def updatetimestampsserverticket(ticket,
authtime=None,
starttime=None,
endtime=None,
renewtiltime=None):
now = datetime.datetime.now()
# yes, this regex isn't perfect, but neither are you
if not authtime or not re.match(
r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', authtime):
authtime = now.strftime('%Y%m%d%H%M%SZ')
if not starttime or not re.match(
r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', starttime):
starttime = now.strftime('%Y%m%d%H%M%SZ')
if not endtime or not re.match(
r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', endtime):
endtime = (now +
datetime.timedelta(hours=10)).strftime('%Y%m%d%H%M%SZ')
if not renewtiltime or not re.match(
r'^20\d\d[0-1]\d[0-3]\d[0-2]\d[0-6]\d[0-6]\dZ$', renewtiltime):
renewtiltime = (now +
datetime.timedelta(hours=24)).strftime('%Y%m%d%H%M%SZ')
# Dear, pyasn1
# Why do I have to use a _ method to update a value. You expect me to write
# an entire spec, I don't want to. Because of this I HATE YOU. Please
# DIAF
# -Tim
# P.S. Suck it
ticket.getComponentByPosition(5)._value = useful.GeneralizedTime(authtime)
ticket.getComponentByPosition(6)._value = useful.GeneralizedTime(starttime)
ticket.getComponentByPosition(7)._value = useful.GeneralizedTime(endtime)
ticket.getComponentByPosition(8)._value = useful.GeneralizedTime(
renewtiltime)
return ticket
class RevAnnContent(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('status', PKIStatus()),
namedtype.NamedType('certId', rfc2511.CertId()),
namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
namedtype.OptionalNamedType('crlDetails', rfc2459.Extensions()))
class ValPolResponse(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('vpResponseVersion', univ.Integer()),
namedtype.NamedType('maxCVRequestVersion', univ.Integer()),
namedtype.NamedType('maxVPRequestVersion', univ.Integer()),
namedtype.NamedType('serverConfigurationID', univ.Integer()),
namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime()),
namedtype.NamedType('supportedChecks', CertChecks()),
namedtype.NamedType('supportedWantBacks', WantBack()),
namedtype.NamedType('validationPolicies',
univ.SequenceOf(componentType=univ.ObjectIdentifier())),
namedtype.NamedType('validationAlgs',
univ.SequenceOf(componentType=univ.ObjectIdentifier())),
namedtype.NamedType('authPolicies',
univ.SequenceOf(componentType=AuthPolicy())),
namedtype.NamedType('responseTypes', ResponseTypes()),
namedtype.NamedType('defaultPolicyValues', RespValidationPolicy()),
namedtype.NamedType('revocationInfoTypes', RevocationInfoTypes()),
namedtype.NamedType('signatureGeneration',
univ.SequenceOf(componentType=AlgorithmIdentifier())),
namedtype.NamedType('signatureVerification',
univ.SequenceOf(componentType=AlgorithmIdentifier())),
namedtype.NamedType('hashAlgorithms',
univ.SequenceOf(componentType=univ.ObjectIdentifier()).subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
namedtype.OptionalNamedType('serverPublicKeys',
univ.SequenceOf(componentType=KeyAgreePublicKey())),
namedtype.DefaultedNamedType('clockSkew',
univ.Integer().subtype(value=10)),
namedtype.OptionalNamedType('requestNonce', univ.OctetString())
)
class PrivateKeyUsagePeriod(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class Query(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('queriedCerts', CertReferences()),
namedtype.NamedType('checks', CertChecks()),
namedtype.OptionalNamedType('wantBack',
WantBack().subtype(implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 1))),
namedtype.NamedType('validationPolicy', ValidationPolicy()),
namedtype.OptionalNamedType('responseFlags', ResponseFlags()),
namedtype.OptionalNamedType('serverContextInfo',
univ.OctetString().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('validationTime',
useful.GeneralizedTime().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('intermediateCerts',
CertBundle().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType('revInfos',
RevocationInfos().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('producedAt',
useful.GeneralizedTime().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('queryExtensions',
Extensions().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 7)))
)
class SingleResponse(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('certID', CertID()),
namedtype.NamedType('certStatus', CertStatus()),
namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class GLKey(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('glName', GeneralName()),
namedtype.NamedType('glIdentifier', KEKIdentifier()),
namedtype.NamedType('glkWrapped', RecipientInfos()),
namedtype.NamedType('glkAlgorithm', AlgorithmIdentifier()),
namedtype.NamedType('glkNotBefore', useful.GeneralizedTime()),
namedtype.NamedType('glkNotAfter', useful.GeneralizedTime()))
def CreateSingleResponse(cert=CERT,
status=0,
next=None,
revoke_time=None,
reason=None,
extensions=[]):
sr = rfc2560.SingleResponse()
cid = sr.setComponentByName('certID').getComponentByName('certID')
issuer_tbs = cert[3].getComponentByName('tbsCertificate')
tbs = cert[0].getComponentByName('tbsCertificate')
name_hash = hashlib.sha1(
encoder.encode(issuer_tbs.getComponentByName('subject'))).digest()
key_hash = hashlib.sha1(
encoder.encode(
issuer_tbs.getComponentByName('subjectPublicKeyInfo').
