pyasn1-alt-modules 0.4.5__py3-none-any.whl

pyasn1_alt_modules/rfc7914.py

@@ -0,0 +1,55 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# The scrypt Password-Based Key Derivation Function
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8520.txt
+# https://www.rfc-editor.org/errata/eid5871
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+MAX = float('inf')
+
+
+# Algorithm identifier and parameters for the
+# scrypt Password-Based Key Derivation Function
+
+id_scrypt = univ.ObjectIdentifier('1.3.6.1.4.1.11591.4.11')
+
+
+class Scrypt_params(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('salt',
+            univ.OctetString()),
+        namedtype.NamedType('costParameter',
+            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+        namedtype.NamedType('blockSize',
+            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+        namedtype.NamedType('parallelizationParameter',
+            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+        namedtype.OptionalNamedType('keyLength',
+            univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(1, MAX)))
+    )
+
+
+# Update the Algorithm Identifier Map and the S/MIME Capability Map
+
+_algorithmIdentifierMapUpdate = {
+    id_scrypt: Scrypt_params(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

pyasn1_alt_modules/rfc8017.py

@@ -0,0 +1,159 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to include the opentypemap manager..
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# PKCS #1: RSA Cryptography Specifications Version 2.2
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8017.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc2437
+from pyasn1_alt_modules import rfc3447
+from pyasn1_alt_modules import rfc4055
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+smimeCapabilityMap = opentypemap.get('smimeCapabilityMap')
+
+MAX = float('inf')
+
+
+# Import Algorithm Identifier from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+class DigestAlgorithm(AlgorithmIdentifier):
+    pass
+
+class HashAlgorithm(AlgorithmIdentifier):
+    pass
+
+class MaskGenAlgorithm(AlgorithmIdentifier):
+    pass
+
+class PSourceAlgorithm(AlgorithmIdentifier):
+    pass
+
+
+# Object identifiers from NIST SHA2
+
+hashAlgs = univ.ObjectIdentifier('2.16.840.1.101.3.4.2')
+id_sha256 = rfc4055.id_sha256
+id_sha384 = rfc4055.id_sha384
+id_sha512 = rfc4055.id_sha512
+id_sha224 = rfc4055.id_sha224
+id_sha512_224 = hashAlgs + (5, )
+id_sha512_256 = hashAlgs + (6, )
+
+
+# Basic object identifiers
+
+pkcs_1 = univ.ObjectIdentifier('1.2.840.113549.1.1')
+rsaEncryption = rfc2437.rsaEncryption
+id_RSAES_OAEP = rfc2437.id_RSAES_OAEP
+id_pSpecified = rfc2437.id_pSpecified
+id_RSASSA_PSS = rfc4055.id_RSASSA_PSS
