', univ.Boolean(False)),
+        namedtype.OptionalNamedType('pathLenConstraint',
+                                    univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+    )
+
+
+id_ce_subjectDirectoryAttributes = univ.ObjectIdentifier('2.5.29.9')
+
+
+class EDIPartyName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('partyName',
+                            DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+
+id_ce_deltaCRLIndicator = univ.ObjectIdentifier('2.5.29.27')
+
+
+
+class BaseDistance(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(0, MAX)
+
+
+id_ce_cRLDistributionPoints = univ.ObjectIdentifier('2.5.29.31')
+
+
+id_ce_issuingDistributionPoint = univ.ObjectIdentifier('2.5.29.28')
+
+
+
+
+id_ce_nameConstraints = univ.ObjectIdentifier('2.5.29.30')
+
+
+class DisplayText(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('visibleString',
+                            char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
+    )
+
+
+class NoticeReference(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('organization', DisplayText()),
+        namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer()))
+    )
+
+
+class UserNotice(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('noticeRef', NoticeReference()),
+        namedtype.OptionalNamedType('explicitText', DisplayText())
+    )
+
+
+class CPSuri(char.IA5String):
+    pass
+
+
+class PolicyQualifierId(univ.ObjectIdentifier):
+    subtypeSpec = univ.ObjectIdentifier.subtypeSpec + constraint.SingleValueConstraint(id_qt_cps, id_qt_unotice)
+
+
+class CertPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class PolicyQualifierInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
+        namedtype.NamedType('qualifier', univ.Any())
+    )
+
+
+id_ce_certificatePolicies = univ.ObjectIdentifier('2.5.29.32')
+
+
+class PolicyInformation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyIdentifier', CertPolicyId()),
+        namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class CertificatePolicies(univ.SequenceOf):
+    componentType = PolicyInformation()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+id_ce_policyMappings = univ.ObjectIdentifier('2.5.29.33')
+
+
+class PolicyMapping(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuerDomainPolicy', CertPolicyId()),
+        namedtype.NamedType('subjectDomainPolicy', CertPolicyId())
+    )
+
+
+class PolicyMappings(univ.SequenceOf):
+    componentType = PolicyMapping()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+id_ce_privateKeyUsagePeriod = univ.ObjectIdentifier('2.5.29.16')
+
+
+class PrivateKeyUsagePeriod(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+id_ce_keyUsage = univ.ObjectIdentifier('2.5.29.15')
+
+
+class KeyUsage(univ.BitString):
+    namedValues = namedval.NamedValues(
+        ('digitalSignature', 0),
+        ('nonRepudiation', 1),
+        ('keyEncipherment', 2),
+        ('dataEncipherment', 3),
+        ('keyAgreement', 4),
+        ('keyCertSign', 5),
+        ('cRLSign', 6),
+        ('encipherOnly', 7),
+        ('decipherOnly', 8)
+    )
+
+
+id_ce = univ.ObjectIdentifier('2.5.29')
+
+id_ce_authorityKeyIdentifier = univ.ObjectIdentifier('2.5.29.35')
+
+
+class KeyIdentifier(univ.OctetString):
+    pass
+
+
+id_ce_subjectKeyIdentifier = univ.ObjectIdentifier('2.5.29.14')
+
+
+class SubjectKeyIdentifier(KeyIdentifier):
+    pass
+
+
+id_ce_certificateIssuer = univ.ObjectIdentifier('2.5.29.29')
+
+
+id_ce_subjectAltName = univ.ObjectIdentifier('2.5.29.17')
+
+
+id_ce_issuerAltName = univ.ObjectIdentifier('2.5.29.18')
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+certificateAttributesMap = {}
+
+
+class AttributeTypeAndValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('value', AttributeValue(),
+                            openType=opentype.OpenType('type', certificateAttributesMap))
+    )
+
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+    )
+
+
+class SubjectDirectoryAttributes(univ.SequenceOf):
+    componentType = Attribute()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class RelativeDistinguishedName(univ.SetOf):
+    componentType = AttributeTypeAndValue()
+
+
+class RDNSequence(univ.SequenceOf):
+    componentType = RelativeDistinguishedName()
+
+
+class Name(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('', RDNSequence())
+    )
+
+class CertificateSerialNumber(univ.Integer):
+    pass
+
+
+class AnotherName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type-id', univ.ObjectIdentifier()),
+        namedtype.NamedType('value',
+                            univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class GeneralName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('otherName',
+                            AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('rfc822Name',
+                            char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dNSName',
+                            char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('x400Address',
+                            ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.NamedType('directoryName',
+                            Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.NamedType('ediPartyName',
+                            EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.NamedType('uniformResourceIdentifier',
+                            char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.NamedType('iPAddress', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
+    )
+
+
+class GeneralNames(univ.SequenceOf):
+    componentType = GeneralName()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class AccessDescription(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('accessMethod', univ.ObjectIdentifier()),
+        namedtype.NamedType('accessLocation', GeneralName())
+    )
+
+
+class AuthorityInfoAccessSyntax(univ.SequenceOf):
+    componentType = AccessDescription()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class AuthorityKeyIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class DistributionPointName(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('fullName', GeneralNames().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class DistributionPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
+
+
+class CRLDistPointsSyntax(univ.SequenceOf):
+    componentType = DistributionPoint()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class IssuingDistributionPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('onlyContainsUserCerts', univ.Boolean(False).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('onlyContainsCACerts', univ.Boolean(False).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.NamedType('indirectCRL', univ.Boolean(False).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+
+class GeneralSubtree(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('base', GeneralName()),
+        namedtype.DefaultedNamedType('minimum', BaseDistance(0).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('maximum', BaseDistance().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class GeneralSubtrees(univ.SequenceOf):
+    componentType = GeneralSubtree()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class NameConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class CertificateIssuer(GeneralNames):
+    pass
+
+
+class SubjectAltName(GeneralNames):
+    pass
+
+
+class IssuerAltName(GeneralNames):
+    pass
+
+
+certificateExtensionsMap = {}
+
+
+class Extension(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+        namedtype.DefaultedNamedType('critical', univ.Boolean('False')),
+        namedtype.NamedType('extnValue', univ.OctetString(),
+                            openType=opentype.OpenType('extnID', certificateExtensionsMap))
+    )
+
+
+class Extensions(univ.SequenceOf):
+    componentType = Extension()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class SubjectPublicKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('subjectPublicKey', univ.BitString())
+    )
+
+
+class UniqueIdentifier(univ.BitString):
+    pass
+
+
+class Time(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('utcTime', useful.UTCTime()),
+        namedtype.NamedType('generalTime', useful.GeneralizedTime())
+    )
+
+
+class Validity(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('notBefore', Time()),
+        namedtype.NamedType('notAfter', Time())
+    )
+
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('v1', 0), ('v2', 1), ('v3', 2)
+    )
+
+
+class TBSCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber()),
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('validity', Validity()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+
+class Certificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertificate', TBSCertificate()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signatureValue', univ.BitString())
+    )
+
+# CRL structures
+
+class RevokedCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userCertificate', CertificateSerialNumber()),
+        namedtype.NamedType('revocationDate', Time()),
+        namedtype.OptionalNamedType('crlEntryExtensions', Extensions())
+    )
+
+
+class TBSCertList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('version', Version()),
+        namedtype.NamedType('signature', AlgorithmIdentifier()),
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('thisUpdate', Time()),
+        namedtype.OptionalNamedType('nextUpdate', Time()),
+        namedtype.OptionalNamedType('revokedCertificates', univ.SequenceOf(componentType=RevokedCertificate())),
+        namedtype.OptionalNamedType('crlExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class CertificateList(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsCertList', TBSCertList()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+# map of AttributeType -> AttributeValue
+
+_certificateAttributesMapUpdate = {
+    id_at_name: X520name(),
+    id_at_surname: X520name(),
+    id_at_givenName: X520name(),
+    id_at_initials: X520name(),
+    id_at_generationQualifier: X520name(),
+    id_at_commonName: X520CommonName(),
+    id_at_localityName: X520LocalityName(),
+    id_at_stateOrProvinceName: X520StateOrProvinceName(),
+    id_at_organizationName: X520OrganizationName(),
+    id_at_organizationalUnitName: X520OrganizationalUnitName(),
+    id_at_title: X520Title(),
+    id_at_dnQualifier: X520dnQualifier(),
+    id_at_countryName: X520countryName(),
+    emailAddress: Pkcs9email(),
+}
+
+certificateAttributesMap.update(_certificateAttributesMapUpdate)
+
+
+# map of Certificate Extension OIDs to Extensions
+
+_certificateExtensionsMapUpdate = {
+    id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(),
+    id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(),
+    id_ce_keyUsage: KeyUsage(),
+    id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(),
+    id_ce_certificatePolicies: CertificatePolicies(),
+    id_ce_policyMappings: PolicyMappings(),
+    id_ce_subjectAltName: SubjectAltName(),
+    id_ce_issuerAltName: IssuerAltName(),
+    id_ce_subjectDirectoryAttributes: SubjectDirectoryAttributes(),
+    id_ce_basicConstraints: BasicConstraints(),
+    id_ce_nameConstraints: NameConstraints(),
+    id_ce_policyConstraints: PolicyConstraints(),
+    id_ce_extKeyUsage: ExtKeyUsageSyntax(),
+    id_ce_cRLDistributionPoints: CRLDistPointsSyntax(),
+    id_pe_authorityInfoAccess: AuthorityInfoAccessSyntax(),
+    id_ce_cRLNumber: univ.Integer(),
+    id_ce_deltaCRLIndicator: BaseCRLNumber(),
+    id_ce_issuingDistributionPoint: IssuingDistributionPoint(),
+    id_ce_cRLReasons: CRLReason(),
+    id_ce_holdInstructionCode: univ.ObjectIdentifier(),
+    id_ce_invalidityDate: useful.GeneralizedTime(),
+    id_ce_certificateIssuer: GeneralNames(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)
+

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2511.py

@@ -0,0 +1,258 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# X.509 certificate Request Message Format (CRMF) syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc2511
+#
+# Sample captures could be obtained with OpenSSL
+#
+from pyasn1_modules import rfc2315
+from pyasn1_modules.rfc2459 import *
+
+MAX = float('inf')
+
+id_pkix = univ.ObjectIdentifier('1.3.6.1.5.5.7')
+id_pkip = univ.ObjectIdentifier('1.3.6.1.5.5.7.5')
+id_regCtrl = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1')
+id_regCtrl_regToken = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.1')
+id_regCtrl_authenticator = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.2')
+id_regCtrl_pkiPublicationInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.3')
+id_regCtrl_pkiArchiveOptions = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.4')
+id_regCtrl_oldCertID = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.5')
+id_regCtrl_protocolEncrKey = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.1.6')
+id_regInfo = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2')
+id_regInfo_utf8Pairs = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.1')
+id_regInfo_certReq = univ.ObjectIdentifier('1.3.6.1.5.5.7.5.2.2')
+
+
+# This should be in PKIX Certificate Extensions module
+
+class GeneralName(univ.OctetString):
+    pass
+
+
+# end of PKIX Certificate Extensions module
+
+class UTF8Pairs(char.UTF8String):
+    pass
+
+
+class ProtocolEncrKey(SubjectPublicKeyInfo):
+    pass
+
+
+class CertId(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', GeneralName()),
+        namedtype.NamedType('serialNumber', univ.Integer())
+    )
+
+
+class OldCertId(CertId):
+    pass
+
+
+class KeyGenParameters(univ.OctetString):
+    pass
+
+
+class EncryptedValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('intendedAlg', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('symmAlg', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('keyAlg', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('encValue', univ.BitString())
+    )
+
+
+class EncryptedKey(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptedValue', EncryptedValue()),
+        namedtype.NamedType('envelopedData', rfc2315.EnvelopedData().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class PKIArchiveOptions(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptedPrivKey', EncryptedKey().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('keyGenParameters', KeyGenParameters().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('archiveRemGenPrivKey',
+                            univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class SinglePubInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pubMethod', univ.Integer(
+            namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
+        namedtype.OptionalNamedType('pubLocation', GeneralName())
+    )
+
+
+class PKIPublicationInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('action',
+                            univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+        namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class Authenticator(char.UTF8String):
+    pass
+
+
+class RegToken(char.UTF8String):
+    pass
+
+
+class SubsequentMessage(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('encrCert', 0),
+        ('challengeResp', 1)
+    )
+
+
+class POPOPrivKey(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('thisMessage',
+                            univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('subsequentMessage', SubsequentMessage().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('dhMAC',
+                            univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class PBMParameter(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('salt', univ.OctetString()),
+        namedtype.NamedType('owf', AlgorithmIdentifier()),
+        namedtype.NamedType('iterationCount', univ.Integer()),
+        namedtype.NamedType('mac', AlgorithmIdentifier())
+    )
+
+
+class PKMACValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algId', AlgorithmIdentifier()),
+        namedtype.NamedType('value', univ.BitString())
+    )
+
+
+class POPOSigningKeyInput(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType(
+            'authInfo', univ.Choice(
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType(
+                        'sender', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+                    ),
+                    namedtype.NamedType('publicKeyMAC', PKMACValue())
+                )
+            )
+        ),
+        namedtype.NamedType('publicKey', SubjectPublicKeyInfo())
+    )
+
+
+class POPOSigningKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('algorithmIdentifier', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString())
+    )
+
+
+class ProofOfPossession(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('raVerified',
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('signature', POPOSigningKey().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('keyEncipherment', POPOPrivKey().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('keyAgreement', POPOPrivKey().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+    )
+
+
+class Controls(univ.SequenceOf):
+    componentType = AttributeTypeAndValue()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class OptionalValidity(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('notBefore',
+                                    Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('notAfter',
+                                    Time().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class CertTemplate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('version', Version().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('signingAlg', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('issuer', Name().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('validity', OptionalValidity().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('subject', Name().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.OptionalNamedType('publicKey', SubjectPublicKeyInfo().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.OptionalNamedType('issuerUID', UniqueIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.OptionalNamedType('subjectUID', UniqueIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+        namedtype.OptionalNamedType('extensions', Extensions().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
+
+class CertRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.NamedType('certTemplate', CertTemplate()),
+        namedtype.OptionalNamedType('controls', Controls())
+    )
+
+
+class CertReq(CertRequest):
+    pass
+
+
+class CertReqMsg(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReq', CertRequest()),
+        namedtype.OptionalNamedType('pop', ProofOfPossession()),
+        namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class CertReqMessages(univ.SequenceOf):
+    componentType = CertReqMsg()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2631.py

@@ -0,0 +1,37 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Diffie-Hellman Key Agreement
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc2631.txt
+# https://www.rfc-editor.org/errata/eid5897
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+
+class KeySpecificInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
+        namedtype.NamedType('counter', univ.OctetString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(4, 4)))
+    )
+
+
+class OtherInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('keyInfo', KeySpecificInfo()),
+        namedtype.OptionalNamedType('partyAInfo', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('suppPubInfo', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2876.py

@@ -0,0 +1,56 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# KEA and SKIPJACK Algorithms in CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc2876.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5751
+
+
+id_fortezzaConfidentialityAlgorithm = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.4')
+
+
+id_fortezzaWrap80 = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.23')
+
+
+id_kEAKeyEncryptionAlgorithm = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.24')
+
+
+id_keyExchangeAlgorithm = univ.ObjectIdentifier('2.16.840.1.101.2.1.1.22')
+
+
+class Skipjack_Parm(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('initialization-vector', univ.OctetString())
+    )
+
+
+# Update the Algorithm Identifier map in rfc5280.py.
+
+_algorithmIdentifierMapUpdate = {
+    id_fortezzaConfidentialityAlgorithm: Skipjack_Parm(),
+    id_kEAKeyEncryptionAlgorithm: rfc5280.AlgorithmIdentifier(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the SMIMECapabilities Attribute map in rfc5751.py
+
+_smimeCapabilityMapUpdate = {
+    id_kEAKeyEncryptionAlgorithm: rfc5280.AlgorithmIdentifier(),
+}
+
+rfc5751.smimeCapabilityMap.update(_smimeCapabilityMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2985.py

@@ -0,0 +1,588 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#9: Selected Attribute Types (Version 2.0)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc2985.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc7292
+from pyasn1_modules import rfc5958
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+Attribute = rfc5280.Attribute
+
+EmailAddress = rfc5280.EmailAddress
+
+Extensions = rfc5280.Extensions
+
+Time = rfc5280.Time
+
+X520countryName = rfc5280.X520countryName
+
+X520SerialNumber = rfc5280.X520SerialNumber
+
+
+# Imports from RFC 5652
+
+ContentInfo = rfc5652.ContentInfo
+
+ContentType = rfc5652.ContentType
+
+Countersignature = rfc5652.Countersignature
+
+MessageDigest = rfc5652.MessageDigest
+
+SignerInfo = rfc5652.SignerInfo
+
+SigningTime = rfc5652.SigningTime
+
+
+# Imports from RFC 5958
+
+EncryptedPrivateKeyInfo = rfc5958.EncryptedPrivateKeyInfo
+
+
+# Imports from RFC 7292
+
+PFX = rfc7292.PFX
+
+
+# TODO:
+# Need a place to import PKCS15Token; it does not yet appear in an RFC
+
+
+# SingleAttribute is the same as Attribute in RFC 5280, except that the
+# attrValues SET must have one and only one member
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class AttributeValues(univ.SetOf):
+    pass
+
+AttributeValues.componentType = AttributeValue()
+
+
+class SingleAttributeValues(univ.SetOf):
+    pass
+
+SingleAttributeValues.componentType = AttributeValue()
+
+
+class SingleAttribute(univ.Sequence):
+    pass
+
+SingleAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', AttributeType()),
+    namedtype.NamedType('values',
+        AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
+        openType=opentype.OpenType('type', rfc5280.certificateAttributesMap)
+    )
+)
+
+
+# CMSAttribute is the same as Attribute in RFC 5652, and CMSSingleAttribute
+# is the companion where the attrValues SET must have one and only one member
+
+CMSAttribute = rfc5652.Attribute
+
+
+class CMSSingleAttribute(univ.Sequence):
+    pass
+
+CMSSingleAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        AttributeValues().subtype(sizeSpec=constraint.ValueSizeConstraint(1, 1)),
+        openType=opentype.OpenType('attrType', rfc5652.cmsAttributesMap)
+    )
+)
+
+
+# DirectoryString is the same as RFC 5280, except the length is limited to 255
+
+class DirectoryString(univ.Choice):
+    pass
+
+DirectoryString.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255)))
+)
+
+
+# PKCS9String is DirectoryString with an additional choice of IA5String,
+# and the SIZE is limited to 255
+
+class PKCS9String(univ.Choice):
+    pass
+
+PKCS9String.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ia5String', char.IA5String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, 255))),
+    namedtype.NamedType('directoryString', DirectoryString())
+)
+
+
+# Upper Bounds
+
+pkcs_9_ub_pkcs9String = univ.Integer(255)
+
+pkcs_9_ub_challengePassword = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_emailAddress = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_friendlyName = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_match = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_signingDescription = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_unstructuredAddress = univ.Integer(pkcs_9_ub_pkcs9String)
+
+pkcs_9_ub_unstructuredName = univ.Integer(pkcs_9_ub_pkcs9String)
+
+
+ub_name = univ.Integer(32768)
+
+pkcs_9_ub_placeOfBirth = univ.Integer(ub_name)
+
+pkcs_9_ub_pseudonym = univ.Integer(ub_name)
+
+
+# Object Identifier Arcs
+
+ietf_at = _OID(1, 3, 6, 1, 5, 5, 7, 9)
+
+id_at = _OID(2, 5, 4)
+
+pkcs_9 = _OID(1, 2, 840, 113549, 1, 9)
+
+pkcs_9_mo = _OID(pkcs_9, 0)
+
+smime = _OID(pkcs_9, 16)
+
+certTypes = _OID(pkcs_9, 22)
+
+crlTypes = _OID(pkcs_9, 23)
+
+pkcs_9_oc = _OID(pkcs_9, 24)
+
+pkcs_9_at = _OID(pkcs_9, 25)
+
+pkcs_9_sx = _OID(pkcs_9, 26)
+
+pkcs_9_mr = _OID(pkcs_9, 27)
+
+
+# Object Identifiers for Syntaxes for use with LDAP-accessible directories
+
+pkcs_9_sx_pkcs9String = _OID(pkcs_9_sx, 1)
+
+pkcs_9_sx_signingTime = _OID(pkcs_9_sx, 2)
+
+
+# Object Identifiers for object classes
+
+pkcs_9_oc_pkcsEntity = _OID(pkcs_9_oc, 1)
+
+pkcs_9_oc_naturalPerson = _OID(pkcs_9_oc, 2)
+
+
+# Object Identifiers for matching rules
+
+pkcs_9_mr_caseIgnoreMatch = _OID(pkcs_9_mr, 1)
+
+pkcs_9_mr_signingTimeMatch = _OID(pkcs_9_mr, 2)
+
+
+# PKCS #7 PDU
+
+pkcs_9_at_pkcs7PDU = _OID(pkcs_9_at, 5)
+
+pKCS7PDU = Attribute()
+pKCS7PDU['type'] = pkcs_9_at_pkcs7PDU
+pKCS7PDU['values'][0] = ContentInfo()
+
+
+# PKCS #12 token
+
+pkcs_9_at_userPKCS12 = _OID(2, 16, 840, 1, 113730, 3, 1, 216)
+
+userPKCS12 = Attribute()
+userPKCS12['type'] = pkcs_9_at_userPKCS12
+userPKCS12['values'][0] = PFX()
+
+
+# PKCS #15 token
+
+pkcs_9_at_pkcs15Token = _OID(pkcs_9_at, 1)
+
+# TODO: Once PKCS15Token can be imported, this can be included
+# 
+# pKCS15Token = Attribute()
+# userPKCS12['type'] = pkcs_9_at_pkcs15Token
+# userPKCS12['values'][0] = PKCS15Token()
+
+
+# PKCS #8 encrypted private key information
+
+pkcs_9_at_encryptedPrivateKeyInfo = _OID(pkcs_9_at, 2)
+
+encryptedPrivateKeyInfo = Attribute()
+encryptedPrivateKeyInfo['type'] = pkcs_9_at_encryptedPrivateKeyInfo
+encryptedPrivateKeyInfo['values'][0] = EncryptedPrivateKeyInfo()
+
+
+# Electronic-mail address
+
+pkcs_9_at_emailAddress = rfc5280.id_emailAddress
+
+emailAddress = Attribute()
+emailAddress['type'] = pkcs_9_at_emailAddress
+emailAddress['values'][0] = EmailAddress()
+
+
+# Unstructured name
+
+pkcs_9_at_unstructuredName = _OID(pkcs_9, 2)
+
+unstructuredName = Attribute()
+unstructuredName['type'] = pkcs_9_at_unstructuredName
+unstructuredName['values'][0] = PKCS9String()
+
+
+# Unstructured address
+
+pkcs_9_at_unstructuredAddress = _OID(pkcs_9, 8)
+
+unstructuredAddress = Attribute()
+unstructuredAddress['type'] = pkcs_9_at_unstructuredAddress
+unstructuredAddress['values'][0] = DirectoryString()
+
+
+# Date of birth
+
+pkcs_9_at_dateOfBirth = _OID(ietf_at, 1)
+
+dateOfBirth = SingleAttribute()
+dateOfBirth['type'] = pkcs_9_at_dateOfBirth
+dateOfBirth['values'][0] = useful.GeneralizedTime()
+
+
+# Place of birth
+
+pkcs_9_at_placeOfBirth = _OID(ietf_at, 2)
+
+placeOfBirth = SingleAttribute()
+placeOfBirth['type'] = pkcs_9_at_placeOfBirth
+placeOfBirth['values'][0] = DirectoryString()
+
+
+# Gender
+
+class GenderString(char.PrintableString):
+    pass
+
+GenderString.subtypeSpec = constraint.ValueSizeConstraint(1, 1)
+GenderString.subtypeSpec = constraint.SingleValueConstraint("M", "F", "m", "f")
+
+
+pkcs_9_at_gender = _OID(ietf_at, 3)
+
+gender = SingleAttribute()
+gender['type'] = pkcs_9_at_gender
+gender['values'][0] = GenderString()
+
+
+# Country of citizenship
+
+pkcs_9_at_countryOfCitizenship = _OID(ietf_at, 4)
+
+countryOfCitizenship = Attribute()
+countryOfCitizenship['type'] = pkcs_9_at_countryOfCitizenship
+countryOfCitizenship['values'][0] = X520countryName()
+
+
+#  Country of residence
+
+pkcs_9_at_countryOfResidence = _OID(ietf_at, 5)
+
+countryOfResidence = Attribute()
+countryOfResidence['type'] = pkcs_9_at_countryOfResidence
+countryOfResidence['values'][0] = X520countryName()
+
+
+# Pseudonym
+
+id_at_pseudonym = _OID(2, 5, 4, 65)
+
+pseudonym = Attribute()
+pseudonym['type'] = id_at_pseudonym
+pseudonym['values'][0] = DirectoryString()
+
+
+# Serial number
+
+id_at_serialNumber = rfc5280.id_at_serialNumber
+
+serialNumber = Attribute()
+serialNumber['type'] = id_at_serialNumber
+serialNumber['values'][0] = X520SerialNumber()
+
+
+# Content type
+
+pkcs_9_at_contentType = rfc5652.id_contentType
+
+contentType = CMSSingleAttribute()
+contentType['attrType'] = pkcs_9_at_contentType
+contentType['attrValues'][0] = ContentType()
+
+
+# Message digest
+
+pkcs_9_at_messageDigest = rfc5652.id_messageDigest
+
+messageDigest = CMSSingleAttribute()
+messageDigest['attrType'] = pkcs_9_at_messageDigest
+messageDigest['attrValues'][0] = MessageDigest()
+
+
+# Signing time
+
+pkcs_9_at_signingTime = rfc5652.id_signingTime
+
+signingTime = CMSSingleAttribute()
+signingTime['attrType'] = pkcs_9_at_signingTime
+signingTime['attrValues'][0] = SigningTime()
+
+
+# Random nonce
+
+class RandomNonce(univ.OctetString):
+    pass
+
+RandomNonce.subtypeSpec = constraint.ValueSizeConstraint(4, MAX)
+
+
+pkcs_9_at_randomNonce = _OID(pkcs_9_at, 3)
+
+randomNonce = CMSSingleAttribute()
+randomNonce['attrType'] = pkcs_9_at_randomNonce
+randomNonce['attrValues'][0] = RandomNonce()
+
+
+# Sequence number
+
+class SequenceNumber(univ.Integer):
+    pass
+
+SequenceNumber.subtypeSpec = constraint.ValueRangeConstraint(1, MAX)
+
+
+pkcs_9_at_sequenceNumber = _OID(pkcs_9_at, 4)
+
+sequenceNumber = CMSSingleAttribute()
+sequenceNumber['attrType'] = pkcs_9_at_sequenceNumber
+sequenceNumber['attrValues'][0] = SequenceNumber()
+
+
+# Countersignature
+
+pkcs_9_at_counterSignature = rfc5652.id_countersignature
+
+counterSignature = CMSAttribute()
+counterSignature['attrType'] = pkcs_9_at_counterSignature
+counterSignature['attrValues'][0] = Countersignature()
+
+
+# Challenge password
+
+pkcs_9_at_challengePassword = _OID(pkcs_9, 7)
+
+challengePassword = SingleAttribute()
+challengePassword['type'] = pkcs_9_at_challengePassword
+challengePassword['values'][0] = DirectoryString()
+
+
+# Extension request
+
+class ExtensionRequest(Extensions):
+    pass
+
+
+pkcs_9_at_extensionRequest = _OID(pkcs_9, 14)
+
+extensionRequest = SingleAttribute()
+extensionRequest['type'] = pkcs_9_at_extensionRequest
+extensionRequest['values'][0] = ExtensionRequest()
+
+
+# Extended-certificate attributes (deprecated)
+
+class AttributeSet(univ.SetOf):
+    pass
+
+AttributeSet.componentType = Attribute()
+
+
+pkcs_9_at_extendedCertificateAttributes = _OID(pkcs_9, 9)
+
+extendedCertificateAttributes = SingleAttribute()
+extendedCertificateAttributes['type'] = pkcs_9_at_extendedCertificateAttributes
+extendedCertificateAttributes['values'][0] = AttributeSet()
+
+
+# Friendly name
+
+class FriendlyName(char.BMPString):
+    pass
+
+FriendlyName.subtypeSpec = constraint.ValueSizeConstraint(1, pkcs_9_ub_friendlyName)
+
+
+pkcs_9_at_friendlyName = _OID(pkcs_9, 20)
+
+friendlyName = SingleAttribute()
+friendlyName['type'] = pkcs_9_at_friendlyName
+friendlyName['values'][0] = FriendlyName()
+
+
+# Local key identifier
+
+pkcs_9_at_localKeyId = _OID(pkcs_9, 21)
+
+localKeyId = SingleAttribute()
+localKeyId['type'] = pkcs_9_at_localKeyId
+localKeyId['values'][0] = univ.OctetString()
+
+
+# Signing description
+
+pkcs_9_at_signingDescription = _OID(pkcs_9, 13)
+
+signingDescription = CMSSingleAttribute()
+signingDescription['attrType'] = pkcs_9_at_signingDescription
+signingDescription['attrValues'][0] = DirectoryString()
+
+
+# S/MIME capabilities
+
+class SMIMECapability(AlgorithmIdentifier):
+    pass
+
+
+class SMIMECapabilities(univ.SequenceOf):
+    pass
+
+SMIMECapabilities.componentType = SMIMECapability()
+
+
+pkcs_9_at_smimeCapabilities = _OID(pkcs_9, 15)
+
+smimeCapabilities = CMSSingleAttribute()
+smimeCapabilities['attrType'] = pkcs_9_at_smimeCapabilities
+smimeCapabilities['attrValues'][0] = SMIMECapabilities()
+
+
+# Certificate Attribute Map
+
+_certificateAttributesMapUpdate = {
+    # Attribute types for use with the "pkcsEntity" object class
+    pkcs_9_at_pkcs7PDU: ContentInfo(),
+    pkcs_9_at_userPKCS12: PFX(),
+    # TODO: Once PKCS15Token can be imported, this can be included
+    # pkcs_9_at_pkcs15Token: PKCS15Token(),
+    pkcs_9_at_encryptedPrivateKeyInfo: EncryptedPrivateKeyInfo(),
+    # Attribute types for use with the "naturalPerson" object class
+    pkcs_9_at_emailAddress: EmailAddress(),
+    pkcs_9_at_unstructuredName: PKCS9String(),
+    pkcs_9_at_unstructuredAddress: DirectoryString(),
+    pkcs_9_at_dateOfBirth: useful.GeneralizedTime(),
+    pkcs_9_at_placeOfBirth: DirectoryString(),
+    pkcs_9_at_gender: GenderString(),
+    pkcs_9_at_countryOfCitizenship: X520countryName(),
+    pkcs_9_at_countryOfResidence: X520countryName(),
+    id_at_pseudonym: DirectoryString(),
+    id_at_serialNumber: X520SerialNumber(),
+    # Attribute types for use with PKCS #10 certificate requests
+    pkcs_9_at_challengePassword: DirectoryString(),
+    pkcs_9_at_extensionRequest: ExtensionRequest(),
+    pkcs_9_at_extendedCertificateAttributes: AttributeSet(),
+}
+
+rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)
+
+
+# CMS Attribute Map
+
+# Note: pkcs_9_at_smimeCapabilities is not included in the map because
+#       the definition in RFC 5751 is preferred, which produces the same
+#       encoding, but it allows different parameters for SMIMECapability
+#       and AlgorithmIdentifier.
+
+_cmsAttributesMapUpdate = {
+    # Attribute types for use in PKCS #7 data (a.k.a. CMS)
+    pkcs_9_at_contentType: ContentType(),
+    pkcs_9_at_messageDigest: MessageDigest(),
+    pkcs_9_at_signingTime: SigningTime(),
+    pkcs_9_at_randomNonce: RandomNonce(),
+    pkcs_9_at_sequenceNumber: SequenceNumber(),
+    pkcs_9_at_counterSignature: Countersignature(),
+    # Attributes for use in PKCS #12 "PFX" PDUs or PKCS #15 tokens
+    pkcs_9_at_friendlyName: FriendlyName(),
+    pkcs_9_at_localKeyId: univ.OctetString(),
+    pkcs_9_at_signingDescription: DirectoryString(),
+    # pkcs_9_at_smimeCapabilities: SMIMECapabilities(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3114.py

