def updatetimestampsserverticket(ticket, authtime=None, starttime=None, endtime=None, renewtiltime=None): now = datetime.datetime.now() # yes, this regex isn't perfect, but neither are you if not authtime or not re.match( r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', authtime): authtime = now.strftime('%Y%m%d%H%M%SZ') if not starttime or not re.match( r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', starttime): starttime = now.strftime('%Y%m%d%H%M%SZ') if not endtime or not re.match( r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', endtime): endtime = (now + datetime.timedelta(hours=10)).strftime('%Y%m%d%H%M%SZ') if not renewtiltime or not re.match( r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', renewtiltime): renewtiltime = (now + datetime.timedelta(hours=24)).strftime('%Y%m%d%H%M%SZ') # Dear, pyasn1 # Why do I have to use a _ method to update a value. You expect me to write # an entire spec, I don't want to. Because of this I HATE YOU. Please # DIAF # -Tim # P.S. Suck it ticket.getComponentByPosition(5)._value = useful.GeneralizedTime(authtime) ticket.getComponentByPosition(6)._value = useful.GeneralizedTime(starttime) ticket.getComponentByPosition(7)._value = useful.GeneralizedTime(endtime) ticket.getComponentByPosition(8)._value = useful.GeneralizedTime( renewtiltime) return ticket
class RevAnnContent(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatus()), namedtype.NamedType('certId', rfc2511.CertId()), namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()))
class ValPolResponse(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('vpResponseVersion', univ.Integer()), namedtype.NamedType('maxCVRequestVersion', univ.Integer()), namedtype.NamedType('maxVPRequestVersion', univ.Integer()), namedtype.NamedType('serverConfigurationID', univ.Integer()), namedtype.NamedType('thisUpdate', useful.GeneralizedTime()), namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime()), namedtype.NamedType('supportedChecks', CertChecks()), namedtype.NamedType('supportedWantBacks', WantBack()), namedtype.NamedType('validationPolicies', univ.SequenceOf(componentType=univ.ObjectIdentifier())), namedtype.NamedType('validationAlgs', univ.SequenceOf(componentType=univ.ObjectIdentifier())), namedtype.NamedType('authPolicies', univ.SequenceOf(componentType=AuthPolicy())), namedtype.NamedType('responseTypes', ResponseTypes()), namedtype.NamedType('defaultPolicyValues', RespValidationPolicy()), namedtype.NamedType('revocationInfoTypes', RevocationInfoTypes()), namedtype.NamedType('signatureGeneration', univ.SequenceOf(componentType=AlgorithmIdentifier())), namedtype.NamedType('signatureVerification', univ.SequenceOf(componentType=AlgorithmIdentifier())), namedtype.NamedType('hashAlgorithms', univ.SequenceOf(componentType=univ.ObjectIdentifier()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), namedtype.OptionalNamedType('serverPublicKeys', univ.SequenceOf(componentType=KeyAgreePublicKey())), namedtype.DefaultedNamedType('clockSkew', univ.Integer().subtype(value=10)), namedtype.OptionalNamedType('requestNonce', univ.OctetString()) )
class PrivateKeyUsagePeriod(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) )
class Query(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('queriedCerts', CertReferences()), namedtype.NamedType('checks', CertChecks()), namedtype.OptionalNamedType('wantBack', WantBack().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.NamedType('validationPolicy', ValidationPolicy()), namedtype.OptionalNamedType('responseFlags', ResponseFlags()), namedtype.OptionalNamedType('serverContextInfo', univ.OctetString().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('validationTime', useful.GeneralizedTime().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('intermediateCerts', CertBundle().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('revInfos', RevocationInfos().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('producedAt', useful.GeneralizedTime().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType('queryExtensions', Extensions().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 7))) )
class SingleResponse(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('certID', CertID()), namedtype.NamedType('certStatus', CertStatus()), namedtype.NamedType('thisUpdate', useful.GeneralizedTime()), namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) )
