pyasn1-alt-modules 0.4.5__py3-none-any.whl

pyasn1_alt_modules/rfc8696.py

@@ -0,0 +1,108 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2019-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8696.txt
+#
+
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import namedval
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5652
+from pyasn1_alt_modules import opentypemap
+
+otherRecipientInfoMap = opentypemap.get('otherRecipientInfoMap')
+
+MAX = float('inf')
+
+
+id_ori = univ.ObjectIdentifier('1.2.840.113549.1.9.16.13')
+
+id_ori_keyTransPSK = univ.ObjectIdentifier('1.2.840.113549.1.9.16.13.1')
+
+id_ori_keyAgreePSK = univ.ObjectIdentifier('1.2.840.113549.1.9.16.13.2')
+
+
+class PreSharedKeyIdentifier(univ.OctetString):
+    pass
+
+
+class KeyTransRecipientInfos(univ.SequenceOf):
+    componentType = rfc5652.KeyTransRecipientInfo()
+
+
+class KeyTransPSKRecipientInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version',
+            rfc5652.CMSVersion()),
+        namedtype.NamedType('pskid',
+            PreSharedKeyIdentifier()),
+        namedtype.NamedType('kdfAlgorithm',
+            rfc5652.KeyDerivationAlgorithmIdentifier()),
+        namedtype.NamedType('keyEncryptionAlgorithm',
+            rfc5652.KeyEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('ktris',
+            KeyTransRecipientInfos()),
+        namedtype.NamedType('encryptedKey',
+            rfc5652.EncryptedKey())
+    )
+
+
+class KeyAgreePSKRecipientInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version',
+            rfc5652.CMSVersion()),
+        namedtype.NamedType('pskid',
+            PreSharedKeyIdentifier()),
+        namedtype.NamedType('originator',
+            rfc5652.OriginatorIdentifierOrKey().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('ukm',
+            rfc5652.UserKeyingMaterial().subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('kdfAlgorithm',
+            rfc5652.KeyDerivationAlgorithmIdentifier()),
+        namedtype.NamedType('keyEncryptionAlgorithm',
+            rfc5652.KeyEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('recipientEncryptedKeys',
+            rfc5652.RecipientEncryptedKeys())
+    )
+
+
+class CMSORIforPSKOtherInfo(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('psk',
+            univ.OctetString()),
+        namedtype.NamedType('keyMgmtAlgType',
+            univ.Enumerated(namedValues=namedval.NamedValues(
+                ('keyTrans', 5), ('keyAgree', 10)))),
+        namedtype.NamedType('keyEncryptionAlgorithm',
+            rfc5652.KeyEncryptionAlgorithmIdentifier()),
+        namedtype.NamedType('pskLength',
+            univ.Integer().subtype(
+                subtypeSpec=constraint.ValueRangeConstraint(1, MAX))),
+        namedtype.NamedType('kdkLength',
+            univ.Integer().subtype(
+                subtypeSpec=constraint.ValueRangeConstraint(1, MAX)))
+    )
+
+
+# Update the CMS Other Recipient Info Map
+
+_otherRecipientInfoMapUpdate = {
+    id_ori_keyTransPSK: KeyTransPSKRecipientInfo(),
+    id_ori_keyAgreePSK: KeyAgreePSKRecipientInfo(),
+}
+
+otherRecipientInfoMap.update(_otherRecipientInfoMapUpdate)