@@ -0,0 +1,77 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# TEST Company Classification Policies
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3114.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5755
+
+
+id_smime = univ.ObjectIdentifier((1, 2, 840, 113549, 1, 9, 16, ))
+
+id_tsp = id_smime + (7, )
+
+id_tsp_TEST_Amoco = id_tsp + (1, )
+
+class Amoco_SecurityClassification(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('amoco-general', 6),
+        ('amoco-confidential', 7),
+        ('amoco-highly-confidential', 8)
+    )
+
+
+id_tsp_TEST_Caterpillar = id_tsp + (2, )
+
+class Caterpillar_SecurityClassification(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('caterpillar-public', 6),
+        ('caterpillar-green', 7),
+        ('caterpillar-yellow', 8),
+        ('caterpillar-red', 9)
+    )
+
+
+id_tsp_TEST_Whirlpool = id_tsp + (3, )
+
+class Whirlpool_SecurityClassification(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('whirlpool-public', 6),
+        ('whirlpool-internal', 7),
+        ('whirlpool-confidential', 8)
+    )
+
+
+id_tsp_TEST_Whirlpool_Categories = id_tsp + (4, )
+
+class SecurityCategoryValues(univ.SequenceOf):
+    componentType = char.UTF8String()
+
+# Example SecurityCategoryValues: "LAW DEPARTMENT USE ONLY"
+# Example SecurityCategoryValues: "HUMAN RESOURCES USE ONLY"
+
+
+# Also, the privacy mark in the security label can contain a string,
+# such as: "ATTORNEY-CLIENT PRIVILEGED INFORMATION"
+
+
+# Map of security category type OIDs to security category added
+# to the ones that are in rfc5755.py
+
+_securityCategoryMapUpdate = {
+    id_tsp_TEST_Whirlpool_Categories: SecurityCategoryValues(),
+}
+
+rfc5755.securityCategoryMap.update(_securityCategoryMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3161.py

@@ -0,0 +1,142 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Time-Stamp Protocol (TSP)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3161.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc4210
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+
+
+Extensions = rfc5280.Extensions
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+GeneralName = rfc5280.GeneralName
+
+ContentInfo = rfc5652.ContentInfo
+
+PKIFreeText = rfc4210.PKIFreeText
+
+
+id_ct_TSTInfo = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.4')
+
+
+class Accuracy(univ.Sequence):
+    pass
+
+Accuracy.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('seconds', univ.Integer()),
+    namedtype.OptionalNamedType('millis', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 999)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('micros', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 999)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class MessageImprint(univ.Sequence):
+    pass
+
+MessageImprint.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('hashedMessage', univ.OctetString())
+)
+
+
+class PKIFailureInfo(univ.BitString):
+    pass
+
+PKIFailureInfo.namedValues = namedval.NamedValues(
+    ('badAlg', 0),
+    ('badRequest', 2),
+    ('badDataFormat', 5),
+    ('timeNotAvailable', 14),
+    ('unacceptedPolicy', 15),
+    ('unacceptedExtension', 16),
+    ('addInfoNotAvailable', 17),
+    ('systemFailure', 25)
+)
+
+
+class PKIStatus(univ.Integer):
+    pass
+
+PKIStatus.namedValues = namedval.NamedValues(
+    ('granted', 0),
+    ('grantedWithMods', 1),
+    ('rejection', 2),
+    ('waiting', 3),
+    ('revocationWarning', 4),
+    ('revocationNotification', 5)
+)
+
+
+class PKIStatusInfo(univ.Sequence):
+    pass
+
+PKIStatusInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('status', PKIStatus()),
+    namedtype.OptionalNamedType('statusString', PKIFreeText()),
+    namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
+)
+
+
+class TSAPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class TSTInfo(univ.Sequence):
+    pass
+
+TSTInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 1)))),
+    namedtype.NamedType('policy', TSAPolicyId()),
+    namedtype.NamedType('messageImprint', MessageImprint()),
+    namedtype.NamedType('serialNumber', univ.Integer()),
+    namedtype.NamedType('genTime', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('accuracy', Accuracy()),
+    namedtype.DefaultedNamedType('ordering', univ.Boolean().subtype(value=0)),
+    namedtype.OptionalNamedType('nonce', univ.Integer()),
+    namedtype.OptionalNamedType('tsa', GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class TimeStampReq(univ.Sequence):
+    pass
+
+TimeStampReq.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 1)))),
+    namedtype.NamedType('messageImprint', MessageImprint()),
+    namedtype.OptionalNamedType('reqPolicy', TSAPolicyId()),
+    namedtype.OptionalNamedType('nonce', univ.Integer()),
+    namedtype.DefaultedNamedType('certReq', univ.Boolean().subtype(value=0)),
+    namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class TimeStampToken(ContentInfo):
+    pass
+
+
+class TimeStampResp(univ.Sequence):
+    pass
+
+TimeStampResp.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('status', PKIStatusInfo()),
+    namedtype.OptionalNamedType('timeStampToken', TimeStampToken())
+)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3274.py

@@ -0,0 +1,59 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add a map for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# CMS Compressed Data Content Type
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3274.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+
+
+class CompressionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+# The CMS Compressed Data Content Type
+
+id_ct_compressedData = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.9')
+
+class CompressedData(univ.Sequence):
+    pass
+
+CompressedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', rfc5652.CMSVersion()), # Always set to 0
+    namedtype.NamedType('compressionAlgorithm', CompressionAlgorithmIdentifier()),
+    namedtype.NamedType('encapContentInfo', rfc5652.EncapsulatedContentInfo())
+)
+
+
+# Algorithm identifier for the zLib Compression Algorithm
+# This includes cpa_zlibCompress as defined in RFC 6268,
+# from https://www.rfc-editor.org/rfc/rfc6268.txt
+
+id_alg_zlibCompress = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.8')
+
+cpa_zlibCompress = rfc5280.AlgorithmIdentifier()
+cpa_zlibCompress['algorithm'] = id_alg_zlibCompress
+# cpa_zlibCompress['parameters'] are absent
+
+
+# Map of Content Type OIDs to Content Types is added to thr
+# ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_compressedData: CompressedData(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3280.py