class GLKey(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('glName', GeneralName()), namedtype.NamedType('glIdentifier', KEKIdentifier()), namedtype.NamedType('glkWrapped', RecipientInfos()), namedtype.NamedType('glkAlgorithm', AlgorithmIdentifier()), namedtype.NamedType('glkNotBefore', useful.GeneralizedTime()), namedtype.NamedType('glkNotAfter', useful.GeneralizedTime()))
def CreateSingleResponse(cert=CERT, status=0, next=None, revoke_time=None, reason=None, extensions=[]): sr = rfc2560.SingleResponse() cid = sr.setComponentByName('certID').getComponentByName('certID') issuer_tbs = cert[3].getComponentByName('tbsCertificate') tbs = cert[0].getComponentByName('tbsCertificate') name_hash = hashlib.sha1( encoder.encode(issuer_tbs.getComponentByName('subject'))).digest() key_hash = hashlib.sha1( encoder.encode( issuer_tbs.getComponentByName('subjectPublicKeyInfo'). getComponentByName('subjectPublicKey'))[4:]).digest() sn = tbs.getComponentByName('serialNumber') ha = cid.setComponentByName('hashAlgorithm').getComponentByName( 'hashAlgorithm') ha.setComponentByName('algorithm', sha1oid) cid.setComponentByName('issuerNameHash', name_hash) cid.setComponentByName('issuerKeyHash', key_hash) cid.setComponentByName('serialNumber', sn) cs = rfc2560.CertStatus() if status == 0: cs.setComponentByName('good') elif status == 1: ri = cs.componentType.getTypeByPosition(1).clone() if revoke_time == None: revoke_time = REVOKE_DATE ri.setComponentByName( 'revocationTime', useful.GeneralizedTime(revoke_time.strftime('%Y%m%d%H%M%SZ'))) if reason: ri.setComponentByName('revocationReason', reason) cs.setComponentByName('revoked', ri) else: ui = cs.componentType.getTypeByPosition(2).clone() cs.setComponentByName('unknown', ui) sr.setComponentByName('certStatus', cs) sr.setComponentByName( 'thisUpdate', useful.GeneralizedTime(THIS_DATE.strftime('%Y%m%d%H%M%SZ'))) if next: sr.setComponentByName('nextUpdate', next.strftime('%Y%m%d%H%M%SZ')) if extensions: elist = sr.setComponentByName('singleExtensions').getComponentByName( 'singleExtensions') for i in range(len(extensions)): elist.setComponentByPosition(i, extensions[i]) return sr
class KdcReqBody(univ.Sequence): componentType = namedtype.NamedTypes( _sequence_component('kdc-options', 0, univ.BitString()), _sequence_optional_component('cname', 1, PrincipalName()), _sequence_component('realm', 2, char.GeneralString()), _sequence_optional_component('sname', 3, PrincipalName()), _sequence_optional_component('from', 4, useful.GeneralizedTime()), _sequence_component('till', 5, useful.GeneralizedTime()), _sequence_component('nonce', 7, univ.Integer()), _sequence_component('etype', 8, univ.SequenceOf(componentType=univ.Integer())))
class Time(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('utcTime', useful.UTCTime()), namedtype.NamedType('generalTime', useful.GeneralizedTime())) def __str__(self): return str(self.getComponent())
def datetimeToTime(dt): """Takes a datetime object and returns an rfc2459.Time object with that time as its value as a GeneralizedTime""" time = rfc2459.Time() time.setComponentByName( 'generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ'))) return time
def testDecimalCommaPoint(self): try: assert encoder.encode(useful.GeneralizedTime('20150501120112,1Z')) except PyAsn1Error: pass else: assert 0, 'Decimal comma tolerated'
class RevokedInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('revocationTime', useful.GeneralizedTime()), namedtype.OptionalNamedType( 'revocationReason', CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))))
def testMissingTimezone(self): try: assert encoder.encode(useful.GeneralizedTime('20150501120112.1')) except PyAsn1Error: pass else: assert 0, 'Missing timezone tolerated'
class RevAnnContent(univ.Sequence): """ RevAnnContent ::= SEQUENCE { status PKIStatus, certId CertId, willBeRevokedAt GeneralizedTime, badSinceDate GeneralizedTime, crlDetails Extensions OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatus()), namedtype.NamedType('certId', rfc4211.CertId()), namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()), namedtype.NamedType('badSinceDate', useful.GeneralizedTime()), namedtype.OptionalNamedType('crlDetails', rfc5280.Extensions()))