getComponentByName('subjectPublicKey'))[4:]).digest()
sn = tbs.getComponentByName('serialNumber')
ha = cid.setComponentByName('hashAlgorithm').getComponentByName(
'hashAlgorithm')
ha.setComponentByName('algorithm', sha1oid)
cid.setComponentByName('issuerNameHash', name_hash)
cid.setComponentByName('issuerKeyHash', key_hash)
cid.setComponentByName('serialNumber', sn)
cs = rfc2560.CertStatus()
if status == 0:
cs.setComponentByName('good')
elif status == 1:
ri = cs.componentType.getTypeByPosition(1).clone()
if revoke_time == None:
revoke_time = REVOKE_DATE
ri.setComponentByName(
'revocationTime',
useful.GeneralizedTime(revoke_time.strftime('%Y%m%d%H%M%SZ')))
if reason:
ri.setComponentByName('revocationReason', reason)
cs.setComponentByName('revoked', ri)
else:
ui = cs.componentType.getTypeByPosition(2).clone()
cs.setComponentByName('unknown', ui)
sr.setComponentByName('certStatus', cs)
sr.setComponentByName(
'thisUpdate',
useful.GeneralizedTime(THIS_DATE.strftime('%Y%m%d%H%M%SZ')))
if next:
sr.setComponentByName('nextUpdate', next.strftime('%Y%m%d%H%M%SZ'))
if extensions:
elist = sr.setComponentByName('singleExtensions').getComponentByName(
'singleExtensions')
for i in range(len(extensions)):
elist.setComponentByPosition(i, extensions[i])
return sr
class KdcReqBody(univ.Sequence):
componentType = namedtype.NamedTypes(
_sequence_component('kdc-options', 0, univ.BitString()),
_sequence_optional_component('cname', 1, PrincipalName()),
_sequence_component('realm', 2, char.GeneralString()),
_sequence_optional_component('sname', 3, PrincipalName()),
_sequence_optional_component('from', 4, useful.GeneralizedTime()),
_sequence_component('till', 5, useful.GeneralizedTime()),
_sequence_component('nonce', 7, univ.Integer()),
_sequence_component('etype', 8,
univ.SequenceOf(componentType=univ.Integer())))
class Time(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType('utcTime', useful.UTCTime()),
namedtype.NamedType('generalTime', useful.GeneralizedTime()))
def __str__(self):
return str(self.getComponent())
def datetimeToTime(dt):
"""Takes a datetime object and returns an rfc2459.Time object with
that time as its value as a GeneralizedTime"""
time = rfc2459.Time()
time.setComponentByName(
'generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ')))
return time
def testDecimalCommaPoint(self):
try:
assert encoder.encode(useful.GeneralizedTime('20150501120112,1Z'))
except PyAsn1Error:
pass
else:
assert 0, 'Decimal comma tolerated'
class RevokedInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('revocationTime', useful.GeneralizedTime()),
namedtype.OptionalNamedType(
'revocationReason',
CRLReason().subtype(explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))))
def testMissingTimezone(self):
try:
assert encoder.encode(useful.GeneralizedTime('20150501120112.1'))
except PyAsn1Error:
pass
else:
assert 0, 'Missing timezone tolerated'
class RevAnnContent(univ.Sequence):
"""
RevAnnContent ::= SEQUENCE {
status PKIStatus,
certId CertId,
willBeRevokedAt GeneralizedTime,
badSinceDate GeneralizedTime,
crlDetails Extensions OPTIONAL
}
"""
componentType = namedtype.NamedTypes(
namedtype.NamedType('status', PKIStatus()),
namedtype.NamedType('certId', rfc4211.CertId()),
namedtype.NamedType('willBeRevokedAt', useful.GeneralizedTime()),
namedtype.NamedType('badSinceDate', useful.GeneralizedTime()),
namedtype.OptionalNamedType('crlDetails', rfc5280.Extensions()))
def check_signed_time(cert: str):
logging.info('Checking Signed Time...')