pyasn1_alt_modules/rfc8702.py

@@ -0,0 +1,109 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# SHAKE One-way Hash Functions for CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8702.txt
+#
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import rfc8692
+from pyasn1_alt_modules import opentypemap
+
+algorithmIdentifierMap = opentypemap.get('algorithmIdentifierMap')
+
+
+# Imports fprm RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+
+
+# Imports from RFC 8692
+
+id_shake128 = rfc8692.id_shake128
+
+mda_shake128 = rfc8692.mda_shake128
+
+id_shake256 = rfc8692.id_shake256
+
+mda_shake256 = rfc8692.mda_shake256
+
+id_RSASSA_PSS_SHAKE128 = rfc8692.id_RSASSA_PSS_SHAKE128
+
+sa_rSASSA_PSS_SHAKE128 = rfc8692.sa_rSASSA_PSS_SHAKE128
+
+pk_rsaSSA_PSS_SHAKE128 = rfc8692.pk_rsaSSA_PSS_SHAKE128
+
+id_RSASSA_PSS_SHAKE256 = rfc8692.id_RSASSA_PSS_SHAKE256
+
+sa_rSASSA_PSS_SHAKE256 = rfc8692.sa_rSASSA_PSS_SHAKE256
+
+pk_rsaSSA_PSS_SHAKE256 = rfc8692.pk_rsaSSA_PSS_SHAKE256
+
+id_ecdsa_with_shake128 = rfc8692.id_ecdsa_with_shake128
+
+sa_ecdsa_with_shake128 = rfc8692.sa_ecdsa_with_shake128
+
+id_ecdsa_with_shake256 = rfc8692.id_ecdsa_with_shake256
+
+sa_ecdsa_with_shake256 = rfc8692.sa_ecdsa_with_shake256
+
+pk_ec = rfc8692.pk_ec
+
+
+# KMAC with SHAKE128
+
+id_KMACWithSHAKE128 = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.19')
+
+
+class KMACwithSHAKE128_params(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('kMACOutputLength',
+            univ.Integer().subtype(value=256)),
+        namedtype.DefaultedNamedType('customizationString',
+            univ.OctetString().subtype(value=''))
+    )
+
+
+maca_KMACwithSHAKE128 = AlgorithmIdentifier()
+maca_KMACwithSHAKE128['algorithm'] = id_KMACWithSHAKE128
+maca_KMACwithSHAKE128['parameters'] = KMACwithSHAKE128_params()
+
+
+# KMAC with SHAKE256
+
+id_KMACWithSHAKE256 = univ.ObjectIdentifier('2.16.840.1.101.3.4.2.20')
+
+
+class KMACwithSHAKE256_params(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('kMACOutputLength',
+            univ.Integer().subtype(value=512)),
+        namedtype.DefaultedNamedType('customizationString',
+            univ.OctetString().subtype(value=''))
+    )
+
+
+maca_KMACwithSHAKE256 = AlgorithmIdentifier()
+maca_KMACwithSHAKE256['algorithm'] = id_KMACWithSHAKE256
+maca_KMACwithSHAKE256['parameters'] = KMACwithSHAKE256_params()
+
+
+# Update the Algorithm Identifiers Map
+
+_algorithmIdentifierMapUpdate = {
+    id_KMACWithSHAKE128: KMACwithSHAKE128_params(),
+    id_KMACWithSHAKE256: KMACwithSHAKE256_params(),
+}
+
+algorithmIdentifierMap.update(_algorithmIdentifierMapUpdate)

pyasn1_alt_modules/rfc8708.py

@@ -0,0 +1,43 @@
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# HSS/LMS Hash-based Signature Algorithm for CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8708.txt
+# https://www.rfc-editor.org/errata/eid7963
+
+
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5280
+
+
+# Object Identifiers
+
+id_alg_hss_lms_hashsig = univ.ObjectIdentifier('1.2.840.113549.1.9.16.3.17')
+
+id_alg_mts_hashsig = id_alg_hss_lms_hashsig
+
+
+# Signature Algorithm Identifier
+
+sa_HSS_LMS_HashSig = rfc5280.AlgorithmIdentifier()
+sa_HSS_LMS_HashSig['algorithm'] = id_alg_hss_lms_hashsig
+# sa_HSS_LMS_HashSig['parameters'] is alway absent
+
+
+# Public Key
+
+class HSS_LMS_HashSig_PublicKey(univ.OctetString):
+    pass
+
+
+pk_HSS_LMS_HashSig = rfc5280.SubjectPublicKeyInfo()
+pk_HSS_LMS_HashSig['algorithm'] = sa_HSS_LMS_HashSig
+# pk_HSS_LMS_HashSig['subjectPublicKey'] CONTAINS the
+#     HSS/LMS public key without any ASN.1 encoding