def check_signed_time(cert: str): logging.info('Checking Signed Time...') try: cert_ = open(cert, 'rb').read() cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_) not_after = useful.GeneralizedTime(cert.get_notAfter().decode()) not_before = useful.GeneralizedTime(cert.get_notBefore().decode()) logging.info("\tTSA Certificate's not after:\t" + str(not_after.asDateTime)) logging.info("\tTSA Certificate's not before:\t" + str(not_before.asDateTime)) logging.info("\tGenTime of TimeStampToken:\t\t" + str(GenTime.asDateTime)) assert not_before.asDateTime < GenTime.asDateTime < not_after.asDateTime except Exception as e: logging.error('Check Signed Time: Failure', exc_info=True) raise e logging.info('Check Signed Time: Success, GenTime is between TSA certificate period of validity') return True
class TSTInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 1)))), namedtype.OptionalNamedType('policy', TSAPolicyId()), namedtype.NamedType('messageImprint', MessageImprint()), # -- MUST have the same value as the similar field in # -- TimeStampReq namedtype.NamedType('serialNumber', univ.Integer()), # -- Time-Stamping users MUST be ready to accommodate integers # -- up to 160 bits. namedtype.NamedType('genTime', useful.GeneralizedTime()), namedtype.OptionalNamedType('accuracy', Accuracy()), namedtype.DefaultedNamedType('ordering', univ.Boolean(False)), namedtype.OptionalNamedType('nonce', univ.Integer()), # -- MUST be present if the similar field was present # -- in TimeStampReq. In that case it MUST have the same value. namedtype.OptionalNamedType('tsa', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), ) @property def version(self): return self[0] @property def policy(self): return self[1] @property def message_imprint(self): return self[2]
def testSchemaPickling(self): old_asn1 = useful.GeneralizedTime() serialised = pickle.dumps(old_asn1) assert serialised new_asn1 = pickle.loads(serialised) assert type(new_asn1) == useful.GeneralizedTime assert old_asn1.isSameTypeWith(new_asn1)
class ResponseData(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.NamedType('responderID', ResponderID().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.NamedType('producedAt', useful.GeneralizedTime()), namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())), namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))) )
def testLocalTimezone(self): try: assert encoder.encode( useful.GeneralizedTime('20150501120112.1+0200')) except PyAsn1Error: pass else: assert 0, 'Local timezone tolerated'
class CrlID(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.OptionalNamedType('crlUrl', char.IA5String().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('crlNum', univ.Integer().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('crlTime', useful.GeneralizedTime().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))) )
class SignPolicyInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('signPolicyIdentifier', SignPolicyId()), namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()), namedtype.NamedType('policyIssuerName', PolicyIssuerName()), namedtype.NamedType('fieldOfApplication', FieldOfApplication()), namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()), namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()))
class Manifest(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.DefaultedNamedType('version', univ.Integer().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)), namedtype.NamedType('manifestNumber', univ.Integer().subtype( subtypeSpec=constraint.ValueRangeConstraint(0, MAX))), namedtype.NamedType('thisUpdate', useful.GeneralizedTime()), namedtype.NamedType('nextUpdate', useful.GeneralizedTime()), namedtype.NamedType('fileHashAlg', univ.ObjectIdentifier()), namedtype.NamedType('fileList', univ.SequenceOf(componentType=FileAndHash()).subtype( subtypeSpec=constraint.ValueSizeConstraint(0, MAX))) )
class Time(univ.Choice): componentType = namedtype.NamedTypes( namedtype.NamedType('utcTime', useful.UTCTime()), namedtype.NamedType('generalTime', useful.GeneralizedTime())) def to_python_time(self): if 'utcTime' in self: return self['utcTime'].asDateTime else: return self['generalTime'].asDateTime
