Add files using upload-large-folder tool

.venv/lib/python3.11/site-packages/pyasn1_modules/__init__.py

@@ -0,0 +1,2 @@
+# http://www.python.org/dev/peps/pep-0396/
+__version__ = '0.4.1'

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc1157.py

@@ -0,0 +1,126 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv1 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc1157.txt
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc1155
+
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('version-1', 0)
+    )
+    defaultValue = 0
+
+
+class Community(univ.OctetString):
+    pass
+
+
+class RequestID(univ.Integer):
+    pass
+
+
+class ErrorStatus(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('noError', 0),
+        ('tooBig', 1),
+        ('noSuchName', 2),
+        ('badValue', 3),
+        ('readOnly', 4),
+        ('genErr', 5)
+    )
+
+
+class ErrorIndex(univ.Integer):
+    pass
+
+
+class VarBind(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('name', rfc1155.ObjectName()),
+        namedtype.NamedType('value', rfc1155.ObjectSyntax())
+    )
+
+
+class VarBindList(univ.SequenceOf):
+    componentType = VarBind()
+
+
+class _RequestBase(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('request-id', RequestID()),
+        namedtype.NamedType('error-status', ErrorStatus()),
+        namedtype.NamedType('error-index', ErrorIndex()),
+        namedtype.NamedType('variable-bindings', VarBindList())
+    )
+
+
+class GetRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)
+    )
+
+
+class GetNextRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)
+    )
+
+
+class GetResponsePDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)
+    )
+
+
+class SetRequestPDU(_RequestBase):
+    tagSet = _RequestBase.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)
+    )
+
+
+class TrapPDU(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('enterprise', univ.ObjectIdentifier()),
+        namedtype.NamedType('agent-addr', rfc1155.NetworkAddress()),
+        namedtype.NamedType('generic-trap', univ.Integer().clone(
+            namedValues=namedval.NamedValues(('coldStart', 0), ('warmStart', 1), ('linkDown', 2), ('linkUp', 3),
+                                             ('authenticationFailure', 4), ('egpNeighborLoss', 5),
+                                             ('enterpriseSpecific', 6)))),
+        namedtype.NamedType('specific-trap', univ.Integer()),
+        namedtype.NamedType('time-stamp', rfc1155.TimeTicks()),
+        namedtype.NamedType('variable-bindings', VarBindList())
+    )
+
+
+class Pdus(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('get-request', GetRequestPDU()),
+        namedtype.NamedType('get-next-request', GetNextRequestPDU()),
+        namedtype.NamedType('get-response', GetResponsePDU()),
+        namedtype.NamedType('set-request', SetRequestPDU()),
+        namedtype.NamedType('trap', TrapPDU())
+    )
+
+
+class Message(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('community', Community()),
+        namedtype.NamedType('data', Pdus())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2251.py

@@ -0,0 +1,563 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# LDAP message syntax
+#
+# ASN.1 source from:
+# http://www.trl.ibm.com/projects/xml/xss4j/data/asn1/grammars/ldap.asn
+#
+# Sample captures from:
+# http://wiki.wireshark.org/SampleCaptures/
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+maxInt = univ.Integer(2147483647)
+
+
+class LDAPString(univ.OctetString):
+    pass
+
+
+class LDAPOID(univ.OctetString):
+    pass
+
+
+class LDAPDN(LDAPString):
+    pass
+
+
+class RelativeLDAPDN(LDAPString):
+    pass
+
+
+class AttributeType(LDAPString):
+    pass
+
+
+class AttributeDescription(LDAPString):
+    pass
+
+
+class AttributeDescriptionList(univ.SequenceOf):
+    componentType = AttributeDescription()
+
+
+class AttributeValue(univ.OctetString):
+    pass
+
+
+class AssertionValue(univ.OctetString):
+    pass
+
+
+class AttributeValueAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeDesc', AttributeDescription()),
+        namedtype.NamedType('assertionValue', AssertionValue())
+    )
+
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+    )
+
+
+class MatchingRuleId(LDAPString):
+    pass
+
+
+class Control(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('controlType', LDAPOID()),
+        namedtype.DefaultedNamedType('criticality', univ.Boolean('False')),
+        namedtype.OptionalNamedType('controlValue', univ.OctetString())
+    )
+
+
+class Controls(univ.SequenceOf):
+    componentType = Control()
+
+
+class LDAPURL(LDAPString):
+    pass
+
+
+class Referral(univ.SequenceOf):
+    componentType = LDAPURL()
+
+
+class SaslCredentials(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('mechanism', LDAPString()),
+        namedtype.OptionalNamedType('credentials', univ.OctetString())
+    )
+
+
+class AuthenticationChoice(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('simple', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('reserved-1', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('reserved-2', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('sasl',
+                            SaslCredentials().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+    )
+
+
+class BindRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 0)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, 127))),
+        namedtype.NamedType('name', LDAPDN()),
+        namedtype.NamedType('authentication', AuthenticationChoice())
+    )
+
+
+class PartialAttributeList(univ.SequenceOf):
+    componentType = univ.Sequence(
+        componentType=namedtype.NamedTypes(
+            namedtype.NamedType('type', AttributeDescription()),
+            namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+    )
+
+
+class SearchResultEntry(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 4)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('objectName', LDAPDN()),
+        namedtype.NamedType('attributes', PartialAttributeList())
+    )
+
+
+class MatchingRuleAssertion(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('matchingRule', MatchingRuleId().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('type', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.NamedType('matchValue',
+                            AssertionValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.DefaultedNamedType('dnAttributes', univ.Boolean('False').subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+
+class SubstringFilter(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('substrings',
+            univ.SequenceOf(
+                componentType=univ.Choice(
+                    componentType=namedtype.NamedTypes(
+                        namedtype.NamedType(
+                            'initial', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+                        ),
+                        namedtype.NamedType(
+                            'any', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))
+                        ),
+                        namedtype.NamedType(
+                            'final', LDAPString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))
+                        )
+                    )
+                )
+            )
+        )
+    )
+
+
+# Ugly hack to handle recursive Filter reference (up to 3-levels deep).
+
+class Filter3(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
+
+class Filter2(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter3()).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter3()).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('not',
+                            Filter3().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
+
+class Filter(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('and', univ.SetOf(componentType=Filter2()).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('or', univ.SetOf(componentType=Filter2()).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('not',
+                            Filter2().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.NamedType('equalityMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.NamedType('substrings', SubstringFilter().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.NamedType('greaterOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+        namedtype.NamedType('lessOrEqual', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+        namedtype.NamedType('present', AttributeDescription().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+        namedtype.NamedType('approxMatch', AttributeValueAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+        namedtype.NamedType('extensibleMatch', MatchingRuleAssertion().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9)))
+    )
+
+
+# End of Filter hack
+
+class SearchRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('baseObject', LDAPDN()),
+        namedtype.NamedType('scope', univ.Enumerated(
+            namedValues=namedval.NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)))),
+        namedtype.NamedType('derefAliases', univ.Enumerated(
+            namedValues=namedval.NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1),
+                                             ('derefFindingBaseObj', 2), ('derefAlways', 3)))),
+        namedtype.NamedType('sizeLimit',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('timeLimit',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, maxInt))),
+        namedtype.NamedType('typesOnly', univ.Boolean()),
+        namedtype.NamedType('filter', Filter()),
+        namedtype.NamedType('attributes', AttributeDescriptionList())
+    )
+
+
+class UnbindRequest(univ.Null):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatSimple, 2)
+    )
+
+
+class BindResponse(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(
+            namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2),
+                                             ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5),
+                                             ('compareTrue', 6), ('authMethodNotSupported', 7),
+                                             ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10),
+                                             ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
+                                             ('confidentialityRequired', 13), ('saslBindInProgress', 14),
+                                             ('noSuchAttribute', 16), ('undefinedAttributeType', 17),
+                                             ('inappropriateMatching', 18), ('constraintViolation', 19),
+                                             ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
+                                             ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
+                                             ('reserved-35', 35), ('aliasDereferencingProblem', 36),
+                                             ('inappropriateAuthentication', 48), ('invalidCredentials', 49),
+                                             ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52),
+                                             ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64),
+                                             ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
+                                             ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
+                                             ('objectClassModsProhibited', 69), ('reserved-70', 70),
+                                             ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81),
+                                             ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84),
+                                             ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87),
+                                             ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('serverSaslCreds', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 7)))
+    )
+
+
+class LDAPResult(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(
+            namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2),
+                                             ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5),
+                                             ('compareTrue', 6), ('authMethodNotSupported', 7),
+                                             ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10),
+                                             ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
+                                             ('confidentialityRequired', 13), ('saslBindInProgress', 14),
+                                             ('noSuchAttribute', 16), ('undefinedAttributeType', 17),
+                                             ('inappropriateMatching', 18), ('constraintViolation', 19),
+                                             ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
+                                             ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
+                                             ('reserved-35', 35), ('aliasDereferencingProblem', 36),
+                                             ('inappropriateAuthentication', 48), ('invalidCredentials', 49),
+                                             ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52),
+                                             ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64),
+                                             ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
+                                             ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
+                                             ('objectClassModsProhibited', 69), ('reserved-70', 70),
+                                             ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81),
+                                             ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84),
+                                             ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87),
+                                             ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+    )
+
+
+class SearchResultReference(univ.SequenceOf):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 19)
+    )
+    componentType = LDAPURL()
+
+
+class SearchResultDone(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 5)
+    )
+
+
+class AttributeTypeAndValues(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeDescription()),
+        namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+    )
+
+
+class ModifyRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 6)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('object', LDAPDN()),
+        namedtype.NamedType('modification',
+            univ.SequenceOf(
+                componentType=univ.Sequence(
+                    componentType=namedtype.NamedTypes(
+                        namedtype.NamedType(
+                            'operation', univ.Enumerated(namedValues=namedval.NamedValues(('add', 0), ('delete', 1), ('replace', 2)))
+                        ),
+                        namedtype.NamedType('modification', AttributeTypeAndValues())))
+            )
+        )
+    )
+
+
+class ModifyResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 7)
+    )
+
+
+class AttributeList(univ.SequenceOf):
+    componentType = univ.Sequence(
+        componentType=namedtype.NamedTypes(
+           namedtype.NamedType('type', AttributeDescription()),
+           namedtype.NamedType('vals', univ.SetOf(componentType=AttributeValue()))
+        )
+    )
+
+
+class AddRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 8)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('attributes', AttributeList())
+    )
+
+
+class AddResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 9)
+    )
+
+
+class DelRequest(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10)
+    )
+
+
+class DelResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11)
+    )
+
+
+class ModifyDNRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('newrdn', RelativeLDAPDN()),
+        namedtype.NamedType('deleteoldrdn', univ.Boolean()),
+        namedtype.OptionalNamedType('newSuperior',
+                                    LDAPDN().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+
+    )
+
+
+class ModifyDNResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13)
+    )
+
+
+class CompareRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('entry', LDAPDN()),
+        namedtype.NamedType('ava', AttributeValueAssertion())
+    )
+
+
+class CompareResponse(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15)
+    )
+
+
+class AbandonRequest(LDAPResult):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 16)
+    )
+
+
+class ExtendedRequest(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 23)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('requestName',
+                            LDAPOID().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestValue', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class ExtendedResponse(univ.Sequence):
+    tagSet = univ.Sequence.tagSet.tagImplicitly(
+        tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 24)
+    )
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('resultCode', univ.Enumerated(
+            namedValues=namedval.NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2),
+                                             ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5),
+                                             ('compareTrue', 6), ('authMethodNotSupported', 7),
+                                             ('strongAuthRequired', 8), ('reserved-9', 9), ('referral', 10),
+                                             ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12),
+                                             ('confidentialityRequired', 13), ('saslBindInProgress', 14),
+                                             ('noSuchAttribute', 16), ('undefinedAttributeType', 17),
+                                             ('inappropriateMatching', 18), ('constraintViolation', 19),
+                                             ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21),
+                                             ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34),
+                                             ('reserved-35', 35), ('aliasDereferencingProblem', 36),
+                                             ('inappropriateAuthentication', 48), ('invalidCredentials', 49),
+                                             ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52),
+                                             ('unwillingToPerform', 53), ('loopDetect', 54), ('namingViolation', 64),
+                                             ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66),
+                                             ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68),
+                                             ('objectClassModsProhibited', 69), ('reserved-70', 70),
+                                             ('affectsMultipleDSAs', 71), ('other', 80), ('reserved-81', 81),
+                                             ('reserved-82', 82), ('reserved-83', 83), ('reserved-84', 84),
+                                             ('reserved-85', 85), ('reserved-86', 86), ('reserved-87', 87),
+                                             ('reserved-88', 88), ('reserved-89', 89), ('reserved-90', 90)))),
+        namedtype.NamedType('matchedDN', LDAPDN()),
+        namedtype.NamedType('errorMessage', LDAPString()),
+        namedtype.OptionalNamedType('referral', Referral().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+
+        namedtype.OptionalNamedType('responseName', LDAPOID().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10))),
+        namedtype.OptionalNamedType('response', univ.OctetString().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
+    )
+
+
+class MessageID(univ.Integer):
+    subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
+        0, maxInt
+    )
+
+
+class LDAPMessage(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('messageID', MessageID()),
+        namedtype.NamedType(
+            'protocolOp', univ.Choice(
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType('bindRequest', BindRequest()),
+                    namedtype.NamedType('bindResponse', BindResponse()),
+                    namedtype.NamedType('unbindRequest', UnbindRequest()),
+                    namedtype.NamedType('searchRequest', SearchRequest()),
+                    namedtype.NamedType('searchResEntry', SearchResultEntry()),
+                    namedtype.NamedType('searchResDone', SearchResultDone()),
+                    namedtype.NamedType('searchResRef', SearchResultReference()),
+                    namedtype.NamedType('modifyRequest', ModifyRequest()),
+                    namedtype.NamedType('modifyResponse', ModifyResponse()),
+                    namedtype.NamedType('addRequest', AddRequest()),
+                    namedtype.NamedType('addResponse', AddResponse()),
+                    namedtype.NamedType('delRequest', DelRequest()),
+                    namedtype.NamedType('delResponse', DelResponse()),
+                    namedtype.NamedType('modDNRequest', ModifyDNRequest()),
+                    namedtype.NamedType('modDNResponse', ModifyDNResponse()),
+                    namedtype.NamedType('compareRequest', CompareRequest()),
+                    namedtype.NamedType('compareResponse', CompareResponse()),
+                    namedtype.NamedType('abandonRequest', AbandonRequest()),
+                    namedtype.NamedType('extendedReq', ExtendedRequest()),
+                    namedtype.NamedType('extendedResp', ExtendedResponse())
+                )
+            )
+        ),
+        namedtype.OptionalNamedType('controls', Controls().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2314.py

@@ -0,0 +1,48 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#10 syntax
+#
+# ASN.1 source from:
+# http://tools.ietf.org/html/rfc2314
+#
+# Sample captures could be obtained with "openssl req" command
+#
+from pyasn1_modules.rfc2459 import *
+
+
+class Attributes(univ.SetOf):
+    componentType = Attribute()
+
+
+class Version(univ.Integer):
+    pass
+
+
+class CertificationRequestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('subject', Name()),
+        namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+        namedtype.NamedType('attributes',
+                            Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class Signature(univ.BitString):
+    pass
+
+
+class SignatureAlgorithmIdentifier(AlgorithmIdentifier):
+    pass
+
+
+class CertificationRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
+        namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+        namedtype.NamedType('signature', Signature())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2437.py

@@ -0,0 +1,69 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS#1 syntax
+#
+# ASN.1 source from:
+# ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2.asn
+#
+# Sample captures could be obtained with "openssl genrsa" command
+#
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules.rfc2459 import AlgorithmIdentifier
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.1')
+md2WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.2')
+md4WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.3')
+md5WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.4')
+sha1WithRSAEncryption = univ.ObjectIdentifier('1.2.840.113549.1.1.5')
+rsaOAEPEncryptionSET = univ.ObjectIdentifier('1.2.840.113549.1.1.6')
+id_RSAES_OAEP = univ.ObjectIdentifier('1.2.840.113549.1.1.7')
+id_mgf1 = univ.ObjectIdentifier('1.2.840.113549.1.1.8')
+id_pSpecified = univ.ObjectIdentifier('1.2.840.113549.1.1.9')
+id_sha1 = univ.ObjectIdentifier('1.3.14.3.2.26')
+
+MAX = float('inf')
+
+
+class Version(univ.Integer):
+    pass
+
+
+class RSAPrivateKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', Version()),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer())
+    )
+
+
+class RSAPublicKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer())
+    )
+
+
+# XXX defaults not set
+class RSAES_OAEP_params(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashFunc', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.NamedType('maskGenFunc', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.NamedType('pSourceFunc', AlgorithmIdentifier().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2560.py

@@ -0,0 +1,225 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# OCSP request/response syntax
+#
+# Derived from a minimal OCSP library (RFC2560) code written by
+# Bud P. Bruegger <bud@ancitel.it>
+# Copyright: Ancitel, S.p.a,  Rome, Italy
+# License: BSD
+#
+
+#
+# current limitations:
+# * request and response works only for a single certificate
+# * only some values are parsed out of the response
+# * the request does't set a nonce nor signature
+# * there is no signature validation of the response
+# * dates are left as strings in GeneralizedTime format -- datetime.datetime
+# would be nicer
+#
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc2459
+
+
+# Start of OCSP module definitions
+
+# This should be in directory Authentication Framework (X.509) module
+
+class CRLReason(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('keyCompromise', 1),
+        ('cACompromise', 2),
+        ('affiliationChanged', 3),
+        ('superseded', 4),
+        ('cessationOfOperation', 5),
+        ('certificateHold', 6),
+        ('removeFromCRL', 8),
+        ('privilegeWithdrawn', 9),
+        ('aACompromise', 10)
+    )
+
+
+# end of directory Authentication Framework (X.509) module
+
+# This should be in PKIX Certificate Extensions module
+
+class GeneralName(univ.OctetString):
+    pass
+
+
+# end of PKIX Certificate Extensions module
+
+id_kp_OCSPSigning = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 3, 9))
+id_pkix_ocsp = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1))
+id_pkix_ocsp_basic = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 1))
+id_pkix_ocsp_nonce = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 2))
+id_pkix_ocsp_crl = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 3))
+id_pkix_ocsp_response = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 4))
+id_pkix_ocsp_nocheck = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 5))
+id_pkix_ocsp_archive_cutoff = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 6))
+id_pkix_ocsp_service_locator = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, 1, 7))
+
+
+class AcceptableResponses(univ.SequenceOf):
+    componentType = univ.ObjectIdentifier()
+
+
+class ArchiveCutoff(useful.GeneralizedTime):
+    pass
+
+
+class UnknownInfo(univ.Null):
+    pass
+
+
+class RevokedInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('revocationTime', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('revocationReason', CRLReason().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class CertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('issuerNameHash', univ.OctetString()),
+        namedtype.NamedType('issuerKeyHash', univ.OctetString()),
+        namedtype.NamedType('serialNumber', rfc2459.CertificateSerialNumber())
+    )
+
+
+class CertStatus(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('good',
+                            univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('revoked',
+                            RevokedInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('unknown',
+                            UnknownInfo().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class SingleResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certID', CertID()),
+        namedtype.NamedType('certStatus', CertStatus()),
+        namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('singleExtensions', rfc2459.Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class KeyHash(univ.OctetString):
+    pass
+
+
+class ResponderID(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('byName',
+                            rfc2459.Name().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('byKey',
+                            KeyHash().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(('v1', 0))
+
+
+class ResponseData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('responderID', ResponderID()),
+        namedtype.NamedType('producedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('responses', univ.SequenceOf(componentType=SingleResponse())),
+        namedtype.OptionalNamedType('responseExtensions', rfc2459.Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class BasicOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsResponseData', ResponseData()),
+        namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(componentType=rfc2459.Certificate()).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class ResponseBytes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('responseType', univ.ObjectIdentifier()),
+        namedtype.NamedType('response', univ.OctetString())
+    )
+
+
+class OCSPResponseStatus(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('successful', 0),
+        ('malformedRequest', 1),
+        ('internalError', 2),
+        ('tryLater', 3),
+        ('undefinedStatus', 4),  # should never occur
+        ('sigRequired', 5),
+        ('unauthorized', 6)
+    )
+
+
+class OCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('responseStatus', OCSPResponseStatus()),
+        namedtype.OptionalNamedType('responseBytes', ResponseBytes().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class Request(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('reqCert', CertID()),
+        namedtype.OptionalNamedType('singleRequestExtensions', rfc2459.Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class Signature(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signatureAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(componentType=rfc2459.Certificate()).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class TBSRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('requestList', univ.SequenceOf(componentType=Request())),
+        namedtype.OptionalNamedType('requestExtensions', rfc2459.Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class OCSPRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsRequest', TBSRequest()),
+        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2634.py