pyasn1_alt_modules/rfc8737.py

@@ -0,0 +1,36 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# ACME TLS ALPN Challenge Certificate Extension
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8737.txt
+#
+
+from pyasn1.type import univ
+from pyasn1.type import constraint
+
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+
+id_pe_acmeIdentifier = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 1, 31))
+
+class Authorization(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(32, 32)
+
+
+# Update the Certificate Extensions Map
+
+_certificateExtensionsMapUpdate = {
+    id_pe_acmeIdentifier: Authorization(),	
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

pyasn1_alt_modules/rfc8769.py

@@ -0,0 +1,21 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# CBOR Content for CMS
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8769.txt
+#
+
+from pyasn1.type import univ
+
+
+id_ct_cbor = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.44')
+
+
+id_ct_cborSequence = univ.ObjectIdentifier('1.2.840.113549.1.9.16.1.45')

pyasn1_alt_modules/rfc8894.py

@@ -0,0 +1,52 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Simple Certificate Enrolment Protocol
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8894.txt
+#
+
+from pyasn1.type import univ
+from pyasn1.type import namedtype
+
+from pyasn1_alt_modules import rfc5280
+
+
+# Object Identifiers
+   
+id_VeriSign = univ.ObjectIdentifier((2, 16, 840, 1, 113733))
+
+id_pki = id_VeriSign + (1, )
+
+id_attributes = id_pki + (9, )
+
+id_transactionID = id_attributes + (7, )
+
+id_messageType = id_attributes + (2, )
+
+id_pkiStatus = id_attributes + (3, )
+
+id_failInfo = id_attributes + (4, )
+
+id_senderNonce = id_attributes + (5, )
+
+id_recipientNonce  = id_attributes + (6, )
+
+id_scep = univ.ObjectIdentifier((1, 3, 6, 1, 5, 5, 7, 24))
+
+id_scep_failInfoText = id_scep + (1, )   
+
+
+# Structures
+
+class IssuerAndSubject(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', rfc5280.Name()),
+        namedtype.NamedType('subject', rfc5280.Name())
+    )

pyasn1_alt_modules/rfc8951.py

@@ -0,0 +1,42 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2020-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Enrollment over Secure Transport (EST) Clarifications
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8951.txt
+#
+
+from pyasn1_alt_modules import rfc5652
+from pyasn1_alt_modules import rfc7030
+
+
+# Imports from RFC 5652
+
+Attribute = rfc5652.Attribute
+
+
+# Imports from RFC 7030
+
+id_aa_asymmDecryptKeyID = rfc7030.id_aa_asymmDecryptKeyID
+
+AsymmetricDecryptKeyIdentifier = rfc7030.AsymmetricDecryptKeyIdentifier
+
+AttrOrOID = rfc7030.AttrOrOID
+
+CsrAttrs = rfc7030.CsrAttrs
+
+
+# Asymmetric Decrypt Key Identifier Attribute
+
+aa_asymmDecryptKeyID = Attribute()
+aa_asymmDecryptKeyID['attrType'] = id_aa_asymmDecryptKeyID
+aa_asymmDecryptKeyID['attrValues'][0] = AsymmetricDecryptKeyIdentifier()
+
+
+# Note that the update CMS Attribute Map is handled by importing rfc7030