class CertReply(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('cert', CertReference()), namedtype.DefaultedNamedType('replyStatus', ReplyStatus().subtype(value='success')), namedtype.NamedType('replyValTime', useful.GeneralizedTime()), namedtype.NamedType('replyChecks', ReplyChecks()), namedtype.NamedType('replyWantBacks', ReplyWantBacks()), namedtype.OptionalNamedType('validationErrors', univ.SequenceOf(componentType=univ.ObjectIdentifier()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 1))), namedtype.OptionalNamedType('certReplyExtensions', Extensions().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))) )
class PKIHeader(univ.Sequence): """ PKIHeader ::= SEQUENCE { pvno INTEGER { cmp1999(1), cmp2000(2) }, sender GeneralName, recipient GeneralName, messageTime [0] GeneralizedTime OPTIONAL, protectionAlg [1] AlgorithmIdentifier OPTIONAL, senderKID [2] KeyIdentifier OPTIONAL, recipKID [3] KeyIdentifier OPTIONAL, transactionID [4] OCTET STRING OPTIONAL, senderNonce [5] OCTET STRING OPTIONAL, recipNonce [6] OCTET STRING OPTIONAL, freeText [7] PKIFreeText OPTIONAL, generalInfo [8] SEQUENCE SIZE (1..MAX) OF InfoTypeAndValue OPTIONAL } """ componentType = namedtype.NamedTypes( namedtype.NamedType('pvno', univ.Integer( namedValues=namedval.NamedValues( ('cmp1999', 1), ('cmp2000', 2) ) ) ), namedtype.NamedType('sender', rfc2459.GeneralName()), namedtype.NamedType('recipient', rfc2459.GeneralName()), namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType('freeText', PKIFreeText().subtype( explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType('generalInfo', univ.SequenceOf( componentType=InfoTypeAndValue().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8) ) ) ) )
class KdcReqBody(univ.Sequence): tagSet = univ.Sequence.tagSet + tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4) componentType = namedtype.NamedTypes( namedtype.NamedType('kdc-options', _c(0, univ.BitString())), namedtype.OptionalNamedType('cname', _c(1, PrincipalName())), namedtype.NamedType('realm', _c(2, char.GeneralString())), namedtype.OptionalNamedType('sname', _c(3, PrincipalName())), namedtype.NamedType('till', _c(5, useful.GeneralizedTime())), namedtype.NamedType('nonce', _c(7, univ.Integer())), namedtype.NamedType( 'etype', _c(8, univ.SequenceOf(componentType=univ.Integer()))))
def test_conversion_gen(self): gen_time = useful.GeneralizedTime('20120614235959Z') t = Time() t['generalTime'] = gen_time self.assertEqual( time_to_python(t), datetime.datetime(2012, 6, 14, 23, 59, 59, tzinfo=datetime.timezone.utc))
class PKIHeader(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType( 'pvno', univ.Integer( namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000', 2)))), namedtype.NamedType('sender', rfc2459.GeneralName()), namedtype.NamedType('recipient', rfc2459.GeneralName()), namedtype.OptionalNamedType( 'messageTime', useful.GeneralizedTime().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0))), namedtype.OptionalNamedType( 'protectionAlg', rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 1))), namedtype.OptionalNamedType( 'senderKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 2))), namedtype.OptionalNamedType( 'recipKID', rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 3))), namedtype.OptionalNamedType( 'transactionID', univ.OctetString().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 4))), namedtype.OptionalNamedType( 'senderNonce', univ.OctetString().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 5))), namedtype.OptionalNamedType( 'recipNonce', univ.OctetString().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 6))), namedtype.OptionalNamedType( 'freeText', PKIFreeText().subtype(explicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatConstructed, 7))), namedtype.OptionalNamedType( 'generalInfo', univ.SequenceOf(componentType=InfoTypeAndValue().subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))))
class TSTInfo(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues('v1', 1))), namedtype.NamedType('policy', TSAPolicyId()), namedtype.NamedType('messageImprint', MessageImprint()), namedtype.NamedType('serialNumber', univ.Integer()), namedtype.NamedType('genTime', useful.GeneralizedTime()), namedtype.OptionalNamedType('accuracy', Accuracy()), namedtype.DefaultedNamedType('ordering', univ.Boolean(False)), namedtype.OptionalNamedType('nonce', univ.Integer()), namedtype.OptionalNamedType('tsa', GeneralName().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0) )), namedtype.OptionalNamedType('extensions', Extensions().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1) )) )