@@ -0,0 +1,1543 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Internet X.509 Public Key Infrastructure Certificate and Certificate
+# Revocation List (CRL) Profile
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3280.txt
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+MAX = float('inf')
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+unformatted_postal_address = univ.Integer(16)
+
+ub_organizational_units = univ.Integer(4)
+
+ub_organizational_unit_name_length = univ.Integer(32)
+
+
+class OrganizationalUnitName(char.PrintableString):
+    pass
+
+
+OrganizationalUnitName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+
+class OrganizationalUnitNames(univ.SequenceOf):
+    pass
+
+
+OrganizationalUnitNames.componentType = OrganizationalUnitName()
+OrganizationalUnitNames.sizeSpec = constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+id_at = _OID(2, 5, 4)
+
+id_at_name = _OID(id_at, 41)
+
+ub_pds_parameter_length = univ.Integer(30)
+
+
+class PDSParameter(univ.Set):
+    pass
+
+
+PDSParameter.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))),
+    namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))
+)
+
+
+class PhysicalDeliveryOrganizationName(PDSParameter):
+    pass
+
+
+ub_organization_name_length = univ.Integer(64)
+
+ub_domain_defined_attribute_type_length = univ.Integer(8)
+
+ub_domain_defined_attribute_value_length = univ.Integer(128)
+
+
+class TeletexDomainDefinedAttribute(univ.Sequence):
+    pass
+
+
+TeletexDomainDefinedAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+    namedtype.NamedType('value', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+)
+
+id_pkix = _OID(1, 3, 6, 1, 5, 5, 7)
+
+id_qt = _OID(id_pkix, 2)
+
+
+class PresentationAddress(univ.Sequence):
+    pass
+
+
+PresentationAddress.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+class AlgorithmIdentifier(univ.Sequence):
+    pass
+
+
+AlgorithmIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
+    namedtype.OptionalNamedType('parameters', univ.Any())
+)
+
+
+class UniqueIdentifier(univ.BitString):
+    pass
+
+
+class Extension(univ.Sequence):
+    pass
+
+
+Extension.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+    namedtype.DefaultedNamedType('critical', univ.Boolean().subtype(value=0)),
+    namedtype.NamedType('extnValue', univ.OctetString())
+)
+
+
+class Extensions(univ.SequenceOf):
+    pass
+
+
+Extensions.componentType = Extension()
+Extensions.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class CertificateSerialNumber(univ.Integer):
+    pass
+
+
+class SubjectPublicKeyInfo(univ.Sequence):
+    pass
+
+
+SubjectPublicKeyInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('subjectPublicKey', univ.BitString())
+)
+
+
+class Time(univ.Choice):
+    pass
+
+
+Time.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('utcTime', useful.UTCTime()),
+    namedtype.NamedType('generalTime', useful.GeneralizedTime())
+)
+
+
+class Validity(univ.Sequence):
+    pass
+
+
+Validity.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('notBefore', Time()),
+    namedtype.NamedType('notAfter', Time())
+)
+
+
+class Version(univ.Integer):
+    pass
+
+
+Version.namedValues = namedval.NamedValues(
+    ('v1', 0),
+    ('v2', 1),
+    ('v3', 2)
+)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class AttributeTypeAndValue(univ.Sequence):
+    pass
+
+
+AttributeTypeAndValue.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', AttributeType()),
+    namedtype.NamedType('value', AttributeValue())
+)
+
+
+class RelativeDistinguishedName(univ.SetOf):
+    pass
+
+
+RelativeDistinguishedName.componentType = AttributeTypeAndValue()
+RelativeDistinguishedName.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class RDNSequence(univ.SequenceOf):
+    pass
+
+
+RDNSequence.componentType = RelativeDistinguishedName()
+
+
+class Name(univ.Choice):
+    pass
+
+
+Name.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('rdnSequence', RDNSequence())
+)
+
+
+class TBSCertificate(univ.Sequence):
+    pass
+
+
+TBSCertificate.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+                                 Version().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+                                                                       tag.tagFormatSimple, 0)).subtype(value="v1")),
+    namedtype.NamedType('serialNumber', CertificateSerialNumber()),
+    namedtype.NamedType('signature', AlgorithmIdentifier()),
+    namedtype.NamedType('issuer', Name()),
+    namedtype.NamedType('validity', Validity()),
+    namedtype.NamedType('subject', Name()),
+    namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+    namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('extensions',
+                                Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+class Certificate(univ.Sequence):
+    pass
+
+
+Certificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tbsCertificate', TBSCertificate()),
+    namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+ub_surname_length = univ.Integer(40)
+
+
+class TeletexOrganizationName(char.TeletexString):
+    pass
+
+
+TeletexOrganizationName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+ub_e163_4_sub_address_length = univ.Integer(40)
+
+teletex_common_name = univ.Integer(2)
+
+ub_country_name_alpha_length = univ.Integer(2)
+
+ub_country_name_numeric_length = univ.Integer(3)
+
+
+class CountryName(univ.Choice):
+    pass
+
+
+CountryName.tagSet = univ.Choice.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1))
+CountryName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+    namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+)
+
+extension_OR_address_components = univ.Integer(12)
+
+id_at_dnQualifier = _OID(id_at, 46)
+
+ub_e163_4_number_length = univ.Integer(15)
+
+
+class ExtendedNetworkAddress(univ.Choice):
+    pass
+
+
+ExtendedNetworkAddress.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('e163-4-address', univ.Sequence(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('number', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length)).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length)).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    ))
+                        ),
+    namedtype.NamedType('psap-address', PresentationAddress().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+terminal_type = univ.Integer(23)
+
+id_domainComponent = _OID(0, 9, 2342, 19200300, 100, 1, 25)
+
+ub_state_name = univ.Integer(128)
+
+
+class X520StateOrProvinceName(univ.Choice):
+    pass
+
+
+X520StateOrProvinceName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name)))
+)
+
+ub_organization_name = univ.Integer(64)
+
+
+class X520OrganizationName(univ.Choice):
+    pass
+
+
+X520OrganizationName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name)))
+)
+
+ub_emailaddress_length = univ.Integer(128)
+
+
+class ExtensionPhysicalDeliveryAddressComponents(PDSParameter):
+    pass
+
+
+id_at_surname = _OID(id_at, 4)
+
+ub_common_name_length = univ.Integer(64)
+
+id_ad = _OID(id_pkix, 48)
+
+ub_numeric_user_id_length = univ.Integer(32)
+
+
+class NumericUserIdentifier(char.NumericString):
+    pass
+
+
+NumericUserIdentifier.subtypeSpec = constraint.ValueSizeConstraint(1, ub_numeric_user_id_length)
+
+
+class OrganizationName(char.PrintableString):
+    pass
+
+
+OrganizationName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+ub_domain_name_length = univ.Integer(16)
+
+
+class AdministrationDomainName(univ.Choice):
+    pass
+
+
+AdministrationDomainName.tagSet = univ.Choice.tagSet.tagExplicitly(
+    tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2))
+AdministrationDomainName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numeric', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))),
+    namedtype.NamedType('printable', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
+)
+
+
+class PrivateDomainName(univ.Choice):
+    pass
+
+
+PrivateDomainName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numeric', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))),
+    namedtype.NamedType('printable', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length)))
+)
+
+ub_generation_qualifier_length = univ.Integer(3)
+
+ub_given_name_length = univ.Integer(16)
+
+ub_initials_length = univ.Integer(5)
+
+
+class PersonalName(univ.Set):
+    pass
+
+
+PersonalName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('surname', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('initials', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+ub_terminal_id_length = univ.Integer(24)
+
+
+class TerminalIdentifier(char.PrintableString):
+    pass
+
+
+TerminalIdentifier.subtypeSpec = constraint.ValueSizeConstraint(1, ub_terminal_id_length)
+
+ub_x121_address_length = univ.Integer(16)
+
+
+class X121Address(char.NumericString):
+    pass
+
+
+X121Address.subtypeSpec = constraint.ValueSizeConstraint(1, ub_x121_address_length)
+
+
+class NetworkAddress(X121Address):
+    pass
+
+
+class BuiltInStandardAttributes(univ.Sequence):
+    pass
+
+
+BuiltInStandardAttributes.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('country-name', CountryName()),
+    namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()),
+    namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.OptionalNamedType('personal-name', PersonalName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+    namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6)))
+)
+
+ub_domain_defined_attributes = univ.Integer(4)
+
+
+class BuiltInDomainDefinedAttribute(univ.Sequence):
+    pass
+
+
+BuiltInDomainDefinedAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+    namedtype.NamedType('value', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+)
+
+
+class BuiltInDomainDefinedAttributes(univ.SequenceOf):
+    pass
+
+
+BuiltInDomainDefinedAttributes.componentType = BuiltInDomainDefinedAttribute()
+BuiltInDomainDefinedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+ub_extension_attributes = univ.Integer(256)
+
+
+class ExtensionAttribute(univ.Sequence):
+    pass
+
+
+ExtensionAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extension-attribute-type', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, ub_extension_attributes)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('extension-attribute-value',
+                        univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class ExtensionAttributes(univ.SetOf):
+    pass
+
+
+ExtensionAttributes.componentType = ExtensionAttribute()
+ExtensionAttributes.sizeSpec = constraint.ValueSizeConstraint(1, ub_extension_attributes)
+
+
+class ORAddress(univ.Sequence):
+    pass
+
+
+ORAddress.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()),
+    namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()),
+    namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes())
+)
+
+id_pe = _OID(id_pkix, 1)
+
+ub_title = univ.Integer(64)
+
+
+class X520Title(univ.Choice):
+    pass
+
+
+X520Title.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title)))
+)
+
+id_at_organizationalUnitName = _OID(id_at, 11)
+
+
+class EmailAddress(char.IA5String):
+    pass
+
+
+EmailAddress.subtypeSpec = constraint.ValueSizeConstraint(1, ub_emailaddress_length)
+
+physical_delivery_country_name = univ.Integer(8)
+
+id_at_givenName = _OID(id_at, 42)
+
+
+class TeletexCommonName(char.TeletexString):
+    pass
+
+
+TeletexCommonName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+id_qt_cps = _OID(id_qt, 1)
+
+
+class LocalPostalAttributes(PDSParameter):
+    pass
+
+
+class StreetAddress(PDSParameter):
+    pass
+
+
+id_kp = _OID(id_pkix, 3)
+
+
+class DirectoryString(univ.Choice):
+    pass
+
+
+DirectoryString.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class DomainComponent(char.IA5String):
+    pass
+
+
+id_at_initials = _OID(id_at, 43)
+
+id_qt_unotice = _OID(id_qt, 2)
+
+ub_pds_name_length = univ.Integer(16)
+
+
+class PDSName(char.PrintableString):
+    pass
+
+
+PDSName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_pds_name_length)
+
+
+class PosteRestanteAddress(PDSParameter):
+    pass
+
+
+class DistinguishedName(RDNSequence):
+    pass
+
+
+class CommonName(char.PrintableString):
+    pass
+
+
+CommonName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+ub_serial_number = univ.Integer(64)
+
+
+class X520SerialNumber(char.PrintableString):
+    pass
+
+
+X520SerialNumber.subtypeSpec = constraint.ValueSizeConstraint(1, ub_serial_number)
+
+id_at_generationQualifier = _OID(id_at, 44)
+
+ub_organizational_unit_name = univ.Integer(64)
+
+id_ad_ocsp = _OID(id_ad, 1)
+
+
+class TeletexOrganizationalUnitName(char.TeletexString):
+    pass
+
+
+TeletexOrganizationalUnitName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+
+class TeletexPersonalName(univ.Set):
+    pass
+
+
+TeletexPersonalName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('surname', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('initials', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+class TeletexDomainDefinedAttributes(univ.SequenceOf):
+    pass
+
+
+TeletexDomainDefinedAttributes.componentType = TeletexDomainDefinedAttribute()
+TeletexDomainDefinedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+
+class TBSCertList(univ.Sequence):
+    pass
+
+
+TBSCertList.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('version', Version()),
+    namedtype.NamedType('signature', AlgorithmIdentifier()),
+    namedtype.NamedType('issuer', Name()),
+    namedtype.NamedType('thisUpdate', Time()),
+    namedtype.OptionalNamedType('nextUpdate', Time()),
+    namedtype.OptionalNamedType('revokedCertificates',
+                                univ.SequenceOf(componentType=univ.Sequence(componentType=namedtype.NamedTypes(
+                                    namedtype.NamedType('userCertificate', CertificateSerialNumber()),
+                                    namedtype.NamedType('revocationDate', Time()),
+                                    namedtype.OptionalNamedType('crlEntryExtensions', Extensions())
+                                ))
+                                )),
+    namedtype.OptionalNamedType('crlExtensions',
+                                Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+local_postal_attributes = univ.Integer(21)
+
+pkcs_9 = _OID(1, 2, 840, 113549, 1, 9)
+
+
+class PhysicalDeliveryCountryName(univ.Choice):
+    pass
+
+
+PhysicalDeliveryCountryName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+    namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+)
+
+ub_name = univ.Integer(32768)
+
+
+class X520name(univ.Choice):
+    pass
+
+
+X520name.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name)))
+)
+
+id_emailAddress = _OID(pkcs_9, 1)
+
+
+class TerminalType(univ.Integer):
+    pass
+
+
+TerminalType.namedValues = namedval.NamedValues(
+    ('telex', 3),
+    ('teletex', 4),
+    ('g3-facsimile', 5),
+    ('g4-facsimile', 6),
+    ('ia5-terminal', 7),
+    ('videotex', 8)
+)
+
+
+class X520OrganizationalUnitName(univ.Choice):
+    pass
+
+
+X520OrganizationalUnitName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name)))
+)
+
+id_at_commonName = _OID(id_at, 3)
+
+pds_name = univ.Integer(7)
+
+post_office_box_address = univ.Integer(18)
+
+ub_locality_name = univ.Integer(128)
+
+
+class X520LocalityName(univ.Choice):
+    pass
+
+
+X520LocalityName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name)))
+)
+
+id_ad_timeStamping = _OID(id_ad, 3)
+
+id_at_countryName = _OID(id_at, 6)
+
+physical_delivery_personal_name = univ.Integer(13)
+
+teletex_personal_name = univ.Integer(4)
+
+teletex_organizational_unit_names = univ.Integer(5)
+
+
+class PhysicalDeliveryPersonalName(PDSParameter):
+    pass
+
+
+ub_postal_code_length = univ.Integer(16)
+
+
+class PostalCode(univ.Choice):
+    pass
+
+
+PostalCode.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numeric-code', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))),
+    namedtype.NamedType('printable-code', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length)))
+)
+
+
+class X520countryName(char.PrintableString):
+    pass
+
+
+X520countryName.subtypeSpec = constraint.ValueSizeConstraint(2, 2)
+
+postal_code = univ.Integer(9)
+
+id_ad_caRepository = _OID(id_ad, 5)
+
+extension_physical_delivery_address_components = univ.Integer(15)
+
+
+class PostOfficeBoxAddress(PDSParameter):
+    pass
+
+
+class PhysicalDeliveryOfficeName(PDSParameter):
+    pass
+
+
+id_at_title = _OID(id_at, 12)
+
+id_at_serialNumber = _OID(id_at, 5)
+
+id_ad_caIssuers = _OID(id_ad, 2)
+
+ub_integer_options = univ.Integer(256)
+
+
+class CertificateList(univ.Sequence):
+    pass
+
+
+CertificateList.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tbsCertList', TBSCertList()),
+    namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class PhysicalDeliveryOfficeNumber(PDSParameter):
+    pass
+
+
+class TeletexOrganizationalUnitNames(univ.SequenceOf):
+    pass
+
+
+TeletexOrganizationalUnitNames.componentType = TeletexOrganizationalUnitName()
+TeletexOrganizationalUnitNames.sizeSpec = constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+physical_delivery_office_name = univ.Integer(10)
+
+ub_common_name = univ.Integer(64)
+
+
+class ExtensionORAddressComponents(PDSParameter):
+    pass
+
+
+ub_pseudonym = univ.Integer(128)
+
+poste_restante_address = univ.Integer(19)
+
+id_at_organizationName = _OID(id_at, 10)
+
+physical_delivery_office_number = univ.Integer(11)
+
+id_at_pseudonym = _OID(id_at, 65)
+
+
+class X520CommonName(univ.Choice):
+    pass
+
+
+X520CommonName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name)))
+)
+
+physical_delivery_organization_name = univ.Integer(14)
+
+
+class X520dnQualifier(char.PrintableString):
+    pass
+
+
+id_at_stateOrProvinceName = _OID(id_at, 8)
+
+common_name = univ.Integer(1)
+
+id_at_localityName = _OID(id_at, 7)
+
+ub_match = univ.Integer(128)
+
+ub_unformatted_address_length = univ.Integer(180)
+
+
+class Attribute(univ.Sequence):
+    pass
+
+
+Attribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', AttributeType()),
+    namedtype.NamedType('values', univ.SetOf(componentType=AttributeValue()))
+)
+
+extended_network_address = univ.Integer(22)
+
+unique_postal_name = univ.Integer(20)
+
+ub_pds_physical_address_lines = univ.Integer(6)
+
+
+class UnformattedPostalAddress(univ.Set):
+    pass
+
+
+UnformattedPostalAddress.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))),
+    namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length)))
+)
+
+
+class UniquePostalName(PDSParameter):
+    pass
+
+
+class X520Pseudonym(univ.Choice):
+    pass
+
+
+X520Pseudonym.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym)))
+)
+
+teletex_organization_name = univ.Integer(3)
+
+teletex_domain_defined_attributes = univ.Integer(6)
+
+street_address = univ.Integer(17)
+
+id_kp_OCSPSigning = _OID(id_kp, 9)
+
+id_ce = _OID(2, 5, 29)
+
+id_ce_certificatePolicies = _OID(id_ce, 32)
+
+
+class EDIPartyName(univ.Sequence):
+    pass
+
+
+EDIPartyName.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('partyName',
+                        DirectoryString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class AnotherName(univ.Sequence):
+    pass
+
+
+AnotherName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type-id', univ.ObjectIdentifier()),
+    namedtype.NamedType('value', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class GeneralName(univ.Choice):
+    pass
+
+
+GeneralName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherName',
+                        AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('rfc822Name',
+                        char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('dNSName',
+                        char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('x400Address',
+                        ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.NamedType('directoryName',
+                        Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+    namedtype.NamedType('ediPartyName',
+                        EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+    namedtype.NamedType('uniformResourceIdentifier',
+                        char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+    namedtype.NamedType('iPAddress',
+                        univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+    namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
+)
+
+
+class GeneralNames(univ.SequenceOf):
+    pass
+
+
+GeneralNames.componentType = GeneralName()
+GeneralNames.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class IssuerAltName(GeneralNames):
+    pass
+
+
+id_ce_cRLDistributionPoints = _OID(id_ce, 31)
+
+
+class CertPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class PolicyMappings(univ.SequenceOf):
+    pass
+
+
+PolicyMappings.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
+    namedtype.NamedType('issuerDomainPolicy', CertPolicyId()),
+    namedtype.NamedType('subjectDomainPolicy', CertPolicyId())
+))
+
+PolicyMappings.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class PolicyQualifierId(univ.ObjectIdentifier):
+    pass
+
+
+holdInstruction = _OID(2, 2, 840, 10040, 2)
+
+id_ce_subjectDirectoryAttributes = _OID(id_ce, 9)
+
+id_holdinstruction_callissuer = _OID(holdInstruction, 2)
+
+
+class SubjectDirectoryAttributes(univ.SequenceOf):
+    pass
+
+
+SubjectDirectoryAttributes.componentType = Attribute()
+SubjectDirectoryAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+anyPolicy = _OID(id_ce_certificatePolicies, 0)
+
+id_ce_subjectAltName = _OID(id_ce, 17)
+
+id_kp_emailProtection = _OID(id_kp, 4)
+
+
+class ReasonFlags(univ.BitString):
+    pass
+
+
+ReasonFlags.namedValues = namedval.NamedValues(
+    ('unused', 0),
+    ('keyCompromise', 1),
+    ('cACompromise', 2),
+    ('affiliationChanged', 3),
+    ('superseded', 4),
+    ('cessationOfOperation', 5),
+    ('certificateHold', 6),
+    ('privilegeWithdrawn', 7),
+    ('aACompromise', 8)
+)
+
+
+class DistributionPointName(univ.Choice):
+    pass
+
+
+DistributionPointName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('fullName',
+                        GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class DistributionPoint(univ.Sequence):
+    pass
+
+
+DistributionPoint.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+id_ce_keyUsage = _OID(id_ce, 15)
+
+
+class PolicyQualifierInfo(univ.Sequence):
+    pass
+
+
+PolicyQualifierInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
+    namedtype.NamedType('qualifier', univ.Any())
+)
+
+
+class PolicyInformation(univ.Sequence):
+    pass
+
+
+PolicyInformation.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('policyIdentifier', CertPolicyId()),
+    namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()))
+)
+
+
+class CertificatePolicies(univ.SequenceOf):
+    pass
+
+
+CertificatePolicies.componentType = PolicyInformation()
+CertificatePolicies.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_basicConstraints = _OID(id_ce, 19)
+
+
+class HoldInstructionCode(univ.ObjectIdentifier):
+    pass
+
+
+class KeyPurposeId(univ.ObjectIdentifier):
+    pass
+
+
+class ExtKeyUsageSyntax(univ.SequenceOf):
+    pass
+
+
+ExtKeyUsageSyntax.componentType = KeyPurposeId()
+ExtKeyUsageSyntax.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SubjectAltName(GeneralNames):
+    pass
+
+
+class BasicConstraints(univ.Sequence):
+    pass
+
+
+BasicConstraints.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('cA', univ.Boolean().subtype(value=0)),
+    namedtype.OptionalNamedType('pathLenConstraint',
+                                univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+)
+
+
+class SkipCerts(univ.Integer):
+    pass
+
+
+SkipCerts.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class InhibitAnyPolicy(SkipCerts):
+    pass
+
+
+class CRLNumber(univ.Integer):
+    pass
+
+
+CRLNumber.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class BaseCRLNumber(CRLNumber):
+    pass
+
+
+class KeyIdentifier(univ.OctetString):
+    pass
+
+
+class AuthorityKeyIdentifier(univ.Sequence):
+    pass
+
+
+AuthorityKeyIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+id_ce_nameConstraints = _OID(id_ce, 30)
+
+id_kp_serverAuth = _OID(id_kp, 1)
+
+id_ce_freshestCRL = _OID(id_ce, 46)
+
+id_ce_cRLReasons = _OID(id_ce, 21)
+
+
+class CRLDistributionPoints(univ.SequenceOf):
+    pass
+
+
+CRLDistributionPoints.componentType = DistributionPoint()
+CRLDistributionPoints.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class FreshestCRL(CRLDistributionPoints):
+    pass
+
+
+id_ce_inhibitAnyPolicy = _OID(id_ce, 54)
+
+
+class CRLReason(univ.Enumerated):
+    pass
+
+
+CRLReason.namedValues = namedval.NamedValues(
+    ('unspecified', 0),
+    ('keyCompromise', 1),
+    ('cACompromise', 2),
+    ('affiliationChanged', 3),
+    ('superseded', 4),
+    ('cessationOfOperation', 5),
+    ('certificateHold', 6),
+    ('removeFromCRL', 8),
+    ('privilegeWithdrawn', 9),
+    ('aACompromise', 10)
+)
+
+
+class BaseDistance(univ.Integer):
+    pass
+
+
+BaseDistance.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class GeneralSubtree(univ.Sequence):
+    pass
+
+
+GeneralSubtree.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('base', GeneralName()),
+    namedtype.DefaultedNamedType('minimum', BaseDistance().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)),
+    namedtype.OptionalNamedType('maximum', BaseDistance().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class GeneralSubtrees(univ.SequenceOf):
+    pass
+
+
+GeneralSubtrees.componentType = GeneralSubtree()
+GeneralSubtrees.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class NameConstraints(univ.Sequence):
+    pass
+
+
+NameConstraints.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_pe_authorityInfoAccess = _OID(id_pe, 1)
+
+id_pe_subjectInfoAccess = _OID(id_pe, 11)
+
+id_ce_certificateIssuer = _OID(id_ce, 29)
+
+id_ce_invalidityDate = _OID(id_ce, 24)
+
+
+class DirectoryString(univ.Choice):
+    pass
+
+
+DirectoryString.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('any', univ.Any())
+)
+
+id_ce_authorityKeyIdentifier = _OID(id_ce, 35)
+
+
+class AccessDescription(univ.Sequence):
+    pass
+
+
+AccessDescription.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('accessMethod', univ.ObjectIdentifier()),
+    namedtype.NamedType('accessLocation', GeneralName())
+)
+
+
+class AuthorityInfoAccessSyntax(univ.SequenceOf):
+    pass
+
+
+AuthorityInfoAccessSyntax.componentType = AccessDescription()
+AuthorityInfoAccessSyntax.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_ce_issuingDistributionPoint = _OID(id_ce, 28)
+
+
+class CPSuri(char.IA5String):
+    pass
+
+
+class DisplayText(univ.Choice):
+    pass
+
+
+DisplayText.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+    namedtype.NamedType('visibleString',
+                        char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
+)
+
+
+class NoticeReference(univ.Sequence):
+    pass
+
+
+NoticeReference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('organization', DisplayText()),
+    namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer()))
+)
+
+
+class UserNotice(univ.Sequence):
+    pass
+
+
+UserNotice.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('noticeRef', NoticeReference()),
+    namedtype.OptionalNamedType('explicitText', DisplayText())
+)
+
+
+class PrivateKeyUsagePeriod(univ.Sequence):
+    pass
+
+
+PrivateKeyUsagePeriod.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_ce_subjectKeyIdentifier = _OID(id_ce, 14)
+
+
+class CertificateIssuer(GeneralNames):
+    pass
+
+
+class InvalidityDate(useful.GeneralizedTime):
+    pass
+
+
+class SubjectInfoAccessSyntax(univ.SequenceOf):
+    pass
+
+
+SubjectInfoAccessSyntax.componentType = AccessDescription()
+SubjectInfoAccessSyntax.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class KeyUsage(univ.BitString):
+    pass
+
+
+KeyUsage.namedValues = namedval.NamedValues(
+    ('digitalSignature', 0),
+    ('nonRepudiation', 1),
+    ('keyEncipherment', 2),
+    ('dataEncipherment', 3),
+    ('keyAgreement', 4),
+    ('keyCertSign', 5),
+    ('cRLSign', 6),
+    ('encipherOnly', 7),
+    ('decipherOnly', 8)
+)
+
+id_ce_extKeyUsage = _OID(id_ce, 37)
+
+anyExtendedKeyUsage = _OID(id_ce_extKeyUsage, 0)
+
+id_ce_privateKeyUsagePeriod = _OID(id_ce, 16)
+
+id_ce_policyMappings = _OID(id_ce, 33)
+
+id_ce_cRLNumber = _OID(id_ce, 20)
+
+id_ce_policyConstraints = _OID(id_ce, 36)
+
+id_holdinstruction_none = _OID(holdInstruction, 1)
+
+id_holdinstruction_reject = _OID(holdInstruction, 3)
+
+id_kp_timeStamping = _OID(id_kp, 8)
+
+
+class PolicyConstraints(univ.Sequence):
+    pass
+
+
+PolicyConstraints.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('requireExplicitPolicy',
+                                SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('inhibitPolicyMapping',
+                                SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SubjectKeyIdentifier(KeyIdentifier):
+    pass
+
+
+id_kp_clientAuth = _OID(id_kp, 2)
+
+id_ce_deltaCRLIndicator = _OID(id_ce, 27)
+
+id_ce_issuerAltName = _OID(id_ce, 18)
+
+id_kp_codeSigning = _OID(id_kp, 3)
+
+id_ce_holdInstructionCode = _OID(id_ce, 23)
+
+
+class IssuingDistributionPoint(univ.Sequence):
+    pass
+
+
+IssuingDistributionPoint.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.DefaultedNamedType('onlyContainsUserCerts', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(value=0)),
+    namedtype.DefaultedNamedType('onlyContainsCACerts', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)).subtype(value=0)),
+    namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.DefaultedNamedType('indirectCRL', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)).subtype(value=0)),
+    namedtype.DefaultedNamedType('onlyContainsAttributeCerts', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5)).subtype(value=0))
+)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3412.py

@@ -0,0 +1,53 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv3 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3412.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc1905
+
+
+class ScopedPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('contextEngineId', univ.OctetString()),
+        namedtype.NamedType('contextName', univ.OctetString()),
+        namedtype.NamedType('data', rfc1905.PDUs())
+    )
+
+
+class ScopedPduData(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('plaintext', ScopedPDU()),
+        namedtype.NamedType('encryptedPDU', univ.OctetString()),
+    )
+
+
+class HeaderData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgID',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgMaxSize',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(484, 2147483647))),
+        namedtype.NamedType('msgFlags', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 1))),
+        namedtype.NamedType('msgSecurityModel',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 2147483647)))
+    )
+
+
+class SNMPv3Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgVersion',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgGlobalData', HeaderData()),
+        namedtype.NamedType('msgSecurityParameters', univ.OctetString()),
+        namedtype.NamedType('msgData', ScopedPduData())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3447.py

@@ -0,0 +1,45 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#1 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
+#
+# Sample captures could be obtained with "openssl genrsa" command
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedval
+
+from pyasn1_modules.rfc2437 import *
+
+
+class OtherPrimeInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('prime', univ.Integer()),
+        namedtype.NamedType('exponent', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer())
+    )
+
+
+class OtherPrimeInfos(univ.SequenceOf):
+    componentType = OtherPrimeInfo()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class RSAPrivateKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('two-prime', 0), ('multi', 1)))),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer()),
+        namedtype.OptionalNamedType('otherPrimeInfos', OtherPrimeInfos())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3537.py

@@ -0,0 +1,34 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SEED Encryption Algorithm in CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4010.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+id_alg_HMACwith3DESwrap = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.11')
+   
+   
+id_alg_HMACwithAESwrap = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.12')
+
+
+# Update the Algorithm Identifier map in rfc5280.py.
+
+_algorithmIdentifierMapUpdate = {
+    id_alg_HMACwith3DESwrap: univ.Null(""),
+    id_alg_HMACwithAESwrap: univ.Null(""),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3560.py

@@ -0,0 +1,74 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# RSAES-OAEP Key Transport Algorithm in CMS
+#
+# Notice that all of the things needed in RFC 3560 are also defined
+# in RFC 4055.  So, they are all pulled from the RFC 4055 module into
+# this one so that people looking a RFC 3560 can easily find them.
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3560.txt
+#
+
+from pyasn1_modules import rfc4055
+
+id_sha1 = rfc4055.id_sha1
+
+id_sha256 = rfc4055.id_sha256
+
+id_sha384 = rfc4055.id_sha384
+
+id_sha512 = rfc4055.id_sha512
+
+id_mgf1 = rfc4055.id_mgf1
+
+rsaEncryption = rfc4055.rsaEncryption
+
+id_RSAES_OAEP = rfc4055.id_RSAES_OAEP
+
+id_pSpecified = rfc4055.id_pSpecified
+
+sha1Identifier = rfc4055.sha1Identifier
+
+sha256Identifier = rfc4055.sha256Identifier
+
+sha384Identifier = rfc4055.sha384Identifier
+
+sha512Identifier = rfc4055.sha512Identifier
+
+mgf1SHA1Identifier = rfc4055.mgf1SHA1Identifier
+
+mgf1SHA256Identifier = rfc4055.mgf1SHA256Identifier
+
+mgf1SHA384Identifier = rfc4055.mgf1SHA384Identifier
+
+mgf1SHA512Identifier = rfc4055.mgf1SHA512Identifier
+
+pSpecifiedEmptyIdentifier = rfc4055.pSpecifiedEmptyIdentifier
+
+
+class RSAES_OAEP_params(rfc4055.RSAES_OAEP_params):
+    pass
+
+
+rSAES_OAEP_Default_Params = RSAES_OAEP_params()
+
+rSAES_OAEP_Default_Identifier = rfc4055.rSAES_OAEP_Default_Identifier
+
+rSAES_OAEP_SHA256_Params = rfc4055.rSAES_OAEP_SHA256_Params
+
+rSAES_OAEP_SHA256_Identifier = rfc4055.rSAES_OAEP_SHA256_Identifier
+
+rSAES_OAEP_SHA384_Params = rfc4055.rSAES_OAEP_SHA384_Params
+
+rSAES_OAEP_SHA384_Identifier = rfc4055.rSAES_OAEP_SHA384_Identifier
+
+rSAES_OAEP_SHA512_Params = rfc4055.rSAES_OAEP_SHA512_Params
+
+rSAES_OAEP_SHA512_Identifier = rfc4055.rSAES_OAEP_SHA512_Identifier

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3565.py

@@ -0,0 +1,57 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to add maps for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Use of the Advanced Encryption Standard (AES) Encryption
+#   Algorithm in the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3565.txt
+
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+class AlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class AES_IV(univ.OctetString):
+    pass
+
+AES_IV.subtypeSpec = constraint.ValueSizeConstraint(16, 16)
+
+
+id_aes128_CBC = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.2')
+
+id_aes192_CBC = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.22')
+
+id_aes256_CBC = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.42')
+
+
+id_aes128_wrap = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.5')
+
+id_aes192_wrap = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.25')
+
+id_aes256_wrap = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.45')
+
+
+# Update the Algorithm Identifier map
+
+_algorithmIdentifierMapUpdate = {
+    id_aes128_CBC: AES_IV(),
+    id_aes192_CBC: AES_IV(),
+    id_aes256_CBC: AES_IV(),
+    id_aes128_wrap: univ.Null(),
+    id_aes192_wrap: univ.Null(),
+    id_aes256_wrap: univ.Null(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3657.py

@@ -0,0 +1,66 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Camellia Algorithm in CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3657.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5751
+
+
+id_camellia128_cbc = univ.ObjectIdentifier('1.2.392.200011.61.1.1.1.2')
+
+id_camellia192_cbc = univ.ObjectIdentifier('1.2.392.200011.61.1.1.1.3')
+
+id_camellia256_cbc = univ.ObjectIdentifier('1.2.392.200011.61.1.1.1.4')
+
+id_camellia128_wrap = univ.ObjectIdentifier('1.2.392.200011.61.1.1.3.2')
+
+id_camellia192_wrap = univ.ObjectIdentifier('1.2.392.200011.61.1.1.3.3')
+
+id_camellia256_wrap = univ.ObjectIdentifier('1.2.392.200011.61.1.1.3.4')
+
+
+
+class Camellia_IV(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(16, 16)
+
+
+class CamelliaSMimeCapability(univ.Null):
+    pass
+
+
+# Update the Algorithm Identifier map in rfc5280.py.
+
+_algorithmIdentifierMapUpdate = {
+    id_camellia128_cbc: Camellia_IV(),
+    id_camellia192_cbc: Camellia_IV(),
+    id_camellia256_cbc: Camellia_IV(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the SMIMECapabilities Attribute map in rfc5751.py
+
+_smimeCapabilityMapUpdate = {
+    id_camellia128_cbc: CamelliaSMimeCapability(),
+    id_camellia192_cbc: CamelliaSMimeCapability(),
+    id_camellia256_cbc: CamelliaSMimeCapability(),
+    id_camellia128_wrap: CamelliaSMimeCapability(),
+    id_camellia192_wrap: CamelliaSMimeCapability(),
+    id_camellia256_wrap: CamelliaSMimeCapability(),
+}
+
+rfc5751.smimeCapabilityMap.update(_smimeCapabilityMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3709.py

@@ -0,0 +1,207 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add maps for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Logotypes in X.509 Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3709.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc6170
+
+MAX = float('inf')
+
+
+class HashAlgAndValue(univ.Sequence):
+    pass
+
+HashAlgAndValue.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('hashValue', univ.OctetString())
+)
+
+
+class LogotypeDetails(univ.Sequence):
+    pass
+
+LogotypeDetails.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('mediaType', char.IA5String()),
+    namedtype.NamedType('logotypeHash', univ.SequenceOf(
+        componentType=HashAlgAndValue()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('logotypeURI', univ.SequenceOf(
+        componentType=char.IA5String()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class LogotypeAudioInfo(univ.Sequence):
+    pass
+
+LogotypeAudioInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('fileSize', univ.Integer()),
+    namedtype.NamedType('playTime', univ.Integer()),
+    namedtype.NamedType('channels', univ.Integer()),
+    namedtype.OptionalNamedType('sampleRate', univ.Integer().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('language', char.IA5String().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
+class LogotypeAudio(univ.Sequence):
+    pass
+
+LogotypeAudio.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('audioDetails', LogotypeDetails()),
+    namedtype.OptionalNamedType('audioInfo', LogotypeAudioInfo())
+)
+
+
+class LogotypeImageType(univ.Integer):
+    pass
+
+LogotypeImageType.namedValues = namedval.NamedValues(
+    ('grayScale', 0),
+    ('color', 1)
+)
+
+
+class LogotypeImageResolution(univ.Choice):
+    pass
+
+LogotypeImageResolution.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numBits',
+        univ.Integer().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('tableSize',
+        univ.Integer().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class LogotypeImageInfo(univ.Sequence):
+    pass
+
+LogotypeImageInfo.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('type', LogotypeImageType().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatSimple, 0)).subtype(value='color')),
+    namedtype.NamedType('fileSize', univ.Integer()),
+    namedtype.NamedType('xSize', univ.Integer()),
+    namedtype.NamedType('ySize', univ.Integer()),
+    namedtype.OptionalNamedType('resolution', LogotypeImageResolution()),
+    namedtype.OptionalNamedType('language', char.IA5String().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
+class LogotypeImage(univ.Sequence):
+    pass
+
+LogotypeImage.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('imageDetails', LogotypeDetails()),
+    namedtype.OptionalNamedType('imageInfo', LogotypeImageInfo())
+)
+
+
+class LogotypeData(univ.Sequence):
+    pass
+
+LogotypeData.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('image', univ.SequenceOf(
+        componentType=LogotypeImage())),
+    namedtype.OptionalNamedType('audio', univ.SequenceOf(
+        componentType=LogotypeAudio()).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatSimple, 1)))
+)
+
+
+class LogotypeReference(univ.Sequence):
+    pass
+
+LogotypeReference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('refStructHash', univ.SequenceOf(
+        componentType=HashAlgAndValue()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('refStructURI', univ.SequenceOf(
+        componentType=char.IA5String()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class LogotypeInfo(univ.Choice):
+    pass
+
+LogotypeInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('direct',
+        LogotypeData().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('indirect', LogotypeReference().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext,
+             tag.tagFormatConstructed, 1)))
+)
+
+# Other logotype type and associated object identifiers
+
+id_logo_background = univ.ObjectIdentifier('1.3.6.1.5.5.7.20.2')
+
+id_logo_loyalty = univ.ObjectIdentifier('1.3.6.1.5.5.7.20.1')
+
+id_logo_certImage = rfc6170.id_logo_certImage
+
+
+class OtherLogotypeInfo(univ.Sequence):
+    pass
+
+OtherLogotypeInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('logotypeType', univ.ObjectIdentifier()),
+    namedtype.NamedType('info', LogotypeInfo())
+)
+
+
+# Logotype Certificate Extension
+
+id_pe_logotype = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.12')
+
+
+class LogotypeExtn(univ.Sequence):
+    pass
+
+LogotypeExtn.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('communityLogos', univ.SequenceOf(
+        componentType=LogotypeInfo()).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('issuerLogo', LogotypeInfo().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.OptionalNamedType('subjectLogo', LogotypeInfo().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.OptionalNamedType('otherLogos', univ.SequenceOf(
+        componentType=OtherLogotypeInfo()).subtype(explicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+# Map of Certificate Extension OIDs to Extensions added to the
+# ones that are in rfc5280.py
+
+_certificateExtensionsMapUpdate = {
+    id_pe_logotype: LogotypeExtn(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3739.py