+md2WithRSAEncryption = rfc2437.md2WithRSAEncryption
+md5WithRSAEncryption = rfc2437.md5WithRSAEncryption
+sha1WithRSAEncryption = rfc2437.sha1WithRSAEncryption
+sha224WithRSAEncryption = rfc4055.sha224WithRSAEncryption
+sha256WithRSAEncryption = rfc4055.sha256WithRSAEncryption
+sha384WithRSAEncryption = rfc4055.sha384WithRSAEncryption
+sha512WithRSAEncryption = rfc4055.sha512WithRSAEncryption
+sha512_224WithRSAEncryption = pkcs_1 + (15, )
+sha512_256WithRSAEncryption = pkcs_1 + (16, )
+id_sha1 = rfc2437.id_sha1
+id_md2 = univ.ObjectIdentifier('1.2.840.113549.2.2')
+id_md5 = univ.ObjectIdentifier('1.2.840.113549.2.5')
+id_mgf1 = rfc2437.id_mgf1
+
+
+# Default parameter values
+
+sha1 = rfc4055.sha1Identifier
+SHA1Parameters = univ.Null("")
+
+mgf1SHA1 = rfc4055.mgf1SHA1Identifier
+
+class EncodingParameters(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(0, MAX)
+
+pSpecifiedEmpty = rfc4055.pSpecifiedEmptyIdentifier
+
+emptyString = EncodingParameters(value='')
+
+
+# Main structures
+
+class Version(univ.Integer):
+    namedValues = namedval.NamedValues(
+        ('two-prime', 0),
+        ('multi', 1)
+    )
+
+class TrailerField(univ.Integer):
+    namedValues = namedval.NamedValues(
+       ('trailerFieldBC', 1)
+    )
+
+RSAPublicKey = rfc2437.RSAPublicKey
+
+OtherPrimeInfo = rfc3447.OtherPrimeInfo
+OtherPrimeInfos = rfc3447.OtherPrimeInfos
+RSAPrivateKey = rfc3447.RSAPrivateKey
+
+RSAES_OAEP_params = rfc4055.RSAES_OAEP_params
+rSAES_OAEP_Default_Identifier = rfc4055.rSAES_OAEP_Default_Identifier
+
+RSASSA_PSS_params = rfc4055.RSASSA_PSS_params
+rSASSA_PSS_Default_Identifier = rfc4055.rSASSA_PSS_Default_Identifier
+
+
+# Syntax for the EMSA-PKCS1-v1_5 hash identifier
+
+class DigestInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('digestAlgorithm', DigestAlgorithm()),
+        namedtype.NamedType('digest', univ.OctetString())
+    )
+
+
+# Update the Algorithm Identifier Map and the S/MIME Capability Map
+
+_algorithmIdentifierMapUpdate = {
+    id_sha1: univ.Null(),
+    id_sha224: univ.Null(),
+    id_sha256: univ.Null(),
+    id_sha384: univ.Null(),
+    id_sha512: univ.Null(),
+    id_sha512_224: univ.Null(),
+    id_sha512_256: univ.Null(),
+    id_mgf1: AlgorithmIdentifier(),
+    id_pSpecified: univ.OctetString(),
+    id_RSAES_OAEP: RSAES_OAEP_params(),
+    id_RSASSA_PSS: RSASSA_PSS_params(),
+    md2WithRSAEncryption: univ.Null(),
+    md5WithRSAEncryption: univ.Null(),
+    sha1WithRSAEncryption: univ.Null(),
+    sha224WithRSAEncryption: univ.Null(),
+    sha256WithRSAEncryption: univ.Null(),
+    sha384WithRSAEncryption: univ.Null(),
+    sha512WithRSAEncryption: univ.Null(),
+    sha512_224WithRSAEncryption: univ.Null(),
+    sha512_256WithRSAEncryption: univ.Null(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