@@ -0,0 +1,336 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add a map for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Enhanced Security Services for S/MIME
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc2634.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedval
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+ContentType = rfc5652.ContentType
+
+IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
+
+SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier
+
+PolicyInformation = rfc5280.PolicyInformation
+
+GeneralNames = rfc5280.GeneralNames
+
+CertificateSerialNumber = rfc5280.CertificateSerialNumber
+
+
+# Signing Certificate Attribute
+# Warning: It is better to use SigningCertificateV2 from RFC 5035
+
+id_aa_signingCertificate = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.12')
+
+class Hash(univ.OctetString):
+    pass  # SHA-1 hash of entire certificate; RFC 5035 supports other hash algorithms
+
+
+class IssuerSerial(univ.Sequence):
+    pass
+
+IssuerSerial.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', GeneralNames()),
+    namedtype.NamedType('serialNumber', CertificateSerialNumber())
+)
+
+
+class ESSCertID(univ.Sequence):
+    pass
+
+ESSCertID.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certHash', Hash()),
+    namedtype.OptionalNamedType('issuerSerial', IssuerSerial())
+)
+
+
+class SigningCertificate(univ.Sequence):
+    pass
+
+SigningCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certs', univ.SequenceOf(
+        componentType=ESSCertID())),
+    namedtype.OptionalNamedType('policies', univ.SequenceOf(
+        componentType=PolicyInformation()))
+)
+
+
+# Mail List Expansion History Attribute
+
+id_aa_mlExpandHistory = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.3')
+
+ub_ml_expansion_history = univ.Integer(64)
+
+
+class EntityIdentifier(univ.Choice):
+    pass
+
+EntityIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier())
+)
+
+
+class MLReceiptPolicy(univ.Choice):
+    pass
+
+MLReceiptPolicy.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('none', univ.Null().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('insteadOf', univ.SequenceOf(
+        componentType=GeneralNames()).subtype(
+        sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('inAdditionTo', univ.SequenceOf(
+        componentType=GeneralNames()).subtype(
+        sizeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class MLData(univ.Sequence):
+    pass
+
+MLData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('mailListIdentifier', EntityIdentifier()),
+    namedtype.NamedType('expansionTime', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('mlReceiptPolicy', MLReceiptPolicy())
+)
+
+class MLExpansionHistory(univ.SequenceOf):
+    pass
+
+MLExpansionHistory.componentType = MLData()
+MLExpansionHistory.sizeSpec = constraint.ValueSizeConstraint(1, ub_ml_expansion_history)
+
+
+# ESS Security Label Attribute
+
+id_aa_securityLabel = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.2')
+
+ub_privacy_mark_length = univ.Integer(128)
+
+ub_security_categories = univ.Integer(64)
+
+ub_integer_options = univ.Integer(256)
+
+
+class ESSPrivacyMark(univ.Choice):
+    pass
+
+ESSPrivacyMark.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_privacy_mark_length))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class SecurityClassification(univ.Integer):
+    pass
+
+SecurityClassification.subtypeSpec=constraint.ValueRangeConstraint(0, ub_integer_options)
+
+SecurityClassification.namedValues = namedval.NamedValues(
+    ('unmarked', 0),
+    ('unclassified', 1),
+    ('restricted', 2),
+    ('confidential', 3),
+    ('secret', 4),
+    ('top-secret', 5)
+)
+
+
+class SecurityPolicyIdentifier(univ.ObjectIdentifier):
+    pass
+
+
+class SecurityCategory(univ.Sequence):
+    pass
+
+SecurityCategory.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SecurityCategories(univ.SetOf):
+    pass
+
+SecurityCategories.componentType = SecurityCategory()
+SecurityCategories.sizeSpec = constraint.ValueSizeConstraint(1, ub_security_categories)
+
+
+class ESSSecurityLabel(univ.Set):
+    pass
+
+ESSSecurityLabel.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('security-policy-identifier', SecurityPolicyIdentifier()),
+    namedtype.OptionalNamedType('security-classification', SecurityClassification()),
+    namedtype.OptionalNamedType('privacy-mark', ESSPrivacyMark()),
+    namedtype.OptionalNamedType('security-categories', SecurityCategories())
+)
+
+
+# Equivalent Labels Attribute
+
+id_aa_equivalentLabels = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.9')
+
+class EquivalentLabels(univ.SequenceOf):
+    pass
+
+EquivalentLabels.componentType = ESSSecurityLabel()
+
+
+# Content Identifier Attribute
+
+id_aa_contentIdentifier = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.7')
+
+class ContentIdentifier(univ.OctetString):
+    pass
+
+
+# Content Reference Attribute
+
+id_aa_contentReference = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.10')
+
+class ContentReference(univ.Sequence):
+    pass
+
+ContentReference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
+    namedtype.NamedType('originatorSignatureValue', univ.OctetString())
+)
+
+
+# Message Signature Digest Attribute
+
+id_aa_msgSigDigest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.5')
+
+class MsgSigDigest(univ.OctetString):
+    pass
+
+
+# Content Hints Attribute
+
+id_aa_contentHint = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.4')
+
+class ContentHints(univ.Sequence):
+    pass
+
+ContentHints.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('contentDescription', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('contentType', ContentType())
+)
+
+
+# Receipt Request Attribute
+
+class AllOrFirstTier(univ.Integer):
+    pass
+
+AllOrFirstTier.namedValues = namedval.NamedValues(
+    ('allReceipts', 0),
+    ('firstTierRecipients', 1)
+)
+
+
+class ReceiptsFrom(univ.Choice):
+    pass
+
+ReceiptsFrom.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('allOrFirstTier', AllOrFirstTier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('receiptList', univ.SequenceOf(
+        componentType=GeneralNames()).subtype(implicitTag=tag.Tag(
+        tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+id_aa_receiptRequest = univ.ObjectIdentifier('1.2.840.113549.1.9.16.2.1')
+
+ub_receiptsTo = univ.Integer(16)
+
+class ReceiptRequest(univ.Sequence):
+    pass
+
+ReceiptRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
+    namedtype.NamedType('receiptsFrom', ReceiptsFrom()),
+    namedtype.NamedType('receiptsTo', univ.SequenceOf(componentType=GeneralNames()).subtype(sizeSpec=constraint.ValueSizeConstraint(1, ub_receiptsTo)))
+)
+
+# Receipt Content Type
+
+class ESSVersion(univ.Integer):
+    pass
+
+ESSVersion.namedValues = namedval.NamedValues(
+    ('v1', 1)
+)
+
+
+id_ct_receipt = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.1')
+
+class Receipt(univ.Sequence):
+    pass
+
+Receipt.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', ESSVersion()),
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('signedContentIdentifier', ContentIdentifier()),
+    namedtype.NamedType('originatorSignatureValue', univ.OctetString())
+)
+
+
+# Map of Attribute Type to the Attribute structure is added to the
+# ones that are in rfc5652.py
+
+_cmsAttributesMapUpdate = {
+    id_aa_signingCertificate: SigningCertificate(),
+    id_aa_mlExpandHistory: MLExpansionHistory(),
+    id_aa_securityLabel: ESSSecurityLabel(),
+    id_aa_equivalentLabels: EquivalentLabels(),
+    id_aa_contentIdentifier: ContentIdentifier(),
+    id_aa_contentReference: ContentReference(),
+    id_aa_msgSigDigest: MsgSigDigest(),
+    id_aa_contentHint: ContentHints(),
+    id_aa_receiptRequest: ReceiptRequest(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
+
+
+# Map of Content Type OIDs to Content Types is added to the
+# ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_receipt: Receipt(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc2986.py

@@ -0,0 +1,75 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Joel Johnson with asn1ate tool.
+# Modified by Russ Housley to add support for opentypes by importing
+#   definitions from rfc5280 so that the same maps are used.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# PKCS #10: Certification Request Syntax Specification
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc2986.txt
+#
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+AttributeType = rfc5280.AttributeType
+
+AttributeValue = rfc5280.AttributeValue
+
+AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
+
+Attribute = rfc5280.Attribute
+
+RelativeDistinguishedName = rfc5280.RelativeDistinguishedName
+
+RDNSequence = rfc5280.RDNSequence
+
+Name = rfc5280.Name
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
+
+
+class Attributes(univ.SetOf):
+    pass
+
+
+Attributes.componentType = Attribute()
+
+
+class CertificationRequestInfo(univ.Sequence):
+    pass
+
+
+CertificationRequestInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', univ.Integer()),
+    namedtype.NamedType('subject', Name()),
+    namedtype.NamedType('subjectPKInfo', SubjectPublicKeyInfo()),
+    namedtype.NamedType('attributes',
+                        Attributes().subtype(implicitTag=tag.Tag(
+                            tag.tagClassContext, tag.tagFormatSimple, 0))
+    )
+)
+
+
+class CertificationRequest(univ.Sequence):
+    pass
+
+
+CertificationRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificationRequestInfo', CertificationRequestInfo()),
+    namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3125.py

@@ -0,0 +1,469 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Electronic Signature Policies
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3125.txt
+# https://www.rfc-editor.org/errata/eid5901
+# https://www.rfc-editor.org/errata/eid5902
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import useful
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+Attribute = rfc5280.Attribute
+
+AttributeType = rfc5280.AttributeType
+
+AttributeTypeAndValue = rfc5280.AttributeTypeAndValue
+
+AttributeValue = rfc5280.AttributeValue
+
+Certificate = rfc5280.Certificate
+
+CertificateList = rfc5280.CertificateList
+
+DirectoryString = rfc5280.DirectoryString
+
+GeneralName = rfc5280.GeneralName
+
+GeneralNames = rfc5280.GeneralNames
+
+Name = rfc5280.Name
+
+PolicyInformation = rfc5280.PolicyInformation
+
+
+# Electronic Signature Policies
+
+class CertPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class AcceptablePolicySet(univ.SequenceOf):
+    componentType = CertPolicyId()
+
+
+class SignPolExtn(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+        namedtype.NamedType('extnValue', univ.OctetString())
+    )
+
+
+class SignPolExtensions(univ.SequenceOf):
+    componentType = SignPolExtn()
+
+
+class AlgAndLength(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algID', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('minKeyLength', univ.Integer()),
+        namedtype.OptionalNamedType('other', SignPolExtensions())
+    )
+
+
+class AlgorithmConstraints(univ.SequenceOf):
+    componentType = AlgAndLength()
+
+
+class AlgorithmConstraintSet(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('signerAlgorithmConstraints',
+            AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('eeCertAlgorithmConstraints',
+            AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('caCertAlgorithmConstraints',
+            AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('aaCertAlgorithmConstraints',
+            AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('tsaCertAlgorithmConstraints',
+            AlgorithmConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+
+class AttributeValueConstraints(univ.SequenceOf):
+    componentType = AttributeTypeAndValue()
+
+
+class AttributeTypeConstraints(univ.SequenceOf):
+    componentType = AttributeType()
+
+
+class AttributeConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('attributeTypeConstarints',
+            AttributeTypeConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('attributeValueConstarints',
+            AttributeValueConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class HowCertAttribute(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('claimedAttribute', 0),
+        ('certifiedAttribtes', 1),
+        ('either', 2)
+    )
+
+
+class SkipCerts(univ.Integer):
+    subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class PolicyConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('requireExplicitPolicy',
+            SkipCerts().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('inhibitPolicyMapping',
+            SkipCerts().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class BaseDistance(univ.Integer):
+    subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class GeneralSubtree(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('base', GeneralName()),
+        namedtype.DefaultedNamedType('minimum',
+            BaseDistance().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
+                    value=0)),
+        namedtype.OptionalNamedType('maximum',
+            BaseDistance().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class GeneralSubtrees(univ.SequenceOf):
+    componentType = GeneralSubtree()
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class NameConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('permittedSubtrees',
+            GeneralSubtrees().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('excludedSubtrees',
+            GeneralSubtrees().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class PathLenConstraint(univ.Integer):
+    subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class CertificateTrustPoint(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('trustpoint', Certificate()),
+        namedtype.OptionalNamedType('pathLenConstraint',
+            PathLenConstraint().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('acceptablePolicySet',
+            AcceptablePolicySet().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('nameConstraints',
+            NameConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('policyConstraints',
+            PolicyConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 3)))
+    )
+
+
+class CertificateTrustTrees(univ.SequenceOf):
+    componentType = CertificateTrustPoint()
+
+
+class EnuRevReq(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('clrCheck', 0),
+        ('ocspCheck', 1),
+        ('bothCheck', 2),
+        ('eitherCheck', 3),
+        ('noCheck', 4),
+        ('other', 5)
+    )
+
+
+class RevReq(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('enuRevReq', EnuRevReq()),
+        namedtype.OptionalNamedType('exRevReq', SignPolExtensions())
+    )
+
+
+class CertRevReq(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('endCertRevReq', RevReq()),
+        namedtype.NamedType('caCerts',
+            RevReq().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+class AttributeTrustCondition(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('attributeMandated', univ.Boolean()),
+        namedtype.NamedType('howCertAttribute', HowCertAttribute()),
+        namedtype.OptionalNamedType('attrCertificateTrustTrees',
+            CertificateTrustTrees().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('attrRevReq',
+            CertRevReq().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('attributeConstraints',
+            AttributeConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2)))
+    )
+
+
+class CMSAttrs(univ.SequenceOf):
+    componentType = univ.ObjectIdentifier()
+
+
+class CertInfoReq(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('none', 0),
+        ('signerOnly', 1),
+        ('fullPath', 2)
+    )
+
+
+class CertRefReq(univ.Enumerated):
+    namedValues = namedval.NamedValues(
+        ('signerOnly', 1),
+        ('fullPath', 2)
+    )
+
+
+class DeltaTime(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('deltaSeconds', univ.Integer()),
+        namedtype.NamedType('deltaMinutes', univ.Integer()),
+        namedtype.NamedType('deltaHours', univ.Integer()),
+        namedtype.NamedType('deltaDays', univ.Integer())
+    )
+
+
+class TimestampTrustCondition(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('ttsCertificateTrustTrees',
+            CertificateTrustTrees().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('ttsRevReq',
+            CertRevReq().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('ttsNameConstraints',
+            NameConstraints().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('cautionPeriod',
+            DeltaTime().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('signatureTimestampDelay',
+            DeltaTime().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 4)))
+    )
+
+
+class SignerRules(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('externalSignedData', univ.Boolean()),
+        namedtype.NamedType('mandatedSignedAttr', CMSAttrs()),
+        namedtype.NamedType('mandatedUnsignedAttr', CMSAttrs()),
+        namedtype.DefaultedNamedType('mandatedCertificateRef',
+            CertRefReq().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(
+                    value='signerOnly')),
+        namedtype.DefaultedNamedType('mandatedCertificateInfo',
+            CertInfoReq().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(
+                    value='none')),
+        namedtype.OptionalNamedType('signPolExtensions',
+            SignPolExtensions().subtype(explicitTag=tag.Tag(
+                 tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class MandatedUnsignedAttr(CMSAttrs):
+    pass
+
+
+class VerifierRules(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('mandatedUnsignedAttr', MandatedUnsignedAttr()),
+        namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
+    )
+
+
+class SignerAndVerifierRules(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signerRules', SignerRules()),
+        namedtype.NamedType('verifierRules', VerifierRules())
+    )
+
+
+class SigningCertTrustCondition(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signerTrustTrees', CertificateTrustTrees()),
+        namedtype.NamedType('signerRevReq', CertRevReq())
+    )
+
+
+class CommitmentTypeIdentifier(univ.ObjectIdentifier):
+    pass
+
+
+class FieldOfApplication(DirectoryString):
+    pass
+
+
+class CommitmentType(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('identifier', CommitmentTypeIdentifier()),
+        namedtype.OptionalNamedType('fieldOfApplication',
+            FieldOfApplication().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('semantics',
+            DirectoryString().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class SelectedCommitmentTypes(univ.SequenceOf):
+    componentType = univ.Choice(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('empty', univ.Null()),
+        namedtype.NamedType('recognizedCommitmentType', CommitmentType())
+    ))
+
+
+class CommitmentRule(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('selCommitmentTypes', SelectedCommitmentTypes()),
+        namedtype.OptionalNamedType('signerAndVeriferRules',
+            SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('signingCertTrustCondition',
+            SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('timeStampTrustCondition',
+            TimestampTrustCondition().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('attributeTrustCondition',
+            AttributeTrustCondition().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('algorithmConstraintSet',
+            AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('signPolExtensions',
+            SignPolExtensions().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 5)))
+    )
+
+
+class CommitmentRules(univ.SequenceOf):
+    componentType = CommitmentRule()
+
+
+class CommonRules(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('signerAndVeriferRules',
+            SignerAndVerifierRules().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('signingCertTrustCondition',
+            SigningCertTrustCondition().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 1))),
+        namedtype.OptionalNamedType('timeStampTrustCondition',
+            TimestampTrustCondition().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 2))),
+        namedtype.OptionalNamedType('attributeTrustCondition',
+            AttributeTrustCondition().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 3))),
+        namedtype.OptionalNamedType('algorithmConstraintSet',
+            AlgorithmConstraintSet().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 4))),
+        namedtype.OptionalNamedType('signPolExtensions',
+            SignPolExtensions().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 5)))
+    )
+
+
+class PolicyIssuerName(GeneralNames):
+    pass
+
+
+class SignPolicyHash(univ.OctetString):
+    pass
+
+
+class SignPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class SigningPeriod(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('notBefore', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime())
+    )
+
+
+class SignatureValidationPolicy(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signingPeriod', SigningPeriod()),
+        namedtype.NamedType('commonRules', CommonRules()),
+        namedtype.NamedType('commitmentRules', CommitmentRules()),
+        namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
+    )
+
+
+class SignPolicyInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signPolicyIdentifier', SignPolicyId()),
+        namedtype.NamedType('dateOfIssue', useful.GeneralizedTime()),
+        namedtype.NamedType('policyIssuerName', PolicyIssuerName()),
+        namedtype.NamedType('fieldOfApplication', FieldOfApplication()),
+        namedtype.NamedType('signatureValidationPolicy', SignatureValidationPolicy()),
+        namedtype.OptionalNamedType('signPolExtensions', SignPolExtensions())
+    )
+
+
+class SignaturePolicy(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signPolicyHashAlg', AlgorithmIdentifier()),
+        namedtype.NamedType('signPolicyInfo', SignPolicyInfo()),
+        namedtype.OptionalNamedType('signPolicyHash', SignPolicyHash())
+    )
+
+