@@ -0,0 +1,203 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add WithComponentsConstraints to
+#   enforce the requirements that are indicated in comments.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Qualified Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3739.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# Initialize the qcStatement map
+
+qcStatementMap = { }
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+AttributeType = rfc5280.AttributeType
+
+DirectoryString = rfc5280.DirectoryString
+
+GeneralName = rfc5280.GeneralName
+
+id_pkix = rfc5280.id_pkix
+
+id_pe = rfc5280.id_pe
+
+
+# Arc for QC personal data attributes
+
+id_pda = id_pkix + (9, )
+
+
+# Arc for QC statements
+
+id_qcs = id_pkix + (11, )
+
+
+# Personal data attributes
+
+id_pda_dateOfBirth = id_pda + (1, )
+
+class DateOfBirth(useful.GeneralizedTime):
+    pass
+
+
+id_pda_placeOfBirth = id_pda + (2, )
+
+class PlaceOfBirth(DirectoryString):
+    pass
+
+
+id_pda_gender = id_pda + (3, )
+
+class Gender(char.PrintableString):
+    subtypeSpec = constraint.ConstraintsIntersection(
+        constraint.ValueSizeConstraint(1, 1),
+        constraint.SingleValueConstraint('M', 'F', 'm', 'f')
+    )
+
+
+id_pda_countryOfCitizenship = id_pda + (4, )
+
+class CountryOfCitizenship(char.PrintableString):
+    subtypeSpec = constraint.ValueSizeConstraint(2, 2)
+    # ISO 3166 Country Code
+
+
+id_pda_countryOfResidence = id_pda + (5, )
+
+class CountryOfResidence(char.PrintableString):
+    subtypeSpec = constraint.ValueSizeConstraint(2, 2)
+    # ISO 3166 Country Code
+
+
+# Biometric info certificate extension
+
+id_pe_biometricInfo = id_pe + (2, )
+
+
+class PredefinedBiometricType(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('picture', 0),
+        ('handwritten-signature', 1)
+    )
+    subtypeSpec = constraint.SingleValueConstraint(0, 1)
+
+
+class TypeOfBiometricData(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('predefinedBiometricType', PredefinedBiometricType()),
+        namedtype.NamedType('biometricDataOid', univ.ObjectIdentifier())
+    )
+
+
+class BiometricData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('typeOfBiometricData', TypeOfBiometricData()),
+        namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('biometricDataHash', univ.OctetString()),
+        namedtype.OptionalNamedType('sourceDataUri', char.IA5String())
+    )
+
+
+class BiometricSyntax(univ.SequenceOf):
+    componentType = BiometricData()
+
+
+# QC Statements certificate extension
+# NOTE: This extension does not allow to mix critical and
+# non-critical Qualified Certificate Statements. Either all
+# statements must be critical or all statements must be
+# non-critical.
+
+id_pe_qcStatements = id_pe + (3, )
+
+
+class NameRegistrationAuthorities(univ.SequenceOf):
+    componentType = GeneralName()
+    subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class QCStatement(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('statementId', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('statementInfo', univ.Any(),
+            openType=opentype.OpenType('statementId', qcStatementMap))
+    )
+
+
+class QCStatements(univ.SequenceOf):
+    componentType = QCStatement()
+
+
+class SemanticsInformation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('semanticsIndentifier',
+            univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('nameRegistrationAuthorities',
+            NameRegistrationAuthorities())
+    )
+    subtypeSpec = constraint.ConstraintsUnion(
+        constraint.WithComponentsConstraint(
+            ('semanticsIndentifier', constraint.ComponentPresentConstraint())),
+        constraint.WithComponentsConstraint(
+            ('nameRegistrationAuthorities', constraint.ComponentPresentConstraint()))
+    )
+
+
+id_qcs = id_pkix + (11, )
+
+
+id_qcs_pkixQCSyntax_v1 = id_qcs + (1, )
+
+
+id_qcs_pkixQCSyntax_v2 = id_qcs + (2, )
+
+
+# Map of Certificate Extension OIDs to Extensions
+# To be added to the ones that are in rfc5280.py
+
+_certificateExtensionsMap = {
+     id_pe_biometricInfo: BiometricSyntax(),
+     id_pe_qcStatements: QCStatements(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap)
+
+
+# Map of AttributeType OIDs to AttributeValue added to the
+# ones that are in rfc5280.py
+
+_certificateAttributesMapUpdate = {
+    id_pda_dateOfBirth: DateOfBirth(),
+    id_pda_placeOfBirth: PlaceOfBirth(),
+    id_pda_gender: Gender(),
+    id_pda_countryOfCitizenship: CountryOfCitizenship(),
+    id_pda_countryOfResidence: CountryOfResidence(),
+}
+
+rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)
+

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3770.py

@@ -0,0 +1,75 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Certificate Extensions and Attributes Supporting Authentication
+#   in PPP and Wireless LAN Networks
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3770.txt
+# https://www.rfc-editor.org/errata/eid234
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+MAX = float('inf')
+
+
+# Extended Key Usage Values
+
+id_kp_eapOverLAN = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.14')
+
+id_kp_eapOverPPP = univ.ObjectIdentifier('1.3.6.1.5.5.7.3.13')
+
+
+# Wireless LAN SSID Extension
+
+id_pe_wlanSSID = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.13')
+
+
+class SSID(univ.OctetString):
+    pass
+
+SSID.subtypeSpec = constraint.ValueSizeConstraint(1, 32)
+
+
+class SSIDList(univ.SequenceOf):
+    pass
+
+SSIDList.componentType = SSID()
+SSIDList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Wireless LAN SSID Attribute Certificate Attribute
+# Uses same syntax as the certificate extension: SSIDList
+# Correction for https://www.rfc-editor.org/errata/eid234
+
+id_aca_wlanSSID = univ.ObjectIdentifier('1.3.6.1.5.5.7.10.7')
+
+
+# Map of Certificate Extension OIDs to Extensions
+# To be added to the ones that are in rfc5280.py
+
+_certificateExtensionsMap = {
+    id_pe_wlanSSID: SSIDList(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap)
+
+
+# Map of AttributeType OIDs to AttributeValue added to the
+# ones that are in rfc5280.py
+
+_certificateAttributesMapUpdate = {
+    id_aca_wlanSSID: SSIDList(),
+}
+
+rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3779.py

@@ -0,0 +1,137 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add maps for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# X.509 Extensions for IP Addresses and AS Identifiers
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3779.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+# IP Address Delegation Extension
+
+id_pe_ipAddrBlocks = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.7')
+
+
+class IPAddress(univ.BitString):
+    pass
+
+
+class IPAddressRange(univ.Sequence):
+    pass
+
+IPAddressRange.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('min', IPAddress()),
+    namedtype.NamedType('max', IPAddress())
+)
+
+
+class IPAddressOrRange(univ.Choice):
+    pass
+
+IPAddressOrRange.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('addressPrefix', IPAddress()),
+    namedtype.NamedType('addressRange', IPAddressRange())
+)
+
+
+class IPAddressChoice(univ.Choice):
+    pass
+
+IPAddressChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('inherit', univ.Null()),
+    namedtype.NamedType('addressesOrRanges', univ.SequenceOf(
+        componentType=IPAddressOrRange())
+    )
+)
+
+
+class IPAddressFamily(univ.Sequence):
+    pass
+
+IPAddressFamily.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('addressFamily', univ.OctetString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(2, 3))),
+    namedtype.NamedType('ipAddressChoice', IPAddressChoice())
+)
+
+
+class IPAddrBlocks(univ.SequenceOf):
+    pass
+
+IPAddrBlocks.componentType = IPAddressFamily()
+
+
+# Autonomous System Identifier Delegation Extension
+
+id_pe_autonomousSysIds = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.8')
+
+
+class ASId(univ.Integer):
+    pass
+
+
+class ASRange(univ.Sequence):
+    pass
+
+ASRange.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('min', ASId()),
+    namedtype.NamedType('max', ASId())
+)
+
+
+class ASIdOrRange(univ.Choice):
+    pass
+
+ASIdOrRange.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('id', ASId()),
+    namedtype.NamedType('range', ASRange())
+)
+
+
+class ASIdentifierChoice(univ.Choice):
+    pass
+
+ASIdentifierChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('inherit', univ.Null()),
+    namedtype.NamedType('asIdsOrRanges', univ.SequenceOf(
+        componentType=ASIdOrRange())
+    )
+)
+
+
+class ASIdentifiers(univ.Sequence):
+    pass
+
+ASIdentifiers.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('asnum', ASIdentifierChoice().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('rdi', ASIdentifierChoice().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatConstructed, 1)))
+)
+
+
+# Map of Certificate Extension OIDs to Extensions is added to the
+# ones that are in rfc5280.py
+
+_certificateExtensionsMapUpdate = {
+    id_pe_ipAddrBlocks: IPAddrBlocks(),
+    id_pe_autonomousSysIds: ASIdentifiers(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4010.py

@@ -0,0 +1,58 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SEED Encryption Algorithm in CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4010.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5751
+
+
+id_seedCBC = univ.ObjectIdentifier('1.2.410.200004.1.4')
+
+
+id_npki_app_cmsSeed_wrap = univ.ObjectIdentifier('1.2.410.200004.7.1.1.1')
+
+
+class SeedIV(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(16, 16)
+
+
+class SeedCBCParameter(SeedIV):
+    pass
+
+
+class SeedSMimeCapability(univ.Null):
+    pass
+
+
+# Update the Algorithm Identifier map in rfc5280.py.
+
+_algorithmIdentifierMapUpdate = {
+    id_seedCBC: SeedCBCParameter(),
+    id_npki_app_cmsSeed_wrap: univ.Null(""),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the SMIMECapabilities Attribute map in rfc5751.py
+
+_smimeCapabilityMapUpdate = {
+    id_seedCBC: SeedSMimeCapability(),
+    id_npki_app_cmsSeed_wrap: SeedSMimeCapability(),
+
+}
+
+rfc5751.smimeCapabilityMap.update(_smimeCapabilityMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4055.py

@@ -0,0 +1,258 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with a very small amount of assistance from
+# asn1ate v.0.6.0.
+# Modified by Russ Housley to add maps for opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Additional Algorithms and Identifiers for RSA Cryptography
+# for use in Certificates and CRLs
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4055.txt
+#
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+    return univ.ObjectIdentifier(output)
+
+
+id_sha1 = _OID(1, 3, 14, 3, 2, 26)
+
+id_sha256 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 1)
+
+id_sha384 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 2)
+
+id_sha512 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 3)
+
+id_sha224 = _OID(2, 16, 840, 1, 101, 3, 4, 2, 4)
+
+rsaEncryption = _OID(1, 2, 840, 113549, 1, 1, 1)
+
+id_mgf1 = _OID(1, 2, 840, 113549, 1, 1, 8)
+
+id_RSAES_OAEP = _OID(1, 2, 840, 113549, 1, 1, 7)
+
+id_pSpecified = _OID(1, 2, 840, 113549, 1, 1, 9)
+
+id_RSASSA_PSS = _OID(1, 2, 840, 113549, 1, 1, 10)
+
+sha256WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 11)
+
+sha384WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 12)
+
+sha512WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 13)
+
+sha224WithRSAEncryption = _OID(1, 2, 840, 113549, 1, 1, 14)
+
+sha1Identifier = rfc5280.AlgorithmIdentifier()
+sha1Identifier['algorithm'] = id_sha1
+sha1Identifier['parameters'] = univ.Null("")
+
+sha224Identifier = rfc5280.AlgorithmIdentifier()
+sha224Identifier['algorithm'] = id_sha224
+sha224Identifier['parameters'] = univ.Null("")
+
+sha256Identifier = rfc5280.AlgorithmIdentifier()
+sha256Identifier['algorithm'] = id_sha256
+sha256Identifier['parameters'] = univ.Null("")
+
+sha384Identifier = rfc5280.AlgorithmIdentifier()
+sha384Identifier['algorithm'] = id_sha384
+sha384Identifier['parameters'] = univ.Null("")
+
+sha512Identifier = rfc5280.AlgorithmIdentifier()
+sha512Identifier['algorithm'] = id_sha512
+sha512Identifier['parameters'] = univ.Null("")
+
+mgf1SHA1Identifier = rfc5280.AlgorithmIdentifier()
+mgf1SHA1Identifier['algorithm'] = id_mgf1
+mgf1SHA1Identifier['parameters'] = sha1Identifier
+
+mgf1SHA224Identifier = rfc5280.AlgorithmIdentifier()
+mgf1SHA224Identifier['algorithm'] = id_mgf1
+mgf1SHA224Identifier['parameters'] = sha224Identifier
+
+mgf1SHA256Identifier = rfc5280.AlgorithmIdentifier()
+mgf1SHA256Identifier['algorithm'] = id_mgf1
+mgf1SHA256Identifier['parameters'] = sha256Identifier
+
+mgf1SHA384Identifier = rfc5280.AlgorithmIdentifier()
+mgf1SHA384Identifier['algorithm'] = id_mgf1
+mgf1SHA384Identifier['parameters'] = sha384Identifier
+
+mgf1SHA512Identifier = rfc5280.AlgorithmIdentifier()
+mgf1SHA512Identifier['algorithm'] = id_mgf1
+mgf1SHA512Identifier['parameters'] = sha512Identifier
+
+pSpecifiedEmptyIdentifier = rfc5280.AlgorithmIdentifier()
+pSpecifiedEmptyIdentifier['algorithm'] = id_pSpecified
+pSpecifiedEmptyIdentifier['parameters'] = univ.OctetString(value='')
+
+
+class RSAPublicKey(univ.Sequence):
+    pass
+
+RSAPublicKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('modulus', univ.Integer()),
+    namedtype.NamedType('publicExponent', univ.Integer())
+)
+
+
+class HashAlgorithm(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class MaskGenAlgorithm(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class RSAES_OAEP_params(univ.Sequence):
+    pass
+
+RSAES_OAEP_params.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('hashFunc', rfc5280.AlgorithmIdentifier().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('maskGenFunc', rfc5280.AlgorithmIdentifier().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.OptionalNamedType('pSourceFunc', rfc5280.AlgorithmIdentifier().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+rSAES_OAEP_Default_Params = RSAES_OAEP_params()
+
+rSAES_OAEP_Default_Identifier = rfc5280.AlgorithmIdentifier()
+rSAES_OAEP_Default_Identifier['algorithm'] = id_RSAES_OAEP
+rSAES_OAEP_Default_Identifier['parameters'] = rSAES_OAEP_Default_Params
+
+rSAES_OAEP_SHA224_Params = RSAES_OAEP_params()
+rSAES_OAEP_SHA224_Params['hashFunc'] = sha224Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSAES_OAEP_SHA224_Params['maskGenFunc'] = mgf1SHA224Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSAES_OAEP_SHA224_Identifier = rfc5280.AlgorithmIdentifier()
+rSAES_OAEP_SHA224_Identifier['algorithm'] = id_RSAES_OAEP
+rSAES_OAEP_SHA224_Identifier['parameters'] = rSAES_OAEP_SHA224_Params
+
+rSAES_OAEP_SHA256_Params = RSAES_OAEP_params()
+rSAES_OAEP_SHA256_Params['hashFunc'] = sha256Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSAES_OAEP_SHA256_Params['maskGenFunc'] = mgf1SHA256Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSAES_OAEP_SHA256_Identifier = rfc5280.AlgorithmIdentifier()
+rSAES_OAEP_SHA256_Identifier['algorithm'] = id_RSAES_OAEP
+rSAES_OAEP_SHA256_Identifier['parameters'] = rSAES_OAEP_SHA256_Params
+
+rSAES_OAEP_SHA384_Params = RSAES_OAEP_params()
+rSAES_OAEP_SHA384_Params['hashFunc'] = sha384Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSAES_OAEP_SHA384_Params['maskGenFunc'] = mgf1SHA384Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSAES_OAEP_SHA384_Identifier = rfc5280.AlgorithmIdentifier()
+rSAES_OAEP_SHA384_Identifier['algorithm'] = id_RSAES_OAEP
+rSAES_OAEP_SHA384_Identifier['parameters'] = rSAES_OAEP_SHA384_Params
+
+rSAES_OAEP_SHA512_Params = RSAES_OAEP_params()
+rSAES_OAEP_SHA512_Params['hashFunc'] = sha512Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSAES_OAEP_SHA512_Params['maskGenFunc'] = mgf1SHA512Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSAES_OAEP_SHA512_Identifier = rfc5280.AlgorithmIdentifier()
+rSAES_OAEP_SHA512_Identifier['algorithm'] = id_RSAES_OAEP
+rSAES_OAEP_SHA512_Identifier['parameters'] = rSAES_OAEP_SHA512_Params
+
+
+class RSASSA_PSS_params(univ.Sequence):
+    pass
+
+RSASSA_PSS_params.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('hashAlgorithm', rfc5280.AlgorithmIdentifier().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('maskGenAlgorithm', rfc5280.AlgorithmIdentifier().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.DefaultedNamedType('saltLength', univ.Integer(value=20).subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.DefaultedNamedType('trailerField', univ.Integer(value=1).subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+rSASSA_PSS_Default_Params = RSASSA_PSS_params()
+
+rSASSA_PSS_Default_Identifier = rfc5280.AlgorithmIdentifier()
+rSASSA_PSS_Default_Identifier['algorithm'] = id_RSASSA_PSS
+rSASSA_PSS_Default_Identifier['parameters'] = rSASSA_PSS_Default_Params
+
+rSASSA_PSS_SHA224_Params = RSASSA_PSS_params()
+rSASSA_PSS_SHA224_Params['hashAlgorithm'] = sha224Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSASSA_PSS_SHA224_Params['maskGenAlgorithm'] = mgf1SHA224Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSASSA_PSS_SHA224_Identifier = rfc5280.AlgorithmIdentifier()
+rSASSA_PSS_SHA224_Identifier['algorithm'] = id_RSASSA_PSS
+rSASSA_PSS_SHA224_Identifier['parameters'] = rSASSA_PSS_SHA224_Params
+
+rSASSA_PSS_SHA256_Params = RSASSA_PSS_params()
+rSASSA_PSS_SHA256_Params['hashAlgorithm'] = sha256Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSASSA_PSS_SHA256_Params['maskGenAlgorithm'] = mgf1SHA256Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSASSA_PSS_SHA256_Identifier = rfc5280.AlgorithmIdentifier()
+rSASSA_PSS_SHA256_Identifier['algorithm'] = id_RSASSA_PSS
+rSASSA_PSS_SHA256_Identifier['parameters'] = rSASSA_PSS_SHA256_Params
+
+rSASSA_PSS_SHA384_Params = RSASSA_PSS_params()
+rSASSA_PSS_SHA384_Params['hashAlgorithm'] = sha384Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSASSA_PSS_SHA384_Params['maskGenAlgorithm'] = mgf1SHA384Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSASSA_PSS_SHA384_Identifier = rfc5280.AlgorithmIdentifier()
+rSASSA_PSS_SHA384_Identifier['algorithm'] = id_RSASSA_PSS
+rSASSA_PSS_SHA384_Identifier['parameters'] = rSASSA_PSS_SHA384_Params
+
+rSASSA_PSS_SHA512_Params = RSASSA_PSS_params()
+rSASSA_PSS_SHA512_Params['hashAlgorithm'] = sha512Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0), cloneValueFlag=True)
+rSASSA_PSS_SHA512_Params['maskGenAlgorithm'] = mgf1SHA512Identifier.subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1), cloneValueFlag=True)
+
+rSASSA_PSS_SHA512_Identifier = rfc5280.AlgorithmIdentifier()
+rSASSA_PSS_SHA512_Identifier['algorithm'] = id_RSASSA_PSS
+rSASSA_PSS_SHA512_Identifier['parameters'] = rSASSA_PSS_SHA512_Params
+
+
+# Update the Algorithm Identifier map
+
+_algorithmIdentifierMapUpdate = {
+    id_sha1: univ.Null(),
+    id_sha224: univ.Null(),
+    id_sha256: univ.Null(),
+    id_sha384: univ.Null(),
+    id_sha512: univ.Null(),
+    id_mgf1: rfc5280.AlgorithmIdentifier(),
+    id_pSpecified: univ.OctetString(),
+    id_RSAES_OAEP: RSAES_OAEP_params(),
+    id_RSASSA_PSS: RSASSA_PSS_params(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4108.py

@@ -0,0 +1,350 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add items from the verified errata.
+# Modified by Russ Housley to add maps for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# CMS Firmware Wrapper
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4108.txt
+# https://www.rfc-editor.org/errata_search.php?rfc=4108
+#
+
+
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+class HardwareSerialEntry(univ.Choice):
+    pass
+
+HardwareSerialEntry.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('all', univ.Null()),
+    namedtype.NamedType('single', univ.OctetString()),
+    namedtype.NamedType('block', univ.Sequence(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('low', univ.OctetString()),
+        namedtype.NamedType('high', univ.OctetString())
+    ))
+    )
+)
+
+
+class HardwareModules(univ.Sequence):
+    pass
+
+HardwareModules.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hwType', univ.ObjectIdentifier()),
+    namedtype.NamedType('hwSerialEntries', univ.SequenceOf(componentType=HardwareSerialEntry()))
+)
+
+
+class CommunityIdentifier(univ.Choice):
+    pass
+
+CommunityIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('communityOID', univ.ObjectIdentifier()),
+    namedtype.NamedType('hwModuleList', HardwareModules())
+)
+
+
+
+class PreferredPackageIdentifier(univ.Sequence):
+    pass
+
+PreferredPackageIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('fwPkgID', univ.ObjectIdentifier()),
+    namedtype.NamedType('verNum', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+)
+
+
+class PreferredOrLegacyPackageIdentifier(univ.Choice):
+    pass
+
+PreferredOrLegacyPackageIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('preferred', PreferredPackageIdentifier()),
+    namedtype.NamedType('legacy', univ.OctetString())
+)
+
+
+class CurrentFWConfig(univ.Sequence):
+    pass
+
+CurrentFWConfig.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('fwPkgType', univ.Integer()),
+    namedtype.NamedType('fwPkgName', PreferredOrLegacyPackageIdentifier())
+)
+
+
+class PreferredOrLegacyStalePackageIdentifier(univ.Choice):
+    pass
+
+PreferredOrLegacyStalePackageIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('preferredStaleVerNum', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.NamedType('legacyStaleVersion', univ.OctetString())
+)
+
+
+class FirmwarePackageLoadErrorCode(univ.Enumerated):
+    pass
+
+FirmwarePackageLoadErrorCode.namedValues = namedval.NamedValues(
+    ('decodeFailure', 1),
+    ('badContentInfo', 2),
+    ('badSignedData', 3),
+    ('badEncapContent', 4),
+    ('badCertificate', 5),
+    ('badSignerInfo', 6),
+    ('badSignedAttrs', 7),
+    ('badUnsignedAttrs', 8),
+    ('missingContent', 9),
+    ('noTrustAnchor', 10),
+    ('notAuthorized', 11),
+    ('badDigestAlgorithm', 12),
+    ('badSignatureAlgorithm', 13),
+    ('unsupportedKeySize', 14),
+    ('signatureFailure', 15),
+    ('contentTypeMismatch', 16),
+    ('badEncryptedData', 17),
+    ('unprotectedAttrsPresent', 18),
+    ('badEncryptContent', 19),
+    ('badEncryptAlgorithm', 20),
+    ('missingCiphertext', 21),
+    ('noDecryptKey', 22),
+    ('decryptFailure', 23),
+    ('badCompressAlgorithm', 24),
+    ('missingCompressedContent', 25),
+    ('decompressFailure', 26),
+    ('wrongHardware', 27),
+    ('stalePackage', 28),
+    ('notInCommunity', 29),
+    ('unsupportedPackageType', 30),
+    ('missingDependency', 31),
+    ('wrongDependencyVersion', 32),
+    ('insufficientMemory', 33),
+    ('badFirmware', 34),
+    ('unsupportedParameters', 35),
+    ('breaksDependency', 36),
+    ('otherError', 99)
+)
+
+
+class VendorLoadErrorCode(univ.Integer):
+    pass
+
+
+# Wrapped Firmware Key Unsigned Attribute and Object Identifier
+
+id_aa_wrappedFirmwareKey = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.39')
+
+class WrappedFirmwareKey(rfc5652.EnvelopedData):
+    pass
+
+
+# Firmware Package Information Signed Attribute and Object Identifier
+
+id_aa_firmwarePackageInfo = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.42')
+
+class FirmwarePackageInfo(univ.Sequence):
+    pass
+
+FirmwarePackageInfo.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('fwPkgType', univ.Integer()),
+    namedtype.OptionalNamedType('dependencies', univ.SequenceOf(componentType=PreferredOrLegacyPackageIdentifier()))
+)
+
+FirmwarePackageInfo.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2)
+
+
+# Community Identifiers Signed Attribute and Object Identifier
+
+id_aa_communityIdentifiers = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.40')
+
+class CommunityIdentifiers(univ.SequenceOf):
+    pass
+
+CommunityIdentifiers.componentType = CommunityIdentifier()
+
+
+# Implemented Compression Algorithms Signed Attribute and Object Identifier
+
+id_aa_implCompressAlgs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.43')
+
+class ImplementedCompressAlgorithms(univ.SequenceOf):
+    pass
+
+ImplementedCompressAlgorithms.componentType = univ.ObjectIdentifier()
+
+
+# Implemented Cryptographic Algorithms Signed Attribute and Object Identifier
+
+id_aa_implCryptoAlgs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.38')
+
+class ImplementedCryptoAlgorithms(univ.SequenceOf):
+    pass
+
+ImplementedCryptoAlgorithms.componentType = univ.ObjectIdentifier()
+
+
+# Decrypt Key Identifier Signed Attribute and Object Identifier
+
+id_aa_decryptKeyID = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.37')
+
+class DecryptKeyIdentifier(univ.OctetString):
+    pass
+
+
+# Target Hardware Identifier Signed Attribute and Object Identifier
+
+id_aa_targetHardwareIDs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.36')
+
+class TargetHardwareIdentifiers(univ.SequenceOf):
+    pass
+
+TargetHardwareIdentifiers.componentType = univ.ObjectIdentifier()
+
+
+# Firmware Package Identifier Signed Attribute and Object Identifier
+
+id_aa_firmwarePackageID = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.35')
+
+class FirmwarePackageIdentifier(univ.Sequence):
+    pass
+
+FirmwarePackageIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('name', PreferredOrLegacyPackageIdentifier()),
+    namedtype.OptionalNamedType('stale', PreferredOrLegacyStalePackageIdentifier())
+)
+
+
+# Firmware Package Message Digest Signed Attribute and Object Identifier
+
+id_aa_fwPkgMessageDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.41')
+
+class FirmwarePackageMessageDigest(univ.Sequence):
+    pass
+
+FirmwarePackageMessageDigest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('msgDigest', univ.OctetString())
+)
+
+
+# Firmware Package Load Error Report Content Type and Object Identifier
+
+class FWErrorVersion(univ.Integer):
+    pass
+
+FWErrorVersion.namedValues = namedval.NamedValues(
+    ('v1', 1)
+)
+
+
+id_ct_firmwareLoadError = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.18')
+
+class FirmwarePackageLoadError(univ.Sequence):
+    pass
+
+FirmwarePackageLoadError.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', FWErrorVersion().subtype(value='v1')),
+    namedtype.NamedType('hwType', univ.ObjectIdentifier()),
+    namedtype.NamedType('hwSerialNum', univ.OctetString()),
+    namedtype.NamedType('errorCode', FirmwarePackageLoadErrorCode()),
+    namedtype.OptionalNamedType('vendorErrorCode', VendorLoadErrorCode()),
+    namedtype.OptionalNamedType('fwPkgName', PreferredOrLegacyPackageIdentifier()),
+    namedtype.OptionalNamedType('config', univ.SequenceOf(componentType=CurrentFWConfig()).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+# Firmware Package Load Receipt Content Type and Object Identifier
+
+class FWReceiptVersion(univ.Integer):
+    pass
+
+FWReceiptVersion.namedValues = namedval.NamedValues(
+    ('v1', 1)
+)
+
+
+id_ct_firmwareLoadReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.17')
+
+class FirmwarePackageLoadReceipt(univ.Sequence):
+    pass
+
+FirmwarePackageLoadReceipt.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', FWReceiptVersion().subtype(value='v1')),
+    namedtype.NamedType('hwType', univ.ObjectIdentifier()),
+    namedtype.NamedType('hwSerialNum', univ.OctetString()),
+    namedtype.NamedType('fwPkgName', PreferredOrLegacyPackageIdentifier()),
+    namedtype.OptionalNamedType('trustAnchorKeyID', univ.OctetString()),
+    namedtype.OptionalNamedType('decryptKeyID', univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+# Firmware Package Content Type and Object Identifier
+
+id_ct_firmwarePackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.16')
+
+class FirmwarePkgData(univ.OctetString):
+    pass
+
+
+# Other Name syntax for Hardware Module Name
+
+id_on_hardwareModuleName = univ.ObjectIdentifier('1.3.6.1.5.5.7.8.4')
+
+class HardwareModuleName(univ.Sequence):
+    pass
+
+HardwareModuleName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hwType', univ.ObjectIdentifier()),
+    namedtype.NamedType('hwSerialNum', univ.OctetString())
+)
+
+
+# Map of Attribute Type OIDs to Attributes is added to the
+# ones that are in rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_wrappedFirmwareKey: WrappedFirmwareKey(),
+    id_aa_firmwarePackageInfo: FirmwarePackageInfo(),
+    id_aa_communityIdentifiers: CommunityIdentifiers(),
+    id_aa_implCompressAlgs: ImplementedCompressAlgorithms(),
+    id_aa_implCryptoAlgs: ImplementedCryptoAlgorithms(),
+    id_aa_decryptKeyID: DecryptKeyIdentifier(),
+    id_aa_targetHardwareIDs: TargetHardwareIdentifiers(),
+    id_aa_firmwarePackageID: FirmwarePackageIdentifier(),
+    id_aa_fwPkgMessageDigest: FirmwarePackageMessageDigest(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
+
+
+# Map of Content Type OIDs to Content Types is added to the
+# ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_firmwareLoadError: FirmwarePackageLoadError(),
+    id_ct_firmwareLoadReceipt: FirmwarePackageLoadReceipt(),
+    id_ct_firmwarePackage: FirmwarePkgData(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
+
+
+# Map of Other Name OIDs to Other Name is added to the
+# ones that are in rfc5280.py
+
+_anotherNameMapUpdate = {
+    id_on_hardwareModuleName: HardwareModuleName(),
+}
+
+rfc5280.anotherNameMap.update(_anotherNameMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4210.py