pyasn1_alt_modules/rfc8018.py

@@ -0,0 +1,269 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to include the opentypemap manager and
+#   update the S/MIME Capabilities map.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# PKCS #5: Password-Based Cryptography Specification, Version 2.1
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8018.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc3565
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+smimeCapabilityMap = opentypemap.get('smimeCapabilityMap')
+
+MAX = float('inf')
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+# Import from RFC 3565
+
+AES_IV = rfc3565.AES_IV
+
+
+# Import from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Basic object identifiers
+
+nistAlgorithms = _OID(2, 16, 840, 1, 101, 3, 4)
+
+aes = _OID(nistAlgorithms, 1)
+
+oiw = _OID(1, 3, 14)
+
+rsadsi = _OID(1, 2, 840, 113549)
+
+pkcs = _OID(rsadsi, 1)
+
+digestAlgorithm = _OID(rsadsi, 2)
+
+encryptionAlgorithm = _OID(rsadsi, 3)
+
+pkcs_5 = _OID(pkcs, 5)
+
+
+
+# HMAC object identifiers
+
+id_hmacWithSHA1 = _OID(digestAlgorithm, 7)
+
+id_hmacWithSHA224 = _OID(digestAlgorithm, 8)
+
+id_hmacWithSHA256 = _OID(digestAlgorithm, 9)
+
+id_hmacWithSHA384 = _OID(digestAlgorithm, 10)
+
+id_hmacWithSHA512 = _OID(digestAlgorithm, 11)
+
+id_hmacWithSHA512_224 = _OID(digestAlgorithm, 12)
+
+id_hmacWithSHA512_256 = _OID(digestAlgorithm, 13)
+
+
+# PBES1 object identifiers
+
+pbeWithMD2AndDES_CBC = _OID(pkcs_5, 1)
+
+pbeWithMD2AndRC2_CBC = _OID(pkcs_5, 4)
+
+pbeWithMD5AndDES_CBC = _OID(pkcs_5, 3)
+
+pbeWithMD5AndRC2_CBC = _OID(pkcs_5, 6)
+
+pbeWithSHA1AndDES_CBC = _OID(pkcs_5, 10)
+
+pbeWithSHA1AndRC2_CBC = _OID(pkcs_5, 11)
+
+
+# Supporting techniques object identifiers
+
+desCBC = _OID(oiw, 3, 2, 7)
+
+des_EDE3_CBC = _OID(encryptionAlgorithm, 7)
+
+rc2CBC = _OID(encryptionAlgorithm, 2)
+
+rc5_CBC_PAD = _OID(encryptionAlgorithm, 9)
+
+aes128_CBC_PAD = _OID(aes, 2)
+
+aes192_CBC_PAD = _OID(aes, 22)
+
+aes256_CBC_PAD = _OID(aes, 42)
+
+
+# PBES1
+
+class PBEParameter(univ.Sequence):
+    pass
+
+PBEParameter.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.OctetString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(8, 8))),
+    namedtype.NamedType('iterationCount', univ.Integer())
+)
+
+
+# PBES2
+
+id_PBES2 = _OID(pkcs_5, 13)
+
+
+class PBES2_params(univ.Sequence):
+    pass
+
+PBES2_params.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
+    namedtype.NamedType('encryptionScheme', AlgorithmIdentifier())
+)
+
+
+# PBMAC1
+
+id_PBMAC1 = _OID(pkcs_5, 14)
+
+
+class PBMAC1_params(univ.Sequence):
+    pass
+
+PBMAC1_params.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('keyDerivationFunc', AlgorithmIdentifier()),
+    namedtype.NamedType('messageAuthScheme', AlgorithmIdentifier())
+)
+
+
+# PBKDF2
+
+id_PBKDF2 = _OID(pkcs_5, 12)
+
+
+algid_hmacWithSHA1 = AlgorithmIdentifier()
+algid_hmacWithSHA1['algorithm'] = id_hmacWithSHA1
+algid_hmacWithSHA1['parameters'] = univ.Null("")
+
+
+class PBKDF2_params(univ.Sequence):