try:
cert_ = open(cert, 'rb').read()
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_)
not_after = useful.GeneralizedTime(cert.get_notAfter().decode())
not_before = useful.GeneralizedTime(cert.get_notBefore().decode())
logging.info("\tTSA Certificate's not after:\t" + str(not_after.asDateTime))
logging.info("\tTSA Certificate's not before:\t" + str(not_before.asDateTime))
logging.info("\tGenTime of TimeStampToken:\t\t" + str(GenTime.asDateTime))
assert not_before.asDateTime < GenTime.asDateTime < not_after.asDateTime
except Exception as e:
logging.error('Check Signed Time: Failure', exc_info=True)
raise e
logging.info('Check Signed Time: Success, GenTime is between TSA certificate period of validity')
return True
class TSTInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues(('v1', 1)))),
namedtype.OptionalNamedType('policy', TSAPolicyId()),
namedtype.NamedType('messageImprint', MessageImprint()),
# -- MUST have the same value as the similar field in
# -- TimeStampReq
namedtype.NamedType('serialNumber', univ.Integer()),
# -- Time-Stamping users MUST be ready to accommodate integers
# -- up to 160 bits.
namedtype.NamedType('genTime', useful.GeneralizedTime()),
namedtype.OptionalNamedType('accuracy', Accuracy()),
namedtype.DefaultedNamedType('ordering', univ.Boolean(False)),
namedtype.OptionalNamedType('nonce', univ.Integer()),
# -- MUST be present if the similar field was present
# -- in TimeStampReq. In that case it MUST have the same value.
namedtype.OptionalNamedType('tsa', GeneralName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('extensions', Extensions().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
)
@property
def version(self):
return self[0]
@property
def policy(self):
return self[1]
@property
def message_imprint(self):
return self[2]
def testSchemaPickling(self):
old_asn1 = useful.GeneralizedTime()
serialised = pickle.dumps(old_asn1)
assert serialised
new_asn1 = pickle.loads(serialised)
assert type(new_asn1) == useful.GeneralizedTime
assert old_asn1.isSameTypeWith(new_asn1)
class ResponseData(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.DefaultedNamedType('version', Version('v1').subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('responderID', ResponderID().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('producedAt', useful.GeneralizedTime()),
namedtype.NamedType('responses', univ.SequenceOf(SingleResponse())),
namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
def testLocalTimezone(self):
try:
assert encoder.encode(
useful.GeneralizedTime('20150501120112.1+0200'))
except PyAsn1Error:
pass
else:
assert 0, 'Local timezone tolerated'
class CrlID(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('crlUrl', char.IA5String().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('crlNum', univ.Integer().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('crlTime', useful.GeneralizedTime().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class SignPolicyInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('signPolicyIdentifier', SignPolicyId()),
namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()),
namedtype.NamedType('policyIssuerName', PolicyIssuerName()),
namedtype.NamedType('fieldOfApplication', FieldOfApplication()),
namedtype.NamedType('signatureValidationPolicy',
SignatureValidationPolicy()),
namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions()))
class Manifest(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.DefaultedNamedType('version',
univ.Integer().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)),
namedtype.NamedType('manifestNumber',
univ.Integer().subtype(
subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
namedtype.NamedType('thisUpdate',
useful.GeneralizedTime()),
namedtype.NamedType('nextUpdate',
useful.GeneralizedTime()),
namedtype.NamedType('fileHashAlg',
univ.ObjectIdentifier()),
namedtype.NamedType('fileList',
univ.SequenceOf(componentType=FileAndHash()).subtype(
subtypeSpec=constraint.ValueSizeConstraint(0, MAX)))
)
class Time(univ.Choice):
componentType = namedtype.NamedTypes(
namedtype.NamedType('utcTime', useful.UTCTime()),
namedtype.NamedType('generalTime', useful.GeneralizedTime()))
def to_python_time(self):
if 'utcTime' in self:
return self['utcTime'].asDateTime
else:
return self['generalTime'].asDateTime
class CertReply(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('cert', CertReference()),
namedtype.DefaultedNamedType('replyStatus',
ReplyStatus().subtype(value='success')),
namedtype.NamedType('replyValTime', useful.GeneralizedTime()),
namedtype.NamedType('replyChecks', ReplyChecks()),
namedtype.NamedType('replyWantBacks', ReplyWantBacks()),
namedtype.OptionalNamedType('validationErrors',