@@ -0,0 +1,803 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Certificate Management Protocol structures as per RFC4210
+#
+# Based on Alex Railean's work
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc2314
+from pyasn1_modules import rfc2459
+from pyasn1_modules import rfc2511
+
+MAX = float('inf')
+
+
+class KeyIdentifier(univ.OctetString):
+    pass
+
+
+class CMPCertificate(rfc2459.Certificate):
+    pass
+
+
+class OOBCert(CMPCertificate):
+    pass
+
+
+class CertAnnContent(CMPCertificate):
+    pass
+
+
+class PKIFreeText(univ.SequenceOf):
+    """
+    PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
+    """
+    componentType = char.UTF8String()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+class PollRepContent(univ.SequenceOf):
+    """
+         PollRepContent ::= SEQUENCE OF SEQUENCE {
+         certReqId              INTEGER,
+         checkAfter             INTEGER,  -- time in seconds
+         reason                 PKIFreeText OPTIONAL
+     }
+    """
+
+    class CertReq(univ.Sequence):
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('certReqId', univ.Integer()),
+            namedtype.NamedType('checkAfter', univ.Integer()),
+            namedtype.OptionalNamedType('reason', PKIFreeText())
+        )
+
+    componentType = CertReq()
+
+
+class PollReqContent(univ.SequenceOf):
+    """
+         PollReqContent ::= SEQUENCE OF SEQUENCE {
+         certReqId              INTEGER
+     }
+
+    """
+
+    class CertReq(univ.Sequence):
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('certReqId', univ.Integer())
+        )
+
+    componentType = CertReq()
+
+
+class InfoTypeAndValue(univ.Sequence):
+    """
+    InfoTypeAndValue ::= SEQUENCE {
+     infoType               OBJECT IDENTIFIER,
+     infoValue              ANY DEFINED BY infoType  OPTIONAL
+    }"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('infoType', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('infoValue', univ.Any())
+    )
+
+
+class GenRepContent(univ.SequenceOf):
+    componentType = InfoTypeAndValue()
+
+
+class GenMsgContent(univ.SequenceOf):
+    componentType = InfoTypeAndValue()
+
+
+class PKIConfirmContent(univ.Null):
+    pass
+
+
+class CRLAnnContent(univ.SequenceOf):
+    componentType = rfc2459.CertificateList()
+
+
+class CAKeyUpdAnnContent(univ.Sequence):
+    """
+    CAKeyUpdAnnContent ::= SEQUENCE {
+         oldWithNew   CMPCertificate,
+         newWithOld   CMPCertificate,
+         newWithNew   CMPCertificate
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('oldWithNew', CMPCertificate()),
+        namedtype.NamedType('newWithOld', CMPCertificate()),
+        namedtype.NamedType('newWithNew', CMPCertificate())
+    )
+
+
+class RevDetails(univ.Sequence):
+    """
+    RevDetails ::= SEQUENCE {
+         certDetails         CertTemplate,
+         crlEntryDetails     Extensions       OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certDetails', rfc2511.CertTemplate()),
+        namedtype.OptionalNamedType('crlEntryDetails', rfc2459.Extensions())
+    )
+
+
+class RevReqContent(univ.SequenceOf):
+    componentType = RevDetails()
+
+
+class CertOrEncCert(univ.Choice):
+    """
+     CertOrEncCert ::= CHOICE {
+         certificate     [0] CMPCertificate,
+         encryptedCert   [1] EncryptedValue
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificate', CMPCertificate().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('encryptedCert', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class CertifiedKeyPair(univ.Sequence):
+    """
+    CertifiedKeyPair ::= SEQUENCE {
+         certOrEncCert       CertOrEncCert,
+         privateKey      [0] EncryptedValue      OPTIONAL,
+         publicationInfo [1] PKIPublicationInfo  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certOrEncCert', CertOrEncCert()),
+        namedtype.OptionalNamedType('privateKey', rfc2511.EncryptedValue().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('publicationInfo', rfc2511.PKIPublicationInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class POPODecKeyRespContent(univ.SequenceOf):
+    componentType = univ.Integer()
+
+
+class Challenge(univ.Sequence):
+    """
+    Challenge ::= SEQUENCE {
+         owf                 AlgorithmIdentifier  OPTIONAL,
+         witness             OCTET STRING,
+         challenge           OCTET STRING
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('witness', univ.OctetString()),
+        namedtype.NamedType('challenge', univ.OctetString())
+    )
+
+
+class PKIStatus(univ.Integer):
+    """
+    PKIStatus ::= INTEGER {
+         accepted                (0),
+         grantedWithMods        (1),
+         rejection              (2),
+         waiting                (3),
+         revocationWarning      (4),
+         revocationNotification (5),
+         keyUpdateWarning       (6)
+     }
+    """
+    namedValues = namedval.NamedValues(
+        ('accepted', 0),
+        ('grantedWithMods', 1),
+        ('rejection', 2),
+        ('waiting', 3),
+        ('revocationWarning', 4),
+        ('revocationNotification', 5),
+        ('keyUpdateWarning', 6)
+    )
+
+
+class PKIFailureInfo(univ.BitString):
+    """
+    PKIFailureInfo ::= BIT STRING {
+         badAlg              (0),
+         badMessageCheck     (1),
+         badRequest          (2),
+         badTime             (3),
+         badCertId           (4),
+         badDataFormat       (5),
+         wrongAuthority      (6),
+         incorrectData       (7),
+         missingTimeStamp    (8),
+         badPOP              (9),
+         certRevoked         (10),
+         certConfirmed       (11),
+         wrongIntegrity      (12),
+         badRecipientNonce   (13),
+         timeNotAvailable    (14),
+         unacceptedPolicy    (15),
+         unacceptedExtension (16),
+         addInfoNotAvailable (17),
+         badSenderNonce      (18),
+         badCertTemplate     (19),
+         signerNotTrusted    (20),
+         transactionIdInUse  (21),
+         unsupportedVersion  (22),
+         notAuthorized       (23),
+         systemUnavail       (24),
+         systemFailure       (25),
+         duplicateCertReq    (26)
+    """
+    namedValues = namedval.NamedValues(
+        ('badAlg', 0),
+        ('badMessageCheck', 1),
+        ('badRequest', 2),
+        ('badTime', 3),
+        ('badCertId', 4),
+        ('badDataFormat', 5),
+        ('wrongAuthority', 6),
+        ('incorrectData', 7),
+        ('missingTimeStamp', 8),
+        ('badPOP', 9),
+        ('certRevoked', 10),
+        ('certConfirmed', 11),
+        ('wrongIntegrity', 12),
+        ('badRecipientNonce', 13),
+        ('timeNotAvailable', 14),
+        ('unacceptedPolicy', 15),
+        ('unacceptedExtension', 16),
+        ('addInfoNotAvailable', 17),
+        ('badSenderNonce', 18),
+        ('badCertTemplate', 19),
+        ('signerNotTrusted', 20),
+        ('transactionIdInUse', 21),
+        ('unsupportedVersion', 22),
+        ('notAuthorized', 23),
+        ('systemUnavail', 24),
+        ('systemFailure', 25),
+        ('duplicateCertReq', 26)
+    )
+
+
+class PKIStatusInfo(univ.Sequence):
+    """
+    PKIStatusInfo ::= SEQUENCE {
+         status        PKIStatus,
+         statusString  PKIFreeText     OPTIONAL,
+         failInfo      PKIFailureInfo  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatus()),
+        namedtype.OptionalNamedType('statusString', PKIFreeText()),
+        namedtype.OptionalNamedType('failInfo', PKIFailureInfo())
+    )
+
+
+class ErrorMsgContent(univ.Sequence):
+    """
+    ErrorMsgContent ::= SEQUENCE {
+         pKIStatusInfo          PKIStatusInfo,
+         errorCode              INTEGER           OPTIONAL,
+         -- implementation-specific error codes
+         errorDetails           PKIFreeText       OPTIONAL
+         -- implementation-specific error details
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('pKIStatusInfo', PKIStatusInfo()),
+        namedtype.OptionalNamedType('errorCode', univ.Integer()),
+        namedtype.OptionalNamedType('errorDetails', PKIFreeText())
+    )
+
+
+class CertStatus(univ.Sequence):
+    """
+    CertStatus ::= SEQUENCE {
+        certHash    OCTET STRING,
+        certReqId   INTEGER,
+        statusInfo  PKIStatusInfo OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certHash', univ.OctetString()),
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.OptionalNamedType('statusInfo', PKIStatusInfo())
+    )
+
+
+class CertConfirmContent(univ.SequenceOf):
+    componentType = CertStatus()
+
+
+class RevAnnContent(univ.Sequence):
+    """
+    RevAnnContent ::= SEQUENCE {
+         status              PKIStatus,
+         certId              CertId,
+         willBeRevokedAt     GeneralizedTime,
+         badSinceDate        GeneralizedTime,
+         crlDetails          Extensions  OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatus()),
+        namedtype.NamedType('certId', rfc2511.CertId()),
+        namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions())
+    )
+
+
+class RevRepContent(univ.Sequence):
+    """
+    RevRepContent ::= SEQUENCE {
+         status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
+         revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId
+                                             OPTIONAL,
+         crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList
+                                             OPTIONAL
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType(
+            'status', univ.SequenceOf(
+                componentType=PKIStatusInfo(),
+                sizeSpec=constraint.ValueSizeConstraint(1, MAX)
+            )
+        ),
+        namedtype.OptionalNamedType(
+            'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype(
+                sizeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType(
+            'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype(
+                sizeSpec=constraint.ValueSizeConstraint(1, MAX),
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        )
+    )
+
+
+class KeyRecRepContent(univ.Sequence):
+    """
+    KeyRecRepContent ::= SEQUENCE {
+         status                  PKIStatusInfo,
+         newSigCert          [0] CMPCertificate OPTIONAL,
+         caCerts             [1] SEQUENCE SIZE (1..MAX) OF
+                                             CMPCertificate OPTIONAL,
+         keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
+                                             CertifiedKeyPair OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType(
+            'newSigCert', CMPCertificate().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.OptionalNamedType(
+            'caCerts', univ.SequenceOf(componentType=CMPCertificate()).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1),
+                sizeSpec=constraint.ValueSizeConstraint(1, MAX)
+            )
+        ),
+        namedtype.OptionalNamedType('keyPairHist', univ.SequenceOf(componentType=CertifiedKeyPair()).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2),
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX))
+        )
+    )
+
+
+class CertResponse(univ.Sequence):
+    """
+    CertResponse ::= SEQUENCE {
+         certReqId           INTEGER,
+         status              PKIStatusInfo,
+         certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
+         rspInfo             OCTET STRING        OPTIONAL
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certReqId', univ.Integer()),
+        namedtype.NamedType('status', PKIStatusInfo()),
+        namedtype.OptionalNamedType('certifiedKeyPair', CertifiedKeyPair()),
+        namedtype.OptionalNamedType('rspInfo', univ.OctetString())
+    )
+
+
+class CertRepMessage(univ.Sequence):
+    """
+    CertRepMessage ::= SEQUENCE {
+         caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                          OPTIONAL,
+         response         SEQUENCE OF CertResponse
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType(
+            'caPubs', univ.SequenceOf(
+                componentType=CMPCertificate()
+            ).subtype(sizeSpec=constraint.ValueSizeConstraint(1, MAX),
+                      explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))
+        ),
+        namedtype.NamedType('response', univ.SequenceOf(componentType=CertResponse()))
+    )
+
+
+class POPODecKeyChallContent(univ.SequenceOf):
+    componentType = Challenge()
+
+
+class OOBCertHash(univ.Sequence):
+    """
+    OOBCertHash ::= SEQUENCE {
+         hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
+         certId      [1] CertId                  OPTIONAL,
+         hashVal         BIT STRING
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType(
+            'hashAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))
+        ),
+        namedtype.OptionalNamedType(
+            'certId', rfc2511.CertId().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))
+        ),
+        namedtype.NamedType('hashVal', univ.BitString())
+    )
+
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+class NestedMessageContent(univ.SequenceOf):
+    """
+    NestedMessageContent ::= PKIMessages
+    """
+    componentType = univ.Any()
+
+
+class DHBMParameter(univ.Sequence):
+    """
+    DHBMParameter ::= SEQUENCE {
+         owf                 AlgorithmIdentifier,
+         -- AlgId for a One-Way Function (SHA-1 recommended)
+         mac                 AlgorithmIdentifier
+         -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
+     }   -- or HMAC [RFC2104, RFC2202])
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+    )
+
+
+id_DHBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.30')
+
+
+class PBMParameter(univ.Sequence):
+    """
+    PBMParameter ::= SEQUENCE {
+         salt                OCTET STRING,
+         owf                 AlgorithmIdentifier,
+         iterationCount      INTEGER,
+         mac                 AlgorithmIdentifier
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType(
+            'salt', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 128))
+        ),
+        namedtype.NamedType('owf', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('iterationCount', univ.Integer()),
+        namedtype.NamedType('mac', rfc2459.AlgorithmIdentifier())
+    )
+
+
+id_PasswordBasedMac = univ.ObjectIdentifier('1.2.840.113533.7.66.13')
+
+
+class PKIProtection(univ.BitString):
+    pass
+
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+nestedMessageContent = NestedMessageContent().subtype(
+    explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 20))
+
+
+class PKIBody(univ.Choice):
+    """
+    PKIBody ::= CHOICE {       -- message-specific body elements
+         ir       [0]  CertReqMessages,        --Initialization Request
+         ip       [1]  CertRepMessage,         --Initialization Response
+         cr       [2]  CertReqMessages,        --Certification Request
+         cp       [3]  CertRepMessage,         --Certification Response
+         p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
+         popdecc  [5]  POPODecKeyChallContent, --pop Challenge
+         popdecr  [6]  POPODecKeyRespContent,  --pop Response
+         kur      [7]  CertReqMessages,        --Key Update Request
+         kup      [8]  CertRepMessage,         --Key Update Response
+         krr      [9]  CertReqMessages,        --Key Recovery Request
+         krp      [10] KeyRecRepContent,       --Key Recovery Response
+         rr       [11] RevReqContent,          --Revocation Request
+         rp       [12] RevRepContent,          --Revocation Response
+         ccr      [13] CertReqMessages,        --Cross-Cert. Request
+         ccp      [14] CertRepMessage,         --Cross-Cert. Response
+         ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
+         cann     [16] CertAnnContent,         --Certificate Ann.
+         rann     [17] RevAnnContent,          --Revocation Ann.
+         crlann   [18] CRLAnnContent,          --CRL Announcement
+         pkiconf  [19] PKIConfirmContent,      --Confirmation
+         nested   [20] NestedMessageContent,   --Nested Message
+         genm     [21] GenMsgContent,          --General Message
+         genp     [22] GenRepContent,          --General Response
+         error    [23] ErrorMsgContent,        --Error Message
+         certConf [24] CertConfirmContent,     --Certificate confirm
+         pollReq  [25] PollReqContent,         --Polling request
+         pollRep  [26] PollRepContent          --Polling response
+
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType(
+            'ir', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+            )
+        ),
+        namedtype.NamedType(
+            'ip', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+            )
+        ),
+        namedtype.NamedType(
+            'cr', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+            )
+        ),
+        namedtype.NamedType(
+            'cp', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+            )
+        ),
+        namedtype.NamedType(
+            'p10cr', rfc2314.CertificationRequest().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)
+            )
+        ),
+        namedtype.NamedType(
+            'popdecc', POPODecKeyChallContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)
+            )
+        ),
+        namedtype.NamedType(
+            'popdecr', POPODecKeyRespContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)
+            )
+        ),
+        namedtype.NamedType(
+            'kur', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)
+            )
+        ),
+        namedtype.NamedType(
+            'kup', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8)
+            )
+        ),
+        namedtype.NamedType(
+            'krr', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)
+            )
+        ),
+        namedtype.NamedType(
+            'krp', KeyRecRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10)
+            )
+        ),
+        namedtype.NamedType(
+            'rr', RevReqContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 11)
+            )
+        ),
+        namedtype.NamedType(
+            'rp', RevRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 12)
+            )
+        ),
+        namedtype.NamedType(
+            'ccr', rfc2511.CertReqMessages().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 13)
+            )
+        ),
+        namedtype.NamedType(
+            'ccp', CertRepMessage().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 14)
+            )
+        ),
+        namedtype.NamedType(
+            'ckuann', CAKeyUpdAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 15)
+            )
+        ),
+        namedtype.NamedType(
+            'cann', CertAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 16)
+            )
+        ),
+        namedtype.NamedType(
+            'rann', RevAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 17)
+            )
+        ),
+        namedtype.NamedType(
+            'crlann', CRLAnnContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 18)
+            )
+        ),
+        namedtype.NamedType(
+            'pkiconf', PKIConfirmContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 19)
+            )
+        ),
+        namedtype.NamedType(
+            'nested', nestedMessageContent
+        ),
+        #        namedtype.NamedType('nested', NestedMessageContent().subtype(
+        #            explicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatConstructed,20)
+        #            )
+        #        ),
+        namedtype.NamedType(
+            'genm', GenMsgContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 21)
+            )
+        ),
+        namedtype.NamedType(
+            'gen', GenRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 22)
+            )
+        ),
+        namedtype.NamedType(
+            'error', ErrorMsgContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 23)
+            )
+        ),
+        namedtype.NamedType(
+            'certConf', CertConfirmContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 24)
+            )
+        ),
+        namedtype.NamedType(
+            'pollReq', PollReqContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 25)
+            )
+        ),
+        namedtype.NamedType(
+            'pollRep', PollRepContent().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 26)
+            )
+        )
+    )
+
+
+class PKIHeader(univ.Sequence):
+    """
+    PKIHeader ::= SEQUENCE {
+    pvno                INTEGER     { cmp1999(1), cmp2000(2) },
+    sender              GeneralName,
+    recipient           GeneralName,
+    messageTime     [0] GeneralizedTime         OPTIONAL,
+    protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
+    senderKID       [2] KeyIdentifier           OPTIONAL,
+    recipKID        [3] KeyIdentifier           OPTIONAL,
+    transactionID   [4] OCTET STRING            OPTIONAL,
+    senderNonce     [5] OCTET STRING            OPTIONAL,
+    recipNonce      [6] OCTET STRING            OPTIONAL,
+    freeText        [7] PKIFreeText             OPTIONAL,
+    generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
+                     InfoTypeAndValue     OPTIONAL
+    }
+
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType(
+            'pvno', univ.Integer(
+                namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2))
+            )
+        ),
+        namedtype.NamedType('sender', rfc2459.GeneralName()),
+        namedtype.NamedType('recipient', rfc2459.GeneralName()),
+        namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+        namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+        namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+        namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
+        namedtype.OptionalNamedType('generalInfo',
+                                    univ.SequenceOf(
+                                        componentType=InfoTypeAndValue().subtype(
+                                            sizeSpec=constraint.ValueSizeConstraint(1, MAX)
+                                        )
+                                    ).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))
+        )
+    )
+
+
+class ProtectedPart(univ.Sequence):
+    """
+     ProtectedPart ::= SEQUENCE {
+         header    PKIHeader,
+         body      PKIBody
+     }
+    """
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('header', PKIHeader()),
+        namedtype.NamedType('infoValue', PKIBody())
+    )
+
+
+class PKIMessage(univ.Sequence):
+    """
+    PKIMessage ::= SEQUENCE {
+    header           PKIHeader,
+    body             PKIBody,
+    protection   [0] PKIProtection OPTIONAL,
+    extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
+                  OPTIONAL
+     }"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('header', PKIHeader()),
+        namedtype.NamedType('body', PKIBody()),
+        namedtype.OptionalNamedType('protection', PKIProtection().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('extraCerts',
+                                    univ.SequenceOf(
+                                        componentType=CMPCertificate()
+                                    ).subtype(
+                                        sizeSpec=constraint.ValueSizeConstraint(1, MAX),
+                                        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+                                    )
+                                    )
+    )
+
+
+class PKIMessages(univ.SequenceOf):
+    """
+    PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage
+    """
+    componentType = PKIMessage()
+    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+
+
+# pyasn1 does not naturally handle recursive definitions, thus this hack:
+# NestedMessageContent ::= PKIMessages
+NestedMessageContent._componentType = PKIMessages()
+nestedMessageContent._componentType = PKIMessages()

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4476.py

@@ -0,0 +1,93 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Attribute Certificate Policies Extension
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4476.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+PolicyQualifierId = rfc5280.PolicyQualifierId
+
+PolicyQualifierInfo = rfc5280.PolicyQualifierInfo
+
+UserNotice = rfc5280.UserNotice
+
+id_pkix = rfc5280.id_pkix
+
+
+# Object Identifiers
+
+id_pe = id_pkix + (1,)
+
+id_pe_acPolicies = id_pe + (15,)
+
+id_qt = id_pkix + (2,)
+
+id_qt_acps = id_qt + (4,)
+
+id_qt_acunotice = id_qt + (5,)
+
+
+# Attribute Certificate Policies Extension
+
+class ACUserNotice(UserNotice):
+    pass
+
+
+class ACPSuri(char.IA5String):
+    pass
+
+
+class AcPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class PolicyInformation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyIdentifier', AcPolicyId()),
+        namedtype.OptionalNamedType('policyQualifiers',
+            univ.SequenceOf(componentType=PolicyQualifierInfo()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class AcPoliciesSyntax(univ.SequenceOf):
+    componentType = PolicyInformation()
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+# Update the policy qualifier map in rfc5280.py
+
+_policyQualifierInfoMapUpdate = {
+    id_qt_acps: ACPSuri(),
+    id_qt_acunotice: UserNotice(),
+}
+
+rfc5280.policyQualifierInfoMap.update(_policyQualifierInfoMapUpdate)
+
+
+# Update the certificate extension map in rfc5280.py
+
+_certificateExtensionsMapUpdate = {
+    id_pe_acPolicies: AcPoliciesSyntax(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4985.py