pyasn1_alt_modules/rfc8954.py

@@ -0,0 +1,238 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley.
+#
+# Copyright (c) 2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Online Certificate Status Protocol (OCSP) with nonce size constraints
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc6960.txt
+# https://www.rfc-editor.org/rfc/rfc8954.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import namedtype
+from pyasn1.type import tag
+from pyasn1.type import univ
+from pyasn1.type import useful
+
+from pyasn1_alt_modules import rfc2560
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import opentypemap
+
+certificateExtensionsMap = opentypemap.get('certificateExtensionsMap')
+
+ocspResponseMap = opentypemap.get('ocspResponseMap')
+
+MAX = float('inf')
+
+
+# Imports from RFC 5280
+
+AlgorithmIdentifier = rfc5280.AlgorithmIdentifier
+AuthorityInfoAccessSyntax = rfc5280.AuthorityInfoAccessSyntax
+Certificate = rfc5280.Certificate
+CertificateSerialNumber = rfc5280.CertificateSerialNumber
+CRLReason = rfc5280.CRLReason
+Extensions = rfc5280.Extensions
+GeneralName = rfc5280.GeneralName
+Name = rfc5280.Name
+
+id_kp = rfc5280.id_kp
+
+id_ad_ocsp = rfc5280.id_ad_ocsp
+
+
+# Imports from the original OCSP module in RFC 2560
+
+AcceptableResponses = rfc2560.AcceptableResponses
+ArchiveCutoff = rfc2560.ArchiveCutoff
+CertStatus = rfc2560.CertStatus
+KeyHash = rfc2560.KeyHash
+OCSPResponse = rfc2560.OCSPResponse
+OCSPResponseStatus = rfc2560.OCSPResponseStatus
+ResponseBytes = rfc2560.ResponseBytes
+RevokedInfo = rfc2560.RevokedInfo
+UnknownInfo = rfc2560.UnknownInfo
+Version = rfc2560.Version
+
+id_kp_OCSPSigning = rfc2560.id_kp_OCSPSigning
+
+id_pkix_ocsp = rfc2560.id_pkix_ocsp
+id_pkix_ocsp_archive_cutoff = rfc2560.id_pkix_ocsp_archive_cutoff
+id_pkix_ocsp_basic = rfc2560.id_pkix_ocsp_basic
+id_pkix_ocsp_crl = rfc2560.id_pkix_ocsp_crl
+id_pkix_ocsp_nocheck = rfc2560.id_pkix_ocsp_nocheck
+id_pkix_ocsp_nonce = rfc2560.id_pkix_ocsp_nonce
+id_pkix_ocsp_response = rfc2560.id_pkix_ocsp_response
+id_pkix_ocsp_service_locator = rfc2560.id_pkix_ocsp_service_locator
+
+
+# Additional object identifiers
+
+id_pkix_ocsp_pref_sig_algs = id_pkix_ocsp + (8, )
+id_pkix_ocsp_extended_revoke = id_pkix_ocsp + (9, )
+
+
+# Updated structures (mostly to improve openTypes support)
+
+class CertID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('hashAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('issuerNameHash', univ.OctetString()),
+        namedtype.NamedType('issuerKeyHash', univ.OctetString()),
+        namedtype.NamedType('serialNumber', CertificateSerialNumber())
+    )
+
+
+class SingleResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('certID', CertID()),
+        namedtype.NamedType('certStatus', CertStatus()),
+        namedtype.NamedType('thisUpdate', useful.GeneralizedTime()),
+        namedtype.OptionalNamedType('nextUpdate', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('singleExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class ResponderID(univ.Choice):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('byName', Name().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('byKey', KeyHash().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class ResponseData(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.NamedType('responderID', ResponderID()),
+        namedtype.NamedType('producedAt', useful.GeneralizedTime()),
+        namedtype.NamedType('responses', univ.SequenceOf(
+            componentType=SingleResponse())),
+        namedtype.OptionalNamedType('responseExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+    )
+
+
+class BasicOCSPResponse(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsResponseData', ResponseData()),
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(
+            componentType=Certificate()).subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class Request(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('reqCert', CertID()),
+        namedtype.OptionalNamedType('singleRequestExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class Signature(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()),
+        namedtype.NamedType('signature', univ.BitString()),
+        namedtype.OptionalNamedType('certs', univ.SequenceOf(
+            componentType=Certificate()).subtype(explicitTag=tag.Tag(
+                tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+class TBSRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.DefaultedNamedType('version', Version('v1').subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('requestorName', GeneralName().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.NamedType('requestList', univ.SequenceOf(
+            componentType=Request())),
+        namedtype.OptionalNamedType('requestExtensions', Extensions().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class OCSPRequest(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('tbsRequest', TBSRequest()),
+        namedtype.OptionalNamedType('optionalSignature', Signature().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+    )
+
+
+# Previously omitted structure
+
+class ServiceLocator(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('issuer', Name()),
+        namedtype.NamedType('locator', AuthorityInfoAccessSyntax())
+    )
+
+
+# Additional structures
+
+class CrlID(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('crlUrl', char.IA5String().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+        namedtype.OptionalNamedType('crlNum', univ.Integer().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+        namedtype.OptionalNamedType('crlTime', useful.GeneralizedTime().subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+    )
+
+
+class PreferredSignatureAlgorithm(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('sigIdentifier', AlgorithmIdentifier()),
+        namedtype.OptionalNamedType('certIdentifier', AlgorithmIdentifier())
+    )
+
+
+class PreferredSignatureAlgorithms(univ.SequenceOf):
+    componentType = PreferredSignatureAlgorithm()
+
+
+class Nonce(univ.OctetString):
+    subtypeSpec = constraint.ValueSizeConstraint(1, 32)
+
+
+# Update the OCSP Response Map
+
+_ocspResponseMapUpdate = {
+    id_pkix_ocsp_basic: BasicOCSPResponse(),
+}
+
+ocspResponseMap.update(_ocspResponseMapUpdate)
+
+
+# Update the Certificate Extension Extensions Map
+
+_certificateExtensionsMapUpdate = {
+    # Certificate Extension
+    id_pkix_ocsp_nocheck: univ.Null(""),
+    # OCSP Request Extensions
+    id_pkix_ocsp_nonce: Nonce(),
+    id_pkix_ocsp_response: AcceptableResponses(),
+    id_pkix_ocsp_service_locator: ServiceLocator(),
+    id_pkix_ocsp_pref_sig_algs: PreferredSignatureAlgorithms(),
+    # OCSP Response Extensions
+    id_pkix_ocsp_crl: CrlID(),
+    id_pkix_ocsp_archive_cutoff: ArchiveCutoff(),
+    id_pkix_ocsp_extended_revoke: univ.Null(""),
+}
+
+certificateExtensionsMap.update(_certificateExtensionsMapUpdate)