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3279.py

@@ -0,0 +1,260 @@
+#
+# This file is part of pyasn1-modules.
+#
+# Copyright (c) 2017, Danielle Madeley <danielle@madeley.id.au>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Modified by Russ Housley to add maps for use with opentypes.
+#
+# Algorithms and Identifiers for Internet X.509 Certificates and CRLs
+#
+# Derived from RFC 3279:
+# https://www.rfc-editor.org/rfc/rfc3279.txt
+#
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+md2 = _OID(1, 2, 840, 113549, 2, 2)
+md5 = _OID(1, 2, 840, 113549, 2, 5)
+id_sha1 = _OID(1, 3, 14, 3, 2, 26)
+id_dsa = _OID(1, 2, 840, 10040, 4, 1)
+
+
+class DSAPublicKey(univ.Integer):
+    pass
+
+
+class Dss_Parms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer())
+    )
+
+
+id_dsa_with_sha1 = _OID(1, 2, 840, 10040, 4, 3)
+
+
+class Dss_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+
+pkcs_1 = _OID(1, 2, 840, 113549, 1, 1)
+rsaEncryption = _OID(pkcs_1, 1)
+md2WithRSAEncryption = _OID(pkcs_1, 2)
+md5WithRSAEncryption = _OID(pkcs_1, 4)
+sha1WithRSAEncryption = _OID(pkcs_1, 5)
+
+
+class RSAPublicKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer())
+    )
+
+
+dhpublicnumber = _OID(1, 2, 840, 10046, 2, 1)
+
+
+class DHPublicKey(univ.Integer):
+    pass
+
+
+class ValidationParms(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('seed', univ.BitString()),
+        namedtype.NamedType('pgenCounter', univ.Integer())
+    )
+
+
+class DomainParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('p', univ.Integer()),
+        namedtype.NamedType('g', univ.Integer()),
+        namedtype.NamedType('q', univ.Integer()),
+        namedtype.OptionalNamedType('j', univ.Integer()),
+        namedtype.OptionalNamedType('validationParms', ValidationParms())
+    )
+
+
+id_keyExchangeAlgorithm = _OID(2, 16, 840, 1, 101, 2, 1, 1, 22)
+
+
+class KEA_Parms_Id(univ.OctetString):
+    pass
+
+
+ansi_X9_62 = _OID(1, 2, 840, 10045)
+
+
+class FieldID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('fieldType', univ.ObjectIdentifier()),
+        namedtype.NamedType('parameters', univ.Any())
+    )
+
+
+id_ecSigType = _OID(ansi_X9_62, 4)
+ecdsa_with_SHA1 = _OID(id_ecSigType, 1)
+
+
+class ECDSA_Sig_Value(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('r', univ.Integer()),
+        namedtype.NamedType('s', univ.Integer())
+    )
+
+
+id_fieldType = _OID(ansi_X9_62, 1)
+prime_field = _OID(id_fieldType, 1)
+
+
+class Prime_p(univ.Integer):
+    pass
+
+
+characteristic_two_field = _OID(id_fieldType, 2)
+
+
+class Characteristic_two(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('m', univ.Integer()),
+        namedtype.NamedType('basis', univ.ObjectIdentifier()),
+        namedtype.NamedType('parameters', univ.Any())
+    )
+
+
+id_characteristic_two_basis = _OID(characteristic_two_field, 3)
+gnBasis = _OID(id_characteristic_two_basis, 1)
+tpBasis = _OID(id_characteristic_two_basis, 2)
+
+
+class Trinomial(univ.Integer):
+    pass
+
+
+ppBasis = _OID(id_characteristic_two_basis, 3)
+
+
+class Pentanomial(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('k1', univ.Integer()),
+        namedtype.NamedType('k2', univ.Integer()),
+        namedtype.NamedType('k3', univ.Integer())
+    )
+
+
+class FieldElement(univ.OctetString):
+    pass
+
+
+class ECPoint(univ.OctetString):
+    pass
+
+
+class Curve(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('a', FieldElement()),
+        namedtype.NamedType('b', FieldElement()),
+        namedtype.OptionalNamedType('seed', univ.BitString())
+    )
+
+
+class ECPVer(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('ecpVer1', 1)
+    )
+
+
+class ECParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', ECPVer()),
+        namedtype.NamedType('fieldID', FieldID()),
+        namedtype.NamedType('curve', Curve()),
+        namedtype.NamedType('base', ECPoint()),
+        namedtype.NamedType('order', univ.Integer()),
+        namedtype.OptionalNamedType('cofactor', univ.Integer())
+    )
+
+
+class EcpkParameters(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('ecParameters', ECParameters()),
+        namedtype.NamedType('namedCurve', univ.ObjectIdentifier()),
+        namedtype.NamedType('implicitlyCA', univ.Null())
+    )
+
+
+id_publicKeyType = _OID(ansi_X9_62, 2)
+id_ecPublicKey = _OID(id_publicKeyType, 1)
+
+ellipticCurve = _OID(ansi_X9_62, 3)
+
+c_TwoCurve = _OID(ellipticCurve, 0)
+c2pnb163v1 = _OID(c_TwoCurve, 1)
+c2pnb163v2 = _OID(c_TwoCurve, 2)
+c2pnb163v3 = _OID(c_TwoCurve, 3)
+c2pnb176w1 = _OID(c_TwoCurve, 4)
+c2tnb191v1 = _OID(c_TwoCurve, 5)
+c2tnb191v2 = _OID(c_TwoCurve, 6)
+c2tnb191v3 = _OID(c_TwoCurve, 7)
+c2onb191v4 = _OID(c_TwoCurve, 8)
+c2onb191v5 = _OID(c_TwoCurve, 9)
+c2pnb208w1 = _OID(c_TwoCurve, 10)
+c2tnb239v1 = _OID(c_TwoCurve, 11)
+c2tnb239v2 = _OID(c_TwoCurve, 12)
+c2tnb239v3 = _OID(c_TwoCurve, 13)
+c2onb239v4 = _OID(c_TwoCurve, 14)
+c2onb239v5 = _OID(c_TwoCurve, 15)
+c2pnb272w1 = _OID(c_TwoCurve, 16)
+c2pnb304w1 = _OID(c_TwoCurve, 17)
+c2tnb359v1 = _OID(c_TwoCurve, 18)
+c2pnb368w1 = _OID(c_TwoCurve, 19)
+c2tnb431r1 = _OID(c_TwoCurve, 20)
+
+primeCurve = _OID(ellipticCurve, 1)
+prime192v1 = _OID(primeCurve, 1)
+prime192v2 = _OID(primeCurve, 2)
+prime192v3 = _OID(primeCurve, 3)
+prime239v1 = _OID(primeCurve, 4)
+prime239v2 = _OID(primeCurve, 5)
+prime239v3 = _OID(primeCurve, 6)
+prime256v1 = _OID(primeCurve, 7)
+
+
+# Map of Algorithm Identifier OIDs to Parameters added to the
+# ones in rfc5280.py.  Do not add OIDs with absent paramaters.
+
+_algorithmIdentifierMapUpdate = {
+    md2: univ.Null(""),
+    md5: univ.Null(""),
+    id_sha1: univ.Null(""),
+    id_dsa: Dss_Parms(),
+    rsaEncryption: univ.Null(""),
+    md2WithRSAEncryption: univ.Null(""),
+    md5WithRSAEncryption: univ.Null(""),
+    sha1WithRSAEncryption: univ.Null(""),
+    dhpublicnumber: DomainParameters(),
+    id_keyExchangeAlgorithm: KEA_Parms_Id(),
+    id_ecPublicKey: EcpkParameters(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3281.py

@@ -0,0 +1,331 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# An Internet Attribute Certificate Profile for Authorization
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3281.txt
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc3280
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class ObjectDigestInfo(univ.Sequence):
+    pass
+
+
+ObjectDigestInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('digestedObjectType', univ.Enumerated(
+        namedValues=namedval.NamedValues(('publicKey', 0), ('publicKeyCert', 1), ('otherObjectTypes', 2)))),
+    namedtype.OptionalNamedType('otherObjectTypeID', univ.ObjectIdentifier()),
+    namedtype.NamedType('digestAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('objectDigest', univ.BitString())
+)
+
+
+class IssuerSerial(univ.Sequence):
+    pass
+
+
+IssuerSerial.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc3280.GeneralNames()),
+    namedtype.NamedType('serial', rfc3280.CertificateSerialNumber()),
+    namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier())
+)
+
+
+class TargetCert(univ.Sequence):
+    pass
+
+
+TargetCert.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('targetCertificate', IssuerSerial()),
+    namedtype.OptionalNamedType('targetName', rfc3280.GeneralName()),
+    namedtype.OptionalNamedType('certDigestInfo', ObjectDigestInfo())
+)
+
+
+class Target(univ.Choice):
+    pass
+
+
+Target.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('targetName', rfc3280.GeneralName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('targetGroup', rfc3280.GeneralName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('targetCert',
+                        TargetCert().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+class Targets(univ.SequenceOf):
+    pass
+
+
+Targets.componentType = Target()
+
+
+class ProxyInfo(univ.SequenceOf):
+    pass
+
+
+ProxyInfo.componentType = Targets()
+
+id_at_role = _buildOid(rfc3280.id_at, 72)
+
+id_pe_aaControls = _buildOid(rfc3280.id_pe, 6)
+
+id_ce_targetInformation = _buildOid(rfc3280.id_ce, 55)
+
+id_pe_ac_auditIdentity = _buildOid(rfc3280.id_pe, 4)
+
+
+class ClassList(univ.BitString):
+    pass
+
+
+ClassList.namedValues = namedval.NamedValues(
+    ('unmarked', 0),
+    ('unclassified', 1),
+    ('restricted', 2),
+    ('confidential', 3),
+    ('secret', 4),
+    ('topSecret', 5)
+)
+
+
+class SecurityCategory(univ.Sequence):
+    pass
+
+
+SecurityCategory.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('value', univ.Any().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class Clearance(univ.Sequence):
+    pass
+
+
+Clearance.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('policyId', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.DefaultedNamedType('classList',
+                                 ClassList().subtype(implicitTag=tag.Tag(tag.tagClassContext,
+                                                                         tag.tagFormatSimple, 1)).subtype(
+                                     value="unclassified")),
+    namedtype.OptionalNamedType('securityCategories', univ.SetOf(componentType=SecurityCategory()).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class AttCertVersion(univ.Integer):
+    pass
+
+
+AttCertVersion.namedValues = namedval.NamedValues(
+    ('v2', 1)
+)
+
+id_aca = _buildOid(rfc3280.id_pkix, 10)
+
+id_at_clearance = _buildOid(2, 5, 1, 5, 55)
+
+
+class AttrSpec(univ.SequenceOf):
+    pass
+
+
+AttrSpec.componentType = univ.ObjectIdentifier()
+
+
+class AAControls(univ.Sequence):
+    pass
+
+
+AAControls.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('pathLenConstraint',
+                                univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX))),
+    namedtype.OptionalNamedType('permittedAttrs',
+                                AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('excludedAttrs',
+                                AttrSpec().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.DefaultedNamedType('permitUnSpecified', univ.Boolean().subtype(value=1))
+)
+
+
+class AttCertValidityPeriod(univ.Sequence):
+    pass
+
+
+AttCertValidityPeriod.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('notBeforeTime', useful.GeneralizedTime()),
+    namedtype.NamedType('notAfterTime', useful.GeneralizedTime())
+)
+
+
+id_aca_authenticationInfo = _buildOid(id_aca, 1)
+
+
+class V2Form(univ.Sequence):
+    pass
+
+
+V2Form.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('issuerName', rfc3280.GeneralNames()),
+    namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class AttCertIssuer(univ.Choice):
+    pass
+
+
+AttCertIssuer.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('v1Form', rfc3280.GeneralNames()),
+    namedtype.NamedType('v2Form',
+                        V2Form().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class Holder(univ.Sequence):
+    pass
+
+
+Holder.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('baseCertificateID', IssuerSerial().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('entityName', rfc3280.GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('objectDigestInfo', ObjectDigestInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+class AttributeCertificateInfo(univ.Sequence):
+    pass
+
+
+AttributeCertificateInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', AttCertVersion()),
+    namedtype.NamedType('holder', Holder()),
+    namedtype.NamedType('issuer', AttCertIssuer()),
+    namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()),
+    namedtype.NamedType('attrCertValidityPeriod', AttCertValidityPeriod()),
+    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())),
+    namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()),
+    namedtype.OptionalNamedType('extensions', rfc3280.Extensions())
+)
+
+
+class AttributeCertificate(univ.Sequence):
+    pass
+
+
+AttributeCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acinfo', AttributeCertificateInfo()),
+    namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('signatureValue', univ.BitString())
+)
+
+id_mod = _buildOid(rfc3280.id_pkix, 0)
+
+id_mod_attribute_cert = _buildOid(id_mod, 12)
+
+id_aca_accessIdentity = _buildOid(id_aca, 2)
+
+
+class RoleSyntax(univ.Sequence):
+    pass
+
+
+RoleSyntax.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('roleAuthority', rfc3280.GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('roleName',
+                        rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_aca_chargingIdentity = _buildOid(id_aca, 3)
+
+
+class ACClearAttrs(univ.Sequence):
+    pass
+
+
+ACClearAttrs.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acIssuer', rfc3280.GeneralName()),
+    namedtype.NamedType('acSerial', univ.Integer()),
+    namedtype.NamedType('attrs', univ.SequenceOf(componentType=rfc3280.Attribute()))
+)
+
+id_aca_group = _buildOid(id_aca, 4)
+
+id_pe_ac_proxying = _buildOid(rfc3280.id_pe, 10)
+
+
+class SvceAuthInfo(univ.Sequence):
+    pass
+
+
+SvceAuthInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('service', rfc3280.GeneralName()),
+    namedtype.NamedType('ident', rfc3280.GeneralName()),
+    namedtype.OptionalNamedType('authInfo', univ.OctetString())
+)
+
+
+class IetfAttrSyntax(univ.Sequence):
+    pass
+
+
+IetfAttrSyntax.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType(
+        'policyAuthority', rfc3280.GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+    ),
+    namedtype.NamedType(
+        'values', univ.SequenceOf(
+            componentType=univ.Choice(
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType('octets', univ.OctetString()),
+                    namedtype.NamedType('oid', univ.ObjectIdentifier()),
+                    namedtype.NamedType('string', char.UTF8String())
+                )
+            )
+        )
+    )
+)
+
+id_aca_encAttrs = _buildOid(id_aca, 6)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3370.py

@@ -0,0 +1,146 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Cryptographic Message Syntax (CMS) Algorithms
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3370.txt
+#
+
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc3279
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5751
+from pyasn1_modules import rfc5753
+from pyasn1_modules import rfc5990
+from pyasn1_modules import rfc8018
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Imports from RFC 3279
+
+dhpublicnumber = rfc3279.dhpublicnumber
+
+dh_public_number = dhpublicnumber
+
+DHPublicKey = rfc3279.DHPublicKey
+
+DomainParameters = rfc3279.DomainParameters
+
+DHDomainParameters = DomainParameters
+
+Dss_Parms = rfc3279.Dss_Parms
+
+Dss_Sig_Value = rfc3279.Dss_Sig_Value
+
+md5 = rfc3279.md5
+
+md5WithRSAEncryption = rfc3279.md5WithRSAEncryption
+
+RSAPublicKey = rfc3279.RSAPublicKey
+
+rsaEncryption = rfc3279.rsaEncryption
+
+ValidationParms = rfc3279.ValidationParms
+
+id_dsa = rfc3279.id_dsa
+
+id_dsa_with_sha1 = rfc3279.id_dsa_with_sha1
+
+id_sha1 = rfc3279.id_sha1
+
+sha_1 = id_sha1
+
+sha1WithRSAEncryption = rfc3279.sha1WithRSAEncryption
+
+
+# Imports from RFC 5753
+
+CBCParameter = rfc5753.CBCParameter
+
+CBCParameter = rfc5753.IV
+
+KeyWrapAlgorithm = rfc5753.KeyWrapAlgorithm
+
+
+# Imports from RFC 5990
+
+id_alg_CMS3DESwrap = rfc5990.id_alg_CMS3DESwrap
+
+
+# Imports from RFC 8018
+
+des_EDE3_CBC = rfc8018.des_EDE3_CBC
+
+des_ede3_cbc = des_EDE3_CBC
+
+rc2CBC = rfc8018.rc2CBC
+
+rc2_cbc = rc2CBC
+
+RC2_CBC_Parameter = rfc8018.RC2_CBC_Parameter
+
+RC2CBCParameter = RC2_CBC_Parameter
+
+PBKDF2_params = rfc8018.PBKDF2_params
+
+id_PBKDF2 = rfc8018.id_PBKDF2
+
+
+# The few things that are not already defined elsewhere
+
+hMAC_SHA1 = univ.ObjectIdentifier('1.3.6.1.5.5.8.1.2')
+
+
+id_alg_ESDH = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.5')
+
+
+id_alg_SSDH = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.10')
+
+
+id_alg_CMSRC2wrap = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.7')
+
+
+class RC2ParameterVersion(univ.Integer):
+    pass
+
+
+class RC2wrapParameter(RC2ParameterVersion):
+    pass
+
+
+class Dss_Pub_Key(univ.Integer):
+    pass
+
+
+# Update the Algorithm Identifier map in rfc5280.py.
+
+_algorithmIdentifierMapUpdate = {
+    hMAC_SHA1: univ.Null(""),
+    id_alg_CMSRC2wrap: RC2wrapParameter(),
+    id_alg_ESDH: KeyWrapAlgorithm(),
+    id_alg_SSDH: KeyWrapAlgorithm(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+
+# Update the S/MIME Capabilities map in rfc5751.py.
+
+_smimeCapabilityMapUpdate = {
+    id_alg_CMSRC2wrap: RC2wrapParameter(),
+    id_alg_ESDH: KeyWrapAlgorithm(),
+    id_alg_SSDH: KeyWrapAlgorithm(),
+}
+
+rfc5751.smimeCapabilityMap.update(_smimeCapabilityMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3414.py

@@ -0,0 +1,28 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# SNMPv3 message syntax
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3414.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+
+class UsmSecurityParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('msgAuthoritativeEngineID', univ.OctetString()),
+        namedtype.NamedType('msgAuthoritativeEngineBoots',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgAuthoritativeEngineTime',
+                            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, 2147483647))),
+        namedtype.NamedType('msgUserName',
+                            univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(0, 32))),
+        namedtype.NamedType('msgAuthenticationParameters', univ.OctetString()),
+        namedtype.NamedType('msgPrivacyParameters', univ.OctetString())
+    )

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3820.py

@@ -0,0 +1,65 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Diffie-Hellman Key Agreement
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc3820.txt
+#
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+
+class ProxyCertPathLengthConstraint(univ.Integer):
+    pass
+
+
+class ProxyPolicy(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyLanguage', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('policy', univ.OctetString())
+    )
+
+
+class ProxyCertInfoExtension(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('pCPathLenConstraint',
+            ProxyCertPathLengthConstraint()),
+        namedtype.NamedType('proxyPolicy', ProxyPolicy())
+    )
+
+
+id_pkix = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, ))
+
+
+id_pe = id_pkix + (1, )
+
+id_pe_proxyCertInfo = id_pe + (14, )
+
+
+id_ppl = id_pkix + (21, )
+
+id_ppl_anyLanguage = id_ppl + (0, )
+
+id_ppl_inheritAll = id_ppl + (1, )
+
+id_ppl_independent = id_ppl + (2, )
+
+
+# Map of Certificate Extension OIDs to Extensions added to the
+# ones that are in rfc5280.py
+
+_certificateExtensionsMapUpdate = {
+    id_pe_proxyCertInfo: ProxyCertInfoExtension(),	
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc3852.py