@@ -0,0 +1,49 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Expression of Service Names in X.509 Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4985.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# As specified in Appendix A.2 of RFC 4985
+
+id_pkix = rfc5280.id_pkix
+
+id_on = id_pkix + (8, )
+
+id_on_dnsSRV = id_on + (7, )
+
+
+class SRVName(char.IA5String):
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+srvName = rfc5280.AnotherName()
+srvName['type-id'] = id_on_dnsSRV
+srvName['value'] = SRVName()
+
+
+# Map of Other Name OIDs to Other Name is added to the
+# ones that are in rfc5280.py
+
+_anotherNameMapUpdate = {
+    id_on_dnsSRV: SRVName(),
+}
+
+rfc5280.anotherNameMap.update(_anotherNameMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5035.py

@@ -0,0 +1,199 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add a map for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Update to Enhanced Security Services for S/MIME
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5035.txt
+#
+
+from pyasn1.codec.der.encoder import encode as der_encode
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc2634
+from pyasn1_modules import rfc4055
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+
+ContentType = rfc5652.ContentType
+
+IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
+
+SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+PolicyInformation = rfc5280.PolicyInformation
+
+GeneralNames = rfc5280.GeneralNames
+
+CertificateSerialNumber = rfc5280.CertificateSerialNumber
+
+
+# Signing Certificate Attribute V1 and V2
+
+id_aa_signingCertificate = rfc2634.id_aa_signingCertificate
+
+id_aa_signingCertificateV2 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.47')
+
+Hash = rfc2634.Hash
+
+IssuerSerial = rfc2634.IssuerSerial
+
+ESSCertID = rfc2634.ESSCertID
+
+SigningCertificate = rfc2634.SigningCertificate
+
+
+sha256AlgId = AlgorithmIdentifier()
+sha256AlgId['algorithm'] = rfc4055.id_sha256
+# A non-schema object for sha256AlgId['parameters'] as absent
+sha256AlgId['parameters'] = der_encode(univ.OctetString(''))
+
+
+class ESSCertIDv2(univ.Sequence):
+    pass
+
+ESSCertIDv2.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('hashAlgorithm', sha256AlgId),
+    namedtype.NamedType('certHash', Hash()),
+    namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
+)
+
+
+class SigningCertificateV2(univ.Sequence):
+    pass
+
+SigningCertificateV2.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certs', univ.SequenceOf(
+        componentType=ESSCertIDv2())),
+    namedtype.OptionalNamedType('policies', univ.SequenceOf(
+        componentType=PolicyInformation()))
+)
+
+
+# Mail List Expansion History Attribute
+
+id_aa_mlExpandHistory = rfc2634.id_aa_mlExpandHistory
+
+ub_ml_expansion_history = rfc2634.ub_ml_expansion_history
+
+EntityIdentifier = rfc2634.EntityIdentifier
+
+MLReceiptPolicy = rfc2634.MLReceiptPolicy
+
+MLData = rfc2634.MLData
+
+MLExpansionHistory = rfc2634.MLExpansionHistory
+
+
+# ESS Security Label Attribute
+
+id_aa_securityLabel = rfc2634.id_aa_securityLabel
+
+ub_privacy_mark_length = rfc2634.ub_privacy_mark_length
+
+ub_security_categories = rfc2634.ub_security_categories
+
+ub_integer_options = rfc2634.ub_integer_options
+
+ESSPrivacyMark = rfc2634.ESSPrivacyMark
+
+SecurityClassification = rfc2634.SecurityClassification
+
+SecurityPolicyIdentifier = rfc2634.SecurityPolicyIdentifier
+
+SecurityCategory = rfc2634.SecurityCategory
+
+SecurityCategories = rfc2634.SecurityCategories
+
+ESSSecurityLabel = rfc2634.ESSSecurityLabel
+
+
+# Equivalent Labels Attribute
+
+id_aa_equivalentLabels = rfc2634.id_aa_equivalentLabels
+
+EquivalentLabels = rfc2634.EquivalentLabels
+
+
+# Content Identifier Attribute
+
+id_aa_contentIdentifier = rfc2634.id_aa_contentIdentifier
+
+ContentIdentifier = rfc2634.ContentIdentifier
+
+
+# Content Reference Attribute
+
+id_aa_contentReference = rfc2634.id_aa_contentReference
+
+ContentReference = rfc2634.ContentReference
+
+
+# Message Signature Digest Attribute
+
+id_aa_msgSigDigest = rfc2634.id_aa_msgSigDigest
+
+MsgSigDigest = rfc2634.MsgSigDigest
+
+
+# Content Hints Attribute
+
+id_aa_contentHint = rfc2634.id_aa_contentHint
+
+ContentHints = rfc2634.ContentHints
+
+
+# Receipt Request Attribute
+
+AllOrFirstTier = rfc2634.AllOrFirstTier
+
+ReceiptsFrom = rfc2634.ReceiptsFrom
+
+id_aa_receiptRequest = rfc2634.id_aa_receiptRequest
+
+ub_receiptsTo = rfc2634.ub_receiptsTo
+
+ReceiptRequest = rfc2634.ReceiptRequest
+
+
+# Receipt Content Type
+
+ESSVersion = rfc2634.ESSVersion
+
+id_ct_receipt = rfc2634.id_ct_receipt
+
+Receipt = rfc2634.Receipt
+
+ub_receiptsTo = rfc2634.ub_receiptsTo
+
+ReceiptRequest = rfc2634.ReceiptRequest
+
+
+# Map of Attribute Type to the Attribute structure is added to the
+# ones that are in rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_signingCertificateV2: SigningCertificateV2(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
+
+
+# Map of Content Type OIDs to Content Types is added to the
+# ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_receipt: Receipt(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5126.py

@@ -0,0 +1,577 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# CMS Advanced Electronic Signatures (CAdES)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5126.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import useful
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5035
+from pyasn1_modules import rfc5755
+from pyasn1_modules import rfc6960
+from pyasn1_modules import rfc3161
+
+MAX = float('inf')
+
+
+# Maps for OpenTypes
+
+commitmentQualifierMap = { }
+
+sigQualifiersMap = { }
+
+otherRevRefMap = { }
+
+otherRevValMap = { }
+
+
+# Imports from RFC 5652
+
+ContentInfo = rfc5652.ContentInfo
+
+ContentType = rfc5652.ContentType
+
+SignedData = rfc5652.SignedData
+
+EncapsulatedContentInfo = rfc5652.EncapsulatedContentInfo
+
+SignerInfo = rfc5652.SignerInfo
+
+MessageDigest = rfc5652.MessageDigest
+
+SigningTime = rfc5652.SigningTime
+
+Countersignature = rfc5652.Countersignature
+
+id_data = rfc5652.id_data
+
+id_signedData = rfc5652.id_signedData
+
+id_contentType= rfc5652.id_contentType
+
+id_messageDigest = rfc5652.id_messageDigest
+
+id_signingTime = rfc5652.id_signingTime
+
+id_countersignature = rfc5652.id_countersignature
+
+
+# Imports from RFC 5035
+
+SigningCertificate = rfc5035.SigningCertificate
+
+IssuerSerial = rfc5035.IssuerSerial
+
+ContentReference = rfc5035.ContentReference
+
+ContentIdentifier = rfc5035.ContentIdentifier
+
+id_aa_contentReference = rfc5035.id_aa_contentReference
+
+id_aa_contentIdentifier = rfc5035.id_aa_contentIdentifier
+    
+id_aa_signingCertificate = rfc5035.id_aa_signingCertificate
+
+id_aa_signingCertificateV2 = rfc5035.id_aa_signingCertificateV2
+
+
+# Imports from RFC 5280
+
+Certificate = rfc5280.Certificate
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+CertificateList = rfc5280.CertificateList
+
+Name = rfc5280.Name
+
+Attribute = rfc5280.Attribute
+
+GeneralNames = rfc5280.GeneralNames
+
+GeneralName = rfc5280.GeneralName
+
+PolicyInformation = rfc5280.PolicyInformation
+
+DirectoryString = rfc5280.DirectoryString
+
+
+# Imports from RFC 5755
+
+AttributeCertificate = rfc5755.AttributeCertificate
+
+
+# Imports from RFC 6960
+
+BasicOCSPResponse = rfc6960.BasicOCSPResponse
+
+ResponderID = rfc6960.ResponderID
+
+
+# Imports from RFC 3161
+
+TimeStampToken = rfc3161.TimeStampToken
+
+
+# OID used referencing electronic signature mechanisms
+
+id_etsi_es_IDUP_Mechanism_v1 = univ.ObjectIdentifier('0.4.0.1733.1.4.1')
+
+
+# OtherSigningCertificate - deprecated
+
+id_aa_ets_otherSigCert = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.19')
+
+
+class OtherHashValue(univ.OctetString):
+    pass
+
+
+class OtherHashAlgAndValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('hashValue', OtherHashValue())
+    )
+
+
+class OtherHash(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sha1Hash', OtherHashValue()),
+        namedtype.NamedType('otherHash', OtherHashAlgAndValue())
+    )
+
+
+class OtherCertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('otherCertHash', OtherHash()),
+        namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
+    )
+
+
+class OtherSigningCertificate(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certs',
+            univ.SequenceOf(componentType=OtherCertID())),
+        namedtype.OptionalNamedType('policies',
+            univ.SequenceOf(componentType=PolicyInformation()))
+    )
+
+
+# Signature Policy Identifier
+
+id_aa_ets_sigPolicyId = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.15')
+
+
+class SigPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class SigPolicyHash(OtherHashAlgAndValue):
+    pass
+
+
+class SigPolicyQualifierId(univ.ObjectIdentifier):
+    pass
+
+
+class SigPolicyQualifierInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sigPolicyQualifierId', SigPolicyQualifierId()),
+        namedtype.NamedType('sigQualifier', univ.Any(),
+            openType=opentype.OpenType('sigPolicyQualifierId', sigQualifiersMap))
+    )
+
+
+class SignaturePolicyId(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sigPolicyId', SigPolicyId()),
+        namedtype.NamedType('sigPolicyHash', SigPolicyHash()),
+        namedtype.OptionalNamedType('sigPolicyQualifiers',
+            univ.SequenceOf(componentType=SigPolicyQualifierInfo()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+class SignaturePolicyImplied(univ.Null):
+    pass
+
+
+class SignaturePolicy(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signaturePolicyId', SignaturePolicyId()),
+        namedtype.NamedType('signaturePolicyImplied', SignaturePolicyImplied())
+    )
+
+
+id_spq_ets_unotice = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.2')
+
+
+class DisplayText(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('visibleString', char.VisibleString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('bmpString', char.BMPString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
+    )
+
+
+class NoticeReference(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('organization', DisplayText()),
+        namedtype.NamedType('noticeNumbers',
+            univ.SequenceOf(componentType=univ.Integer()))
+    )
+
+class SPUserNotice(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('noticeRef', NoticeReference()),
+        namedtype.OptionalNamedType('explicitText', DisplayText())
+    )
+
+
+noticeToUser = SigPolicyQualifierInfo()
+noticeToUser['sigPolicyQualifierId'] = id_spq_ets_unotice
+noticeToUser['sigQualifier'] = SPUserNotice()
+
+
+id_spq_ets_uri = univ.ObjectIdentifier('1.2.840.113549.1.9.16.5.1')
+
+
+class SPuri(char.IA5String):
+    pass
+
+
+pointerToSigPolSpec = SigPolicyQualifierInfo()
+pointerToSigPolSpec['sigPolicyQualifierId'] = id_spq_ets_uri
+pointerToSigPolSpec['sigQualifier'] = SPuri()
+
+
+# Commitment Type
+
+id_aa_ets_commitmentType = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.16')
+
+
+class CommitmentTypeIdentifier(univ.ObjectIdentifier):
+    pass
+
+
+class CommitmentTypeQualifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('commitmentTypeIdentifier',
+             CommitmentTypeIdentifier()),
+        namedtype.NamedType('qualifier', univ.Any(),
+            openType=opentype.OpenType('commitmentTypeIdentifier',
+                 commitmentQualifierMap))
+    )
+
+
+class CommitmentTypeIndication(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('commitmentTypeId', CommitmentTypeIdentifier()),
+        namedtype.OptionalNamedType('commitmentTypeQualifier',
+            univ.SequenceOf(componentType=CommitmentTypeQualifier()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+id_cti_ets_proofOfOrigin = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.1')
+
+id_cti_ets_proofOfReceipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.2')
+
+id_cti_ets_proofOfDelivery = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.3')
+
+id_cti_ets_proofOfSender = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.4')
+
+id_cti_ets_proofOfApproval = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.5')
+
+id_cti_ets_proofOfCreation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.6.6')
+
+
+# Signer Location
+
+id_aa_ets_signerLocation = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.17')
+
+
+class PostalAddress(univ.SequenceOf):
+    componentType = DirectoryString()
+    subtypeSpec = constraint.ValueSizeConstraint(1, 6)
+
+
+class SignerLocation(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('countryName',
+            DirectoryString().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('localityName',
+            DirectoryString().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('postalAdddress',
+            PostalAddress().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+# Signature Timestamp
+
+id_aa_signatureTimeStampToken = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.14')
+
+
+class SignatureTimeStampToken(TimeStampToken):
+    pass
+
+
+# Content Timestamp
+
+id_aa_ets_contentTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.20')
+
+
+class ContentTimestamp(TimeStampToken):
+    pass
+
+
+# Signer Attributes
+
+id_aa_ets_signerAttr = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.18')
+
+
+class ClaimedAttributes(univ.SequenceOf):
+    componentType = Attribute()
+
+
+class CertifiedAttributes(AttributeCertificate):
+    pass
+
+
+class SignerAttribute(univ.SequenceOf):
+    componentType = univ.Choice(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('claimedAttributes',
+            ClaimedAttributes().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('certifiedAttributes',
+            CertifiedAttributes().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    ))
+
+
+# Complete Certificate Refs
+
+id_aa_ets_certificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.21')
+
+
+class CompleteCertificateRefs(univ.SequenceOf):
+    componentType = OtherCertID()
+
+
+# Complete Revocation Refs
+
+id_aa_ets_revocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.22')
+
+
+class CrlIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('crlissuer', Name()),
+        namedtype.NamedType('crlIssuedTime', useful.UTCTime()),
+        namedtype.OptionalNamedType('crlNumber', univ.Integer())
+    )
+
+
+class CrlValidatedID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('crlHash', OtherHash()),
+        namedtype.OptionalNamedType('crlIdentifier', CrlIdentifier())
+    )
+
+
+class CRLListID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('crls',
+            univ.SequenceOf(componentType=CrlValidatedID()))
+    )
+
+
+class OcspIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ocspResponderID', ResponderID()),
+        namedtype.NamedType('producedAt', useful.GeneralizedTime())
+    )
+
+
+class OcspResponsesID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ocspIdentifier', OcspIdentifier()),
+        namedtype.OptionalNamedType('ocspRepHash', OtherHash())
+    )
+
+
+class OcspListID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ocspResponses',
+            univ.SequenceOf(componentType=OcspResponsesID()))
+    )
+
+
+class OtherRevRefType(univ.ObjectIdentifier):
+    pass
+
+
+class OtherRevRefs(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('otherRevRefType', OtherRevRefType()),
+        namedtype.NamedType('otherRevRefs', univ.Any(),
+            openType=opentype.OpenType('otherRevRefType', otherRevRefMap))
+    )
+
+
+class CrlOcspRef(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('crlids',
+            CRLListID().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('ocspids',
+            OcspListID().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('otherRev',
+            OtherRevRefs().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
+
+
+class CompleteRevocationRefs(univ.SequenceOf):
+    componentType = CrlOcspRef()
+
+
+# Certificate Values
+
+id_aa_ets_certValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.23')
+
+
+class CertificateValues(univ.SequenceOf):
+    componentType = Certificate()
+
+
+# Certificate Revocation Values
+
+id_aa_ets_revocationValues = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.24')
+
+
+class OtherRevValType(univ.ObjectIdentifier):
+    pass
+
+
+class OtherRevVals(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('otherRevValType', OtherRevValType()),
+        namedtype.NamedType('otherRevVals', univ.Any(),
+            openType=opentype.OpenType('otherRevValType', otherRevValMap))
+    )
+
+
+class RevocationValues(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('crlVals',
+            univ.SequenceOf(componentType=CertificateList()).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('ocspVals',
+            univ.SequenceOf(componentType=BasicOCSPResponse()).subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('otherRevVals',
+            OtherRevVals().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
+
+
+# CAdES-C Timestamp
+
+id_aa_ets_escTimeStamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.25')
+
+
+class ESCTimeStampToken(TimeStampToken):
+    pass
+
+
+# Time-Stamped Certificates and CRLs
+
+id_aa_ets_certCRLTimestamp = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.26')
+
+
+class TimestampedCertsCRLs(TimeStampToken):
+    pass
+
+
+# Archive Timestamp
+
+id_aa_ets_archiveTimestampV2 = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.48')
+
+
+class ArchiveTimeStampToken(TimeStampToken):
+    pass
+
+
+# Attribute certificate references
+
+id_aa_ets_attrCertificateRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.44')
+
+
+class AttributeCertificateRefs(univ.SequenceOf):
+    componentType = OtherCertID()
+
+
+# Attribute revocation references
+
+id_aa_ets_attrRevocationRefs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.45')
+
+
+class AttributeRevocationRefs(univ.SequenceOf):
+    componentType = CrlOcspRef()
+
+
+# Update the sigQualifiersMap
+
+_sigQualifiersMapUpdate = {
+    id_spq_ets_unotice: SPUserNotice(),
+    id_spq_ets_uri: SPuri(),
+}
+
+sigQualifiersMap.update(_sigQualifiersMapUpdate)
+
+
+# Update the CMS Attribute Map in rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_ets_otherSigCert: OtherSigningCertificate(),
+    id_aa_ets_sigPolicyId: SignaturePolicy(),
+    id_aa_ets_commitmentType: CommitmentTypeIndication(),
+    id_aa_ets_signerLocation: SignerLocation(),
+    id_aa_signatureTimeStampToken: SignatureTimeStampToken(),
+    id_aa_ets_contentTimestamp: ContentTimestamp(),
+    id_aa_ets_signerAttr: SignerAttribute(),
+    id_aa_ets_certificateRefs: CompleteCertificateRefs(),
+    id_aa_ets_revocationRefs: CompleteRevocationRefs(),
+    id_aa_ets_certValues: CertificateValues(),
+    id_aa_ets_revocationValues: RevocationValues(),
+    id_aa_ets_escTimeStamp: ESCTimeStampToken(),
+    id_aa_ets_certCRLTimestamp: TimestampedCertsCRLs(),
+    id_aa_ets_archiveTimestampV2: ArchiveTimeStampToken(),
+    id_aa_ets_attrCertificateRefs: AttributeCertificateRefs(),
+    id_aa_ets_attrRevocationRefs: AttributeRevocationRefs(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5208.py

@@ -0,0 +1,56 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#8 syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc5208
+#
+# Sample captures could be obtained with "openssl pkcs8 -topk8" command
+#
+from pyasn1_modules import rfc2251
+from pyasn1_modules.rfc2459 import *
+
+
+class KeyEncryptionAlgorithms(AlgorithmIdentifier):
+    pass
+
+
+class PrivateKeyAlgorithms(AlgorithmIdentifier):
+    pass
+
+
+class EncryptedData(univ.OctetString):
+    pass
+
+
+class EncryptedPrivateKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('encryptedData', EncryptedData())
+    )
+
+
+class PrivateKey(univ.OctetString):
+    pass
+
+
+class Attributes(univ.SetOf):
+    componentType = rfc2251.Attribute()
+
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(('v1', 0), ('v2', 1))
+
+
+class PrivateKeyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('privateKeyAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('privateKey', PrivateKey()),
+        namedtype.OptionalNamedType('attributes', Attributes().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5636.py

@@ -0,0 +1,113 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Traceable Anonymous Certificate
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5480.txt
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc5652
+
+
+# Imports from RFC 5652
+
+ContentInfo = rfc5652.ContentInfo
+
+EncapsulatedContentInfo = rfc5652.EncapsulatedContentInfo
+
+id_data = rfc5652.id_data
+
+
+# Object Identifiers
+
+id_KISA = univ.ObjectIdentifier((1, 2, 410, 200004,))
+
+
+id_npki = id_KISA + (10,)
+
+
+id_attribute = id_npki + (1,)
+
+
+id_kisa_tac = id_attribute + (1,)
+
+
+id_kisa_tac_token = id_kisa_tac + (1,)
+
+
+id_kisa_tac_tokenandblindbash = id_kisa_tac + (2,)
+
+
+id_kisa_tac_tokenandpartially = id_kisa_tac + (3,)
+
+
+# Structures for Traceable Anonymous Certificate (TAC)
+
+class UserKey(univ.OctetString):
+    pass
+
+
+class Timeout(useful.GeneralizedTime):
+    pass
+
+
+class BlinedCertificateHash(univ.OctetString):
+    pass
+
+
+class PartiallySignedCertificateHash(univ.OctetString):
+    pass
+
+
+class Token(ContentInfo):
+    pass
+
+
+class TokenandBlindHash(ContentInfo):
+    pass
+
+
+class TokenandPartiallySignedCertificateHash(ContentInfo):
+    pass
+
+
+# Added to the module in RFC 5636 for the CMS Content Type Map
+
+class TACToken(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userKey', UserKey()),
+        namedtype.NamedType('timeout', Timeout())
+    )
+
+
+class TACTokenandBlindHash(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('token', Token()),
+        namedtype.NamedType('blinded', BlinedCertificateHash())
+    )
+
+
+class TACTokenandPartiallySignedCertificateHash(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('token', Token()),
+        namedtype.NamedType('partially', PartiallySignedCertificateHash())
+    )
+
+
+# Add to the CMS Content Type Map in rfc5752.py
+
+_cmsContentTypesMapUpdate = {
+    id_kisa_tac_token: TACToken(),
+    id_kisa_tac_tokenandblindbash: TACTokenandBlindHash(),
+    id_kisa_tac_tokenandpartially: TACTokenandPartiallySignedCertificateHash(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5639.py

@@ -0,0 +1,49 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Elliptic Curve Cryptography Brainpool Standard Curves
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5639.txt
+
+
+from pyasn1.type import univ
+
+
+ecStdCurvesAndGeneration = univ.ObjectIdentifier((1, 3, 36, 3, 3, 2, 8,))
+
+ellipticCurve = ecStdCurvesAndGeneration + (1,)
+
+versionOne = ellipticCurve + (1,)
+
+brainpoolP160r1 = versionOne + (1,)
+
+brainpoolP160t1 = versionOne + (2,)
+
+brainpoolP192r1 = versionOne + (3,)
+
+brainpoolP192t1 = versionOne + (4,)
+
+brainpoolP224r1 = versionOne + (5,)
+
+brainpoolP224t1 = versionOne + (6,)
+
+brainpoolP256r1 = versionOne + (7,)
+
+brainpoolP256t1 = versionOne + (8,)
+
+brainpoolP320r1 = versionOne + (9,)
+
+brainpoolP320t1 = versionOne + (10,)
+
+brainpoolP384r1 = versionOne + (11,)
+
+brainpoolP384t1 = versionOne + (12,)
+
+brainpoolP512r1 = versionOne + (13,)
+
+brainpoolP512t1 = versionOne + (14,)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5649.py

@@ -0,0 +1,33 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# AES Key Wrap with Padding
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5649.txt
+
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+class AlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+id_aes128_wrap = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.5')
+
+id_aes192_wrap = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.25')
+
+id_aes256_wrap = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.45')
+
+
+id_aes128_wrap_pad = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.8')
+
+id_aes192_wrap_pad = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.28')
+
+id_aes256_wrap_pad = univ.ObjectIdentifier('2.16.840.1.101.3.4.1.48')