univ.SequenceOf(componentType=univ.ObjectIdentifier()).subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('nextUpdate',
useful.GeneralizedTime().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('certReplyExtensions',
Extensions().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class PKIHeader(univ.Sequence):
"""
PKIHeader ::= SEQUENCE {
pvno INTEGER { cmp1999(1), cmp2000(2) },
sender GeneralName,
recipient GeneralName,
messageTime [0] GeneralizedTime OPTIONAL,
protectionAlg [1] AlgorithmIdentifier OPTIONAL,
senderKID [2] KeyIdentifier OPTIONAL,
recipKID [3] KeyIdentifier OPTIONAL,
transactionID [4] OCTET STRING OPTIONAL,
senderNonce [5] OCTET STRING OPTIONAL,
recipNonce [6] OCTET STRING OPTIONAL,
freeText [7] PKIFreeText OPTIONAL,
generalInfo [8] SEQUENCE SIZE (1..MAX) OF
InfoTypeAndValue OPTIONAL
}
"""
componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer(
namedValues=namedval.NamedValues(
('cmp1999', 1),
('cmp2000', 2)
)
)
),
namedtype.NamedType('sender', rfc2459.GeneralName()),
namedtype.NamedType('recipient', rfc2459.GeneralName()),
namedtype.OptionalNamedType('messageTime', useful.GeneralizedTime().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('protectionAlg', rfc2459.AlgorithmIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('senderKID', rfc2459.KeyIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('recipKID', rfc2459.KeyIdentifier().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('transactionID', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType('senderNonce', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('recipNonce', univ.OctetString().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('freeText', PKIFreeText().subtype(
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7))),
namedtype.OptionalNamedType('generalInfo',
univ.SequenceOf(
componentType=InfoTypeAndValue().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)
)
)
)
)
class KdcReqBody(univ.Sequence):
tagSet = univ.Sequence.tagSet + tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 4)
componentType = namedtype.NamedTypes(
namedtype.NamedType('kdc-options', _c(0, univ.BitString())),
namedtype.OptionalNamedType('cname', _c(1, PrincipalName())),
namedtype.NamedType('realm', _c(2, char.GeneralString())),
namedtype.OptionalNamedType('sname', _c(3, PrincipalName())),
namedtype.NamedType('till', _c(5, useful.GeneralizedTime())),
namedtype.NamedType('nonce', _c(7, univ.Integer())),
namedtype.NamedType(
'etype', _c(8, univ.SequenceOf(componentType=univ.Integer()))))
def test_conversion_gen(self):
gen_time = useful.GeneralizedTime('20120614235959Z')
t = Time()
t['generalTime'] = gen_time
self.assertEqual(
time_to_python(t),
datetime.datetime(2012,
6,
14,
23,
59,
59,
tzinfo=datetime.timezone.utc))
class PKIHeader(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType(
'pvno',
univ.Integer(
namedValues=namedval.NamedValues(('cmp1999', 1), ('cmp2000',
2)))),
namedtype.NamedType('sender', rfc2459.GeneralName()),
namedtype.NamedType('recipient', rfc2459.GeneralName()),
namedtype.OptionalNamedType(
'messageTime',
useful.GeneralizedTime().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType(
'protectionAlg',
rfc2459.AlgorithmIdentifier().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType(
'senderKID',
rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType(
'recipKID',
rfc2459.KeyIdentifier().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType(
'transactionID',
univ.OctetString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType(
'senderNonce',
univ.OctetString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType(
'recipNonce',
univ.OctetString().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType(
'freeText',
PKIFreeText().subtype(explicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatConstructed, 7))),
namedtype.OptionalNamedType(
'generalInfo',
univ.SequenceOf(componentType=InfoTypeAndValue().subtype(
subtypeSpec=constraint.ValueSizeConstraint(1, MAX),
explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,
8)))))
class TSTInfo(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('version', univ.Integer(namedValues=namedval.NamedValues('v1', 1))),
namedtype.NamedType('policy', TSAPolicyId()),
namedtype.NamedType('messageImprint', MessageImprint()),
namedtype.NamedType('serialNumber', univ.Integer()),
namedtype.NamedType('genTime', useful.GeneralizedTime()),
namedtype.OptionalNamedType('accuracy', Accuracy()),
namedtype.DefaultedNamedType('ordering', univ.Boolean(False)),
namedtype.OptionalNamedType('nonce', univ.Integer()),
namedtype.OptionalNamedType('tsa', GeneralName().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)
)),
namedtype.OptionalNamedType('extensions', Extensions().subtype(
implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)
))
)