@@ -0,0 +1,706 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc3852.txt
+#
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc3280
+from pyasn1_modules import rfc3281
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+class Attribute(univ.Sequence):
+    pass
+
+
+Attribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('attrType', univ.ObjectIdentifier()),
+    namedtype.NamedType('attrValues', univ.SetOf(componentType=AttributeValue()))
+)
+
+
+class SignedAttributes(univ.SetOf):
+    pass
+
+
+SignedAttributes.componentType = Attribute()
+SignedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class OtherRevocationInfoFormat(univ.Sequence):
+    pass
+
+
+OtherRevocationInfoFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherRevInfoFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherRevInfo', univ.Any())
+)
+
+
+class RevocationInfoChoice(univ.Choice):
+    pass
+
+
+RevocationInfoChoice.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('crl', rfc3280.CertificateList()),
+    namedtype.NamedType('other', OtherRevocationInfoFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class RevocationInfoChoices(univ.SetOf):
+    pass
+
+
+RevocationInfoChoices.componentType = RevocationInfoChoice()
+
+
+class OtherKeyAttribute(univ.Sequence):
+    pass
+
+
+OtherKeyAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyAttrId', univ.ObjectIdentifier()),
+    namedtype.OptionalNamedType('keyAttr', univ.Any())
+)
+
+id_signedData = _buildOid(1, 2, 840, 113549, 1, 7, 2)
+
+
+class KeyEncryptionAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class EncryptedKey(univ.OctetString):
+    pass
+
+
+class CMSVersion(univ.Integer):
+    pass
+
+
+CMSVersion.namedValues = namedval.NamedValues(
+    ('v0', 0),
+    ('v1', 1),
+    ('v2', 2),
+    ('v3', 3),
+    ('v4', 4),
+    ('v5', 5)
+)
+
+
+class KEKIdentifier(univ.Sequence):
+    pass
+
+
+KEKIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyIdentifier', univ.OctetString()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KEKRecipientInfo(univ.Sequence):
+    pass
+
+
+KEKRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('kekid', KEKIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class KeyDerivationAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class PasswordRecipientInfo(univ.Sequence):
+    pass
+
+
+PasswordRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('keyDerivationAlgorithm', KeyDerivationAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class OtherRecipientInfo(univ.Sequence):
+    pass
+
+
+OtherRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('oriType', univ.ObjectIdentifier()),
+    namedtype.NamedType('oriValue', univ.Any())
+)
+
+
+class IssuerAndSerialNumber(univ.Sequence):
+    pass
+
+
+IssuerAndSerialNumber.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc3280.Name()),
+    namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber())
+)
+
+
+class SubjectKeyIdentifier(univ.OctetString):
+    pass
+
+
+class RecipientKeyIdentifier(univ.Sequence):
+    pass
+
+
+RecipientKeyIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier()),
+    namedtype.OptionalNamedType('date', useful.GeneralizedTime()),
+    namedtype.OptionalNamedType('other', OtherKeyAttribute())
+)
+
+
+class KeyAgreeRecipientIdentifier(univ.Choice):
+    pass
+
+
+KeyAgreeRecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('rKeyId', RecipientKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class RecipientEncryptedKey(univ.Sequence):
+    pass
+
+
+RecipientEncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('rid', KeyAgreeRecipientIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientEncryptedKeys(univ.SequenceOf):
+    pass
+
+
+RecipientEncryptedKeys.componentType = RecipientEncryptedKey()
+
+
+class UserKeyingMaterial(univ.OctetString):
+    pass
+
+
+class OriginatorPublicKey(univ.Sequence):
+    pass
+
+
+OriginatorPublicKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('publicKey', univ.BitString())
+)
+
+
+class OriginatorIdentifierOrKey(univ.Choice):
+    pass
+
+
+OriginatorIdentifierOrKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('originatorKey', OriginatorPublicKey().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class KeyAgreeRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyAgreeRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('originator', OriginatorIdentifierOrKey().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('ukm', UserKeyingMaterial().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('recipientEncryptedKeys', RecipientEncryptedKeys())
+)
+
+
+class RecipientIdentifier(univ.Choice):
+    pass
+
+
+RecipientIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KeyTransRecipientInfo(univ.Sequence):
+    pass
+
+
+KeyTransRecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('rid', RecipientIdentifier()),
+    namedtype.NamedType('keyEncryptionAlgorithm', KeyEncryptionAlgorithmIdentifier()),
+    namedtype.NamedType('encryptedKey', EncryptedKey())
+)
+
+
+class RecipientInfo(univ.Choice):
+    pass
+
+
+RecipientInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ktri', KeyTransRecipientInfo()),
+    namedtype.NamedType('kari', KeyAgreeRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('kekri', KEKRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.NamedType('pwri', PasswordRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.NamedType('ori', OtherRecipientInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
+)
+
+
+class RecipientInfos(univ.SetOf):
+    pass
+
+
+RecipientInfos.componentType = RecipientInfo()
+RecipientInfos.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class DigestAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class Signature(univ.BitString):
+    pass
+
+
+class SignerIdentifier(univ.Choice):
+    pass
+
+
+SignerIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber', IssuerAndSerialNumber()),
+    namedtype.NamedType('subjectKeyIdentifier', SubjectKeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class UnprotectedAttributes(univ.SetOf):
+    pass
+
+
+UnprotectedAttributes.componentType = Attribute()
+UnprotectedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class ContentType(univ.ObjectIdentifier):
+    pass
+
+
+class EncryptedContent(univ.OctetString):
+    pass
+
+
+class ContentEncryptionAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class EncryptedContentInfo(univ.Sequence):
+    pass
+
+
+EncryptedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('contentEncryptionAlgorithm', ContentEncryptionAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('encryptedContent', EncryptedContent().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class EncryptedData(univ.Sequence):
+    pass
+
+
+EncryptedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_contentType = _buildOid(1, 2, 840, 113549, 1, 9, 3)
+
+id_data = _buildOid(1, 2, 840, 113549, 1, 7, 1)
+
+id_messageDigest = _buildOid(1, 2, 840, 113549, 1, 9, 4)
+
+
+class DigestAlgorithmIdentifiers(univ.SetOf):
+    pass
+
+
+DigestAlgorithmIdentifiers.componentType = DigestAlgorithmIdentifier()
+
+
+class EncapsulatedContentInfo(univ.Sequence):
+    pass
+
+
+EncapsulatedContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('eContentType', ContentType()),
+    namedtype.OptionalNamedType('eContent', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class Digest(univ.OctetString):
+    pass
+
+
+class DigestedData(univ.Sequence):
+    pass
+
+
+DigestedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.NamedType('digest', Digest())
+)
+
+
+class ContentInfo(univ.Sequence):
+    pass
+
+
+ContentInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('contentType', ContentType()),
+    namedtype.NamedType('content', univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class UnauthAttributes(univ.SetOf):
+    pass
+
+
+UnauthAttributes.componentType = Attribute()
+UnauthAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class ExtendedCertificateInfo(univ.Sequence):
+    pass
+
+
+ExtendedCertificateInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('certificate', rfc3280.Certificate()),
+    namedtype.NamedType('attributes', UnauthAttributes())
+)
+
+
+class SignatureAlgorithmIdentifier(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class ExtendedCertificate(univ.Sequence):
+    pass
+
+
+ExtendedCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extendedCertificateInfo', ExtendedCertificateInfo()),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', Signature())
+)
+
+
+class OtherCertificateFormat(univ.Sequence):
+    pass
+
+
+OtherCertificateFormat.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherCertFormat', univ.ObjectIdentifier()),
+    namedtype.NamedType('otherCert', univ.Any())
+)
+
+
+class AttributeCertificateV2(rfc3281.AttributeCertificate):
+    pass
+
+
+class AttCertVersionV1(univ.Integer):
+    pass
+
+
+AttCertVersionV1.namedValues = namedval.NamedValues(
+    ('v1', 0)
+)
+
+
+class AttributeCertificateInfoV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateInfoV1.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version', AttCertVersionV1().subtype(value="v1")),
+    namedtype.NamedType(
+        'subject', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('baseCertificateID', rfc3281.IssuerSerial().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+                namedtype.NamedType('subjectName', rfc3280.GeneralNames().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+            )
+        )
+    ),
+    namedtype.NamedType('issuer', rfc3280.GeneralNames()),
+    namedtype.NamedType('signature', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('serialNumber', rfc3280.CertificateSerialNumber()),
+    namedtype.NamedType('attCertValidityPeriod', rfc3281.AttCertValidityPeriod()),
+    namedtype.NamedType('attributes', univ.SequenceOf(componentType=rfc3280.Attribute())),
+    namedtype.OptionalNamedType('issuerUniqueID', rfc3280.UniqueIdentifier()),
+    namedtype.OptionalNamedType('extensions', rfc3280.Extensions())
+)
+
+
+class AttributeCertificateV1(univ.Sequence):
+    pass
+
+
+AttributeCertificateV1.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('acInfo', AttributeCertificateInfoV1()),
+    namedtype.NamedType('signatureAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class CertificateChoices(univ.Choice):
+    pass
+
+
+CertificateChoices.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc3280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('v1AttrCert', AttributeCertificateV1().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('v2AttrCert', AttributeCertificateV2().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('other', OtherCertificateFormat().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class CertificateSet(univ.SetOf):
+    pass
+
+
+CertificateSet.componentType = CertificateChoices()
+
+
+class MessageAuthenticationCode(univ.OctetString):
+    pass
+
+
+class UnsignedAttributes(univ.SetOf):
+    pass
+
+
+UnsignedAttributes.componentType = Attribute()
+UnsignedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SignatureValue(univ.OctetString):
+    pass
+
+
+class SignerInfo(univ.Sequence):
+    pass
+
+
+SignerInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('sid', SignerIdentifier()),
+    namedtype.NamedType('digestAlgorithm', DigestAlgorithmIdentifier()),
+    namedtype.OptionalNamedType('signedAttrs', SignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('signatureAlgorithm', SignatureAlgorithmIdentifier()),
+    namedtype.NamedType('signature', SignatureValue()),
+    namedtype.OptionalNamedType('unsignedAttrs', UnsignedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SignerInfos(univ.SetOf):
+    pass
+
+
+SignerInfos.componentType = SignerInfo()
+
+
+class SignedData(univ.Sequence):
+    pass
+
+
+SignedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.NamedType('digestAlgorithms', DigestAlgorithmIdentifiers()),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('certificates', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('signerInfos', SignerInfos())
+)
+
+
+class MessageAuthenticationCodeAlgorithm(rfc3280.AlgorithmIdentifier):
+    pass
+
+
+class MessageDigest(univ.OctetString):
+    pass
+
+
+class Time(univ.Choice):
+    pass
+
+
+Time.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('utcTime', useful.UTCTime()),
+    namedtype.NamedType('generalTime', useful.GeneralizedTime())
+)
+
+
+class OriginatorInfo(univ.Sequence):
+    pass
+
+
+OriginatorInfo.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('certs', CertificateSet().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('crls', RevocationInfoChoices().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class AuthAttributes(univ.SetOf):
+    pass
+
+
+AuthAttributes.componentType = Attribute()
+AuthAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class AuthenticatedData(univ.Sequence):
+    pass
+
+
+AuthenticatedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('macAlgorithm', MessageAuthenticationCodeAlgorithm()),
+    namedtype.OptionalNamedType('digestAlgorithm', DigestAlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('encapContentInfo', EncapsulatedContentInfo()),
+    namedtype.OptionalNamedType('authAttrs', AuthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('mac', MessageAuthenticationCode()),
+    namedtype.OptionalNamedType('unauthAttrs', UnauthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+id_ct_contentInfo = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 6)
+
+id_envelopedData = _buildOid(1, 2, 840, 113549, 1, 7, 3)
+
+
+class EnvelopedData(univ.Sequence):
+    pass
+
+
+EnvelopedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', RecipientInfos()),
+    namedtype.NamedType('encryptedContentInfo', EncryptedContentInfo()),
+    namedtype.OptionalNamedType('unprotectedAttrs', UnprotectedAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class Countersignature(SignerInfo):
+    pass
+
+
+id_digestedData = _buildOid(1, 2, 840, 113549, 1, 7, 5)
+
+id_signingTime = _buildOid(1, 2, 840, 113549, 1, 9, 5)
+
+
+class ExtendedCertificateOrCertificate(univ.Choice):
+    pass
+
+
+ExtendedCertificateOrCertificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certificate', rfc3280.Certificate()),
+    namedtype.NamedType('extendedCertificate', ExtendedCertificate().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+id_encryptedData = _buildOid(1, 2, 840, 113549, 1, 7, 6)
+
+id_ct_authData = _buildOid(1, 2, 840, 113549, 1, 9, 16, 1, 2)
+
+
+class SigningTime(Time):
+    pass
+
+
+id_countersignature = _buildOid(1, 2, 840, 113549, 1, 9, 6)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4043.py

@@ -0,0 +1,43 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Internet X.509 Public Key Infrastructure Permanent Identifier
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4043.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+id_pkix = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, ))
+
+id_on = id_pkix + (8, )
+
+id_on_permanentIdentifier = id_on + (3, )
+
+
+class PermanentIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('identifierValue', char.UTF8String()),
+        namedtype.OptionalNamedType('assigner', univ.ObjectIdentifier())
+    )
+
+
+# Map of Other Name OIDs to Other Name is added to the
+# ones that are in rfc5280.py
+
+_anotherNameMapUpdate = {
+    id_on_permanentIdentifier: PermanentIdentifier(),
+}
+
+rfc5280.anotherNameMap.update(_anotherNameMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4073.py

@@ -0,0 +1,59 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to add a map for use with opentypes.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Protecting Multiple Contents with the CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4073.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+# Content Collection Content Type and Object Identifier
+
+id_ct_contentCollection = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.19')
+
+class ContentCollection(univ.SequenceOf):
+    pass
+
+ContentCollection.componentType = rfc5652.ContentInfo()
+ContentCollection.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+# Content With Attributes Content Type and Object Identifier
+
+id_ct_contentWithAttrs = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.20')
+
+class ContentWithAttributes(univ.Sequence):
+    pass
+
+ContentWithAttributes.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('content', rfc5652.ContentInfo()),
+    namedtype.NamedType('attrs', univ.SequenceOf(
+        componentType=rfc5652.Attribute()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+# Map of Content Type OIDs to Content Types is added to the
+# ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_contentCollection: ContentCollection(),
+    id_ct_contentWithAttrs: ContentWithAttributes(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4211.py

@@ -0,0 +1,396 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Internet X.509 Public Key Infrastructure Certificate Request
+# Message Format (CRMF)
+#
+# ASN.1 source from:
+# http://www.ietf.org/rfc/rfc4211.txt
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc3280
+from pyasn1_modules import rfc3852
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
+
+id_pkip = _buildOid(id_pkix, 5)
+
+id_regCtrl = _buildOid(id_pkip, 1)
+
+
+class SinglePubInfo(univ.Sequence):
+    pass
+
+
+SinglePubInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('pubMethod', univ.Integer(
+        namedValues=namedval.NamedValues(('dontCare', 0), ('x500', 1), ('web', 2), ('ldap', 3)))),
+    namedtype.OptionalNamedType('pubLocation', rfc3280.GeneralName())
+)
+
+
+class UTF8Pairs(char.UTF8String):
+    pass
+
+
+class PKMACValue(univ.Sequence):
+    pass
+
+
+PKMACValue.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algId', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('value', univ.BitString())
+)
+
+
+class POPOSigningKeyInput(univ.Sequence):
+    pass
+
+
+POPOSigningKeyInput.componentType = namedtype.NamedTypes(
+    namedtype.NamedType(
+        'authInfo', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType(
+                    'sender', rfc3280.GeneralName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))
+                ),
+                namedtype.NamedType(
+                    'publicKeyMAC', PKMACValue()
+                )
+            )
+        )
+    ),
+    namedtype.NamedType('publicKey', rfc3280.SubjectPublicKeyInfo())
+)
+
+
+class POPOSigningKey(univ.Sequence):
+    pass
+
+
+POPOSigningKey.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('poposkInput', POPOSigningKeyInput().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('algorithmIdentifier', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class Attributes(univ.SetOf):
+    pass
+
+
+Attributes.componentType = rfc3280.Attribute()
+
+
+class PrivateKeyInfo(univ.Sequence):
+    pass
+
+
+PrivateKeyInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', univ.Integer()),
+    namedtype.NamedType('privateKeyAlgorithm', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('privateKey', univ.OctetString()),
+    namedtype.OptionalNamedType('attributes',
+                                Attributes().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class EncryptedValue(univ.Sequence):
+    pass
+
+
+EncryptedValue.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('intendedAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('symmAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('encSymmKey', univ.BitString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('keyAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('valueHint', univ.OctetString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.NamedType('encValue', univ.BitString())
+)
+
+
+class EncryptedKey(univ.Choice):
+    pass
+
+
+EncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptedValue', EncryptedValue()),
+    namedtype.NamedType('envelopedData', rfc3852.EnvelopedData().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KeyGenParameters(univ.OctetString):
+    pass
+
+
+class PKIArchiveOptions(univ.Choice):
+    pass
+
+
+PKIArchiveOptions.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptedPrivKey',
+                        EncryptedKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('keyGenParameters',
+                        KeyGenParameters().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('archiveRemGenPrivKey',
+                        univ.Boolean().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+id_regCtrl_authenticator = _buildOid(id_regCtrl, 2)
+
+id_regInfo = _buildOid(id_pkip, 2)
+
+id_regInfo_certReq = _buildOid(id_regInfo, 2)
+
+
+class ProtocolEncrKey(rfc3280.SubjectPublicKeyInfo):
+    pass
+
+
+class Authenticator(char.UTF8String):
+    pass
+
+
+class SubsequentMessage(univ.Integer):
+    pass
+
+
+SubsequentMessage.namedValues = namedval.NamedValues(
+    ('encrCert', 0),
+    ('challengeResp', 1)
+)
+
+
+class AttributeTypeAndValue(univ.Sequence):
+    pass
+
+
+AttributeTypeAndValue.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', univ.ObjectIdentifier()),
+    namedtype.NamedType('value', univ.Any())
+)
+
+
+class POPOPrivKey(univ.Choice):
+    pass
+
+
+POPOPrivKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('thisMessage',
+                        univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('subsequentMessage',
+                        SubsequentMessage().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('dhMAC',
+                        univ.BitString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('agreeMAC',
+                        PKMACValue().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.NamedType('encryptedKey', rfc3852.EnvelopedData().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)))
+)
+
+
+class ProofOfPossession(univ.Choice):
+    pass
+
+
+ProofOfPossession.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('raVerified',
+                        univ.Null().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('signature', POPOSigningKey().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('keyEncipherment',
+                        POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.NamedType('keyAgreement',
+                        POPOPrivKey().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class OptionalValidity(univ.Sequence):
+    pass
+
+
+OptionalValidity.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('notBefore', rfc3280.Time().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('notAfter', rfc3280.Time().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class CertTemplate(univ.Sequence):
+    pass
+
+
+CertTemplate.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('version', rfc3280.Version().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('serialNumber', univ.Integer().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('signingAlg', rfc3280.AlgorithmIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('issuer', rfc3280.Name().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+    namedtype.OptionalNamedType('validity', OptionalValidity().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+    namedtype.OptionalNamedType('subject', rfc3280.Name().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+    namedtype.OptionalNamedType('publicKey', rfc3280.SubjectPublicKeyInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+    namedtype.OptionalNamedType('issuerUID', rfc3280.UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+    namedtype.OptionalNamedType('subjectUID', rfc3280.UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+    namedtype.OptionalNamedType('extensions', rfc3280.Extensions().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9)))
+)
+
+
+class Controls(univ.SequenceOf):
+    pass
+
+
+Controls.componentType = AttributeTypeAndValue()
+Controls.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class CertRequest(univ.Sequence):
+    pass
+
+
+CertRequest.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certReqId', univ.Integer()),
+    namedtype.NamedType('certTemplate', CertTemplate()),
+    namedtype.OptionalNamedType('controls', Controls())
+)
+
+
+class CertReqMsg(univ.Sequence):
+    pass
+
+
+CertReqMsg.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('certReq', CertRequest()),
+    namedtype.OptionalNamedType('popo', ProofOfPossession()),
+    namedtype.OptionalNamedType('regInfo', univ.SequenceOf(componentType=AttributeTypeAndValue()))
+)
+
+
+class CertReqMessages(univ.SequenceOf):
+    pass
+
+
+CertReqMessages.componentType = CertReqMsg()
+CertReqMessages.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class CertReq(CertRequest):
+    pass
+
+
+id_regCtrl_pkiPublicationInfo = _buildOid(id_regCtrl, 3)
+
+
+class CertId(univ.Sequence):
+    pass
+
+
+CertId.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuer', rfc3280.GeneralName()),
+    namedtype.NamedType('serialNumber', univ.Integer())
+)
+
+
+class OldCertId(CertId):
+    pass
+
+
+class PKIPublicationInfo(univ.Sequence):
+    pass
+
+
+PKIPublicationInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('action',
+                        univ.Integer(namedValues=namedval.NamedValues(('dontPublish', 0), ('pleasePublish', 1)))),
+    namedtype.OptionalNamedType('pubInfos', univ.SequenceOf(componentType=SinglePubInfo()))
+)
+
+
+class EncKeyWithID(univ.Sequence):
+    pass
+
+
+EncKeyWithID.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('privateKey', PrivateKeyInfo()),
+    namedtype.OptionalNamedType(
+        'identifier', univ.Choice(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('string', char.UTF8String()),
+                namedtype.NamedType('generalName', rfc3280.GeneralName())
+            )
+        )
+    )
+)
+
+id_regCtrl_protocolEncrKey = _buildOid(id_regCtrl, 6)
+
+id_regCtrl_oldCertID = _buildOid(id_regCtrl, 5)
+
+id_smime = _buildOid(1, 2, 840, 113549, 1, 9, 16)
+
+
+class PBMParameter(univ.Sequence):
+    pass
+
+
+PBMParameter.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.OctetString()),
+    namedtype.NamedType('owf', rfc3280.AlgorithmIdentifier()),
+    namedtype.NamedType('iterationCount', univ.Integer()),
+    namedtype.NamedType('mac', rfc3280.AlgorithmIdentifier())
+)
+
+id_regCtrl_regToken = _buildOid(id_regCtrl, 1)
+
+id_regCtrl_pkiArchiveOptions = _buildOid(id_regCtrl, 4)
+
+id_regInfo_utf8Pairs = _buildOid(id_regInfo, 1)
+
+id_ct = _buildOid(id_smime, 1)
+
+id_ct_encKeyWithID = _buildOid(id_ct, 21)
+
+
+class RegToken(char.UTF8String):
+    pass