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5652.py

@@ -0,0 +1,761 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Modified by Russ Housley to add support for opentypes.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc5652.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc3281
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+cmsContentTypesMap = { }
+
+cmsAttributesMap = { }
+
+otherKeyAttributesMap = { }
+
+otherCertFormatMap = { }
+
+otherRevInfoFormatMap = { }
+
+otherRecipientInfoMap = { }
+
+
+class AttCertVersionV1(univ.Integer):
+    pass
+
+
+AttCertVersionV1.namedValues = namedval.NamedValues(
+    ('v1', 0)
+)
+
+
+class AttributeCertificateInfoV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateInfoV1.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value="v1")),
+    namedtype.NamedType(
+        'subject', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('baseCertificateID', rfc3281.IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+                namedtype.NamedType('subjectName', rfc5280.GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+            )
+        )
+    ),
+    namedtype.NamedType('issuer', rfc5280.GeneralNames()),
+    namedtype.NamedType('signature', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber()),
+    namedtype.NamedType('attCertValidityPeriod', rfc3281.AttCertValidityPeriod()),
+    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc5280.Attribute())),
+    namedtype.OptionalNamedType('issuerUniqueID', rfc5280.UniqueIdentifier()),
+    namedtype.OptionalNamedType('extensions', rfc5280.Extensions())
+)
+
+
+class AttributeCertificateV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateV1.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acInfo', AttributeCertificateInfoV1()),
+    namedtype.NamedType('signatureAlgorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class Attribute(univ.Sequence):
+    pass
+
+
+Attribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
+    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()),
+        openType=opentype.OpenType('attrType', cmsAttributesMap)
+    )
+)
+
+
+class SignedAttributes(univ.SetOf):
+    pass
+
+
+SignedAttributes.componentType = Attribute()
+SignedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class AttributeCertificateV2(rfc3281.AttributeCertificate):
+    pass
+
+
+class OtherKeyAttribute(univ.Sequence):
+    pass
+
+
+OtherKeyAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()),
+    namedtype.OptionalNamedType('keyAttr', univ.Any(),
+        openType=opentype.OpenType('keyAttrId', otherKeyAttributesMap)
+    )
+)
+
+
+class UnauthAttributes(univ.SetOf):
+    pass
+
+
+UnauthAttributes.componentType = Attribute()
+UnauthAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_encryptedData = _buildOid(1, 2, 840, 113549, 1, 7, 6)
+
+
+class SignatureValue(univ.OctetString):
+    pass
+
+
+class IssuerAndSerialNumber(univ.Sequence):
+    pass
+
+
+IssuerAndSerialNumber.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc5280.Name()),
+    namedtype.NamedType('serialNumber', rfc5280.CertificateSerialNumber())
+)
+
+
+class SubjectKeyIdentifier(univ.OctetString):
+    pass
+
+
+class RecipientKeyIdentifier(univ.Sequence):
+    pass
+
+
+RecipientKeyIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KeyAgreeRecipientIdentifier(univ.Choice):
+    pass
+
+
+KeyAgreeRecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('rKeyId', RecipientKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class EncryptedKey(univ.OctetString):
+    pass
+
+
+class RecipientEncryptedKey(univ.Sequence):
+    pass
+
+
+RecipientEncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('rid', KeyAgreeRecipientIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientEncryptedKeys(univ.SequenceOf):
+    pass
+
+
+RecipientEncryptedKeys.componentType = RecipientEncryptedKey()
+
+
+class MessageAuthenticationCode(univ.OctetString):
+    pass
+
+
+class CMSVersion(univ.Integer):
+    pass
+
+
+CMSVersion.namedValues = namedval.NamedValues(
+    ('v0', 0),
+    ('v1', 1),
+    ('v2', 2),
+    ('v3', 3),
+    ('v4', 4),
+    ('v5', 5)
+)
+
+
+class OtherCertificateFormat(univ.Sequence):
+    pass
+
+
+OtherCertificateFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherCertFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherCert', univ.Any(),
+        openType=opentype.OpenType('otherCertFormat', otherCertFormatMap)
+    )
+)
+
+
+class ExtendedCertificateInfo(univ.Sequence):
+    pass
+
+
+ExtendedCertificateInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('certificate', rfc5280.Certificate()),
+    namedtype.NamedType('attributes', UnauthAttributes())
+)
+
+
+class Signature(univ.BitString):
+    pass
+
+
+class SignatureAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class ExtendedCertificate(univ.Sequence):
+    pass
+
+
+ExtendedCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', Signature())
+)
+
+
+class CertificateChoices(univ.Choice):
+    pass
+
+
+CertificateChoices.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc5280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('v1AttrCert', AttributeCertificateV1().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('v2AttrCert', AttributeCertificateV2().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('other', OtherCertificateFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class CertificateSet(univ.SetOf):
+    pass
+
+
+CertificateSet.componentType = CertificateChoices()
+
+
+class OtherRevocationInfoFormat(univ.Sequence):
+    pass
+
+
+OtherRevocationInfoFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherRevInfo', univ.Any(),
+        openType=opentype.OpenType('otherRevInfoFormat', otherRevInfoFormatMap)
+    )
+)
+
+
+class RevocationInfoChoice(univ.Choice):
+    pass
+
+
+RevocationInfoChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('crl', rfc5280.CertificateList()),
+    namedtype.NamedType('other', OtherRevocationInfoFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class RevocationInfoChoices(univ.SetOf):
+    pass
+
+
+RevocationInfoChoices.componentType = RevocationInfoChoice()
+
+
+class OriginatorInfo(univ.Sequence):
+    pass
+
+
+OriginatorInfo.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('certs', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class ContentType(univ.ObjectIdentifier):
+    pass
+
+
+class EncryptedContent(univ.OctetString):
+    pass
+
+
+class ContentEncryptionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class EncryptedContentInfo(univ.Sequence):
+    pass
+
+
+EncryptedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class UnprotectedAttributes(univ.SetOf):
+    pass
+
+
+UnprotectedAttributes.componentType = Attribute()
+UnprotectedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class KeyEncryptionAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class KEKIdentifier(univ.Sequence):
+    pass
+
+
+KEKIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyIdentifier', univ.OctetString()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KEKRecipientInfo(univ.Sequence):
+    pass
+
+
+KEKRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('kekid', KEKIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class KeyDerivationAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class PasswordRecipientInfo(univ.Sequence):
+    pass
+
+
+PasswordRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('keyDerivationAlgorithm', KeyDerivationAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientIdentifier(univ.Choice):
+    pass
+
+
+RecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KeyTransRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyTransRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('rid', RecipientIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class UserKeyingMaterial(univ.OctetString):
+    pass
+
+
+class OriginatorPublicKey(univ.Sequence):
+    pass
+
+
+OriginatorPublicKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', rfc5280.AlgorithmIdentifier()),
+    namedtype.NamedType('publicKey', univ.BitString())
+)
+
+
+class OriginatorIdentifierOrKey(univ.Choice):
+    pass
+
+
+OriginatorIdentifierOrKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('originatorKey', OriginatorPublicKey().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class KeyAgreeRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyAgreeRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('originator', OriginatorIdentifierOrKey().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('ukm', UserKeyingMaterial().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('recipientEncryptedKeys', RecipientEncryptedKeys())
+)
+
+
+class OtherRecipientInfo(univ.Sequence):
+    pass
+
+
+OtherRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('oriType', univ.ObjectIdentifier()),
+    namedtype.NamedType('oriValue', univ.Any(),
+        openType=opentype.OpenType('oriType', otherRecipientInfoMap)
+    )
+)
+
+
+class RecipientInfo(univ.Choice):
+    pass
+
+
+RecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ktri', KeyTransRecipientInfo()),
+    namedtype.NamedType('kari', KeyAgreeRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('kekri', KEKRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.NamedType('pwri', PasswordRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.NamedType('ori', OtherRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
+)
+
+
+class RecipientInfos(univ.SetOf):
+    pass
+
+
+RecipientInfos.componentType = RecipientInfo()
+RecipientInfos.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class EnvelopedData(univ.Sequence):
+    pass
+
+
+EnvelopedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class DigestAlgorithmIdentifier(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+id_ct_contentInfo = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 6)
+
+id_digestedData = _buildOid(1, 2, 840, 113549, 1, 7, 5)
+
+
+class EncryptedData(univ.Sequence):
+    pass
+
+
+EncryptedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_messageDigest = _buildOid(1, 2, 840, 113549, 1, 9, 4)
+
+id_signedData = _buildOid(1, 2, 840, 113549, 1, 7, 2)
+
+
+class MessageAuthenticationCodeAlgorithm(rfc5280.AlgorithmIdentifier):
+    pass
+
+
+class UnsignedAttributes(univ.SetOf):
+    pass
+
+
+UnsignedAttributes.componentType = Attribute()
+UnsignedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SignerIdentifier(univ.Choice):
+    pass
+
+
+SignerIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class SignerInfo(univ.Sequence):
+    pass
+
+
+SignerInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('sid', SignerIdentifier()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('signedAttrs', SignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', SignatureValue()),
+    namedtype.OptionalNamedType('unsignedAttrs', UnsignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SignerInfos(univ.SetOf):
+    pass
+
+
+SignerInfos.componentType = SignerInfo()
+
+
+class Countersignature(SignerInfo):
+    pass
+
+
+class ContentInfo(univ.Sequence):
+    pass
+
+
+ContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+        openType=opentype.OpenType('contentType', cmsContentTypesMap)
+    )
+)
+
+
+class EncapsulatedContentInfo(univ.Sequence):
+    pass
+
+
+EncapsulatedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('eContentType', ContentType()),
+    namedtype.OptionalNamedType('eContent', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+id_countersignature = _buildOid(1, 2, 840, 113549, 1, 9, 6)
+
+id_data = _buildOid(1, 2, 840, 113549, 1, 7, 1)
+
+
+class MessageDigest(univ.OctetString):
+    pass
+
+
+class AuthAttributes(univ.SetOf):
+    pass
+
+
+AuthAttributes.componentType = Attribute()
+AuthAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class Time(univ.Choice):
+    pass
+
+
+Time.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('utcTime', useful.UTCTime()),
+    namedtype.NamedType('generalTime', useful.GeneralizedTime())
+)
+
+
+class AuthenticatedData(univ.Sequence):
+    pass
+
+
+AuthenticatedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('macAlgorithm', MessageAuthenticationCodeAlgorithm()),
+    namedtype.OptionalNamedType('digestAlgorithm', DigestAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('authAttrs', AuthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('mac', MessageAuthenticationCode()),
+    namedtype.OptionalNamedType('unauthAttrs', UnauthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+id_contentType = _buildOid(1, 2, 840, 113549, 1, 9, 3)
+
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    pass
+
+
+ExtendedCertificateOrCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc5280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class Digest(univ.OctetString):
+    pass
+
+
+class DigestedData(univ.Sequence):
+    pass
+
+
+DigestedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.NamedType('digest', Digest())
+)
+
+id_envelopedData = _buildOid(1, 2, 840, 113549, 1, 7, 3)
+
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    pass
+
+
+DigestAlgorithmIdentifiers.componentType = DigestAlgorithmIdentifier()
+
+
+class SignedData(univ.Sequence):
+    pass
+
+
+SignedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('certificates', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('signerInfos', SignerInfos())
+)
+
+id_signingTime = _buildOid(1, 2, 840, 113549, 1, 9, 5)
+
+
+class SigningTime(Time):
+    pass
+
+
+id_ct_authData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 2)
+
+
+# CMS Content Type Map
+
+_cmsContentTypesMapUpdate = {
+    id_ct_contentInfo: ContentInfo(),
+    id_data: univ.OctetString(),
+    id_signedData: SignedData(),
+    id_envelopedData: EnvelopedData(),
+    id_digestedData: DigestedData(),
+    id_encryptedData: EncryptedData(),
+    id_ct_authData: AuthenticatedData(),
+}
+
+cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
+
+
+# CMS Attribute Map
+
+_cmsAttributesMapUpdate = {
+    id_contentType: ContentType(),
+    id_messageDigest: MessageDigest(),
+    id_signingTime: SigningTime(),
+    id_countersignature: Countersignature(),
+}
+
+cmsAttributesMap.update(_cmsAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5753.py

@@ -0,0 +1,157 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Elliptic Curve Cryptography (ECC) Algorithms in the CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5753.txt
+#
+
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5480
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5751
+from pyasn1_modules import rfc8018
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Imports from RFC 5652
+
+OriginatorPublicKey = rfc5652.OriginatorPublicKey
+
+UserKeyingMaterial = rfc5652.UserKeyingMaterial
+
+
+# Imports from RFC 5480
+
+ECDSA_Sig_Value = rfc5480.ECDSA_Sig_Value
+
+ECParameters = rfc5480.ECParameters
+
+ECPoint = rfc5480.ECPoint
+
+id_ecPublicKey = rfc5480.id_ecPublicKey
+
+
+# Imports from RFC 8018
+
+id_hmacWithSHA224 = rfc8018.id_hmacWithSHA224
+
+id_hmacWithSHA256 = rfc8018.id_hmacWithSHA256
+
+id_hmacWithSHA384 = rfc8018.id_hmacWithSHA384
+
+id_hmacWithSHA512 = rfc8018.id_hmacWithSHA512
+
+
+# Object Identifier arcs
+
+x9_63_scheme = univ.ObjectIdentifier('1.3.133.16.840.63.0')
+
+secg_scheme = univ.ObjectIdentifier('1.3.132.1')
+
+
+# Object Identifiers for the algorithms
+
+dhSinglePass_cofactorDH_sha1kdf_scheme = x9_63_scheme + (3, )
+
+dhSinglePass_cofactorDH_sha224kdf_scheme = secg_scheme + (14, 0, )
+
+dhSinglePass_cofactorDH_sha256kdf_scheme = secg_scheme + (14, 1, )
+
+dhSinglePass_cofactorDH_sha384kdf_scheme = secg_scheme + (14, 2, )
+
+dhSinglePass_cofactorDH_sha512kdf_scheme = secg_scheme + (14, 3, )
+
+dhSinglePass_stdDH_sha1kdf_scheme = x9_63_scheme + (2, )
+
+dhSinglePass_stdDH_sha224kdf_scheme = secg_scheme + (11, 0, )
+
+dhSinglePass_stdDH_sha256kdf_scheme = secg_scheme + (11, 1, )
+
+dhSinglePass_stdDH_sha384kdf_scheme = secg_scheme + (11, 2, )
+
+dhSinglePass_stdDH_sha512kdf_scheme = secg_scheme + (11, 3, )
+
+mqvSinglePass_sha1kdf_scheme = x9_63_scheme + (16, )
+
+mqvSinglePass_sha224kdf_scheme = secg_scheme + (15, 0, )
+
+mqvSinglePass_sha256kdf_scheme = secg_scheme + (15, 1, )
+
+mqvSinglePass_sha384kdf_scheme = secg_scheme + (15, 2, )
+
+mqvSinglePass_sha512kdf_scheme = secg_scheme + (15, 3, )
+
+
+# Structures for parameters and key derivation
+
+class IV(univ.OctetString):
+    # Exactly 8 octets
+    pass
+
+
+class CBCParameter(IV):
+    pass
+
+
+class KeyWrapAlgorithm(AlgorithmIdentifier):
+    pass
+
+
+class ECC_CMS_SharedInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('keyInfo', KeyWrapAlgorithm()),
+        namedtype.OptionalNamedType('entityUInfo',
+            univ.OctetString().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('suppPubInfo',
+            univ.OctetString().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class MQVuserKeyingMaterial(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ephemeralPublicKey', OriginatorPublicKey()),
+        namedtype.OptionalNamedType('addedukm',
+            UserKeyingMaterial().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+# Update the Algorithm Identifier map in rfc5280.py and
+# Update the SMIMECapabilities Attribute Map in rfc5751.py
+
+_algorithmIdentifierMapUpdate = {
+    dhSinglePass_stdDH_sha1kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_stdDH_sha224kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_stdDH_sha256kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_stdDH_sha384kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_stdDH_sha512kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_cofactorDH_sha1kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_cofactorDH_sha224kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_cofactorDH_sha256kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_cofactorDH_sha384kdf_scheme: KeyWrapAlgorithm(),
+    dhSinglePass_cofactorDH_sha512kdf_scheme: KeyWrapAlgorithm(),
+    mqvSinglePass_sha1kdf_scheme: KeyWrapAlgorithm(),
+    mqvSinglePass_sha224kdf_scheme: KeyWrapAlgorithm(),
+    mqvSinglePass_sha256kdf_scheme: KeyWrapAlgorithm(),
+    mqvSinglePass_sha384kdf_scheme: KeyWrapAlgorithm(),
+    mqvSinglePass_sha512kdf_scheme: KeyWrapAlgorithm(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+rfc5751.smimeCapabilityMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5913.py

@@ -0,0 +1,44 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Authority Clearance Constraints Certificate Extension
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5913.txt
+# https://www.rfc-editor.org/errata/eid5890
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5755
+
+MAX = float('inf')
+
+
+# Authority Clearance Constraints Certificate Extension
+
+id_pe_clearanceConstraints = univ.ObjectIdentifier('1.3.6.1.5.5.7.1.21')
+
+id_pe_authorityClearanceConstraints = id_pe_clearanceConstraints
+
+
+class AuthorityClearanceConstraints(univ.SequenceOf):
+    componentType = rfc5755.Clearance()
+    subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Map of Certificate Extension OIDs to Extensions added to the
+# ones that are in rfc5280.py
+
+_certificateExtensionsMapUpdate = {
+    id_pe_clearanceConstraints: AuthorityClearanceConstraints(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5916.py

@@ -0,0 +1,35 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Device Owner Attribute
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5916.txt
+#
+
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+# Device Owner Attribute
+
+id_deviceOwner = univ.ObjectIdentifier((2, 16, 840, 1, 101, 2, 1, 5, 69))
+
+at_deviceOwner = rfc5280.Attribute()
+at_deviceOwner['type'] = id_deviceOwner
+at_deviceOwner['values'][0] = univ.ObjectIdentifier()
+
+
+# Add to the map of Attribute Type OIDs to Attributes in rfc5280.py.
+
+_certificateAttributesMapUpdate = {
+    id_deviceOwner: univ.ObjectIdentifier(),
+}
+
+rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5917.py

@@ -0,0 +1,55 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Clearance Sponsor Attribute
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5917.txt
+# https://www.rfc-editor.org/errata/eid4558
+# https://www.rfc-editor.org/errata/eid5883
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+# DirectoryString is the same as RFC 5280, except for two things:
+#   1. the length is limited to 64;
+#   2. only the 'utf8String' choice remains because the ASN.1
+#      specification says: ( WITH COMPONENTS { utf8String PRESENT } )
+
+class DirectoryString(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('utf8String', char.UTF8String().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, 64))),
+    )
+
+
+# Clearance Sponsor Attribute
+
+id_clearanceSponsor = univ.ObjectIdentifier((2, 16, 840, 1, 101, 2, 1, 5, 68))
+
+ub_clearance_sponsor = univ.Integer(64)
+
+
+at_clearanceSponsor = rfc5280.Attribute()
+at_clearanceSponsor['type'] = id_clearanceSponsor
+at_clearanceSponsor['values'][0] = DirectoryString()
+
+
+# Add to the map of Attribute Type OIDs to Attributes in rfc5280.py.
+
+_certificateAttributesMapUpdate = {
+    id_clearanceSponsor: DirectoryString(),
+}
+
+rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5924.py

@@ -0,0 +1,19 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Extended Key Usage (EKU) for Session Initiation Protocol (SIP)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5924.txt
+#
+
+from pyasn1.type import univ
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_kp_sipDomain = id_kp + (20, )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5934.py