+    pass
+
+PBKDF2_params.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('salt', univ.Choice(componentType=namedtype.NamedTypes(
+        namedtype.NamedType('specified', univ.OctetString()),
+        namedtype.NamedType('otherSource', AlgorithmIdentifier())
+    ))),
+    namedtype.NamedType('iterationCount', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+    namedtype.OptionalNamedType('keyLength', univ.Integer().subtype(
+        subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+    namedtype.DefaultedNamedType('prf', algid_hmacWithSHA1)
+)
+
+
+# RC2 CBC algorithm parameter
+
+class RC2_CBC_Parameter(univ.Sequence):
+    pass
+
+RC2_CBC_Parameter.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('rc2ParameterVersion', univ.Integer()),
+    namedtype.NamedType('iv', univ.OctetString().subtype(
+        subtypeSpec=constraint.ValueSizeConstraint(8, 8)))
+)
+
+
+# RC5 CBC algorithm parameter
+
+class RC5_CBC_Parameters(univ.Sequence):
+    pass
+
+RC5_CBC_Parameters.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('version',
+        univ.Integer(namedValues=namedval.NamedValues(('v1_0', 16))).subtype(
+            subtypeSpec=constraint.SingleValueConstraint(16))),
+    namedtype.NamedType('rounds',
+        univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(8, 127))),
+    namedtype.NamedType('blockSizeInBits',
+        univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(64, 128))),
+    namedtype.OptionalNamedType('iv', univ.OctetString())
+)
+
+
+# Initialization Vector for AES: OCTET STRING (SIZE(16))
+
+class AES_IV(univ.OctetString):
+    pass
+
+AES_IV.subtypeSpec = constraint.ValueSizeConstraint(16, 16)
+
+
+# Initialization Vector for DES: OCTET STRING (SIZE(8))
+
+class DES_IV(univ.OctetString):
+    pass
+
+DES_IV.subtypeSpec = constraint.ValueSizeConstraint(8, 8)
+
+
+# Update the Algorithm Identifier map
+
+_algorithmIdentifierMapUpdate = {
+    # PBKDF2-PRFs
+    id_hmacWithSHA1: univ.Null(),
+    id_hmacWithSHA224: univ.Null(),
+    id_hmacWithSHA256: univ.Null(),
+    id_hmacWithSHA384: univ.Null(),
+    id_hmacWithSHA512: univ.Null(),
+    id_hmacWithSHA512_224: univ.Null(),
+    id_hmacWithSHA512_256: univ.Null(),
+    # PBES1Algorithms
+    pbeWithMD2AndDES_CBC: PBEParameter(),
+    pbeWithMD2AndRC2_CBC: PBEParameter(),
+    pbeWithMD5AndDES_CBC: PBEParameter(),
+    pbeWithMD5AndRC2_CBC: PBEParameter(),
+    pbeWithSHA1AndDES_CBC: PBEParameter(),
+    pbeWithSHA1AndRC2_CBC: PBEParameter(),
+    # PBES2Algorithms
+    id_PBES2: PBES2_params(),
+    # PBES2-KDFs
+    id_PBKDF2: PBKDF2_params(),
+    # PBMAC1Algorithms
+    id_PBMAC1: PBMAC1_params(),
+    # SupportingAlgorithms
+    desCBC: DES_IV(),
+    des_EDE3_CBC: DES_IV(),
+    rc2CBC: RC2_CBC_Parameter(),
+    rc5_CBC_PAD: RC5_CBC_Parameters(),
+    aes128_CBC_PAD: AES_IV(),
+    aes192_CBC_PAD: AES_IV(),
+    aes256_CBC_PAD: AES_IV(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)
+
+smimeCapabilityMap.update(_algorithmIdentifierMapUpdate)