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4334.py

@@ -0,0 +1,75 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Certificate Extensions and Attributes Supporting Authentication
+#   in PPP and Wireless LAN Networks
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4334.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+MAX = float('inf')
+
+
+# OID Arcs
+
+id_pe = univ.ObjectIdentifier('1.3.6.1.5.5.7.1')
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_aca = univ.ObjectIdentifier('1.3.6.1.5.5.7.10')
+
+
+# Extended Key Usage Values
+
+id_kp_eapOverPPP = id_kp + (13, )
+
+id_kp_eapOverLAN = id_kp + (14, )
+
+
+# Wireless LAN SSID Extension
+
+id_pe_wlanSSID = id_pe + (13, )
+
+class SSID(univ.OctetString):
+    constraint.ValueSizeConstraint(1, 32)
+
+
+class SSIDList(univ.SequenceOf):
+    componentType = SSID()
+    subtypeSpec=constraint.ValueSizeConstraint(1, MAX)
+
+
+# Wireless LAN SSID Attribute Certificate Attribute
+
+id_aca_wlanSSID = id_aca + (7, )
+
+
+# Map of Certificate Extension OIDs to Extensions
+# To be added to the ones that are in rfc5280.py
+
+_certificateExtensionsMap = {
+    id_pe_wlanSSID: SSIDList(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMap)
+
+
+# Map of AttributeType OIDs to AttributeValue added to the
+# ones that are in rfc5280.py
+
+_certificateAttributesMapUpdate = {
+    id_aca_wlanSSID: SSIDList(),
+}
+
+rfc5280.certificateAttributesMap.update(_certificateAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4357.py

@@ -0,0 +1,477 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Additional Cryptographic Algorithms for Use with GOST 28147-89,
+# GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4357.txt
+# https://www.rfc-editor.org/errata/eid5927
+# https://www.rfc-editor.org/errata/eid5928
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+# Import from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Object Identifiers
+
+id_CryptoPro = univ.ObjectIdentifier((1, 2, 643, 2, 2,))
+
+
+id_CryptoPro_modules = id_CryptoPro + (1, 1,)
+
+id_CryptoPro_extensions = id_CryptoPro + (34,)
+
+id_CryptoPro_policyIds = id_CryptoPro + (38,)
+
+id_CryptoPro_policyQt = id_CryptoPro + (39,)
+
+
+cryptographic_Gost_Useful_Definitions = id_CryptoPro_modules + (0, 1,)
+
+gostR3411_94_DigestSyntax = id_CryptoPro_modules + (1, 1,)
+
+gostR3410_94_PKISyntax = id_CryptoPro_modules + (2, 1,)
+
+gostR3410_94_SignatureSyntax = id_CryptoPro_modules + (3, 1,)
+
+gost28147_89_EncryptionSyntax = id_CryptoPro_modules + (4, 1,)
+
+gostR3410_EncryptionSyntax = id_CryptoPro_modules + (5, 2,)
+
+gost28147_89_ParamSetSyntax = id_CryptoPro_modules + (6, 1,)
+
+gostR3411_94_ParamSetSyntax = id_CryptoPro_modules + (7, 1,)
+
+gostR3410_94_ParamSetSyntax = id_CryptoPro_modules + (8, 1, 1)
+
+gostR3410_2001_PKISyntax = id_CryptoPro_modules + (9, 1,)
+
+gostR3410_2001_SignatureSyntax = id_CryptoPro_modules + (10, 1,)
+
+gostR3410_2001_ParamSetSyntax = id_CryptoPro_modules + (12, 1,)
+
+gost_CryptoPro_ExtendedKeyUsage = id_CryptoPro_modules + (13, 1,)
+
+gost_CryptoPro_PrivateKey = id_CryptoPro_modules + (14, 1,)
+
+gost_CryptoPro_PKIXCMP = id_CryptoPro_modules + (15, 1,)
+
+gost_CryptoPro_TLS = id_CryptoPro_modules + (16, 1,)
+
+gost_CryptoPro_Policy = id_CryptoPro_modules + (17, 1,)
+
+gost_CryptoPro_Constants = id_CryptoPro_modules + (18, 1,)
+
+
+id_CryptoPro_algorithms = id_CryptoPro
+
+id_GostR3411_94_with_GostR3410_2001 = id_CryptoPro_algorithms + (3,)
+
+id_GostR3411_94_with_GostR3410_94 = id_CryptoPro_algorithms + (4,)
+
+id_GostR3411_94 = id_CryptoPro_algorithms + (9,)
+
+id_Gost28147_89_None_KeyMeshing = id_CryptoPro_algorithms + (14, 0,)
+
+id_Gost28147_89_CryptoPro_KeyMeshing = id_CryptoPro_algorithms + (14, 1,)
+
+id_GostR3410_2001 = id_CryptoPro_algorithms + (19,)
+
+id_GostR3410_94 = id_CryptoPro_algorithms + (20,)
+
+id_Gost28147_89 = id_CryptoPro_algorithms + (21,)
+
+id_Gost28147_89_MAC = id_CryptoPro_algorithms + (22,)
+
+id_CryptoPro_hashes = id_CryptoPro_algorithms + (30,)
+
+id_CryptoPro_encrypts = id_CryptoPro_algorithms + (31,)
+
+id_CryptoPro_signs = id_CryptoPro_algorithms + (32,)
+
+id_CryptoPro_exchanges = id_CryptoPro_algorithms + (33,)
+
+id_CryptoPro_ecc_signs = id_CryptoPro_algorithms + (35,)
+
+id_CryptoPro_ecc_exchanges = id_CryptoPro_algorithms + (36,)
+
+id_CryptoPro_private_keys = id_CryptoPro_algorithms + (37,)
+
+id_CryptoPro_pkixcmp_infos = id_CryptoPro_algorithms + (41,)
+
+id_CryptoPro_audit_service_types = id_CryptoPro_algorithms + (42,)
+
+id_CryptoPro_audit_record_types = id_CryptoPro_algorithms + (43,)
+
+id_CryptoPro_attributes = id_CryptoPro_algorithms + (44,)
+
+id_CryptoPro_name_service_types = id_CryptoPro_algorithms + (45,)
+
+id_GostR3410_2001DH = id_CryptoPro_algorithms + (98,)
+
+id_GostR3410_94DH = id_CryptoPro_algorithms + (99,)
+
+
+id_Gost28147_89_TestParamSet = id_CryptoPro_encrypts + (0,)
+
+id_Gost28147_89_CryptoPro_A_ParamSet = id_CryptoPro_encrypts + (1,)
+
+id_Gost28147_89_CryptoPro_B_ParamSet = id_CryptoPro_encrypts + (2,)
+
+id_Gost28147_89_CryptoPro_C_ParamSet = id_CryptoPro_encrypts + (3,)
+
+id_Gost28147_89_CryptoPro_D_ParamSet = id_CryptoPro_encrypts + (4,)
+
+id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet = id_CryptoPro_encrypts + (5,)
+
+id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet = id_CryptoPro_encrypts + (6,)
+
+id_Gost28147_89_CryptoPro_RIC_1_ParamSet = id_CryptoPro_encrypts + (7,)
+
+
+id_GostR3410_2001_TestParamSet = id_CryptoPro_ecc_signs + (0,)
+
+id_GostR3410_2001_CryptoPro_A_ParamSet = id_CryptoPro_ecc_signs + (1,)
+
+id_GostR3410_2001_CryptoPro_B_ParamSet = id_CryptoPro_ecc_signs + (2,)
+
+id_GostR3410_2001_CryptoPro_C_ParamSet = id_CryptoPro_ecc_signs + (3,)
+
+
+id_GostR3410_2001_CryptoPro_XchA_ParamSet = id_CryptoPro_ecc_exchanges + (0,)
+
+id_GostR3410_2001_CryptoPro_XchB_ParamSet = id_CryptoPro_ecc_exchanges + (1,)
+
+
+id_GostR3410_94_TestParamSet = id_CryptoPro_signs + (0,)
+
+id_GostR3410_94_CryptoPro_A_ParamSet = id_CryptoPro_signs + (2,)
+
+id_GostR3410_94_CryptoPro_B_ParamSet = id_CryptoPro_signs + (3,)
+
+id_GostR3410_94_CryptoPro_C_ParamSet = id_CryptoPro_signs + (4,)
+
+id_GostR3410_94_CryptoPro_D_ParamSet = id_CryptoPro_signs + (5,)
+
+
+id_GostR3410_94_CryptoPro_XchA_ParamSet = id_CryptoPro_exchanges + (1,)
+
+id_GostR3410_94_CryptoPro_XchB_ParamSet = id_CryptoPro_exchanges + (2,)
+
+id_GostR3410_94_CryptoPro_XchC_ParamSet = id_CryptoPro_exchanges + (3,)
+
+
+id_GostR3410_94_a = id_GostR3410_94 + (1,)
+
+id_GostR3410_94_aBis = id_GostR3410_94 + (2,)
+
+id_GostR3410_94_b = id_GostR3410_94 + (3,)
+
+id_GostR3410_94_bBis = id_GostR3410_94 + (4,)
+
+
+id_GostR3411_94_TestParamSet = id_CryptoPro_hashes + (0,)
+
+id_GostR3411_94_CryptoProParamSet = id_CryptoPro_hashes + (1,)
+
+
+
+
+class Gost28147_89_ParamSet(univ.ObjectIdentifier):
+    pass
+
+Gost28147_89_ParamSet.subtypeSpec = constraint.SingleValueConstraint(
+    id_Gost28147_89_TestParamSet,
+    id_Gost28147_89_CryptoPro_A_ParamSet,
+    id_Gost28147_89_CryptoPro_B_ParamSet,
+    id_Gost28147_89_CryptoPro_C_ParamSet,
+    id_Gost28147_89_CryptoPro_D_ParamSet,
+    id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,
+    id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,
+    id_Gost28147_89_CryptoPro_RIC_1_ParamSet
+)
+
+
+class Gost28147_89_BlobParameters(univ.Sequence):
+    pass
+
+Gost28147_89_BlobParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet())
+)
+
+
+class Gost28147_89_MAC(univ.OctetString):
+    pass
+
+Gost28147_89_MAC.subtypeSpec = constraint.ValueSizeConstraint(1, 4)
+
+
+class Gost28147_89_Key(univ.OctetString):
+    pass
+
+Gost28147_89_Key.subtypeSpec = constraint.ValueSizeConstraint(32, 32)
+
+
+class Gost28147_89_EncryptedKey(univ.Sequence):
+    pass
+
+Gost28147_89_EncryptedKey.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('encryptedKey', Gost28147_89_Key()),
+    namedtype.OptionalNamedType('maskKey', Gost28147_89_Key().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('macKey', Gost28147_89_MAC())
+)
+
+
+class Gost28147_89_IV(univ.OctetString):
+    pass
+
+Gost28147_89_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8)
+
+
+class Gost28147_89_UZ(univ.OctetString):
+    pass
+
+Gost28147_89_UZ.subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+class Gost28147_89_ParamSetParameters(univ.Sequence):
+    pass
+
+Gost28147_89_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('eUZ', Gost28147_89_UZ()),
+    namedtype.NamedType('mode',
+        univ.Integer(namedValues=namedval.NamedValues(
+            ('gost28147-89-CNT', 0),
+            ('gost28147-89-CFB', 1),
+            ('cryptoPro-CBC', 2)
+    ))),
+    namedtype.NamedType('shiftBits',
+        univ.Integer(namedValues=namedval.NamedValues(
+            ('gost28147-89-block', 64)
+    ))),
+    namedtype.NamedType('keyMeshing', AlgorithmIdentifier())
+)
+
+
+class Gost28147_89_Parameters(univ.Sequence):
+    pass
+
+Gost28147_89_Parameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('iv', Gost28147_89_IV()),
+    namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet())
+)
+
+
+class GostR3410_2001_CertificateSignature(univ.BitString):
+    pass
+
+GostR3410_2001_CertificateSignature.subtypeSpec=constraint.ValueSizeConstraint(256, 512)
+
+
+class GostR3410_2001_ParamSetParameters(univ.Sequence):
+    pass
+
+GostR3410_2001_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('a', univ.Integer()),
+    namedtype.NamedType('b', univ.Integer()),
+    namedtype.NamedType('p', univ.Integer()),
+    namedtype.NamedType('q', univ.Integer()),
+    namedtype.NamedType('x', univ.Integer()),
+    namedtype.NamedType('y', univ.Integer())
+)
+
+
+class GostR3410_2001_PublicKey(univ.OctetString):
+    pass
+
+GostR3410_2001_PublicKey.subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+class GostR3410_2001_PublicKeyParameters(univ.Sequence):
+    pass
+
+GostR3410_2001_PublicKeyParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3410_2001_TestParamSet,
+            id_GostR3410_2001_CryptoPro_A_ParamSet,
+            id_GostR3410_2001_CryptoPro_B_ParamSet,
+            id_GostR3410_2001_CryptoPro_C_ParamSet,
+            id_GostR3410_2001_CryptoPro_XchA_ParamSet,
+            id_GostR3410_2001_CryptoPro_XchB_ParamSet
+    ))),
+    namedtype.NamedType('digestParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3411_94_TestParamSet,
+            id_GostR3411_94_CryptoProParamSet
+    ))),
+    namedtype.DefaultedNamedType('encryptionParamSet',
+        Gost28147_89_ParamSet().subtype(value=id_Gost28147_89_CryptoPro_A_ParamSet
+    ))
+)
+
+
+class GostR3410_94_CertificateSignature(univ.BitString):
+    pass
+
+GostR3410_94_CertificateSignature.subtypeSpec = constraint.ValueSizeConstraint(256, 512)
+
+
+class GostR3410_94_ParamSetParameters_t(univ.Integer):
+    pass
+
+GostR3410_94_ParamSetParameters_t.subtypeSpec = constraint.SingleValueConstraint(512, 1024)
+
+
+class GostR3410_94_ParamSetParameters(univ.Sequence):
+    pass
+
+GostR3410_94_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('t', GostR3410_94_ParamSetParameters_t()),
+    namedtype.NamedType('p', univ.Integer()),
+    namedtype.NamedType('q', univ.Integer()),
+    namedtype.NamedType('a', univ.Integer()),
+    namedtype.OptionalNamedType('validationAlgorithm', AlgorithmIdentifier())
+)
+
+
+class GostR3410_94_PublicKey(univ.OctetString):
+    pass
+
+GostR3410_94_PublicKey.subtypeSpec = constraint.ConstraintsUnion(
+    constraint.ValueSizeConstraint(64, 64),
+    constraint.ValueSizeConstraint(128, 128)
+)
+
+
+class GostR3410_94_PublicKeyParameters(univ.Sequence):
+    pass
+
+GostR3410_94_PublicKeyParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('publicKeyParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3410_94_TestParamSet,
+            id_GostR3410_94_CryptoPro_A_ParamSet,
+            id_GostR3410_94_CryptoPro_B_ParamSet,
+            id_GostR3410_94_CryptoPro_C_ParamSet,
+            id_GostR3410_94_CryptoPro_D_ParamSet,
+            id_GostR3410_94_CryptoPro_XchA_ParamSet,
+            id_GostR3410_94_CryptoPro_XchB_ParamSet,
+            id_GostR3410_94_CryptoPro_XchC_ParamSet
+    ))),
+    namedtype.NamedType('digestParamSet', univ.ObjectIdentifier().subtype(
+        subtypeSpec=constraint.SingleValueConstraint(
+            id_GostR3411_94_TestParamSet,
+            id_GostR3411_94_CryptoProParamSet
+    ))),
+    namedtype.DefaultedNamedType('encryptionParamSet',
+        Gost28147_89_ParamSet().subtype(value=id_Gost28147_89_CryptoPro_A_ParamSet
+    ))
+)
+
+
+class GostR3410_94_ValidationBisParameters_c(univ.Integer):
+    pass
+
+GostR3410_94_ValidationBisParameters_c.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295)
+
+
+class GostR3410_94_ValidationBisParameters(univ.Sequence):
+    pass
+
+GostR3410_94_ValidationBisParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x0', GostR3410_94_ValidationBisParameters_c()),
+    namedtype.NamedType('c', GostR3410_94_ValidationBisParameters_c()),
+    namedtype.OptionalNamedType('d', univ.Integer())
+)
+
+
+class GostR3410_94_ValidationParameters_c(univ.Integer):
+    pass
+
+GostR3410_94_ValidationParameters_c.subtypeSpec = constraint.ValueRangeConstraint(0, 65535)
+
+
+class GostR3410_94_ValidationParameters(univ.Sequence):
+    pass
+
+GostR3410_94_ValidationParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x0', GostR3410_94_ValidationParameters_c()),
+    namedtype.NamedType('c', GostR3410_94_ValidationParameters_c()),
+    namedtype.OptionalNamedType('d', univ.Integer())
+)
+
+
+class GostR3411_94_Digest(univ.OctetString):
+    pass
+
+GostR3411_94_Digest.subtypeSpec = constraint.ValueSizeConstraint(32, 32)
+
+
+class GostR3411_94_DigestParameters(univ.ObjectIdentifier):
+    pass
+
+GostR3411_94_DigestParameters.subtypeSpec = constraint.ConstraintsUnion(
+     constraint.SingleValueConstraint(id_GostR3411_94_TestParamSet),
+     constraint.SingleValueConstraint(id_GostR3411_94_CryptoProParamSet),
+)
+
+
+class GostR3411_94_ParamSetParameters(univ.Sequence):
+    pass
+
+GostR3411_94_ParamSetParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('hUZ', Gost28147_89_UZ()),
+    namedtype.NamedType('h0', GostR3411_94_Digest())
+)
+
+
+# Update the Algorithm Identifier map in rfc5280.py
+
+_algorithmIdentifierMapUpdate = {
+    id_Gost28147_89: Gost28147_89_Parameters(),
+    id_Gost28147_89_TestParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_A_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_B_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_C_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_D_ParamSet: Gost28147_89_ParamSetParameters(),
+    id_Gost28147_89_CryptoPro_KeyMeshing: univ.Null(""),
+    id_Gost28147_89_None_KeyMeshing: univ.Null(""),
+    id_GostR3410_94: GostR3410_94_PublicKeyParameters(),
+    id_GostR3410_94_TestParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_A_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_B_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_C_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_D_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_XchA_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_XchB_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_CryptoPro_XchC_ParamSet: GostR3410_94_ParamSetParameters(),
+    id_GostR3410_94_a: GostR3410_94_ValidationParameters(),
+    id_GostR3410_94_aBis: GostR3410_94_ValidationBisParameters(),
+    id_GostR3410_94_b: GostR3410_94_ValidationParameters(),
+    id_GostR3410_94_bBis: GostR3410_94_ValidationBisParameters(),
+    id_GostR3410_2001: univ.Null(""),
+    id_GostR3411_94: univ.Null(""),
+    id_GostR3411_94_TestParamSet: GostR3411_94_ParamSetParameters(),
+    id_GostR3411_94_CryptoProParamSet: GostR3411_94_ParamSetParameters(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4387.py

@@ -0,0 +1,23 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Certificate Store Access via HTTP
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4387.txt
+#
+
+
+from pyasn1.type import univ
+
+
+id_ad = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 48, ))
+
+id_ad_http_certs = id_ad + (6, )
+
+id_ad_http_crls = id_ad  + (7,)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4490.py