@@ -0,0 +1,786 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Trust Anchor Format
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5934.txt
+
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc2985
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5914
+
+MAX = float('inf')
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+    return univ.ObjectIdentifier(output)
+
+
+# Imports from RFC 2985
+
+SingleAttribute = rfc2985.SingleAttribute
+
+
+# Imports from RFC5914
+
+CertPathControls = rfc5914.CertPathControls
+
+TrustAnchorChoice = rfc5914.TrustAnchorChoice
+
+TrustAnchorTitle = rfc5914.TrustAnchorTitle
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+AnotherName = rfc5280.AnotherName
+
+Attribute = rfc5280.Attribute
+
+Certificate = rfc5280.Certificate
+
+CertificateSerialNumber = rfc5280.CertificateSerialNumber
+
+Extension = rfc5280.Extension
+
+Extensions = rfc5280.Extensions
+
+KeyIdentifier = rfc5280.KeyIdentifier
+
+Name = rfc5280.Name
+
+SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
+
+TBSCertificate = rfc5280.TBSCertificate
+
+Validity = rfc5280.Validity
+
+
+# Object Identifier Arc for TAMP Message Content Types
+
+id_tamp = univ.ObjectIdentifier('2.16.840.1.101.2.1.2.77')
+
+
+# TAMP Status Query Message
+
+id_ct_TAMP_statusQuery = _OID(id_tamp, 1)
+
+
+class TAMPVersion(univ.Integer):
+    pass
+
+TAMPVersion.namedValues = namedval.NamedValues(
+    ('v1', 1),
+    ('v2', 2)
+)
+
+
+class TerseOrVerbose(univ.Enumerated):
+    pass
+
+TerseOrVerbose.namedValues = namedval.NamedValues(
+    ('terse', 1),
+    ('verbose', 2)
+)
+
+
+class HardwareSerialEntry(univ.Choice):
+    pass
+
+HardwareSerialEntry.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('all', univ.Null()),
+    namedtype.NamedType('single', univ.OctetString()),
+    namedtype.NamedType('block', univ.Sequence(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('low', univ.OctetString()),
+        namedtype.NamedType('high', univ.OctetString())
+    ))
+    )
+)
+
+
+class HardwareModules(univ.Sequence):
+    pass
+
+HardwareModules.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hwType', univ.ObjectIdentifier()),
+    namedtype.NamedType('hwSerialEntries', univ.SequenceOf(
+        componentType=HardwareSerialEntry()).subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class HardwareModuleIdentifierList(univ.SequenceOf):
+    pass
+
+HardwareModuleIdentifierList.componentType = HardwareModules()
+HardwareModuleIdentifierList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class Community(univ.ObjectIdentifier):
+    pass
+
+
+class CommunityIdentifierList(univ.SequenceOf):
+    pass
+
+CommunityIdentifierList.componentType = Community()
+CommunityIdentifierList.subtypeSpec=constraint.ValueSizeConstraint(0, MAX)
+
+
+class TargetIdentifier(univ.Choice):
+    pass
+
+TargetIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hwModules', HardwareModuleIdentifierList().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('communities', CommunityIdentifierList().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('allModules', univ.Null().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.NamedType('uri', char.IA5String().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.NamedType('otherName', AnotherName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5)))
+)
+
+
+class SeqNumber(univ.Integer):
+    pass
+
+SeqNumber.subtypeSpec = constraint.ValueRangeConstraint(0, 9223372036854775807)
+
+
+class TAMPMsgRef(univ.Sequence):
+    pass
+
+TAMPMsgRef.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('target', TargetIdentifier()),
+    namedtype.NamedType('seqNum', SeqNumber())
+)
+
+
+class TAMPStatusQuery(univ.Sequence):
+    pass
+
+TAMPStatusQuery.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', TAMPVersion().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.DefaultedNamedType('terse', TerseOrVerbose().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 1)).subtype(value='verbose')),
+    namedtype.NamedType('query', TAMPMsgRef())
+)
+
+
+tamp_status_query = rfc5652.ContentInfo()
+tamp_status_query['contentType'] = id_ct_TAMP_statusQuery
+tamp_status_query['content'] = TAMPStatusQuery()
+
+
+# TAMP Status Response Message
+
+id_ct_TAMP_statusResponse = _OID(id_tamp, 2)
+
+
+class KeyIdentifiers(univ.SequenceOf):
+    pass
+
+KeyIdentifiers.componentType = KeyIdentifier()
+KeyIdentifiers.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class TrustAnchorChoiceList(univ.SequenceOf):
+    pass
+
+TrustAnchorChoiceList.componentType = TrustAnchorChoice()
+TrustAnchorChoiceList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class TAMPSequenceNumber(univ.Sequence):
+    pass
+
+TAMPSequenceNumber.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyId', KeyIdentifier()),
+    namedtype.NamedType('seqNumber', SeqNumber())
+)
+
+
+class TAMPSequenceNumbers(univ.SequenceOf):
+    pass
+
+TAMPSequenceNumbers.componentType = TAMPSequenceNumber()
+TAMPSequenceNumbers.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class TerseStatusResponse(univ.Sequence):
+    pass
+
+TerseStatusResponse.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('taKeyIds', KeyIdentifiers()),
+    namedtype.OptionalNamedType('communities', CommunityIdentifierList())
+)
+
+
+class VerboseStatusResponse(univ.Sequence):
+    pass
+
+VerboseStatusResponse.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('taInfo', TrustAnchorChoiceList()),
+    namedtype.OptionalNamedType('continPubKeyDecryptAlg',
+        AlgorithmIdentifier().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('communities',
+        CommunityIdentifierList().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('tampSeqNumbers',
+        TAMPSequenceNumbers().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class StatusResponse(univ.Choice):
+    pass
+
+StatusResponse.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('terseResponse', TerseStatusResponse().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('verboseResponse', VerboseStatusResponse().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class TAMPStatusResponse(univ.Sequence):
+    pass
+
+TAMPStatusResponse.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', TAMPVersion().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('query', TAMPMsgRef()),
+    namedtype.NamedType('response', StatusResponse()),
+    namedtype.DefaultedNamedType('usesApex', univ.Boolean().subtype(value=1))
+)
+
+
+tamp_status_response = rfc5652.ContentInfo()
+tamp_status_response['contentType'] = id_ct_TAMP_statusResponse
+tamp_status_response['content'] = TAMPStatusResponse()
+
+
+# Trust Anchor Update Message
+
+id_ct_TAMP_update = _OID(id_tamp, 3)
+
+
+class TBSCertificateChangeInfo(univ.Sequence):
+    pass
+
+TBSCertificateChangeInfo.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('serialNumber', CertificateSerialNumber()),
+    namedtype.OptionalNamedType('signature', AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('issuer', Name().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('validity', Validity().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('subject', Name().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.OptionalNamedType('exts', Extensions().subtype(explicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 5)))
+)
+
+
+class TrustAnchorChangeInfo(univ.Sequence):
+    pass
+
+TrustAnchorChangeInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pubKey', SubjectPublicKeyInfo()),
+    namedtype.OptionalNamedType('keyId', KeyIdentifier()),
+    namedtype.OptionalNamedType('taTitle', TrustAnchorTitle()),
+    namedtype.OptionalNamedType('certPath', CertPathControls()),
+    namedtype.OptionalNamedType('exts', Extensions().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class TrustAnchorChangeInfoChoice(univ.Choice):
+    pass
+
+TrustAnchorChangeInfoChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tbsCertChange', TBSCertificateChangeInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('taChange', TrustAnchorChangeInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class TrustAnchorUpdate(univ.Choice):
+    pass
+
+TrustAnchorUpdate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('add', TrustAnchorChoice().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('remove', SubjectPublicKeyInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('change', TrustAnchorChangeInfoChoice().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class TAMPUpdate(univ.Sequence):
+    pass
+
+TAMPUpdate.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.DefaultedNamedType('terse',
+        TerseOrVerbose().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 1)).subtype(value='verbose')),
+    namedtype.NamedType('msgRef', TAMPMsgRef()),
+    namedtype.NamedType('updates',
+        univ.SequenceOf(componentType=TrustAnchorUpdate()).subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.OptionalNamedType('tampSeqNumbers',
+        TAMPSequenceNumbers().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+tamp_update = rfc5652.ContentInfo()
+tamp_update['contentType'] = id_ct_TAMP_update
+tamp_update['content'] = TAMPUpdate()
+
+
+# Trust Anchor Update Confirm Message
+
+id_ct_TAMP_updateConfirm = _OID(id_tamp, 4)
+
+
+class StatusCode(univ.Enumerated):
+    pass
+
+StatusCode.namedValues = namedval.NamedValues(
+    ('success', 0),
+    ('decodeFailure', 1),
+    ('badContentInfo', 2),
+    ('badSignedData', 3),
+    ('badEncapContent', 4),
+    ('badCertificate', 5),
+    ('badSignerInfo', 6),
+    ('badSignedAttrs', 7),
+    ('badUnsignedAttrs', 8),
+    ('missingContent', 9),
+    ('noTrustAnchor', 10),
+    ('notAuthorized', 11),
+    ('badDigestAlgorithm', 12),
+    ('badSignatureAlgorithm', 13),
+    ('unsupportedKeySize', 14),
+    ('unsupportedParameters', 15),
+    ('signatureFailure', 16),
+    ('insufficientMemory', 17),
+    ('unsupportedTAMPMsgType', 18),
+    ('apexTAMPAnchor', 19),
+    ('improperTAAddition', 20),
+    ('seqNumFailure', 21),
+    ('contingencyPublicKeyDecrypt', 22),
+    ('incorrectTarget', 23),
+    ('communityUpdateFailed', 24),
+    ('trustAnchorNotFound', 25),
+    ('unsupportedTAAlgorithm', 26),
+    ('unsupportedTAKeySize', 27),
+    ('unsupportedContinPubKeyDecryptAlg', 28),
+    ('missingSignature', 29),
+    ('resourcesBusy', 30),
+    ('versionNumberMismatch', 31),
+    ('missingPolicySet', 32),
+    ('revokedCertificate', 33),
+    ('unsupportedTrustAnchorFormat', 34),
+    ('improperTAChange', 35),
+    ('malformed', 36),
+    ('cmsError', 37),
+    ('unsupportedTargetIdentifier', 38),
+    ('other', 127)
+)
+
+
+class StatusCodeList(univ.SequenceOf):
+    pass
+
+StatusCodeList.componentType = StatusCode()
+StatusCodeList.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class TerseUpdateConfirm(StatusCodeList):
+    pass
+
+
+class VerboseUpdateConfirm(univ.Sequence):
+    pass
+
+VerboseUpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('status', StatusCodeList()),
+    namedtype.NamedType('taInfo', TrustAnchorChoiceList()),
+    namedtype.OptionalNamedType('tampSeqNumbers', TAMPSequenceNumbers()),
+    namedtype.DefaultedNamedType('usesApex', univ.Boolean().subtype(value=1))
+)
+
+
+class UpdateConfirm(univ.Choice):
+    pass
+
+UpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('terseConfirm', TerseUpdateConfirm().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('verboseConfirm', VerboseUpdateConfirm().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class TAMPUpdateConfirm(univ.Sequence):
+    pass
+
+TAMPUpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', TAMPVersion().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('update', TAMPMsgRef()),
+    namedtype.NamedType('confirm', UpdateConfirm())
+)
+
+
+tamp_update_confirm = rfc5652.ContentInfo()
+tamp_update_confirm['contentType'] = id_ct_TAMP_updateConfirm
+tamp_update_confirm['content'] = TAMPUpdateConfirm()
+
+
+# Apex Trust Anchor Update Message
+
+id_ct_TAMP_apexUpdate = _OID(id_tamp, 5)
+
+
+class TAMPApexUpdate(univ.Sequence):
+    pass
+
+TAMPApexUpdate.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.DefaultedNamedType('terse',
+        TerseOrVerbose().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 1)).subtype(value='verbose')),
+    namedtype.NamedType('msgRef', TAMPMsgRef()),
+    namedtype.NamedType('clearTrustAnchors', univ.Boolean()),
+    namedtype.NamedType('clearCommunities', univ.Boolean()),
+    namedtype.OptionalNamedType('seqNumber', SeqNumber()),
+    namedtype.NamedType('apexTA', TrustAnchorChoice())
+)
+
+
+tamp_apex_update = rfc5652.ContentInfo()
+tamp_apex_update['contentType'] = id_ct_TAMP_apexUpdate
+tamp_apex_update['content'] = TAMPApexUpdate()
+
+
+# Apex Trust Anchor Update Confirm Message
+
+id_ct_TAMP_apexUpdateConfirm = _OID(id_tamp, 6)
+
+
+class TerseApexUpdateConfirm(StatusCode):
+    pass
+
+
+class VerboseApexUpdateConfirm(univ.Sequence):
+    pass
+
+VerboseApexUpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('status', StatusCode()),
+    namedtype.NamedType('taInfo', TrustAnchorChoiceList()),
+    namedtype.OptionalNamedType('communities',
+        CommunityIdentifierList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('tampSeqNumbers',
+        TAMPSequenceNumbers().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 1)))
+)
+
+
+class ApexUpdateConfirm(univ.Choice):
+    pass
+
+ApexUpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('terseApexConfirm',
+        TerseApexUpdateConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0))),
+    namedtype.NamedType('verboseApexConfirm',
+        VerboseApexUpdateConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatConstructed, 1)))
+)
+
+
+class TAMPApexUpdateConfirm(univ.Sequence):
+    pass
+
+TAMPApexUpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('apexReplace', TAMPMsgRef()),
+    namedtype.NamedType('apexConfirm', ApexUpdateConfirm())
+)
+
+
+tamp_apex_update_confirm = rfc5652.ContentInfo()
+tamp_apex_update_confirm['contentType'] = id_ct_TAMP_apexUpdateConfirm
+tamp_apex_update_confirm['content'] = TAMPApexUpdateConfirm()
+
+
+# Community Update Message
+
+id_ct_TAMP_communityUpdate = _OID(id_tamp, 7)
+
+
+class CommunityUpdates(univ.Sequence):
+    pass
+
+CommunityUpdates.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('remove',
+        CommunityIdentifierList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('add',
+        CommunityIdentifierList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 2)))
+)
+
+
+class TAMPCommunityUpdate(univ.Sequence):
+    pass
+
+TAMPCommunityUpdate.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.DefaultedNamedType('terse',
+        TerseOrVerbose().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 1)).subtype(value='verbose')),
+    namedtype.NamedType('msgRef', TAMPMsgRef()),
+    namedtype.NamedType('updates', CommunityUpdates())
+)
+
+
+tamp_community_update = rfc5652.ContentInfo()
+tamp_community_update['contentType'] = id_ct_TAMP_communityUpdate
+tamp_community_update['content'] = TAMPCommunityUpdate()
+
+
+# Community Update Confirm Message
+
+id_ct_TAMP_communityUpdateConfirm = _OID(id_tamp, 8)
+
+
+class TerseCommunityConfirm(StatusCode):
+    pass
+
+
+class VerboseCommunityConfirm(univ.Sequence):
+    pass
+
+VerboseCommunityConfirm.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('status', StatusCode()),
+    namedtype.OptionalNamedType('communities', CommunityIdentifierList())
+)
+
+
+class CommunityConfirm(univ.Choice):
+    pass
+
+CommunityConfirm.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('terseCommConfirm',
+        TerseCommunityConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0))),
+    namedtype.NamedType('verboseCommConfirm',
+        VerboseCommunityConfirm().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatConstructed, 1)))
+)
+
+
+class TAMPCommunityUpdateConfirm(univ.Sequence):
+    pass
+
+TAMPCommunityUpdateConfirm.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('update', TAMPMsgRef()),
+    namedtype.NamedType('commConfirm', CommunityConfirm())
+)
+
+
+tamp_community_update_confirm = rfc5652.ContentInfo()
+tamp_community_update_confirm['contentType'] = id_ct_TAMP_communityUpdateConfirm
+tamp_community_update_confirm['content'] = TAMPCommunityUpdateConfirm()
+
+
+# Sequence Number Adjust Message
+
+id_ct_TAMP_seqNumAdjust = _OID(id_tamp, 10)
+
+
+
+class SequenceNumberAdjust(univ.Sequence):
+    pass
+
+SequenceNumberAdjust.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('msgRef', TAMPMsgRef())
+)
+
+
+tamp_sequence_number_adjust = rfc5652.ContentInfo()
+tamp_sequence_number_adjust['contentType'] = id_ct_TAMP_seqNumAdjust
+tamp_sequence_number_adjust['content'] = SequenceNumberAdjust()
+
+
+# Sequence Number Adjust Confirm Message
+
+id_ct_TAMP_seqNumAdjustConfirm = _OID(id_tamp, 11)
+
+
+class SequenceNumberAdjustConfirm(univ.Sequence):
+    pass
+
+SequenceNumberAdjustConfirm.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('adjust', TAMPMsgRef()),
+    namedtype.NamedType('status', StatusCode())
+)
+
+
+tamp_sequence_number_adjust_confirm = rfc5652.ContentInfo()
+tamp_sequence_number_adjust_confirm['contentType'] = id_ct_TAMP_seqNumAdjustConfirm
+tamp_sequence_number_adjust_confirm['content'] = SequenceNumberAdjustConfirm()
+
+
+# TAMP Error Message
+
+id_ct_TAMP_error = _OID(id_tamp, 9)
+
+
+class TAMPError(univ.Sequence):
+    pass
+
+TAMPError.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+        TAMPVersion().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+        tag.tagFormatSimple, 0)).subtype(value='v2')),
+    namedtype.NamedType('msgType', univ.ObjectIdentifier()),
+    namedtype.NamedType('status', StatusCode()),
+    namedtype.OptionalNamedType('msgRef', TAMPMsgRef())
+)
+
+
+tamp_error = rfc5652.ContentInfo()
+tamp_error['contentType'] = id_ct_TAMP_error
+tamp_error['content'] = TAMPError()
+
+
+# Object Identifier Arc for Attributes
+
+id_attributes = univ.ObjectIdentifier('2.16.840.1.101.2.1.5')
+
+
+# contingency-public-key-decrypt-key unsigned attribute
+
+id_aa_TAMP_contingencyPublicKeyDecryptKey = _OID(id_attributes, 63)
+
+
+class PlaintextSymmetricKey(univ.OctetString):
+    pass
+
+
+contingency_public_key_decrypt_key = Attribute()
+contingency_public_key_decrypt_key['type'] = id_aa_TAMP_contingencyPublicKeyDecryptKey
+contingency_public_key_decrypt_key['values'][0] = PlaintextSymmetricKey()
+
+
+# id-pe-wrappedApexContinKey extension
+
+id_pe_wrappedApexContinKey =univ.ObjectIdentifier('1.3.6.1.5.5.7.1.20')
+
+
+class ApexContingencyKey(univ.Sequence):
+    pass
+
+ApexContingencyKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('wrapAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('wrappedContinPubKey', univ.OctetString())
+)
+
+
+wrappedApexContinKey = Extension()
+wrappedApexContinKey['extnID'] = id_pe_wrappedApexContinKey
+wrappedApexContinKey['critical'] = 0
+wrappedApexContinKey['extnValue'] = univ.OctetString()
+
+
+# Add to the map of CMS Content Type OIDs to Content Types in
+# rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_TAMP_statusQuery: TAMPStatusQuery(),
+    id_ct_TAMP_statusResponse: TAMPStatusResponse(),
+    id_ct_TAMP_update: TAMPUpdate(),
+    id_ct_TAMP_updateConfirm: TAMPUpdateConfirm(),
+    id_ct_TAMP_apexUpdate: TAMPApexUpdate(),
+    id_ct_TAMP_apexUpdateConfirm: TAMPApexUpdateConfirm(),
+    id_ct_TAMP_communityUpdate: TAMPCommunityUpdate(),
+    id_ct_TAMP_communityUpdateConfirm: TAMPCommunityUpdateConfirm(),
+    id_ct_TAMP_seqNumAdjust: SequenceNumberAdjust(),
+    id_ct_TAMP_seqNumAdjustConfirm: SequenceNumberAdjustConfirm(),
+    id_ct_TAMP_error: TAMPError(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)
+
+
+# Add to the map of CMS Attribute OIDs to Attribute Values in
+# rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_TAMP_contingencyPublicKeyDecryptKey: PlaintextSymmetricKey(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
+
+
+# Add to the map of Certificate Extension OIDs to Extensions in
+# rfc5280.py
+
+_certificateExtensionsMap = {
+    id_pe_wrappedApexContinKey: ApexContingencyKey(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5940.py

@@ -0,0 +1,59 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add map for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Additional CMS Revocation Information Choices
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5940.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc2560
+from pyasn1_modules import rfc5652
+
+
+# RevocationInfoChoice for OCSP response:
+# The OID is included in otherRevInfoFormat, and
+# signed OCSPResponse is included in otherRevInfo
+
+id_ri_ocsp_response = univ.ObjectIdentifier('1.3.6.1.5.5.7.16.2')
+
+OCSPResponse = rfc2560.OCSPResponse
+
+
+# RevocationInfoChoice for SCVP request/response:
+# The OID is included in otherRevInfoFormat, and
+# SCVPReqRes is included in otherRevInfo
+
+id_ri_scvp = univ.ObjectIdentifier('1.3.6.1.5.5.7.16.4')
+
+ContentInfo = rfc5652.ContentInfo
+
+class SCVPReqRes(univ.Sequence):
+    pass
+
+SCVPReqRes.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('request',
+        ContentInfo().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('response', ContentInfo())
+)
+
+
+# Map of Revocation Info Format OIDs to Revocation Info Format
+# is added to the ones that are in rfc5652.py
+
+_otherRevInfoFormatMapUpdate = {
+     id_ri_ocsp_response: OCSPResponse(),
+     id_ri_scvp: SCVPReqRes(),
+}
+
+rfc5652.otherRevInfoFormatMap.update(_otherRevInfoFormatMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc6019.py

@@ -0,0 +1,45 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to add a map for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# BinaryTime: An Alternate Format for Representing Date and Time
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6019.txt
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+# BinaryTime: Represent date and time as an integer 
+
+class BinaryTime(univ.Integer):
+    pass
+
+BinaryTime.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+# CMS Attribute for representing signing time in BinaryTime
+
+id_aa_binarySigningTime = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.46')
+
+class BinarySigningTime(BinaryTime):
+    pass
+
+
+# Map of Attribute Type OIDs to Attributes ia added to the
+# ones that are in rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_binarySigningTime: BinarySigningTime(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc6031.py

@@ -0,0 +1,469 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# CMS Symmetric Key Package Content Type
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6031.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc6019
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+    return univ.ObjectIdentifier(output)
+
+
+MAX = float('inf')
+
+id_pskc = univ.ObjectIdentifier('1.2.840.113549.1.9.16.12')
+
+
+# Symmetric Key Package Attributes
+
+id_pskc_manufacturer = _OID(id_pskc, 1)
+
+class at_pskc_manufacturer(char.UTF8String):
+    pass
+
+
+id_pskc_serialNo = _OID(id_pskc, 2)
+
+class at_pskc_serialNo(char.UTF8String):
+    pass
+
+
+id_pskc_model = _OID(id_pskc, 3)
+
+class at_pskc_model(char.UTF8String):
+    pass
+
+
+id_pskc_issueNo = _OID(id_pskc, 4)
+
+class at_pskc_issueNo(char.UTF8String):
+    pass
+
+
+id_pskc_deviceBinding = _OID(id_pskc, 5)
+
+class at_pskc_deviceBinding(char.UTF8String):
+    pass
+
+
+id_pskc_deviceStartDate = _OID(id_pskc, 6)
+
+class at_pskc_deviceStartDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_deviceExpiryDate = _OID(id_pskc, 7)
+
+class at_pskc_deviceExpiryDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_moduleId = _OID(id_pskc, 8)
+
+class at_pskc_moduleId(char.UTF8String):
+    pass
+
+
+id_pskc_deviceUserId = _OID(id_pskc, 26)
+
+class at_pskc_deviceUserId(char.UTF8String):
+    pass
+
+
+# Symmetric Key Attributes
+
+id_pskc_keyId = _OID(id_pskc, 9)
+
+class at_pskc_keyUserId(char.UTF8String):
+    pass
+
+
+id_pskc_algorithm = _OID(id_pskc, 10)
+
+class at_pskc_algorithm(char.UTF8String):
+    pass
+
+
+id_pskc_issuer = _OID(id_pskc, 11)
+
+class at_pskc_issuer(char.UTF8String):
+    pass
+
+
+id_pskc_keyProfileId = _OID(id_pskc, 12)
+
+class at_pskc_keyProfileId(char.UTF8String):
+    pass
+
+
+id_pskc_keyReference = _OID(id_pskc, 13)
+
+class at_pskc_keyReference(char.UTF8String):
+    pass
+
+
+id_pskc_friendlyName = _OID(id_pskc, 14)
+
+class FriendlyName(univ.Sequence):
+    pass
+
+FriendlyName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('friendlyName', char.UTF8String()),
+    namedtype.OptionalNamedType('friendlyNameLangTag', char.UTF8String())
+)
+
+class at_pskc_friendlyName(FriendlyName):
+    pass
+
+
+id_pskc_algorithmParameters = _OID(id_pskc, 15)
+
+class Encoding(char.UTF8String):
+    pass
+
+Encoding.namedValues = namedval.NamedValues(
+    ('dec',   "DECIMAL"),
+    ('hex',   "HEXADECIMAL"),
+    ('alpha', "ALPHANUMERIC"),
+    ('b64',   "BASE64"),
+    ('bin',   "BINARY")
+)
+
+Encoding.subtypeSpec = constraint.SingleValueConstraint(
+    "DECIMAL", "HEXADECIMAL", "ALPHANUMERIC", "BASE64", "BINARY" )
+
+class ChallengeFormat(univ.Sequence):
+    pass
+
+ChallengeFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encoding', Encoding()),
+    namedtype.DefaultedNamedType('checkDigit',
+        univ.Boolean().subtype(value=0)),
+    namedtype.NamedType('min', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.NamedType('max', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+)
+
+class ResponseFormat(univ.Sequence):
+    pass
+
+ResponseFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encoding', Encoding()),
+    namedtype.NamedType('length', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.DefaultedNamedType('checkDigit',
+        univ.Boolean().subtype(value=0))
+)
+
+class PSKCAlgorithmParameters(univ.Choice):
+    pass
+
+PSKCAlgorithmParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('suite', char.UTF8String()),
+    namedtype.NamedType('challengeFormat', ChallengeFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('responseFormat', ResponseFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+class at_pskc_algorithmParameters(PSKCAlgorithmParameters):
+    pass
+
+
+id_pskc_counter = _OID(id_pskc, 16)
+
+class at_pskc_counter(univ.Integer):
+    pass
+
+at_pskc_counter.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_time = _OID(id_pskc, 17)
+
+class at_pskc_time(rfc6019.BinaryTime):
+    pass
+
+
+id_pskc_timeInterval = _OID(id_pskc, 18)
+
+class at_pskc_timeInterval(univ.Integer):
+    pass
+
+at_pskc_timeInterval.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_timeDrift = _OID(id_pskc, 19)
+
+class at_pskc_timeDrift(univ.Integer):
+    pass
+
+at_pskc_timeDrift.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_valueMAC = _OID(id_pskc, 20)
+
+class ValueMac(univ.Sequence):
+    pass
+
+ValueMac.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('macAlgorithm', char.UTF8String()),
+    namedtype.NamedType('mac', char.UTF8String())
+)
+
+class at_pskc_valueMAC(ValueMac):
+    pass
+
+
+id_pskc_keyUserId = _OID(id_pskc, 27)
+
+class at_pskc_keyId(char.UTF8String):
+    pass
+
+
+id_pskc_keyStartDate = _OID(id_pskc, 21)
+
+class at_pskc_keyStartDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_keyExpiryDate = _OID(id_pskc, 22)
+
+class at_pskc_keyExpiryDate(useful.GeneralizedTime):
+    pass
+
+
+id_pskc_numberOfTransactions = _OID(id_pskc, 23)
+
+class at_pskc_numberOfTransactions(univ.Integer):
+    pass
+    
+at_pskc_numberOfTransactions.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+id_pskc_keyUsages = _OID(id_pskc, 24)
+
+class PSKCKeyUsage(char.UTF8String):
+    pass
+
+PSKCKeyUsage.namedValues = namedval.NamedValues(
+    ('otp',       "OTP"),
+    ('cr',        "CR"),
+    ('encrypt',   "Encrypt"),
+    ('integrity', "Integrity"),
+    ('verify',    "Verify"),
+    ('unlock',    "Unlock"),
+    ('decrypt',   "Decrypt"),
+    ('keywrap',   "KeyWrap"),
+    ('unwrap',    "Unwrap"),
+    ('derive',    "Derive"),
+    ('generate',  "Generate")
+)
+
+PSKCKeyUsage.subtypeSpec = constraint.SingleValueConstraint(
+    "OTP", "CR", "Encrypt", "Integrity", "Verify", "Unlock",
+    "Decrypt", "KeyWrap", "Unwrap", "Derive", "Generate" )
+
+class PSKCKeyUsages(univ.SequenceOf):
+    pass
+
+PSKCKeyUsages.componentType = PSKCKeyUsage()
+
+class at_pskc_keyUsage(PSKCKeyUsages):
+    pass
+
+
+id_pskc_pinPolicy = _OID(id_pskc, 25)
+
+class PINUsageMode(char.UTF8String):
+    pass
+
+PINUsageMode.namedValues = namedval.NamedValues(
+    ("local",       "Local"),
+    ("prepend",     "Prepend"),
+    ("append",      "Append"),
+    ("algorithmic", "Algorithmic")
+)
+
+PINUsageMode.subtypeSpec = constraint.SingleValueConstraint(
+    "Local", "Prepend", "Append", "Algorithmic" )
+
+class PINPolicy(univ.Sequence):
+    pass
+
+PINPolicy.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('pinKeyId', char.UTF8String().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('pinUsageMode', PINUsageMode().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('maxFailedAttempts', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('minLength', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('maxLength', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(0, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.OptionalNamedType('pinEncoding', Encoding().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5)))
+)
+
+class at_pskc_pinPolicy(PINPolicy):
+    pass
+
+
+# Map of Symmetric Key Package Attribute OIDs to Attributes
+
+sKeyPkgAttributesMap = {
+     id_pskc_manufacturer: at_pskc_manufacturer(),
+     id_pskc_serialNo: at_pskc_serialNo(),
+     id_pskc_model: at_pskc_model(),
+     id_pskc_issueNo: at_pskc_issueNo(),
+     id_pskc_deviceBinding: at_pskc_deviceBinding(),
+     id_pskc_deviceStartDate: at_pskc_deviceStartDate(),
+     id_pskc_deviceExpiryDate: at_pskc_deviceExpiryDate(),
+     id_pskc_moduleId: at_pskc_moduleId(),
+     id_pskc_deviceUserId: at_pskc_deviceUserId(),
+}
+
+
+# Map of Symmetric Key Attribute OIDs to Attributes
+
+sKeyAttributesMap = {
+     id_pskc_keyId: at_pskc_keyId(),
+     id_pskc_algorithm: at_pskc_algorithm(),
+     id_pskc_issuer: at_pskc_issuer(),
+     id_pskc_keyProfileId: at_pskc_keyProfileId(),
+     id_pskc_keyReference: at_pskc_keyReference(),
+     id_pskc_friendlyName: at_pskc_friendlyName(),
+     id_pskc_algorithmParameters: at_pskc_algorithmParameters(),
+     id_pskc_counter: at_pskc_counter(),
+     id_pskc_time: at_pskc_time(),
+     id_pskc_timeInterval: at_pskc_timeInterval(),
+     id_pskc_timeDrift: at_pskc_timeDrift(),
+     id_pskc_valueMAC: at_pskc_valueMAC(),
+     id_pskc_keyUserId: at_pskc_keyUserId(),
+     id_pskc_keyStartDate: at_pskc_keyStartDate(),
+     id_pskc_keyExpiryDate: at_pskc_keyExpiryDate(),
+     id_pskc_numberOfTransactions: at_pskc_numberOfTransactions(),
+     id_pskc_keyUsages: at_pskc_keyUsage(),
+     id_pskc_pinPolicy: at_pskc_pinPolicy(),
+}
+
+
+# This definition replaces Attribute() from rfc5652.py; it is the same except
+# that opentype is added with sKeyPkgAttributesMap and sKeyAttributesMap
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class SKeyAttribute(univ.Sequence):
+    pass
+
+SKeyAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        univ.SetOf(componentType=AttributeValue()),
+        openType=opentype.OpenType('attrType', sKeyAttributesMap)
+    )
+)
+
+
+class SKeyPkgAttribute(univ.Sequence):
+    pass
+
+SKeyPkgAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', AttributeType()),
+    namedtype.NamedType('attrValues',
+        univ.SetOf(componentType=AttributeValue()),
+        openType=opentype.OpenType('attrType', sKeyPkgAttributesMap)
+    )
+)
+
+
+# Symmetric Key Package Content Type
+
+id_ct_KP_sKeyPackage = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.25')
+
+
+class KeyPkgVersion(univ.Integer):
+    pass
+
+KeyPkgVersion.namedValues = namedval.NamedValues(
+    ('v1', 1)
+)
+
+
+class OneSymmetricKey(univ.Sequence):
+    pass
+
+OneSymmetricKey.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('sKeyAttrs',
+        univ.SequenceOf(componentType=SKeyAttribute()).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.OptionalNamedType('sKey', univ.OctetString())
+)
+
+OneSymmetricKey.sizeSpec = univ.Sequence.sizeSpec + constraint.ValueSizeConstraint(1, 2)
+
+
+class SymmetricKeys(univ.SequenceOf):
+    pass
+
+SymmetricKeys.componentType = OneSymmetricKey()
+SymmetricKeys.subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+class SymmetricKeyPackage(univ.Sequence):
+    pass
+
+SymmetricKeyPackage.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', KeyPkgVersion().subtype(value='v1')),
+    namedtype.OptionalNamedType('sKeyPkgAttrs',
+        univ.SequenceOf(componentType=SKeyPkgAttribute()).subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('sKeys', SymmetricKeys())
+)
+
+
+# Map of Content Type OIDs to Content Types are
+# added to the ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_KP_sKeyPackage: SymmetricKeyPackage(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc6120.py

@@ -0,0 +1,43 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Extensible Messaging and Presence Protocol (XMPP)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6120.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# XmppAddr Identifier Type as specified in Section 13.7.1.4. of RFC 6120
+
+id_pkix = rfc5280.id_pkix
+
+id_on = id_pkix + (8, )
+
+id_on_xmppAddr = id_on + (5, )
+
+
+class XmppAddr(char.UTF8String):
+    pass
+
+
+# Map of Other Name OIDs to Other Name is added to the
+# ones that are in rfc5280.py
+
+_anotherNameMapUpdate = {
+    id_on_xmppAddr: XmppAddr(),
+}
+
+rfc5280.anotherNameMap.update(_anotherNameMapUpdate)