pyasn1_alt_modules/rfc8994.py

@@ -0,0 +1,52 @@
+#
+# This file is part of pyasn1-alt-modules software.
+#
+# Created by Russ Housley with some assistance from asn1ate v.0.6.0.
+# Modified by Russ Housley to include the opentypemap manager.
+#
+# Copyright (c) 2021-2024, Vigil Security, LLC
+# License: http://vigilsec.com/pyasn1-alt-modules-license.txt
+#
+# Autonomic Control Plane (ACP) Node Name in X.509 Certificates
+#
+# ASN.1 source from:
+# https://www.rfc-editor.org/rfc/rfc8994.txt
+#
+
+from pyasn1.type import char
+from pyasn1.type import constraint
+from pyasn1.type import univ
+
+from pyasn1_alt_modules import rfc5280
+from pyasn1_alt_modules import opentypemap
+
+otherNamesMap = opentypemap.get('otherNamesMap')
+
+MAX = float('inf')
+
+
+# Autonomic Control Plane (ACP) Node Name
+
+id_pkix = rfc5280.id_pkix
+
+id_on = id_pkix + (8, )
+
+id_on_AcpNodeName = id_on + (10, )
+
+
+class AcpNodeName(char.IA5String):
+    subtypeSpec = constraint.ValueSizeConstraint(1, MAX)
+
+
+on_AcpNodeName = rfc5280.AnotherName()
+on_AcpNodeName['type-id'] = id_on_AcpNodeName
+on_AcpNodeName['value'] = AcpNodeName()
+
+
+# Update the Other Names Map
+
+_otherNamesMapUpdate = {
+    id_on_AcpNodeName: AcpNodeName(),
+}
+
+otherNamesMap.update(_otherNamesMapUpdate)