@@ -0,0 +1,113 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and
+#   GOST R 34.10-2001 Algorithms with the CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4490.txt
+#
+
+
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+from pyasn1_modules import rfc4357
+from pyasn1_modules import rfc5280
+
+
+# Imports from RFC 4357
+
+id_CryptoPro_algorithms = rfc4357.id_CryptoPro_algorithms
+
+id_GostR3410_94 = rfc4357.id_GostR3410_94
+
+id_GostR3410_2001 = rfc4357.id_GostR3410_2001
+
+Gost28147_89_ParamSet = rfc4357.Gost28147_89_ParamSet
+
+Gost28147_89_EncryptedKey = rfc4357.Gost28147_89_EncryptedKey
+
+GostR3410_94_PublicKeyParameters = rfc4357.GostR3410_94_PublicKeyParameters
+
+GostR3410_2001_PublicKeyParameters = rfc4357.GostR3410_2001_PublicKeyParameters
+
+
+# Imports from RFC 5280
+
+SubjectPublicKeyInfo = rfc5280.SubjectPublicKeyInfo
+
+
+# CMS/PKCS#7 key agreement algorithms & parameters
+
+class Gost28147_89_KeyWrapParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()),
+        namedtype.OptionalNamedType('ukm', univ.OctetString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
+    )
+
+
+id_Gost28147_89_CryptoPro_KeyWrap = id_CryptoPro_algorithms + (13, 1, )
+
+
+id_Gost28147_89_None_KeyWrap = id_CryptoPro_algorithms + (13, 0, )
+
+
+id_GostR3410_2001_CryptoPro_ESDH = id_CryptoPro_algorithms + (96, )
+
+
+id_GostR3410_94_CryptoPro_ESDH = id_CryptoPro_algorithms + (97, )
+
+
+# CMS/PKCS#7 key transport algorithms & parameters
+
+id_GostR3410_2001_KeyTransportSMIMECapability = id_GostR3410_2001
+
+
+id_GostR3410_94_KeyTransportSMIMECapability = id_GostR3410_94
+
+
+class GostR3410_TransportParameters(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('encryptionParamSet', Gost28147_89_ParamSet()),
+        namedtype.OptionalNamedType('ephemeralPublicKey', 
+            SubjectPublicKeyInfo().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('ukm', univ.OctetString().subtype(
+            subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
+    )
+
+class GostR3410_KeyTransport(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sessionEncryptedKey', Gost28147_89_EncryptedKey()),
+        namedtype.OptionalNamedType('transportParameters',
+            GostR3410_TransportParameters().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0)))
+    )
+
+
+# GOST R 34.10-94 signature algorithm & parameters
+
+class GostR3410_94_Signature(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+# GOST R 34.10-2001 signature algorithms and parameters
+
+class GostR3410_2001_Signature(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(64, 64)
+
+
+# Update the Algorithm Identifier map in rfc5280.py
+
+_algorithmIdentifierMapUpdate = {
+    id_Gost28147_89_CryptoPro_KeyWrap: Gost28147_89_KeyWrapParameters(),
+    id_Gost28147_89_None_KeyWrap: Gost28147_89_KeyWrapParameters(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4491.py

@@ -0,0 +1,44 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
+#   Algorithms with Certificates and CRLs
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4491.txt
+#
+
+from pyasn1_modules import rfc4357
+
+
+# Signature Algorithm GOST R 34.10-94
+
+id_GostR3411_94_with_GostR3410_94 = rfc4357.id_GostR3411_94_with_GostR3410_94
+
+
+# Signature Algorithm GOST R 34.10-2001
+
+id_GostR3411_94_with_GostR3410_2001 = rfc4357.id_GostR3411_94_with_GostR3410_2001
+
+
+# GOST R 34.10-94 Keys
+
+id_GostR3410_94 = rfc4357.id_GostR3410_94
+
+GostR3410_2001_PublicKey = rfc4357.GostR3410_2001_PublicKey
+
+GostR3410_2001_PublicKeyParameters = rfc4357.GostR3410_2001_PublicKeyParameters
+
+
+# GOST R 34.10-2001 Keys
+
+id_GostR3410_2001 = rfc4357.id_GostR3410_2001
+
+GostR3410_94_PublicKey = rfc4357.GostR3410_94_PublicKey
+
+GostR3410_94_PublicKeyParameters = rfc4357.GostR3410_94_PublicKeyParameters

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc4683.py

@@ -0,0 +1,72 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Subject Identification Method (SIM)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc4683.txt
+# https://www.rfc-editor.org/errata/eid1047
+#
+
+from pyasn1.type import char
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+# Used to compute the PEPSI value
+
+class HashContent(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('userPassword', char.UTF8String()),
+        namedtype.NamedType('authorityRandom', univ.OctetString()),
+        namedtype.NamedType('identifierType', univ.ObjectIdentifier()),
+        namedtype.NamedType('identifier', char.UTF8String())
+    )
+
+
+# Used to encode the PEPSI value as the SIM Other Name
+
+id_pkix = rfc5280.id_pkix
+
+id_on = id_pkix + (8,)
+
+id_on_SIM = id_on + (6,)
+
+
+class SIM(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlg', rfc5280.AlgorithmIdentifier()),
+        namedtype.NamedType('authorityRandom', univ.OctetString()),
+        namedtype.NamedType('pEPSI', univ.OctetString())
+    )
+
+
+# Used to encrypt the PEPSI value during certificate request
+
+id_pkip = id_pkix + (5,)
+
+id_regEPEPSI = id_pkip + (3,)
+
+
+class EncryptedPEPSI(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('identifierType', univ.ObjectIdentifier()),
+        namedtype.NamedType('identifier', char.UTF8String()),
+        namedtype.NamedType('sIM', SIM())
+    )
+
+
+# Update the map of Other Name OIDs to Other Names in rfc5280.py
+
+_anotherNameMapUpdate = {
+    id_on_SIM: SIM(),
+}
+
+rfc5280.anotherNameMap.update(_anotherNameMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5083.py

@@ -0,0 +1,52 @@
+# This file is being contributed to of pyasn1-modules software.
+#
+# Created by Russ Housley without assistance from the asn1ate tool.
+# Modified by Russ Housley to add a map for use with opentypes and
+#   simplify the code for the object identifier assignment.
+#
+# Copyright (c) 2018, 2019 Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+#  Authenticated-Enveloped-Data for the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5083.txt
+
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5652
+
+MAX = float('inf')
+
+
+# CMS Authenticated-Enveloped-Data Content Type
+
+id_ct_authEnvelopedData = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.23')
+
+class AuthEnvelopedData(univ.Sequence):
+    pass
+
+AuthEnvelopedData.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version', rfc5652.CMSVersion()),
+    namedtype.OptionalNamedType('originatorInfo', rfc5652.OriginatorInfo().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('recipientInfos', rfc5652.RecipientInfos()),
+    namedtype.NamedType('authEncryptedContentInfo', rfc5652.EncryptedContentInfo()),
+    namedtype.OptionalNamedType('authAttrs', rfc5652.AuthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('mac', rfc5652.MessageAuthenticationCode()),
+    namedtype.OptionalNamedType('unauthAttrs', rfc5652.UnauthAttributes().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+# Map of Content Type OIDs to Content Types is added to the
+# ones that are in rfc5652.py
+
+_cmsContentTypesMapUpdate = {
+    id_ct_authEnvelopedData: AuthEnvelopedData(),
+}
+
+rfc5652.cmsContentTypesMap.update(_cmsContentTypesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5084.py

@@ -0,0 +1,97 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from the asn1ate tool, with manual
+#   changes to AES_CCM_ICVlen.subtypeSpec and added comments
+#
+# Copyright (c) 2018-2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+#  AES-CCM and AES-GCM Algorithms fo use with the Authenticated-Enveloped-Data
+#  protecting content type for the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5084.txt
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class AES_CCM_ICVlen(univ.Integer):
+    pass
+
+
+class AES_GCM_ICVlen(univ.Integer):
+    pass
+
+
+AES_CCM_ICVlen.subtypeSpec = constraint.SingleValueConstraint(4, 6, 8, 10, 12, 14, 16)
+
+AES_GCM_ICVlen.subtypeSpec = constraint.ValueRangeConstraint(12, 16)
+
+
+class CCMParameters(univ.Sequence):
+    pass
+
+
+CCMParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('aes-nonce', univ.OctetString().subtype(subtypeSpec=constraint.ValueSizeConstraint(7, 13))),
+    # The aes-nonce parameter contains 15-L octets, where L is the size of the length field. L=8 is RECOMMENDED.
+    # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique.
+    namedtype.DefaultedNamedType('aes-ICVlen', AES_CCM_ICVlen().subtype(value=12))
+)
+
+
+class GCMParameters(univ.Sequence):
+    pass
+
+
+GCMParameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('aes-nonce', univ.OctetString()),
+    # The aes-nonce may have any number of bits between 8 and 2^64, but it MUST be a multiple of 8 bits.
+    # Within the scope of any content-authenticated-encryption key, the nonce value MUST be unique.
+    # A nonce value of 12 octets can be processed more efficiently, so that length is RECOMMENDED.
+    namedtype.DefaultedNamedType('aes-ICVlen', AES_GCM_ICVlen().subtype(value=12))
+)
+
+aes = _OID(2, 16, 840, 1, 101, 3, 4, 1)
+
+id_aes128_CCM = _OID(aes, 7)
+
+id_aes128_GCM = _OID(aes, 6)
+
+id_aes192_CCM = _OID(aes, 27)
+
+id_aes192_GCM = _OID(aes, 26)
+
+id_aes256_CCM = _OID(aes, 47)
+
+id_aes256_GCM = _OID(aes, 46)
+
+
+# Map of Algorithm Identifier OIDs to Parameters is added to the
+# ones in rfc5280.py
+
+_algorithmIdentifierMapUpdate = {
+    id_aes128_CCM: CCMParameters(),
+    id_aes128_GCM: GCMParameters(),
+    id_aes192_CCM: CCMParameters(),
+    id_aes192_GCM: GCMParameters(),
+    id_aes256_CCM: CCMParameters(),
+    id_aes256_GCM: GCMParameters(),
+}
+
+rfc5280.algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5275.py

@@ -0,0 +1,404 @@
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# An Internet Attribute Certificate Profile for Authorization
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5275.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_modules import rfc3565
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc5751
+from pyasn1_modules import rfc5755
+
+MAX = float('inf')
+
+
+# Initialize the map for GLAQueryRequests and GLAQueryResponses
+
+glaQueryRRMap = { }
+
+
+# Imports from RFC 3565
+
+id_aes128_wrap = rfc3565.id_aes128_wrap
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+Certificate = rfc5280.Certificate
+
+GeneralName = rfc5280.GeneralName
+
+
+# Imports from RFC 5652
+
+CertificateSet = rfc5652.CertificateSet
+
+KEKIdentifier = rfc5652.KEKIdentifier
+
+RecipientInfos = rfc5652.RecipientInfos
+
+
+# Imports from RFC 5751
+
+SMIMECapability = rfc5751.SMIMECapability
+
+
+# Imports from RFC 5755
+
+AttributeCertificate = rfc5755.AttributeCertificate
+
+
+# The GL symmetric key distribution object identifier arc
+
+id_skd = univ.ObjectIdentifier((1, 2, 840, 113549, 1, 9, 16, 8,))
+
+
+# The GL Use KEK control attribute
+
+id_skd_glUseKEK = id_skd + (1,)
+
+
+class Certificates(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('pKC',
+            Certificate().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('aC',
+            univ.SequenceOf(componentType=AttributeCertificate()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)).subtype(
+                    implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('certPath',
+            CertificateSet().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class GLInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('glAddress', GeneralName())
+    )
+
+
+class GLOwnerInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glOwnerName', GeneralName()),
+        namedtype.NamedType('glOwnerAddress', GeneralName()),
+        namedtype.OptionalNamedType('certificates', Certificates())
+    )
+
+
+class GLAdministration(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('unmanaged', 0),
+        ('managed', 1),
+        ('closed', 2)
+    )
+
+
+requested_algorithm = SMIMECapability().subtype(
+   implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
+requested_algorithm['capabilityID'] = id_aes128_wrap
+
+
+class GLKeyAttributes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('rekeyControlledByGLO',
+            univ.Boolean().subtype(value=0,
+                implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.DefaultedNamedType('recipientsNotMutuallyAware',
+            univ.Boolean().subtype(value=1,
+                implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.DefaultedNamedType('duration',
+            univ.Integer().subtype(value=0,
+                implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.DefaultedNamedType('generationCounter',
+            univ.Integer().subtype(value=2,
+                implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.DefaultedNamedType('requestedAlgorithm', requested_algorithm)
+    )
+
+
+class GLUseKEK(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glInfo', GLInfo()),
+        namedtype.NamedType('glOwnerInfo',
+            univ.SequenceOf(componentType=GLOwnerInfo()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        namedtype.DefaultedNamedType('glAdministration',
+            GLAdministration().subtype(value=1)),
+        namedtype.OptionalNamedType('glKeyAttributes', GLKeyAttributes())
+    )
+
+
+# The Delete GL control attribute
+
+id_skd_glDelete = id_skd + (2,)
+
+
+class DeleteGL(GeneralName):
+    pass
+
+
+# The Add GL Member control attribute
+
+id_skd_glAddMember = id_skd + (3,)
+
+
+class GLMember(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glMemberName', GeneralName()),
+        namedtype.OptionalNamedType('glMemberAddress', GeneralName()),
+        namedtype.OptionalNamedType('certificates', Certificates())
+    )
+
+
+class GLAddMember(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('glMember', GLMember())
+    )
+
+
+# The Delete GL Member control attribute
+
+id_skd_glDeleteMember = id_skd + (4,)
+
+
+class GLDeleteMember(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('glMemberToDelete', GeneralName())
+    )
+
+
+# The GL Rekey control attribute
+
+id_skd_glRekey = id_skd + (5,)
+
+
+class GLNewKeyAttributes(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('rekeyControlledByGLO',
+            univ.Boolean().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('recipientsNotMutuallyAware',
+            univ.Boolean().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('duration',
+            univ.Integer().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 2))),
+        namedtype.OptionalNamedType('generationCounter',
+            univ.Integer().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 3))),
+        namedtype.OptionalNamedType('requestedAlgorithm',
+            AlgorithmIdentifier().subtype(implicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 4)))
+    )
+
+
+class GLRekey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.OptionalNamedType('glAdministration', GLAdministration()),
+        namedtype.OptionalNamedType('glNewKeyAttributes', GLNewKeyAttributes()),
+        namedtype.OptionalNamedType('glRekeyAllGLKeys', univ.Boolean())
+    )
+
+
+# The Add and Delete GL Owner control attributes
+
+id_skd_glAddOwner = id_skd + (6,)
+
+id_skd_glRemoveOwner = id_skd + (7,)
+
+
+class GLOwnerAdministration(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('glOwnerInfo', GLOwnerInfo())
+    )
+
+
+# The GL Key Compromise control attribute
+
+id_skd_glKeyCompromise = id_skd + (8,)
+
+
+class GLKCompromise(GeneralName):
+    pass
+
+
+# The GL Key Refresh control attribute
+
+id_skd_glkRefresh = id_skd + (9,)
+
+
+class Date(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('start', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('end', useful.GeneralizedTime())
+    )
+
+
+class GLKRefresh(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('dates',
+            univ.SequenceOf(componentType=Date()).subtype(
+                subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+    )
+
+
+# The GLA Query Request control attribute
+
+id_skd_glaQueryRequest = id_skd + (11,)
+
+
+class GLAQueryRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glaRequestType', univ.ObjectIdentifier()),
+        namedtype.NamedType('glaRequestValue', univ.Any(),
+            openType=opentype.OpenType('glaRequestType', glaQueryRRMap))
+    )
+
+
+# The GLA Query Response control attribute
+
+id_skd_glaQueryResponse = id_skd + (12,)
+
+
+class GLAQueryResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glaResponseType', univ.ObjectIdentifier()),
+        namedtype.NamedType('glaResponseValue', univ.Any(),
+            openType=opentype.OpenType('glaResponseType', glaQueryRRMap))
+    )
+
+
+# The GLA Request/Response (glaRR) arc for glaRequestType/glaResponseType
+
+id_cmc_glaRR = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 7, 99,))
+
+
+# The Algorithm Request
+
+id_cmc_gla_skdAlgRequest = id_cmc_glaRR + (1,)
+
+
+class SKDAlgRequest(univ.Null):
+    pass
+
+
+# The Algorithm Response
+
+id_cmc_gla_skdAlgResponse = id_cmc_glaRR + (2,)
+
+SMIMECapabilities = rfc5751.SMIMECapabilities
+
+
+# The control attribute to request an updated certificate to the GLA and
+# the control attribute to return an updated certificate to the GLA
+
+id_skd_glProvideCert = id_skd + (13,)
+
+id_skd_glManageCert = id_skd + (14,)
+
+
+class GLManageCert(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('glMember', GLMember())
+    )
+
+
+# The control attribute to distribute the GL shared KEK
+
+id_skd_glKey = id_skd + (15,)
+
+
+class GLKey(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('glName', GeneralName()),
+        namedtype.NamedType('glIdentifier', KEKIdentifier()),
+        namedtype.NamedType('glkWrapped', RecipientInfos()),
+        namedtype.NamedType('glkAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('glkNotBefore', useful.GeneralizedTime()),
+        namedtype.NamedType('glkNotAfter', useful.GeneralizedTime())
+    )
+
+
+# The CMC error types
+
+id_cet_skdFailInfo = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 15, 1,))
+
+
+class SKDFailInfo(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('unspecified', 0),
+        ('closedGL', 1),
+        ('unsupportedDuration', 2),
+        ('noGLACertificate', 3),
+        ('invalidCert', 4),
+        ('unsupportedAlgorithm', 5),
+        ('noGLONameMatch', 6),
+        ('invalidGLName', 7),
+        ('nameAlreadyInUse', 8),
+        ('noSpam', 9),
+        ('alreadyAMember', 11),
+        ('notAMember', 12),
+        ('alreadyAnOwner', 13),
+        ('notAnOwner', 14)
+    )
+
+
+# Update the map for GLAQueryRequests and GLAQueryResponses
+
+_glaQueryRRMapUpdate = {
+    id_cmc_gla_skdAlgRequest: univ.Null(""),
+    id_cmc_gla_skdAlgResponse: SMIMECapabilities(),
+}
+
+glaQueryRRMap.update(_glaQueryRRMapUpdate)
+
+
+# Update the map for CMC control attributes; since CMS Attributes and
+# CMC Controls both use 'attrType', one map is used for both
+
+_cmcControlAttributesMapUpdate = {
+    id_skd_glUseKEK: GLUseKEK(),
+    id_skd_glDelete: DeleteGL(),
+    id_skd_glAddMember: GLAddMember(),
+    id_skd_glDeleteMember: GLDeleteMember(),
+    id_skd_glRekey: GLRekey(),
+    id_skd_glAddOwner: GLOwnerAdministration(),
+    id_skd_glRemoveOwner: GLOwnerAdministration(),
+    id_skd_glKeyCompromise: GLKCompromise(),
+    id_skd_glkRefresh: GLKRefresh(),
+    id_skd_glaQueryRequest: GLAQueryRequest(),
+    id_skd_glaQueryResponse: GLAQueryResponse(),
+    id_skd_glProvideCert: GLManageCert(),
+    id_skd_glManageCert: GLManageCert(),
+    id_skd_glKey: GLKey(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmcControlAttributesMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5280.py