pyasn1_alt_modules/rfc8103.py

@@ -0,0 +1,36 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from the asn1ate tool.
+# Auto-generated by asn1ate v.0.6.0 from rfc8103.asn.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# ChaCha20Poly1305 algorithm fo use with the Authenticated-Enveloped-Data
+# protecting content type for the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8103.txt
+
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class AEADChaCha20Poly1305Nonce(univ.OctetString):
+    pass
+
+
+AEADChaCha20Poly1305Nonce.subtypeSpec = constraint.ValueSizeConstraint(12, 12)
+
+id_alg_AEADChaCha20Poly1305 = _OID(1, 2, 840, 113549, 1, 9, 16, 3, 18)

pyasn1_alt_modules/rfc8209.py

@@ -0,0 +1,20 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# BGPsec Router PKI Profile
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8209.txt
+#
+
+from pyasn1.type import univ
+
+
+id_kp = univ.ObjectIdentifier('1.3.6.1.5.5.7.3')
+
+id_kp_bgpsec_router = id_kp + (30, )

pyasn1_alt_modules/rfc8226.py

@@ -0,0 +1,151 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from the asn1ate tool, with manual
+#   changes to implement appropriate constraints and added comments.
+# Modified by Russ Housley to add maps for use with opentypes.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# JWT Claim Constraints and TN Authorization List for certificate extensions.
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8226.txt (with errata corrected)
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+MAX = float('inf')
+
+
+def _OID(*components):
+    output = []
+    for x in tuple(components):
+        if isinstance(x, univ.ObjectIdentifier):
+            output.extend(list(x))
+        else:
+            output.append(int(x))
+
+    return univ.ObjectIdentifier(output)
+
+
+class JWTClaimName(char.IA5String):
+    pass
+
+
+class JWTClaimNames(univ.SequenceOf):
+    pass
+
+JWTClaimNames.componentType = JWTClaimName()
+JWTClaimNames.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class JWTClaimPermittedValues(univ.Sequence):
+    pass
+
+JWTClaimPermittedValues.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('claim', JWTClaimName()),
+    namedtype.NamedType('permitted', univ.SequenceOf(
+        componentType=char.UTF8String()).subtype(
+            sizeSpec=constraint.ValueSizeConstraint(1, MAX)))
+)
+
+
+class JWTClaimPermittedValuesList(univ.SequenceOf):
+    pass
+
+JWTClaimPermittedValuesList.componentType = JWTClaimPermittedValues()
+JWTClaimPermittedValuesList.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+class JWTClaimConstraints(univ.Sequence):
+    pass
+
+JWTClaimConstraints.componentType = namedtype.NamedTypes(
+    namedtype.OptionalNamedType('mustInclude',
+        JWTClaimNames().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatSimple, 0))),
+    namedtype.OptionalNamedType('permittedValues',
+        JWTClaimPermittedValuesList().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatSimple, 1)))
+)
+
+JWTClaimConstraints.subtypeSpec = constraint.ConstraintsUnion(
+    constraint.WithComponentsConstraint(
+        ('mustInclude', constraint.ComponentPresentConstraint())),
+    constraint.WithComponentsConstraint(
+        ('permittedValues', constraint.ComponentPresentConstraint()))
+)
+
+
+id_pe_JWTClaimConstraints = _OID(1, 3, 6, 1, 5, 5, 7, 1, 27)
+
+
+class ServiceProviderCode(char.IA5String):
+    pass
+
+
+class TelephoneNumber(char.IA5String):
+    pass
+
+TelephoneNumber.subtypeSpec = constraint.ConstraintsIntersection(
+    constraint.ValueSizeConstraint(1, 15),
+    constraint.PermittedAlphabetConstraint(
+        '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '#', '*')
+)
+
+
+class TelephoneNumberRange(univ.Sequence):
+    pass
+
+TelephoneNumberRange.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('start', TelephoneNumber()),
+    namedtype.NamedType('count',
+        univ.Integer().subtype(subtypeSpec=constraint.ValueRangeConstraint(2, MAX)))
+)
+
+
+class TNEntry(univ.Choice):
+    pass
+
+TNEntry.componentType = namedtype.NamedTypes(
+    namedtype.NamedType('spc',
+        ServiceProviderCode().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatSimple, 0))),
+    namedtype.NamedType('range',
+        TelephoneNumberRange().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatConstructed, 1))),
+    namedtype.NamedType('one',
+        TelephoneNumber().subtype(explicitTag=tag.Tag(tag.tagClassContext,
+            tag.tagFormatSimple, 2)))
+)
+
+
+class TNAuthorizationList(univ.SequenceOf):
+    pass
+
+TNAuthorizationList.componentType = TNEntry()
+TNAuthorizationList.sizeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+id_pe_TNAuthList = _OID(1, 3, 6, 1, 5, 5, 7, 1, 26)
+
+
+id_ad_stirTNList = _OID(1, 3, 6, 1, 5, 5, 7, 48, 14)
+
+
+# Update the Certificate Extension Map
+
+_certificateExtensionsMapUpdate = {
+    id_pe_TNAuthList: TNAuthorizationList(),
+    id_pe_JWTClaimConstraints: JWTClaimConstraints(),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)