@@ -0,0 +1,1658 @@
+# coding: utf-8
+#
+# This file is part of pyasn1-modules software.
+#
+# Created by Stanisław Pitucha with asn1ate tool.
+# Updated by Russ Housley for ORAddress Extension Attribute opentype support.
+# Updated by Russ Housley for AlgorithmIdentifier opentype support.
+#
+# Copyright (c) 2005-2020, Ilya Etingof <etingof@gmail.com>
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Internet X.509 Public Key Infrastructure Certificate and Certificate
+# Revocation List (CRL) Profile
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5280.txt
+#
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+MAX = float('inf')
+
+
+def _buildOid(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+ub_e163_4_sub_address_length = univ.Integer(40)
+
+ub_e163_4_number_length = univ.Integer(15)
+
+unformatted_postal_address = univ.Integer(16)
+
+
+class TerminalType(univ.Integer):
+    pass
+
+
+TerminalType.namedValues = namedval.NamedValues(
+    ('telex', 3),
+    ('teletex', 4),
+    ('g3-facsimile', 5),
+    ('g4-facsimile', 6),
+    ('ia5-terminal', 7),
+    ('videotex', 8)
+)
+
+
+class Extension(univ.Sequence):
+    pass
+
+
+Extension.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('extnID', univ.ObjectIdentifier()),
+    namedtype.DefaultedNamedType('critical', univ.Boolean().subtype(value=0)),
+    namedtype.NamedType('extnValue', univ.OctetString())
+)
+
+
+class Extensions(univ.SequenceOf):
+    pass
+
+
+Extensions.componentType = Extension()
+Extensions.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+physical_delivery_personal_name = univ.Integer(13)
+
+ub_unformatted_address_length = univ.Integer(180)
+
+ub_pds_parameter_length = univ.Integer(30)
+
+ub_pds_physical_address_lines = univ.Integer(6)
+
+
+class UnformattedPostalAddress(univ.Set):
+    pass
+
+
+UnformattedPostalAddress.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('printable-address', univ.SequenceOf(componentType=char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))),
+    namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_unformatted_address_length)))
+)
+
+ub_organization_name = univ.Integer(64)
+
+
+class X520OrganizationName(univ.Choice):
+    pass
+
+
+X520OrganizationName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_organization_name)))
+)
+
+ub_x121_address_length = univ.Integer(16)
+
+pds_name = univ.Integer(7)
+
+id_pkix = _buildOid(1, 3, 6, 1, 5, 5, 7)
+
+id_kp = _buildOid(id_pkix, 3)
+
+ub_postal_code_length = univ.Integer(16)
+
+
+class PostalCode(univ.Choice):
+    pass
+
+
+PostalCode.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numeric-code', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length))),
+    namedtype.NamedType('printable-code', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_postal_code_length)))
+)
+
+ub_generation_qualifier_length = univ.Integer(3)
+
+unique_postal_name = univ.Integer(20)
+
+
+class DomainComponent(char.IA5String):
+    pass
+
+
+ub_domain_defined_attribute_value_length = univ.Integer(128)
+
+ub_match = univ.Integer(128)
+
+id_at = _buildOid(2, 5, 4)
+
+
+class AttributeType(univ.ObjectIdentifier):
+    pass
+
+
+id_at_organizationalUnitName = _buildOid(id_at, 11)
+
+terminal_type = univ.Integer(23)
+
+
+class PDSParameter(univ.Set):
+    pass
+
+
+PDSParameter.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('printable-string', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length))),
+    namedtype.OptionalNamedType('teletex-string', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_pds_parameter_length)))
+)
+
+
+class PhysicalDeliveryPersonalName(PDSParameter):
+    pass
+
+
+ub_surname_length = univ.Integer(40)
+
+id_ad = _buildOid(id_pkix, 48)
+
+ub_domain_defined_attribute_type_length = univ.Integer(8)
+
+
+class TeletexDomainDefinedAttribute(univ.Sequence):
+    pass
+
+
+TeletexDomainDefinedAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+    namedtype.NamedType('value', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+)
+
+ub_domain_defined_attributes = univ.Integer(4)
+
+
+class TeletexDomainDefinedAttributes(univ.SequenceOf):
+    pass
+
+
+TeletexDomainDefinedAttributes.componentType = TeletexDomainDefinedAttribute()
+TeletexDomainDefinedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+extended_network_address = univ.Integer(22)
+
+ub_locality_name = univ.Integer(128)
+
+
+class X520LocalityName(univ.Choice):
+    pass
+
+
+X520LocalityName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_locality_name)))
+)
+
+teletex_organization_name = univ.Integer(3)
+
+ub_given_name_length = univ.Integer(16)
+
+ub_initials_length = univ.Integer(5)
+
+
+class PersonalName(univ.Set):
+    pass
+
+
+PersonalName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('surname', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('given-name', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('initials', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('generation-qualifier', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+ub_organizational_unit_name_length = univ.Integer(32)
+
+
+class OrganizationalUnitName(char.PrintableString):
+    pass
+
+
+OrganizationalUnitName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+id_at_generationQualifier = _buildOid(id_at, 44)
+
+
+class Version(univ.Integer):
+    pass
+
+
+Version.namedValues = namedval.NamedValues(
+    ('v1', 0),
+    ('v2', 1),
+    ('v3', 2)
+)
+
+
+class CertificateSerialNumber(univ.Integer):
+    pass
+
+
+algorithmIdentifierMap = {}
+
+
+class AlgorithmIdentifier(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('algorithm', univ.ObjectIdentifier()),
+        namedtype.OptionalNamedType('parameters', univ.Any(),
+            openType=opentype.OpenType('algorithm', algorithmIdentifierMap)
+        )
+    )
+
+
+class Time(univ.Choice):
+    pass
+
+
+Time.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('utcTime', useful.UTCTime()),
+    namedtype.NamedType('generalTime', useful.GeneralizedTime())
+)
+
+
+class AttributeValue(univ.Any):
+    pass
+
+
+certificateAttributesMap = {}
+
+
+class AttributeTypeAndValue(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType(
+            'value', AttributeValue(),
+            openType=opentype.OpenType('type', certificateAttributesMap)
+        )
+    )
+
+
+class RelativeDistinguishedName(univ.SetOf):
+    pass
+
+
+RelativeDistinguishedName.componentType = AttributeTypeAndValue()
+RelativeDistinguishedName.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class RDNSequence(univ.SequenceOf):
+    pass
+
+
+RDNSequence.componentType = RelativeDistinguishedName()
+
+
+class Name(univ.Choice):
+    pass
+
+
+Name.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('rdnSequence', RDNSequence())
+)
+
+
+class TBSCertList(univ.Sequence):
+    pass
+
+
+TBSCertList.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('version', Version()),
+    namedtype.NamedType('signature', AlgorithmIdentifier()),
+    namedtype.NamedType('issuer', Name()),
+    namedtype.NamedType('thisUpdate', Time()),
+    namedtype.OptionalNamedType('nextUpdate', Time()),
+    namedtype.OptionalNamedType(
+        'revokedCertificates', univ.SequenceOf(
+            componentType=univ.Sequence(
+                componentType=namedtype.NamedTypes(
+                    namedtype.NamedType('userCertificate', CertificateSerialNumber()),
+                    namedtype.NamedType('revocationDate', Time()),
+                    namedtype.OptionalNamedType('crlEntryExtensions', Extensions())
+                )
+            )
+        )
+    ),
+    namedtype.OptionalNamedType(
+        'crlExtensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class CertificateList(univ.Sequence):
+    pass
+
+
+CertificateList.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tbsCertList', TBSCertList()),
+    namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class PhysicalDeliveryOfficeName(PDSParameter):
+    pass
+
+
+ub_extension_attributes = univ.Integer(256)
+
+certificateExtensionsMap = {
+}
+
+oraddressExtensionAttributeMap = {
+}
+
+
+class ExtensionAttribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType(
+            'extension-attribute-type',
+            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, ub_extension_attributes)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType(
+            'extension-attribute-value',
+            univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)),
+            openType=opentype.OpenType('extension-attribute-type', oraddressExtensionAttributeMap))
+    )
+
+id_qt = _buildOid(id_pkix, 2)
+
+id_qt_cps = _buildOid(id_qt, 1)
+
+id_at_stateOrProvinceName = _buildOid(id_at, 8)
+
+id_at_title = _buildOid(id_at, 12)
+
+id_at_serialNumber = _buildOid(id_at, 5)
+
+
+class X520dnQualifier(char.PrintableString):
+    pass
+
+
+class PosteRestanteAddress(PDSParameter):
+    pass
+
+
+poste_restante_address = univ.Integer(19)
+
+
+class UniqueIdentifier(univ.BitString):
+    pass
+
+
+class Validity(univ.Sequence):
+    pass
+
+
+Validity.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('notBefore', Time()),
+    namedtype.NamedType('notAfter', Time())
+)
+
+
+class SubjectPublicKeyInfo(univ.Sequence):
+    pass
+
+
+SubjectPublicKeyInfo.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('algorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('subjectPublicKey', univ.BitString())
+)
+
+
+class TBSCertificate(univ.Sequence):
+    pass
+
+
+TBSCertificate.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('version',
+                                 Version().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+                                                                       tag.tagFormatSimple, 0)).subtype(value="v1")),
+    namedtype.NamedType('serialNumber', CertificateSerialNumber()),
+    namedtype.NamedType('signature', AlgorithmIdentifier()),
+    namedtype.NamedType('issuer', Name()),
+    namedtype.NamedType('validity', Validity()),
+    namedtype.NamedType('subject', Name()),
+    namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()),
+    namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('extensions',
+                                Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+physical_delivery_office_name = univ.Integer(10)
+
+ub_name = univ.Integer(32768)
+
+
+class X520name(univ.Choice):
+    pass
+
+
+X520name.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_name)))
+)
+
+id_at_dnQualifier = _buildOid(id_at, 46)
+
+ub_serial_number = univ.Integer(64)
+
+ub_pseudonym = univ.Integer(128)
+
+pkcs_9 = _buildOid(1, 2, 840, 113549, 1, 9)
+
+
+class X121Address(char.NumericString):
+    pass
+
+
+X121Address.subtypeSpec = constraint.ValueSizeConstraint(1, ub_x121_address_length)
+
+
+class NetworkAddress(X121Address):
+    pass
+
+
+ub_integer_options = univ.Integer(256)
+
+id_at_commonName = _buildOid(id_at, 3)
+
+ub_organization_name_length = univ.Integer(64)
+
+id_ad_ocsp = _buildOid(id_ad, 1)
+
+ub_country_name_numeric_length = univ.Integer(3)
+
+ub_country_name_alpha_length = univ.Integer(2)
+
+
+class PhysicalDeliveryCountryName(univ.Choice):
+    pass
+
+
+PhysicalDeliveryCountryName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+    namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+)
+
+id_emailAddress = _buildOid(pkcs_9, 1)
+
+common_name = univ.Integer(1)
+
+
+class X520Pseudonym(univ.Choice):
+    pass
+
+
+X520Pseudonym.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_pseudonym)))
+)
+
+ub_domain_name_length = univ.Integer(16)
+
+
+class AdministrationDomainName(univ.Choice):
+    pass
+
+
+AdministrationDomainName.tagSet = univ.Choice.tagSet.tagExplicitly(
+    tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2))
+AdministrationDomainName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numeric', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length))),
+    namedtype.NamedType('printable', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(0, ub_domain_name_length)))
+)
+
+
+class PresentationAddress(univ.Sequence):
+    pass
+
+
+PresentationAddress.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('pSelector', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('sSelector', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('tSelector', univ.OctetString().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('nAddresses', univ.SetOf(componentType=univ.OctetString()).subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+class ExtendedNetworkAddress(univ.Choice):
+    pass
+
+
+ExtendedNetworkAddress.componentType = namedtype.NamedTypes(
+    namedtype.NamedType(
+        'e163-4-address', univ.Sequence(
+            componentType=namedtype.NamedTypes(
+                namedtype.NamedType('number', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_number_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+                namedtype.OptionalNamedType('sub-address', char.NumericString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_e163_4_sub_address_length)).subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+            )
+        )
+    ),
+    namedtype.NamedType('psap-address', PresentationAddress().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
+)
+
+
+class TeletexOrganizationName(char.TeletexString):
+    pass
+
+
+TeletexOrganizationName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+ub_terminal_id_length = univ.Integer(24)
+
+
+class TerminalIdentifier(char.PrintableString):
+    pass
+
+
+TerminalIdentifier.subtypeSpec = constraint.ValueSizeConstraint(1, ub_terminal_id_length)
+
+id_ad_caIssuers = _buildOid(id_ad, 2)
+
+id_at_countryName = _buildOid(id_at, 6)
+
+
+class StreetAddress(PDSParameter):
+    pass
+
+
+postal_code = univ.Integer(9)
+
+id_at_givenName = _buildOid(id_at, 42)
+
+ub_title = univ.Integer(64)
+
+
+class ExtensionAttributes(univ.SetOf):
+    pass
+
+
+ExtensionAttributes.componentType = ExtensionAttribute()
+ExtensionAttributes.sizeSpec = constraint.ValueSizeConstraint(1, ub_extension_attributes)
+
+ub_emailaddress_length = univ.Integer(255)
+
+id_ad_caRepository = _buildOid(id_ad, 5)
+
+
+class ExtensionORAddressComponents(PDSParameter):
+    pass
+
+
+ub_organizational_unit_name = univ.Integer(64)
+
+
+class X520OrganizationalUnitName(univ.Choice):
+    pass
+
+
+X520OrganizationalUnitName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('printableString', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('universalString', char.UniversalString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_organizational_unit_name)))
+)
+
+
+class LocalPostalAttributes(PDSParameter):
+    pass
+
+
+teletex_organizational_unit_names = univ.Integer(5)
+
+
+class X520Title(univ.Choice):
+    pass
+
+
+X520Title.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_title)))
+)
+
+id_at_localityName = _buildOid(id_at, 7)
+
+id_at_initials = _buildOid(id_at, 43)
+
+ub_state_name = univ.Integer(128)
+
+
+class X520StateOrProvinceName(univ.Choice):
+    pass
+
+
+X520StateOrProvinceName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_state_name)))
+)
+
+physical_delivery_organization_name = univ.Integer(14)
+
+id_at_surname = _buildOid(id_at, 4)
+
+
+class X520countryName(char.PrintableString):
+    pass
+
+
+X520countryName.subtypeSpec = constraint.ValueSizeConstraint(2, 2)
+
+physical_delivery_office_number = univ.Integer(11)
+
+id_qt_unotice = _buildOid(id_qt, 2)
+
+
+class X520SerialNumber(char.PrintableString):
+    pass
+
+
+X520SerialNumber.subtypeSpec = constraint.ValueSizeConstraint(1, ub_serial_number)
+
+
+class Attribute(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type', AttributeType()),
+        namedtype.NamedType('values',
+                            univ.SetOf(componentType=AttributeValue()),
+                            openType=opentype.OpenType('type', certificateAttributesMap))
+    )
+
+ub_common_name = univ.Integer(64)
+
+id_pe = _buildOid(id_pkix, 1)
+
+
+class ExtensionPhysicalDeliveryAddressComponents(PDSParameter):
+    pass
+
+
+class EmailAddress(char.IA5String):
+    pass
+
+
+EmailAddress.subtypeSpec = constraint.ValueSizeConstraint(1, ub_emailaddress_length)
+
+id_at_organizationName = _buildOid(id_at, 10)
+
+post_office_box_address = univ.Integer(18)
+
+
+class BuiltInDomainDefinedAttribute(univ.Sequence):
+    pass
+
+
+BuiltInDomainDefinedAttribute.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('type', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_type_length))),
+    namedtype.NamedType('value', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_defined_attribute_value_length)))
+)
+
+
+class BuiltInDomainDefinedAttributes(univ.SequenceOf):
+    pass
+
+
+BuiltInDomainDefinedAttributes.componentType = BuiltInDomainDefinedAttribute()
+BuiltInDomainDefinedAttributes.sizeSpec = constraint.ValueSizeConstraint(1, ub_domain_defined_attributes)
+
+id_at_pseudonym = _buildOid(id_at, 65)
+
+id_domainComponent = _buildOid(0, 9, 2342, 19200300, 100, 1, 25)
+
+
+class X520CommonName(univ.Choice):
+    pass
+
+
+X520CommonName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('utf8String',
+                        char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name))),
+    namedtype.NamedType('bmpString',
+                        char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, ub_common_name)))
+)
+
+extension_OR_address_components = univ.Integer(12)
+
+ub_organizational_units = univ.Integer(4)
+
+teletex_personal_name = univ.Integer(4)
+
+ub_numeric_user_id_length = univ.Integer(32)
+
+ub_common_name_length = univ.Integer(64)
+
+
+class TeletexCommonName(char.TeletexString):
+    pass
+
+
+TeletexCommonName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+
+class PhysicalDeliveryOrganizationName(PDSParameter):
+    pass
+
+
+extension_physical_delivery_address_components = univ.Integer(15)
+
+
+class NumericUserIdentifier(char.NumericString):
+    pass
+
+
+NumericUserIdentifier.subtypeSpec = constraint.ValueSizeConstraint(1, ub_numeric_user_id_length)
+
+
+class CountryName(univ.Choice):
+    pass
+
+
+CountryName.tagSet = univ.Choice.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1))
+CountryName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('x121-dcc-code', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_numeric_length, ub_country_name_numeric_length))),
+    namedtype.NamedType('iso-3166-alpha2-code', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(ub_country_name_alpha_length, ub_country_name_alpha_length)))
+)
+
+
+class OrganizationName(char.PrintableString):
+    pass
+
+
+OrganizationName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organization_name_length)
+
+
+class OrganizationalUnitNames(univ.SequenceOf):
+    pass
+
+
+OrganizationalUnitNames.componentType = OrganizationalUnitName()
+OrganizationalUnitNames.sizeSpec = constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+
+class PrivateDomainName(univ.Choice):
+    pass
+
+
+PrivateDomainName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('numeric', char.NumericString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length))),
+    namedtype.NamedType('printable', char.PrintableString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_domain_name_length)))
+)
+
+
+class BuiltInStandardAttributes(univ.Sequence):
+    pass
+
+
+BuiltInStandardAttributes.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('country-name', CountryName()),
+    namedtype.OptionalNamedType('administration-domain-name', AdministrationDomainName()),
+    namedtype.OptionalNamedType('network-address', NetworkAddress().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('terminal-identifier', TerminalIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('private-domain-name', PrivateDomainName().subtype(
+        explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+    namedtype.OptionalNamedType('organization-name', OrganizationName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.OptionalNamedType('numeric-user-identifier', NumericUserIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+    namedtype.OptionalNamedType('personal-name', PersonalName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+    namedtype.OptionalNamedType('organizational-unit-names', OrganizationalUnitNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6)))
+)
+
+
+class ORAddress(univ.Sequence):
+    pass
+
+
+ORAddress.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('built-in-standard-attributes', BuiltInStandardAttributes()),
+    namedtype.OptionalNamedType('built-in-domain-defined-attributes', BuiltInDomainDefinedAttributes()),
+    namedtype.OptionalNamedType('extension-attributes', ExtensionAttributes())
+)
+
+
+class DistinguishedName(RDNSequence):
+    pass
+
+
+id_ad_timeStamping = _buildOid(id_ad, 3)
+
+
+class PhysicalDeliveryOfficeNumber(PDSParameter):
+    pass
+
+
+teletex_domain_defined_attributes = univ.Integer(6)
+
+
+class UniquePostalName(PDSParameter):
+    pass
+
+
+physical_delivery_country_name = univ.Integer(8)
+
+ub_pds_name_length = univ.Integer(16)
+
+
+class PDSName(char.PrintableString):
+    pass
+
+
+PDSName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_pds_name_length)
+
+
+class TeletexPersonalName(univ.Set):
+    pass
+
+
+TeletexPersonalName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('surname', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_surname_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('given-name', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_given_name_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('initials', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_initials_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.OptionalNamedType('generation-qualifier', char.TeletexString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(1, ub_generation_qualifier_length)).subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+street_address = univ.Integer(17)
+
+
+class PostOfficeBoxAddress(PDSParameter):
+    pass
+
+
+local_postal_attributes = univ.Integer(21)
+
+
+class DirectoryString(univ.Choice):
+    pass
+
+
+DirectoryString.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('teletexString',
+                        char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('printableString',
+                        char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('universalString',
+                        char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+teletex_common_name = univ.Integer(2)
+
+
+class CommonName(char.PrintableString):
+    pass
+
+
+CommonName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_common_name_length)
+
+
+class Certificate(univ.Sequence):
+    pass
+
+
+Certificate.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('tbsCertificate', TBSCertificate()),
+    namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+    namedtype.NamedType('signature', univ.BitString())
+)
+
+
+class TeletexOrganizationalUnitName(char.TeletexString):
+    pass
+
+
+TeletexOrganizationalUnitName.subtypeSpec = constraint.ValueSizeConstraint(1, ub_organizational_unit_name_length)
+
+id_at_name = _buildOid(id_at, 41)
+
+
+class TeletexOrganizationalUnitNames(univ.SequenceOf):
+    pass
+
+
+TeletexOrganizationalUnitNames.componentType = TeletexOrganizationalUnitName()
+TeletexOrganizationalUnitNames.sizeSpec = constraint.ValueSizeConstraint(1, ub_organizational_units)
+
+id_ce = _buildOid(2, 5, 29)
+
+id_ce_issuerAltName = _buildOid(id_ce, 18)
+
+
+class SkipCerts(univ.Integer):
+    pass
+
+
+SkipCerts.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class CRLReason(univ.Enumerated):
+    pass
+
+
+CRLReason.namedValues = namedval.NamedValues(
+    ('unspecified', 0),
+    ('keyCompromise', 1),
+    ('cACompromise', 2),
+    ('affiliationChanged', 3),
+    ('superseded', 4),
+    ('cessationOfOperation', 5),
+    ('certificateHold', 6),
+    ('removeFromCRL', 8),
+    ('privilegeWithdrawn', 9),
+    ('aACompromise', 10)
+)
+
+
+class PrivateKeyUsagePeriod(univ.Sequence):
+    pass
+
+
+PrivateKeyUsagePeriod.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('notBefore', useful.GeneralizedTime().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('notAfter', useful.GeneralizedTime().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+anotherNameMap = {
+
+}
+
+
+class AnotherName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type-id', univ.ObjectIdentifier()),
+        namedtype.NamedType(
+            'value',
+            univ.Any().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)),
+            openType=opentype.OpenType('type-id', anotherNameMap)
+        )
+    )
+
+
+class EDIPartyName(univ.Sequence):
+    pass
+
+
+EDIPartyName.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('nameAssigner', DirectoryString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('partyName', DirectoryString().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+)
+
+
+class GeneralName(univ.Choice):
+    pass
+
+
+GeneralName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('otherName',
+                        AnotherName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.NamedType('rfc822Name',
+                        char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('dNSName',
+                        char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+    namedtype.NamedType('x400Address',
+                        ORAddress().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.NamedType('directoryName',
+                        Name().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+    namedtype.NamedType('ediPartyName',
+                        EDIPartyName().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5))),
+    namedtype.NamedType('uniformResourceIdentifier',
+                        char.IA5String().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+    namedtype.NamedType('iPAddress',
+                        univ.OctetString().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+    namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
+)
+
+
+class BaseDistance(univ.Integer):
+    pass
+
+
+BaseDistance.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class GeneralSubtree(univ.Sequence):
+    pass
+
+
+GeneralSubtree.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('base', GeneralName()),
+    namedtype.DefaultedNamedType('minimum', BaseDistance().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)).subtype(value=0)),
+    namedtype.OptionalNamedType('maximum', BaseDistance().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class GeneralNames(univ.SequenceOf):
+    pass
+
+
+GeneralNames.componentType = GeneralName()
+GeneralNames.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class DistributionPointName(univ.Choice):
+    pass
+
+
+DistributionPointName.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('fullName',
+                        GeneralNames().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('nameRelativeToCRLIssuer', RelativeDistinguishedName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class ReasonFlags(univ.BitString):
+    pass
+
+
+ReasonFlags.namedValues = namedval.NamedValues(
+    ('unused', 0),
+    ('keyCompromise', 1),
+    ('cACompromise', 2),
+    ('affiliationChanged', 3),
+    ('superseded', 4),
+    ('cessationOfOperation', 5),
+    ('certificateHold', 6),
+    ('privilegeWithdrawn', 7),
+    ('aACompromise', 8)
+)
+
+
+class IssuingDistributionPoint(univ.Sequence):
+    pass
+
+
+IssuingDistributionPoint.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.DefaultedNamedType('onlyContainsUserCerts', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)).subtype(value=0)),
+    namedtype.DefaultedNamedType('onlyContainsCACerts', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)).subtype(value=0)),
+    namedtype.OptionalNamedType('onlySomeReasons', ReasonFlags().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+    namedtype.DefaultedNamedType('indirectCRL', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4)).subtype(value=0)),
+    namedtype.DefaultedNamedType('onlyContainsAttributeCerts', univ.Boolean().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5)).subtype(value=0))
+)
+
+id_ce_certificatePolicies = _buildOid(id_ce, 32)
+
+id_kp_emailProtection = _buildOid(id_kp, 4)
+
+
+class AccessDescription(univ.Sequence):
+    pass
+
+
+AccessDescription.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('accessMethod', univ.ObjectIdentifier()),
+    namedtype.NamedType('accessLocation', GeneralName())
+)
+
+
+class IssuerAltName(GeneralNames):
+    pass
+
+
+id_ce_cRLDistributionPoints = _buildOid(id_ce, 31)
+
+holdInstruction = _buildOid(2, 2, 840, 10040, 2)
+
+id_holdinstruction_callissuer = _buildOid(holdInstruction, 2)
+
+id_ce_subjectDirectoryAttributes = _buildOid(id_ce, 9)
+
+id_ce_issuingDistributionPoint = _buildOid(id_ce, 28)
+
+
+class DistributionPoint(univ.Sequence):
+    pass
+
+
+DistributionPoint.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('distributionPoint', DistributionPointName().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+    namedtype.OptionalNamedType('reasons', ReasonFlags().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('cRLIssuer', GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class CRLDistributionPoints(univ.SequenceOf):
+    pass
+
+
+CRLDistributionPoints.componentType = DistributionPoint()
+CRLDistributionPoints.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class GeneralSubtrees(univ.SequenceOf):
+    pass
+
+
+GeneralSubtrees.componentType = GeneralSubtree()
+GeneralSubtrees.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class NameConstraints(univ.Sequence):
+    pass
+
+
+NameConstraints.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('permittedSubtrees', GeneralSubtrees().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('excludedSubtrees', GeneralSubtrees().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class SubjectDirectoryAttributes(univ.SequenceOf):
+    pass
+
+
+SubjectDirectoryAttributes.componentType = Attribute()
+SubjectDirectoryAttributes.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_kp_OCSPSigning = _buildOid(id_kp, 9)
+
+id_kp_timeStamping = _buildOid(id_kp, 8)
+
+
+class DisplayText(univ.Choice):
+    pass
+
+
+DisplayText.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+    namedtype.NamedType('visibleString',
+                        char.VisibleString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+    namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200))),
+    namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, 200)))
+)
+
+
+class NoticeReference(univ.Sequence):
+    pass
+
+
+NoticeReference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('organization', DisplayText()),
+    namedtype.NamedType('noticeNumbers', univ.SequenceOf(componentType=univ.Integer()))
+)
+
+
+class UserNotice(univ.Sequence):
+    pass
+
+
+UserNotice.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('noticeRef', NoticeReference()),
+    namedtype.OptionalNamedType('explicitText', DisplayText())
+)
+
+
+class PolicyQualifierId(univ.ObjectIdentifier):
+    pass
+
+
+policyQualifierInfoMap = {
+
+}
+
+
+class PolicyQualifierInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('policyQualifierId', PolicyQualifierId()),
+        namedtype.NamedType(
+            'qualifier', univ.Any(),
+            openType=opentype.OpenType('policyQualifierId', policyQualifierInfoMap)
+        )
+    )
+
+
+class CertPolicyId(univ.ObjectIdentifier):
+    pass
+
+
+class PolicyInformation(univ.Sequence):
+    pass
+
+
+PolicyInformation.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('policyIdentifier', CertPolicyId()),
+    namedtype.OptionalNamedType('policyQualifiers', univ.SequenceOf(componentType=PolicyQualifierInfo()))
+)
+
+
+class CertificatePolicies(univ.SequenceOf):
+    pass
+
+
+CertificatePolicies.componentType = PolicyInformation()
+CertificatePolicies.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class SubjectAltName(GeneralNames):
+    pass
+
+
+id_ce_basicConstraints = _buildOid(id_ce, 19)
+
+id_ce_authorityKeyIdentifier = _buildOid(id_ce, 35)
+
+id_kp_codeSigning = _buildOid(id_kp, 3)
+
+
+class BasicConstraints(univ.Sequence):
+    pass
+
+
+BasicConstraints.componentType = namedtype.NamedTypes(
+    namedtype.DefaultedNamedType('cA', univ.Boolean().subtype(value=0)),
+    namedtype.OptionalNamedType('pathLenConstraint',
+                                univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(0, MAX)))
+)
+
+id_ce_certificateIssuer = _buildOid(id_ce, 29)
+
+
+class PolicyMappings(univ.SequenceOf):
+    pass
+
+
+PolicyMappings.componentType = univ.Sequence(
+    componentType=namedtype.NamedTypes(
+        namedtype.NamedType('issuerDomainPolicy', CertPolicyId()),
+        namedtype.NamedType('subjectDomainPolicy', CertPolicyId())
+    )
+)
+
+PolicyMappings.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class InhibitAnyPolicy(SkipCerts):
+    pass
+
+
+anyPolicy = _buildOid(id_ce_certificatePolicies, 0)
+
+
+class CRLNumber(univ.Integer):
+    pass
+
+
+CRLNumber.subtypeSpec = constraint.ValueRangeConstraint(0, MAX)
+
+
+class BaseCRLNumber(CRLNumber):
+    pass
+
+
+id_ce_nameConstraints = _buildOid(id_ce, 30)
+
+id_kp_serverAuth = _buildOid(id_kp, 1)
+
+id_ce_freshestCRL = _buildOid(id_ce, 46)
+
+id_ce_cRLReasons = _buildOid(id_ce, 21)
+
+id_ce_extKeyUsage = _buildOid(id_ce, 37)
+
+
+class KeyIdentifier(univ.OctetString):
+    pass
+
+
+class AuthorityKeyIdentifier(univ.Sequence):
+    pass
+
+
+AuthorityKeyIdentifier.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.OptionalNamedType('authorityCertSerialNumber', CertificateSerialNumber().subtype(
+        implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class FreshestCRL(CRLDistributionPoints):
+    pass
+
+
+id_ce_policyConstraints = _buildOid(id_ce, 36)
+
+id_pe_authorityInfoAccess = _buildOid(id_pe, 1)
+
+
+class AuthorityInfoAccessSyntax(univ.SequenceOf):
+    pass
+
+
+AuthorityInfoAccessSyntax.componentType = AccessDescription()
+AuthorityInfoAccessSyntax.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_holdinstruction_none = _buildOid(holdInstruction, 1)
+
+
+class CPSuri(char.IA5String):
+    pass
+
+
+id_pe_subjectInfoAccess = _buildOid(id_pe, 11)
+
+
+class SubjectKeyIdentifier(KeyIdentifier):
+    pass
+
+
+id_ce_subjectAltName = _buildOid(id_ce, 17)
+
+
+class KeyPurposeId(univ.ObjectIdentifier):
+    pass
+
+
+class ExtKeyUsageSyntax(univ.SequenceOf):
+    pass
+
+
+ExtKeyUsageSyntax.componentType = KeyPurposeId()
+ExtKeyUsageSyntax.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class HoldInstructionCode(univ.ObjectIdentifier):
+    pass
+
+
+id_ce_deltaCRLIndicator = _buildOid(id_ce, 27)
+
+id_ce_keyUsage = _buildOid(id_ce, 15)
+
+id_ce_holdInstructionCode = _buildOid(id_ce, 23)
+
+
+class SubjectInfoAccessSyntax(univ.SequenceOf):
+    pass
+
+
+SubjectInfoAccessSyntax.componentType = AccessDescription()
+SubjectInfoAccessSyntax.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class InvalidityDate(useful.GeneralizedTime):
+    pass
+
+
+class KeyUsage(univ.BitString):
+    pass
+
+
+KeyUsage.namedValues = namedval.NamedValues(
+    ('digitalSignature', 0),
+    ('nonRepudiation', 1),
+    ('keyEncipherment', 2),
+    ('dataEncipherment', 3),
+    ('keyAgreement', 4),
+    ('keyCertSign', 5),
+    ('cRLSign', 6),
+    ('encipherOnly', 7),
+    ('decipherOnly', 8)
+)
+
+id_ce_invalidityDate = _buildOid(id_ce, 24)
+
+id_ce_policyMappings = _buildOid(id_ce, 33)
+
+anyExtendedKeyUsage = _buildOid(id_ce_extKeyUsage, 0)
+
+id_ce_privateKeyUsagePeriod = _buildOid(id_ce, 16)
+
+id_ce_cRLNumber = _buildOid(id_ce, 20)
+
+
+class CertificateIssuer(GeneralNames):
+    pass
+
+
+id_holdinstruction_reject = _buildOid(holdInstruction, 3)
+
+
+class PolicyConstraints(univ.Sequence):
+    pass
+
+
+PolicyConstraints.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('requireExplicitPolicy',
+                                SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('inhibitPolicyMapping',
+                                SkipCerts().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+id_kp_clientAuth = _buildOid(id_kp, 2)
+
+id_ce_subjectKeyIdentifier = _buildOid(id_ce, 14)
+
+id_ce_inhibitAnyPolicy = _buildOid(id_ce, 54)
+
+# map of ORAddress ExtensionAttribute type to ExtensionAttribute value
+
+_oraddressExtensionAttributeMapUpdate = {
+    common_name: CommonName(),
+    teletex_common_name: TeletexCommonName(),
+    teletex_organization_name: TeletexOrganizationName(),
+    teletex_personal_name: TeletexPersonalName(),
+    teletex_organizational_unit_names: TeletexOrganizationalUnitNames(),
+    pds_name: PDSName(),
+    physical_delivery_country_name: PhysicalDeliveryCountryName(),
+    postal_code: PostalCode(),
+    physical_delivery_office_name: PhysicalDeliveryOfficeName(),
+    physical_delivery_office_number: PhysicalDeliveryOfficeNumber(),
+    extension_OR_address_components: ExtensionORAddressComponents(),
+    physical_delivery_personal_name: PhysicalDeliveryPersonalName(),
+    physical_delivery_organization_name: PhysicalDeliveryOrganizationName(),
+    extension_physical_delivery_address_components: ExtensionPhysicalDeliveryAddressComponents(),
+    unformatted_postal_address: UnformattedPostalAddress(),
+    street_address: StreetAddress(),
+    post_office_box_address: PostOfficeBoxAddress(),
+    poste_restante_address: PosteRestanteAddress(),
+    unique_postal_name: UniquePostalName(),
+    local_postal_attributes: LocalPostalAttributes(),
+    extended_network_address: ExtendedNetworkAddress(),
+    terminal_type: TerminalType(),
+    teletex_domain_defined_attributes: TeletexDomainDefinedAttributes(),
+}
+
+oraddressExtensionAttributeMap.update(_oraddressExtensionAttributeMapUpdate)
+
+
+# map of AttributeType -> AttributeValue
+
+_certificateAttributesMapUpdate = {
+    id_at_name: X520name(),
+    id_at_surname: X520name(),
+    id_at_givenName: X520name(),
+    id_at_initials: X520name(),
+    id_at_generationQualifier: X520name(),
+    id_at_commonName: X520CommonName(),
+    id_at_localityName: X520LocalityName(),
+    id_at_stateOrProvinceName: X520StateOrProvinceName(),
+    id_at_organizationName: X520OrganizationName(),
+    id_at_organizationalUnitName: X520OrganizationalUnitName(),
+    id_at_title: X520Title(),
+    id_at_dnQualifier: X520dnQualifier(),
+    id_at_countryName: X520countryName(),
+    id_at_serialNumber: X520SerialNumber(),
+    id_at_pseudonym: X520Pseudonym(),
+    id_domainComponent: DomainComponent(),
+    id_emailAddress: EmailAddress(),
+}
+
+certificateAttributesMap.update(_certificateAttributesMapUpdate)
+
+
+# map of Certificate Extension OIDs to Extensions
+
+_certificateExtensionsMap = {
+    id_ce_authorityKeyIdentifier: AuthorityKeyIdentifier(),
+    id_ce_subjectKeyIdentifier: SubjectKeyIdentifier(),
+    id_ce_keyUsage: KeyUsage(),
+    id_ce_privateKeyUsagePeriod: PrivateKeyUsagePeriod(),
+    id_ce_certificatePolicies: CertificatePolicies(),
+    id_ce_policyMappings: PolicyMappings(),
+    id_ce_subjectAltName: SubjectAltName(),
+    id_ce_issuerAltName: IssuerAltName(),
+    id_ce_subjectDirectoryAttributes: SubjectDirectoryAttributes(),
+    id_ce_basicConstraints: BasicConstraints(),
+    id_ce_nameConstraints: NameConstraints(),
+    id_ce_policyConstraints: PolicyConstraints(),
+    id_ce_extKeyUsage: ExtKeyUsageSyntax(),
+    id_ce_cRLDistributionPoints: CRLDistributionPoints(),
+    id_pe_authorityInfoAccess: AuthorityInfoAccessSyntax(),
+    id_ce_cRLNumber: univ.Integer(),
+    id_ce_deltaCRLIndicator: BaseCRLNumber(),
+    id_ce_issuingDistributionPoint: IssuingDistributionPoint(),
+    id_ce_cRLReasons: CRLReason(),
+    id_ce_holdInstructionCode: univ.ObjectIdentifier(),
+    id_ce_invalidityDate: useful.GeneralizedTime(),
+    id_ce_certificateIssuer: GeneralNames(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMap)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5697.py

@@ -0,0 +1,70 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# Other Certificates Extension
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5697.txt
+
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5280
+from pyasn1_modules import rfc4055
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+CertificateSerialNumber = rfc5280.CertificateSerialNumber
+
+GeneralNames = rfc5280.GeneralNames
+
+
+# Imports from RFC 4055
+
+id_sha1 = rfc4055.id_sha1
+
+
+# Imports from RFC 5055
+# These are defined here because a module for RFC 5055 does not exist yet
+
+class SCVPIssuerSerial(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', GeneralNames()),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber())
+    )
+
+
+sha1_alg_id = AlgorithmIdentifier()
+sha1_alg_id['algorithm'] = id_sha1
+
+
+class SCVPCertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certHash', univ.OctetString()),
+        namedtype.NamedType('issuerSerial', SCVPIssuerSerial()),
+        namedtype.DefaultedNamedType('hashAlgorithm', sha1_alg_id)
+    )
+
+
+# Other Certificates Extension
+
+id_pe_otherCerts = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 1, 19,))
+
+class OtherCertificates(univ.SequenceOf):
+    componentType = SCVPCertID()
+
+
+# Update of certificate extension map in rfc5280.py
+
+_certificateExtensionsMapUpdate = {
+    id_pe_otherCerts: OtherCertificates(),
+}
+
+rfc5280.certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

.venv/lib/python3.11/site-packages/pyasn1_modules/rfc5751.py

@@ -0,0 +1,124 @@
+# This file is being contributed to pyasn1-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+#
+# Copyright (c) 2019, Vigil Security, LLC
+# License: http://snmplabs.com/pyasn1/license.html
+#
+# S/MIME Version 3.2 Message Specification
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc5751.txt
+
+from pyasn1.type import namedtype
+from pyasn1.type import opentype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_modules import rfc5652
+from pyasn1_modules import rfc8018
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+    return univ.ObjectIdentifier(output)
+
+
+# Imports from RFC 5652 and RFC 8018
+
+IssuerAndSerialNumber = rfc5652.IssuerAndSerialNumber
+
+RecipientKeyIdentifier = rfc5652.RecipientKeyIdentifier
+
+SubjectKeyIdentifier = rfc5652.SubjectKeyIdentifier
+
+rc2CBC = rfc8018.rc2CBC
+
+
+# S/MIME Capabilities Attribute
+
+smimeCapabilities = univ.ObjectIdentifier('1.2.840.113549.1.9.15')
+
+
+smimeCapabilityMap = { }
+
+
+class SMIMECapability(univ.Sequence):
+    pass
+
+SMIMECapability.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('capabilityID', univ.ObjectIdentifier()),
+    namedtype.OptionalNamedType('parameters', univ.Any(),
+        openType=opentype.OpenType('capabilityID', smimeCapabilityMap))
+)
+
+
+class SMIMECapabilities(univ.SequenceOf):
+    pass
+
+SMIMECapabilities.componentType = SMIMECapability()
+
+
+class SMIMECapabilitiesParametersForRC2CBC(univ.Integer):
+    # which carries the RC2 Key Length (number of bits)
+    pass
+
+
+# S/MIME Encryption Key Preference Attribute
+
+id_smime = univ.ObjectIdentifier('1.2.840.113549.1.9.16')
+
+id_aa = _OID(id_smime, 2)
+
+id_aa_encrypKeyPref = _OID(id_aa, 11)
+
+
+class SMIMEEncryptionKeyPreference(univ.Choice):
+    pass
+
+SMIMEEncryptionKeyPreference.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('issuerAndSerialNumber',
+        IssuerAndSerialNumber().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 0))),
+    namedtype.NamedType('receipentKeyId',
+        # Yes, 'receipentKeyId' is spelled incorrectly, but kept
+        # this way for alignment with the ASN.1 module in the RFC.
+        RecipientKeyIdentifier().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 1))),
+    namedtype.NamedType('subjectAltKeyIdentifier',
+        SubjectKeyIdentifier().subtype(implicitTag=tag.Tag(
+            tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+# The Prefer Binary Inside SMIMECapabilities attribute
+
+id_cap = _OID(id_smime, 11)
+
+id_cap_preferBinaryInside = _OID(id_cap, 1)
+
+
+# CMS Attribute Map
+
+_cmsAttributesMapUpdate = {
+    smimeCapabilities: SMIMECapabilities(),
+    id_aa_encrypKeyPref: SMIMEEncryptionKeyPreference(),
+}
+
+rfc5652.cmsAttributesMap.update(_cmsAttributesMapUpdate)
+
+
+# SMIMECapabilities Attribute Map
+#
+# Do not include OIDs in the dictionary when the parameters are absent.
+
+_smimeCapabilityMapUpdate = {
+    rc2CBC: SMIMECapabilitiesParametersForRC2CBC(),
+}
+
+smimeCapabilityMap.update(_smimeCapabilityMapUpdate)